Unable to edit portfolio with LDAP user

SonarQube Server / Community Build
, , ,
1

Hello SonarQube Community,

  • which version: SonarQube 8.7.0.41497

  • how is configured my instance:

My instance of SonarQube is connected to Active Directory.
AD users are able to log-in to SonarQube with their AD account.
I have configured groups in SonarQube (same group names as in AD) with different sets of permissions for different kind of users.

Example:

SonarQube-Groups-Example
SonarQube-Groups-Example1365Ɨ203 9.47 KB

The permissions are correctly applied when the different users log-in: a user that belongs to MyGroup-Admin is able to administrate the instance, while a user that belongs to MyGroup-DevOps canā€™t.

  • what are you trying to achieve:

I log-in with an AD user that belongs to MyGroup-Admin, and I want to edit portfolios, but I canā€™t as I donā€™t see ā€œPortfolio Settingsā€ on the top.

image
image1278Ɨ231 12 KB

Whereas, if I log-in with a user that I have created in SonarQube, which has the exact same permissions as the ones set for MyGroup-Admin, and which belongs to sonar-administrators, I am able to edit portfolios as I can see and click on ā€œPortfolio Settingsā€.

SonarQube-Portfolio-Can-Edit
SonarQube-Portfolio-Can-Edit1436Ɨ248 15.3 KB

  • what have you tried so far to achieve this:

I have tried to assign the group ā€˜sonar-administratorsā€™ to the specific users that connect from AD, but it keeps on being removed when they log-in to SonarQube.

I would rather not adding ā€˜sonar-administratorsā€™ as a group in AD.

Any idea what could be the issue? Can you please help me with that?

Thank you very much!

-Guillaume

2

Hey Guillaume,

Make sure that the permission template being applied to new Portfolios contains the groups you need (MyGroup-Admin).

For existing portfolios you can reapply a permission template (Global Administration > Projects > Management and filter to Portfolios) or just add the group in the Portfolio settings while logged in with a local user belonging to sonar-administrators.

3

Brilliant! Thanks a lot Colin, I got what I wanted after updating the Permission Template.

edit: Happy Birthday Colin :birthday:

-Guillaume

1 Like
4

Hey @ggoisset i have just asked a question concerning SSO here and now i read your question/concern here ā€¦ and i think to myself:

wait, maybe Guillaume - in his setting - did find a solution how to SSO while using AD-LDAPS! :innocent:

so ā€¦ if i may ask ā€¦ did you? Are you using SSO for your users or do they have to manually enter credentials? :nerd_face:

thank you for consideration! :blush: :pray:

cheers
Daniel

5

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.