We discovered that a user with “Administer System” permissions was unable to invoke the API route api/projects/update_key. The error message returned was “Insufficient Privileges”. Per the API documentation, a user needs one of the following permissions to invoke the API route: “Administer System” or “Administer” on the project.
Workaround: Granting “Administer” on the project to the user permitted the action.
Version Affected: SonarQube 10.4.1
Hey there.
I have a feeling this is a documentation bug rather than a feature bug. Since you can’t update the project key in the UI unless you’re a project administrator, that is the intended scope of the permissions.
I’ll double-check with the responsible folks, but in the meantime, if you’re building an integration, I’d suggest relying on the idea that project administration rights are necessary to update the key.
Hi @GoofyJames,
I confirm what @Colin said: it is intended that Global Admins (permission Administer System) do not automatically have admin access on projects. So this is a documentation mistake, you must have the Administer permission on the project to use this API endpoint.
I will make sure this mistake is fixed.
Cheers,
Antoine