This may be applicable to Data Center Edition or Enterprise Edition only.
Currently, only the users with Administer System permission can add/remove users to/from a group. We are asking for a feature for group administrators to manage users in the groups they own, so that each group can manage users in a self-service manner.
Our organization is having difficulty with SonarQube user administration. We have more than 100 groups (keep growing) and the group membership is managed by an internal helpdesk team since they are the only team with Administer System permission. Our SonarQube is LDAP integrated for authentication only. We leverage SonarQube’s native authorization feature to assign role and group to a user.
Welcome to the community!
Are you aware of the ability to synchronize group membership in SonarQube from LDAP? It seems tailor-made for your situation.
This only works for the groups that already exist in SonarQube, so you don’t have to worry about extra groups being created inappropriately in SonarQube. Son when your internal helpdesk team creates a new LDAP group, they would only need to set it up in SonarQube too, and you would be all set.
What you’ve explained wouldn’t work for us because we use LDAP for authentication, not for authorization. We are a large organization with close 200 teams and 4000 users. As long as access/authentication is in control, it is effective for each team to self-manage their own users. If we were to use LDAP for authorization, user authorization becomes central putting more workload to LDAP support. I believe this is somewhat expected scenarios for Data Center Edition in a large organization.