Hi team,
I would like to report an issue I’m facing regarding Group Permissions vs Delegation Authentication with Sonarqube.
Version: 8.3.1 Developer
Group Sync defined as On With Azure AD
Scenario:
I have login enable with Azure AD and also Group Sync enabled. I created 2 groups on Sonarqube that maps to the same groups in Azure AD:
GroupA: Has all permissions set (system administration, quality profiles, quality gates, analyses, projects)
GroupB: Has only project analyses and create projects
When I login into sonar, it removes my user from sonar-administrator groups and add me to GroupA as expected. While logged in, I can do every administration tasks (user, groups, plugins, configs, etc). For some reason, I can’t see the “Project Settings” enabled for me when I access a project page.
Additional information:
- The projects were created by our CI system using a internal user token for sonar scanner.
- If I add myself to sonar-administrator groups I can see the “Project Settings” enabled for me again.
Does it works as expected or is indeed a bug?
Thanks