Rebuilt of users access/permissions

[Deprecated] Suggest new features New features
,
1

Hello there,
I am here to suggest a new feature based in a recent experience with SonarQube DCE.

I was on a situation where I have created an user to be used in a Jenkins integration and that user have basically two granted permissions: create projects and run analysis.

But, that user is also being used to do (a kinda of) a query do discover if the project exists (or not) in SonarQube, consumming the “/api/projects/search?..” endpoint. It is getting an 401 code (unnauthorized) error as result .

Why that user can not search projects if, with the same granted permissions, can create the project instead?

PS: the /api/projects/search endpoint needs administrator rights to be used and, in this case, it is obvious that it won’t be given.

It is just one situation with the current grant/permissions system that I got so far but, it could be a good ‘begin’ point to review the entire permissions and make it better :slight_smile:

Thanks folks!

3

Hi Matheus,

Welcome to the community!

Projects can have different permissions and their access can be limited to certain teams. The reason why the /api/projects/search endpoint is available to the administrators only is that it lists all the projects, independently of their visibility.

Generally speaking, we try to limit the scope of the permission which is required to analyze projects, in order to limit the risk in case your analysis token is compromised.
Can you please tell us more about your use-case?

Chris