Hello, my company is using Sonarqube 7.9.2 LTS, and we have a problem with permissions. We are using AAD plugin to log in and create new users, then manually assign them to additional groups if they require elevated privilege. We do NOT synchronize group membership from Active Directory.
One such group we have created is “architects”, which has all permissions except Administer. Here is a list of groups from our test instance:
GET /api/permissions/groups
{"paging":{"pageIndex":1,"pageSize":20,"total":4},"groups":[
{"name":"Anyone","permissions":["provisioning","scan"]},
{"id":"5","name":"architects","description":"Able to administer projects, but not the system itself","permissions":["gateadmin","profileadmin","provisioning","scan"]},
{"id":"1","name":"sonar-administrators","description":"System administrators","permissions":["admin","applicationcreator","gateadmin","portfoliocreator","profileadmin","provisioning","scan"]}
{"id":"2","name":"sonar-users","description":"Any new users created will automatically join this group","permissions":[]}]}
And a screenshot of the permission templates configuration page:
However, none of the users assigned to “architects” are able to Administer issues, even though their group has those permissions.
Here is an example from one of our architects, showing they have both the assigned “architects” role plus the default “sonar-users” role.
GET /api/users/groups?login=${USERID}&selected=selected
{"paging":{"pageIndex":1,"pageSize":25,"total":2},"groups":[
{"id":5,"name":"architects","description":"Able to administer projects, but not the system itself","selected":true,"default":false},
{"id":2,"name":"sonar-users","description":"Any new users created will automatically join this group","selected":true,"default":true}]}
I have tried deleting and recreating the group, plus removing and adding users, but that did not fix the issue.
Has anyone faced this issue and have any suggestions? Is there any more information that may help you?
