Hi,
I’m currently setting up a sonarqube server. Everything worked fine so far and I now setting up everything for the first productive usage.
We use gitlab as our code repository. I created a user with only reporter access on our gitlab server and created a private access token for this user on the gitlab server.
Then on sonarqube I go to “Administration → Configuration → DevOps Platform Integrations → GitLab” and added a new configuration for gitlab which works fine.
If I now login as a normal user to the sonarqube server and press the “Create Project → From GitLab” button then the system asks me for my GitLab personal access token, which is strange for me because as admin I added a global access token for all users.
I think I simply misunderstood how this feature works, or I oversee somewhere a security setting (allow users to use global access tokens or something).
I searched in the docs but did not get an clear picture of how this feature should work.
How I currently think this feature works:
1.) The admin adds a global configuration for the code repository to sonarcube (manages access rights and so on)
2.) A user can import a project from the code repository to sonarqube using the global configuration. So only one access token is ever used and can be “easily” maintained by the admin in the global settings.
This is maybe completely wrong and I would be very happy if someone can explain me how this feature really works.
Regards,
keros