I’ve created some permission templates per team in SonarQube to allow team administrators to apply those to their projects. Developers, team administrators, … got different permissions (Browse, See Source Code, Administer Issues, Administer Security Hotspots, Administer, Execute Analysis [see image #1]). Team administrators got the permission ‘Administer’ (to manage their projects). Unfortunately, I recognized that those team admins would need the global permission ‘Administer’ to apply a permission template.
Is there another way because the global permission DO have too much configuration rights?
Or do I misunderstood the concept of permission templates and permissions?
Can a team administrator select specific permissions for different groups (instead of applying a permission template) [see image #2]?
The idea behind permission templates is that they’re the default permissions assigned when a project is created. You can have as many templates as you like but one needs to be the default. For non-default templates, you can set a “Project key pattern” regex. New projects whose keys match the pattern will be assigned the permissions in that template, with a fallback to the default.
Now, I know that’s not what you asked, but it seemed like a good time to restate the basics.
After project creation, a global admin can manually apply any template to a project (or projects) on the Administration → Projects → Management page. Doing so should grant your team admins permissions on their relevant projects, allowing them to administer permissions at the project level from there.
Once you’ve granted your team admins administration rights on a project - either via template application or granularly - they’ll have the ability to do this.