We are a tenant and customer in Sonarcloud and have connected our GitHub organization to Sonarcloud.
All of our Development team members are automatically part of the “Members” group in Sonarcloud.
The issue is that the user with Member role are able to close the Security issues and change the status of these vulnerabilities and Security hotspots.
As per Compliance requirements from numerous Security frameworks, it is mandatory that the Development have only the permissions to make fixes and update the code and the testing and compliance be performed from a different team.
Currently, the only permissions assigned to the Members group is “Execute analysis”.
I was not able to see a way to assign custom permissions to the Members group.
Please assist in how we can address this.
You’re looking for the project-level Administer Issues and Administer Security Hotspots permissions found in the project-level Administration > Permissions.
The default permissions for new projects can be set in the organization level Administration > Permission Templates
I checked that and does not seem to be the issue.
The user is part of group “Members” and if I permission templates and the permission for this group is only “Execute analysis”.
Then how can this user administer issues?
Let’s put permission templates to the side for a moment (and keep in mind that changes to a permission template do not automatically apply to existing projects. They only apply to new projects).
Have you checked the project-level Administration > Permissions for a single project where you face this? Feel free to share a screenshot of the permissions of a project in question.
I created a new Permission template with a project keyword to match the name of a specific project.
Then changed the permissions under this template to only be able to “Browse”, “See source code” and “Execute analysis” and assigned to a user.
The user signed out and signed back to Sonarcloud and could still administer issues.
So, am seen in the above screen-shot, the Members do have “Administer issues” permission at the project level. Once i removed it, the member users were not able to Administer issues.
Couple of questions:
If i am understanding, the way forward for new projects is to do this through a new permissions template and then move the users to the New template or make the New template as default.
However, for existing projects, what is the solution? Will we need to go into each project and modify the Member permissions to remove the “Administer issue” access.?
Permission templates exist for the purpose of assigning a set of permissions to a project automatically when a new project is created. There is no relationship between permisison templates and users or projects beyond this.
Or update the existing permission template.
You can manually change the permissions or explicitly override all existing permissions by applying a permission template in the global Administration > Projects Management
