I am here to suggest a new feature based in a recent experience with SonarQube DCE.
I was on a situation where I have created an user to be used in a Jenkins integration and that user have basically two granted permissions: create projects and run analysis.
But, that user is also being used to do (a kinda of) a query do discover if the project exists (or not) in SonarQube, consumming the “/api/projects/search?..” endpoint. It is getting an 401 code (unnauthorized) error as result .
Why that user can not search projects if, with the same granted permissions, can create the project instead?
PS: the /api/projects/search endpoint needs administrator rights to be used and, in this case, it is obvious that it won’t be given.
It is just one situation with the current grant/permissions system that I got so far but, it could be a good ‘begin’ point to review the entire permissions and make it better