SonarQube Enterprise Edition: Suggested approach for assigning permissions for different orgs/groups

Hi - I’m trying to setup permissions for my organization and my organization has multiple groups. I was wondering what the suggested approach would be or best solution for setting up permissions so that someone in Group A cannot view, edit, delete any project, portfolio, or application level information for Group B.

The closest I found to someone suggesting something was here: Restrict users to only projects within their project template but my question is more granular.

For example, my Organization is setup like this (without getting into the SonarQube security group stuff)




In SonarQube Enterprise, I created security groups that resemble the above structure. I also created a Portfolio and manually added the projects for “team_1” or “team_2” or “team_3” . I’m using “Portfolio” in this case as a “team_x” container.

I want to restrict Users in


from modifying projects, portfolios, or applications in


so I thought that I would create a Portfolio to group by teams and add the projects for “team_1”, “team_2”, and “team_3” under the Portfolio as already explained previously.

What’s the best way that I can restrict users in the my_org/group_A security group from touching the objects in my_org/group_B? Can I do this with a Permission template? If yes, how do I do it?


Welcome to the community!

Portfolios have nothing to do with the security of / access to projects.

Perhaps that becomes obvious when I point out that I can add Project1 to the group_A portfolio and the group_B portfolio and the group_C portfolio.

Ideally, you’ll be easily able to identify the projects belonging to each group from their projects’ ids. Then you can set up permission templates with a project key regex that matches that group’s projects and grants permissions accordingly.


Okay, thank you. Let me try to implement your suggestion.