Must-share information (formatted with Markdown):
-
which versions are you using SonarQube server Enterprise edition 2025.2
-
how is SonarQube deployed: Docker
-
what are you trying to achieve
We’ve defined an admin permission template which grants every permission to a given group. We’ve noticed that people in this group are unable to administer projects. To do so, the have to perform the “Restore access” action inside Projects Management Admin section.
Every time we apply the template to a given project, we lose project admin permissions. We’ve also noticed that giving full access to specific users on the Permission Template and then applying it to a project gives project’s admin permissions, so we’re wondering if group templates are applied first (granting all permissions), and then user permissions are applied (denying project admin permission).
However this only happens with Project Admin permissions, applying other permissions work as expected.
We’ve noticed this happening after upgrading to 2025.2, but it may have been happening before
- what have you tried so far to achieve this
See above
Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!
2 Likes
We’ve seen that this also happens with the “Administer issues” permission
Global permissions for admins look like:
There are several groups from active directory that have the same permissions, the idea being that these groups should be able to do everythin in SonarQube. sonar-users group has granted the execute analysis permission.
The permission template being applied to every project (redacted text shows internal active directory info):
Admin users also belong to both groups with gaps (they’re populated from acive directory groups), which correspond to normal SQ users.
Applying the template to a given project does not give project administration access nor issue administration to it. If we “fill” the gaps on the permission template and then apply it again to the project, admins are able to administrate it and its issues. If we then leave the permission template as it was originally and then apply it again to the project (from the project management admin area), admins are still able to administer project and issues. Strangely enough, if we apply the template from the project admin area, admins lose project and issue administration capabilities.
Current workaround is either to Restore Access to project and, from the project administration area, give issue administration permissions or modifying the Permissions Template as per above; but both of them are far from ideal.
It’d be nice if project, issue and security hotspot administration permissions could be set globally
We’ve noticed that this began to happen when upgrading to 2025.1.1
Hi @juanpablo-santos 
Thank you for bringing this to our attention! This is very valuable to us 
I was unfortunately not able to reproduce…
Just to be sure I understand correctly, you have one permission template that applies permissions to multiple groups. It works for all of them except one sonar-administrators that has all permissions. And the ones that don’t work are Issue Administer and Administer permissions.
Is that correct?
After applying the permission template, the permission seem correct on the project’s permissions page? (that’s the second image you shared, right? or is it the permission template)
Hi @Guillaume_Peoch,
Just to be sure I understand correctly, you have one permission template that applies permissions to multiple groups. It works for all of them except one sonar-administrators that has all permissions. And the ones that don’t work are Issue Administer and Administer permissions.
Is that correct?
yep, that seems the case, after upgrading to 2025.1.1
After applying the permission template, the permission seem correct on the project’s permissions page? (that’s the second image you shared, right? or is it the permission template)
No, the permission page isn’t available. We have to Restore Access to project, which grants project’s admin permission, and from there we can grant the issue administration permission.
If we apply then the Permission Template from the Administration > Projects > Management we lose both the Issue Administer and Administer permissions. However, if we apply the Permission Template from the project administration area, both permissions are granted.
It seems to us that the issue could be caused b/c those permissions are applied / calculated differently on both pages, with the bulk apply input of Administration > Projects > Management applying them on wrong order. Perhaps the name of the groups inside the permission template also affects (i.e, sonar-users permission applied after sonar-administration, so admins end up with sonar-users permission)? But then, applying the permission from the project’s adminstration area should behave equally, and it doesn’t, it does apply the appropiate permissions :-?
Hi @juanpablo-santos,
No, the permission page isn’t available. We have to Restore Access to project, which grants project’s admin permission, and from there we can grant the issue administration permission.
Ok, so after restoring access to project the project you can actually see that the Issue Administer and Administer permissions are not set.
If we apply then the Permission Template from the Administration > Projects > Management we lose both the Issue Administer and Administer permissions. However, if we apply the Permission Template from the project administration area, both permissions are granted.
When you say “If we apply then the Permission Template from the Administration > Projects > Management”, you mean by using the Bulk Apply Permission Template or by applying permission individually?
Hi @Guillaume_Peoch ,
Ok, so after restoring access to project the project you can actually see that the Issue Administer and Administer permissions are not set.
after restoring access to project we’re able to administer the project, and from there we’re able to grant Issue Administer permissions.
When you say “If we apply then the Permission Template from the Administration > Projects > Management”, you mean by using the Bulk Apply Permission Template or by applying permission individually?
From that screen (Administration > Projects > Management) neither of the actions grant the permission. We can only grant them from the Project Adminsitration area, that is, selecting the project that we’ve restored access → Project Settings → Permissions
HTH,
Juan Pablo
Hi, we upgraded to 2025.3 enterprise, same problem persists 
