Any way to disallow any logged-in users to get full user list?

nxdk · September 15, 2022, 12:55am

Must-share information (formatted with Markdown):

which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
what are you trying to achieve
what have you tried so far to achieve this

version: SonarQube 9.6
I was wondering if there’s any way we can limit any logged-in non-admin users from accessing this API.
“GET /api/users/search” allows normal users to retrieve full list of users. It would be best if only admin users can do this. Is there any toggle or setting I can change to achieve this?

Colin · September 15, 2022, 8:18am

Hey there.

This is not configurable. There are features in SonarQube, such as assigning issues, that require this information be available to non-administrator users.

Topic		Replies	Views
Get List of sonar users along with permission details SonarQube Server / Community Build	3	4331	January 4, 2022
How to get list of projects without admin users using API? SonarQube Server / Community Build sonarqube , api	5	3941	February 16, 2022
API Issue - Http://sonarurl//api/permissions/users?projectKey SonarQube Server / Community Build	3	186	March 8, 2024
SonarQube web api SonarQube Server / Community Build sonarqube	1	563	September 28, 2020
Every LDAP user is able to access the SonarQube SonarQube Server / Community Build authentication	2	793	January 20, 2021

Any way to disallow any logged-in users to get full user list?

Related topics