We’re using the SonarQube 9.0.1 (Enterprise Edition) and have enabled integration with GitHub for authentication as described at GitHub Integration | SonarQube Docs, so that our users can log in with their normal GitHub accounts and are assigned to their respective groups (based on GitHub teams).
For this we enabled the “Synchronize teams as groups” (sonar.auth.github.groupsSync) and it seems that the manually added group memberships (e. g. when adding a SonarQube user based on a GitHub user to the “sonar-administrators” group) get reset.
While I can add users to the “sonar-administrators” group, this group membership gets removed once they log in via GitHub.
Is this the intended behavior? Is it possible to use both, manual group memberships and automated group memberships (via GitHub integration) for the same users?
Are there any plans to make this behavior configurable (I can see cases in which it doesn’t make sense) or what is your recommended practice for adding some users to more groups than in the delegated authentication source?
I see two options:
Add a dedicated team to the delegated authentication source (i. e. create a dedicated GitHub team which then gets elevated permissions on SonarQube).
Use dedicated/duplicated accounts for these users.
Do you have any input on the pros & cons of these options?
We don’t currently have plans to do this. After all, if you’re delegating group membership, it seems like you want to … delegate it & trust the source.
And I invite you to create a New Feature thread detailing your use case.