Version: SonarQube Server 2026.2 (Enterprise Edition) but applies to all versions AFAIK
What I’d like:
Two related but distinct capabilities specifically for managing Portfolios and Applications visibility.
1. A global admin setting to control the default visibility for new Portfolios and Applications
Introduce a dedicated configuration option (e.g., under Administration > Configuration > Governance or Administration > Security) that allows administrators to set the default visibility for newly created Portfolios and Applications to either Public or Private. This should be completely separate from the existing “Default visibility of new projects” setting since portfolios and applications serve a different purpose and warrant their own governance controls.
2. A granular permission controlling who can set a Portfolio or Application public
Today anyone with Administer permission on a portfolio or application can change its visibility and there is no way to allow a user to create and manage their own private portfolio/application without also granting them the ability to flip it public. We’d like a dedicated “Change Visibility” style permission that can be granted selectively & separately from the general Administer permission.
Why
We want to enable self-serve portfolio and application creation for our engineers letting individuals build personalized views of the projects they care about without cluttering shared, organization-wide views. The limitation today is that there is no way to
-
Default new portfolios/applications to Private at creation time without relying on users to manually select it
-
Prevent users who legitimately administer their own portfolio/application from accidentally or intentionally promoting it to Public
The end goal is a clean, governed experience where users get personal sandboxed views and only designated people or groups can publish things org-wide.
Current workaround: None. We rely on user education and periodic API-based audits to catch public portfolios/applications that shouldn’t be.