Hi - I’m trying to setup permissions for my organization and my organization has multiple groups. I was wondering what the suggested approach would be or best solution for setting up permissions so that someone in Group A cannot view, edit, delete any project, portfolio, or application level information for Group B.
The closest I found to someone suggesting something was here: Restrict users to only projects within their project template but my question is more granular.
For example, my Organization is setup like this (without getting into the SonarQube security group stuff)
my_org/
my_org/group_A
my_org/group_B
my_org/group_C
my_org/group_C/team_1
my_org/group_C/team_2
my_org/group_C/team_3
In SonarQube Enterprise, I created security groups that resemble the above structure. I also created a Portfolio and manually added the projects for “team_1” or “team_2” or “team_3” . I’m using “Portfolio” in this case as a “team_x” container.
I want to restrict Users in
my_org/group_B
from modifying projects, portfolios, or applications in
my_org/group_C,
so I thought that I would create a Portfolio to group by teams and add the projects for “team_1”, “team_2”, and “team_3” under the Portfolio as already explained previously.
What’s the best way that I can restrict users in the my_org/group_A security group from touching the objects in my_org/group_B? Can I do this with a Permission template? If yes, how do I do it?