More specific "Administer Issues" permission settings

Context:

  • SonarQube Server Version - Developer Edition v2025.2 (105476)
  • Gradle Plugin Version - 4.2.1.3168
  • SonarQube is deployed via zip

I’m managing a SonarQube project, and I’m looking into ways to define permissions for different user groups. More specifically, I want to be able to define who can review/resolve different types of issues (code smells, bugs, vulnerabilities).
I found the “Permission Templates” settings which let me do exactly that via the “Administer Issues” permission. However, it seems that currently it is only possible to change these settings for all the issues together, without being able to separate the permissions into the different issue types.

Just to be clear - my goal is to allow one group to only resolve code smells, and another group to resolve bugs and vulnerabilities.

Am I missing something or is it not possible to achieve this?
If it isn’t possible, is there a way I can write my own plugin or something similar to enforce custom permissions? Any chance this feature could be added in the next SonarQube version?

Following similar question: is there a way to configure specific rules for different issue types to define the Quality Gate? (e.g. maximum 5 code smells, maximum 1 bug, maximum 1 vulnerability.)

Hey there,

At this time, SonarQube does not support defining issue administration permissions separately for different types of issues (with the exception of Security Hotspots). The “Administer Issues” permission provides full administrative rights over all issue types within a project, and there is no built-in way to split this by issue category.

Currently, there is no supported mechanism—via plugins or API extensions—to enforce finer-grained permissions based on issue type.

I’ll make sure we record the interest here!

Can you raise a different topic about this, and provide some examples?

1 Like