SonarQube version: Community Build v25.7.0.110598 MQR Mode
Hi SonarQube Community,
I’m trying to create a read-only group in SonarQube to grant view-only access to all projects for an Azure AD-synced group. However, I don’t see the “Browse” permission in Administration > Security > Global Permissions. The only visible columns are Administer System, Administer, Execute Analysis, and Create. When I tried the API (/api/permissions/add_group?permission=browse), I got an error: “Invalid global permission \u0027browse\u0027. Valid values are [admin, gateadmin, profileadmin, provisioning, scan]”.
How do I go about to grant the group view-only access to all projects?
The ‘Browse’ permission in SonarQube is set at the project level (not globally). This means you cannot configure it in Administration > Security > Global Permissions or assign it globally via the ‘/api/permissions/add_group’ endpoint without specifying a specific project.
To provide read-only access (view permission) to all projects for your group, take the following steps:
For private projects, add your group to each project’s permissions and grant them the ‘Browse’ right.
Update your permission templates so that any new projects (including private ones) automatically grant this group the ‘Browse’ permission.
Only the latest version of SonarQube Community Build is considered active, so you’ll need to update and see if the situation is still replicable before we can help you.
Only the latest version of SonarQube Community Build is considered active, so you’ll need to update and see if the situation is still replicable before we can help you.