Sonar don't allow me see project settings even if I am System Administrator

Hi team,

I would like to report an issue I’m facing regarding Group Permissions vs Delegation Authentication with Sonarqube.

Version: 8.3.1 Developer
Group Sync defined as On With Azure AD

Scenario:

I have login enable with Azure AD and also Group Sync enabled. I created 2 groups on Sonarqube that maps to the same groups in Azure AD:

GroupA: Has all permissions set (system administration, quality profiles, quality gates, analyses, projects)
GroupB: Has only project analyses and create projects

When I login into sonar, it removes my user from sonar-administrator groups and add me to GroupA as expected. While logged in, I can do every administration tasks (user, groups, plugins, configs, etc). For some reason, I can’t see the “Project Settings” enabled for me when I access a project page.

Additional information:

• The projects were created by our CI system using a internal user token for sonar scanner.
• If I add myself to sonar-administrator groups I can see the “Project Settings” enabled for me again.

Does it works as expected or is indeed a bug?

Thanks

Hi team,

I’m sorry for reporting it as a bug. Now, exploring more the documentation I managed to fix my issue by adding my GroupA to the Permission Template and adding this permission template to all previously create projects.

Hi,

I’m glad you worked through this. FYI, you should have the ability to edit your initial post to re-categorize it. But I’ve taken the liberty of doing it for you.

And to expand on this topic for the sake of posterity: as you’ve found, permissions are granular. Having global admin rights does not necessarily mean you have rights on specific projects. However, if you do have global admin rights, you have access to grant yourself project rights.

 

Ann

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.