Restrict sonar-users group to access all the public project's source code

Hello team,

We have many public projects configured in Sonarqube. So far only internal users in our organization were accessing Sonarqube, now we want to allow few of external users who are mapped to specific project can access only those project and no other projects should be accessed.

So, we have removed all the access of sonar-users (default) group and added the external users to the sonar-users group and project specific group.

But the external users are still able to see all the public projects and they can even see the source code.

Is there any way to restrict the external users to view all other public projects ?
Or do we have to change all the public projects into private ? If we do so, what are the consequences ?


Welcome to the community!

Public means… public. As in

exposed to general view : OPEN

If you want to limit the visibility of those projects, you’ll need to make them private and manage their permissions.