Context:
- SonarQube Server Version - Developer Edition v2025.2 (105476)
- Gradle Plugin Version - 4.2.1.3168
- SonarQube is deployed via zip
I’m managing a SonarQube project, and I’m looking into ways to define permissions for different user groups. More specifically, I want to be able to define who can review/resolve different types of issues (code smells, bugs, vulnerabilities).
I found the “Permission Templates” settings which let me do exactly that via the “Administer Issues” permission. However, it seems that currently it is only possible to change these settings for all the issues together, without being able to separate the permissions into the different issue types.
Just to be clear - my goal is to allow one group to only resolve code smells, and another group to resolve bugs and vulnerabilities.
Am I missing something or is it not possible to achieve this?
If it isn’t possible, is there a way I can write my own plugin or something similar to enforce custom permissions? Any chance this feature could be added in the next SonarQube version?
Following similar question: is there a way to configure specific rules for different issue types to define the Quality Gate? (e.g. maximum 5 code smells, maximum 1 bug, maximum 1 vulnerability.)