Dear Community,
We would like to integrate sonarqube with an external authorization auditing system.
That other system would (only) query the “api/users/search” API.
This API currently requires the highest, “Administer System” permission. Which woud give far too much privileges for this user.
Can we restrict somehow user access (or the Administer System) only to this single API endpoint “api/users/search”?
Thanks & Regards,
Daniel
Hi,
Welcome to the community!
This feature is currently working as designed so I’ve moved your post to the New Features category. Can you share your use case a little more fully? Why does this other system need to query users?
HTH,
Ann
They want to implement a central security auditing application to collect active users (with last login date) and active group memberships from various applications used within our company. Sonar is one of them.
We would not want to give “Administer System” permissions for this user to prevent accidental or malicious changes.
Hi,
Thanks for your use case. Does this under-consideration feature seem relevant?
If so, could you vote and possibly comment on it? We haven’t decided yet whether to do it or not, so your input would be valuable.
Ann