We are integrating SonarCloud with our Azure DevOps organization using a PAT (code read & write) and have some questions about permissions. Currently, our service user has the Project Collection Administrator Permission on Azure DevOps. While the PAT does limit that permission to code, we would like to know the minimum required permissions to integrate SonarCloud and Azure DevOps to avoid having the user as a Project Collection Administrator
You will need to have Code Read and Write permissions granted to every repository you want to integrate with SonarCloud. Whether that is done with the Project Collection Administrator permission or more fine-grained permissions is up to you.
Just for the sake of completeness, in our tests we found out that the Contributor Permission on the project level is enough for SonarCloud to work properly.