Remove user from SonarQube

Hi,

We are using SonarQube 8.9.6 in our environment. As per GDPR compliance, user profile of inactive employee should be removed once an employee leaves the organization.

I have learnt that SonarQube supports to deactivate user profile (through UI and web API) which would only removes email address associated with user in sonar DB, not user name and login details.

We would want to remove full user related data from SonarQube DB.

Please suggest best way to accomplish it.

Thanks,
Vaibhav Jariwala

2 Likes

Hi,

right now a full deletion of a user ain’t possible.
There is an existing Jira ticket [FR-42] Make it possible to fully delete a user - SonarSource
with status Unresolved.
You may push this feature request via Sonarqube productboard, see
https://portal.productboard.com/sonarsource/3-sonarqube/c/304-compliance-with-the-right-to-be-forgotten

Gilbert

Hi @Rebse,

Thanks for confirming about feature unavailability.
I have upvoted this feature via Sonarqube productboard. Any ETA to have this feature for rollout ?

In mean time, I was trying to build custom solution to remove user fully from SonarQube and thought if we can remove user profile from sonar DB and that would help to achieve our goal.

I have identified the table named “users” in sonar DB which stores all existing users (user logged in once to sonar application) related data.
I have successfully removed the entire row of concerned user from sonar DB and verified that removed user is no longer visible in sonar UI (Administration > Security > Users).

Unfortunately, we have faced weird behaviour after concerned user logged in back to sonar. It creates single entry in users table whereas we can see 3 ids of same user in sonar UI (Administration > Security > Users). I am attaching the screenshot for the reference.

Could you please help us to understand

  1. the weird behaviour of user deletion and management
  2. Any other parameters we need to take into consideration along with user profile removal from sonar DB
  3. What happens with the sonar analysis (data) performed by deleted user

Thanks,
Vaibhav Jariwala

Hi,

i’m no Sonarsourcer and have no glance when this will be implemented.
In general you should treat the Sonarqube DB as black box, otherwise you might get in trouble !
Hope you have a backup of your DB :wink:

Gilbert

Hi @Rebse ,

Thanks for your suggestion.

I would still like to hear from Sonar Support team in case we get favourable updates.
Can someone from Sonar Support team respond to above queries ?

Thanks,
Vaibhav Jariwala