More granular permission levels for synced groups

Hi everyone,

My team is using mainly using GitLab, therefore I’ve enabled OAuth over it for SonarQube as well, along with the group synchronization. Works great! However, it could be better.

What are you trying to accomplish?
On GitLab side, one group has members with quite different roles and permissions, e.g Reporters, Developers, Maintainers. I would like to apply different SonarQube permissions according to the Role from SonarQube. Currently, the whole SonarQube group has the same permissions, which is a bit unfortunate, as I probably don’t want my GitLab “Reporters” to have “Administer Security Hotspot” permissions on SonarQube. Of course, I can do this manually with every user, but then what’s the point of having groups in the first place?

Why does this matter to you?
Mostly - security reasons. I don’t think users should be able to do more then they should in the system. Having groups synced makes it a bit easier to apply permissions of specific group to a specific project, but in a real world that group of people should probably not have exactly the same rights on the project.

How would that look in SonarQube? Alternatives?
I could imagine being able to add granular permission levels for each group (in the Project Permissions), e.g. add a new row, select (GitLab / whichever system it is and has such options) role from a dropdown menu and selecting permission checkboxes in that row (for that role)

How would we know it works well?
When proper permissions are applied to a specific GitLab Role in a group with permissions on a specific project.

Why should it be a priority now?
Integrating well with other systems is always a good decision. It’s often a deal breaker when making a decision to buy or not to buy the system, as it depends how well it will integrate with the rest of the services. With security being quite hot topic latest years, I believe more and more people would care of such features.

I’m here for all the questions!

Thank you!

Kind regards,

1 Like

cc @Christophe_Havard