We are using SonarQube 8.4.1 Community Edition on a huge Java project.
The users login with their Active Directory account.
The Security Hotspots at the moment cannot be reviewed by anybody. All users except my user cannot click into the big status box.
I granted the right “Administer Security Hotspots” to different users and also to the group “sonar-users”. None of this had the effect that any user got the status box clickable.
Can you tell me which rights I have to grant to enable users to review security hotspot issues?
Welcome to the community!
There’s an “Administer Security Hotspots” permission your users need. It will probably be easiest to assign this to a group rather than to individual users.
Also, since this is assigned at the project level, rather than at the global level, you probably want to consider adjusting your permission template to grant this automatically on projects created in the future. Note also that while there’s no relationship between the template and projects after creation, you can manually re-apply your adjusted template to one or more projects from Administration -> Projects -> Management.
Thanks a lot. That worked.
The permission area is falling behind the overall usability of SonarQube. From all I have seen before, I did not expect something complicated like that.
Thanks for the feedback. I guess you mean you didn’t expect a specific permission for Security Hotspots Administration? Or you don’t think the permissions application methods are sophisticated enough?
I am used to applications with users, groups and roles. Normally, when adding a right to a role, the impact on a group with the role is given immediately without any further action.
That I have to reapply the templates to a project to get the effect for existing projects, was very complicated. And I don’t really see a benefit of this “extra layer of abstraction”, which comes with templates.