Required more clarification on User Token and Project analysis token in SonarQube

Hi,
I am slightly confused with the User Token and Project analysis token in SonarQube. I have the following questions.

  1. What is the difference between User Token and a Project analysis token?
  2. How to create a project-specific token and actual use of it?
  3. Is it necessary that every project has a unique token?

Hi,

A user token gives you all the permissions of the user who issued it. That means you can perform - via Web API - any action the user can do via the UI. If the user is a global admin, that user’s User Token gives you full rights to the instance.

A Project Analysis token gives you only rights to run analysis on the specific project it was generated for.

This is baked into the project onboarding wizards. And you can create one from your profile: [User avatar (top-right)] → My account → Security.
To use it, pass it as the sonar.login value in analysis for the relevant project

Not at all.

 
Ann

Thank you for the reply. So, my understanding is that a token generation of a user is standard for both a User token and a Project analysis token. If global permission is given to that token, then it’s a User token and has full access to do all actions. Whereas, if only Execute Analysis permission is given to that token for a specific project, then the Project analysis token can only analyse the project.

Hi,

Yes, I think you’ve got it.

 
Ann