Define specific global settings that cannot change in project

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    SonarQube Data Center Version 8.9.6(build 50800)
  • what are you trying to achieve
    We currently have SonarQube setup to where we have a tools team that are the admins and everyone else is a user. All administrative items are controlled by the tools team. We would like to change the architecture with teams having their own project instance that is managed by a team (project) admin. However, we would like to control some aspects of the administration at an Enterprise level (globally) such as quality gates and quality profiles that cannot be changed at the project level by a project admin. We would also like to understand if we could use domain groups to manage permissions on each project along with how many domain groups we could have.
  • what have you tried so far to achieve this
    We have not tried it yet as we want to know if this is possible.


Welcome to the community!

If you have Data Center Edition, then you have access to our professional support engineers. They actually have SLAs and a duty to get you a resolution (and a requirement not to get testy)… :smiley:

But okay.

Sorry, but that’s just not how it works. If you’re an instance admin, you can get to everything. There’s audit trailing (starting in Entperprise Edition($$)) so once it’s changed, you can tell who did it and when. But you can’t keep them from making the changes.

Even a project-level admin has the ability to choose different Quality Profiles and a different Quality Gate for the project.

Ehm… When you delegate authentication, you can choose to turn on group mapping so that users have the same groups in SonarQube (assuming the group exists in SQ) that they do in your auth system. And then you can grant permissions to groups.