SonarQube Service Accounts

I am using SonarQube Enterprise v8.9.

At the moment, there is only one team using this server with the possibility of this increasing in the coming days.
Does SonarQube have the concept of Service Accounts that can be created for each team to use for authentication/authorization to the server or does it only use Tokens?

If it only uses Tokens,
Is there a way to set permissions for tokens or do they automatically inherit the permissions of the user who creates them or do they just have basic permissions that are needed to carry out scans?

Hi,

While we encourage the use of service accounts, there’s nothing in SonarQube that distinguishes a service account from a regular user account. It’s just an account that’s not owned / correlated to a single individual.

And even with service accounts we encourage the use of tokens. Revoking a single, mis-used token is easier than properly managing - and changing as needed - login/password across all your projects.

 
HTH,
Ann

1 Like

Hi @ganncamp

As always, your responses leave no ambiguity whatsoever.

Thanks a lot.
This makes perfect sense.

1 Like