Sonarqube version 10.6. Running on a VM. Installed from zip file. We upgraded from 9.9 LTA to 10.6
I gave Administrator rights in sonarqube to some folks. We use github authentication and people login with their github accounts. But once i give them admin privillege and they logout of the system, their admin privilleges are lost and i have to give it back. They retain the privilleges if they dismiss the window instead of logging out. This could be a consequence of the user being authenticated at login. What should i do so that the admin privilleges are retained?
Hey there.
Are you assigning those permissions directly to the user, or adding a user to a group with those permissions?
When group synchronization is configured, the delegated authentication source becomes the only place to manage group membership, and the user’s groups are re-fetched with each login. It is not possible to use both manual group memberships and group synchronization (via your ALM integration) for the same user.
Sorry for the delay in answering: I’m adding the user to the sonar-administrator group - same way that i used to do in the old versions
It sounds like you might have ticked sonar.auth.github.groupsSync
to true in the Administration > Configuration > General Settings > Authentication > GitHub settings, which will rewrite group information on each login. Can you check?
As noted last month:
When group synchronization is configured, the delegated authentication source becomes the only place to manage group membership, and the user’s groups are re-fetched with each login. It is not possible to use both manual group memberships and group synchronization (via your ALM integration) for the same user.
This means that if you have this setting set to true, but no sonar-administrators
group in GitHub, the user will be removed from that group when groups are synced (on login).
That’s the default in the community edition. To select the other option we need the dev edition:
Does this mean that github should have a sonar-administrators group? i.e a team called sonar-administrators with all the admins in it?
Just-in-Time user and group provisioning, yes, but this point is optional:
- (Optional) You can synchronize GitHub teams with existing SonarQube groups of the same name with the Synchronize teams as groups option.