Permissions need an overhaul

sonarlint
permissions
sonarcloud

(ESD) #1

I’m using SonarCloud with closed BitBucket repos and the user administration is simply not up to par.

I want to manage permission via repository access. So:

  • If a user has read access to the the repo a project is related to then they should also be able to see/browse (incl. source code) the project in SonarCloud.
  • If they have write access to the repo then they should also be able to execute analysis and other stuff that makes sense.
  • If they have admin access to the repo then they should also have admin access to the project in SonarCloud.

I also want to manage permissions on a per project basis. Meaning that I want to add a user to a specific project with individual peermissions. This should be able to elevate a user that has access via the repo access, but also add unrelated users.
Example:

  • UserA has browse permissions due to read access to the repo, but I can give UserA “execute analysis” permissions by adding the user to the project and checking the “execute analysis” flag.
  • UserB has no access to the project. But I add UserB to the project and give the appropriate permissions.

I haven’t explored what will happen if multiple repos send analysis to a project, or if that is even possible.

You could argue that when SonarCloud starts to decorate PRs with comments then this become less relevant as users can access all the data they need in the repo on BitBucket directly. However that is not the case. SonarLint enters the arena.

In order to make SonarLint work inside your IDE you need to generate a user token. That user need to have access to the project in question. And we’re back to the original problem. A global user token with access to every project is simply not acceptable.

Hope you’ll consider these issues.


(Fabrice Bellingard) #2

Hi,

indeed, currently there is no link between a SonarCloud project and the repo it originates from. So no way to simplify the permission management like what you expressed.

The good news is that this is something we’re working on as part of the following Epic: MMF-1340. By creating projects from repos and linking organizations to teams, we should highly simplify all this. We haven’t started specifying this, but I am sure that this would answer your needs somehow. Our plans is to have something before the end of the year on that topic. So stay tuned!


(ESD) #3

That’s fantastic! Let me know if I can help somehow.