Unable to edit portfolio with LDAP user

Hello SonarQube Community,

  • which version: SonarQube 8.7.0.41497

  • how is configured my instance:

My instance of SonarQube is connected to Active Directory.
AD users are able to log-in to SonarQube with their AD account.
I have configured groups in SonarQube (same group names as in AD) with different sets of permissions for different kind of users.

Example:

The permissions are correctly applied when the different users log-in: a user that belongs to MyGroup-Admin is able to administrate the instance, while a user that belongs to MyGroup-DevOps can’t.

  • what are you trying to achieve:

I log-in with an AD user that belongs to MyGroup-Admin, and I want to edit portfolios, but I can’t as I don’t see “Portfolio Settings” on the top.

Whereas, if I log-in with a user that I have created in SonarQube, which has the exact same permissions as the ones set for MyGroup-Admin, and which belongs to sonar-administrators, I am able to edit portfolios as I can see and click on “Portfolio Settings”.

  • what have you tried so far to achieve this:

I have tried to assign the group ‘sonar-administrators’ to the specific users that connect from AD, but it keeps on being removed when they log-in to SonarQube.

I would rather not adding ‘sonar-administrators’ as a group in AD.


Any idea what could be the issue? Can you please help me with that?

Thank you very much!

-Guillaume

Hey Guillaume,

Make sure that the permission template being applied to new Portfolios contains the groups you need (MyGroup-Admin).

For existing portfolios you can reapply a permission template (Global Administration > Projects > Management and filter to Portfolios) or just add the group in the Portfolio settings while logged in with a local user belonging to sonar-administrators.

Brilliant! Thanks a lot Colin, I got what I wanted after updating the Permission Template.

edit: Happy Birthday Colin :birthday:

-Guillaume

1 Like

Hey @ggoisset i have just asked a question concerning SSO here and now i read your question/concern here … and i think to myself:

wait, maybe Guillaume - in his setting - did find a solution how to SSO while using AD-LDAPS! :innocent:

so … if i may ask … did you? Are you using SSO for your users or do they have to manually enter credentials? :nerd_face:

thank you for consideration! :blush: :pray:

cheers
Daniel

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.