Users unable to access projects under a specific team

aidenosi · April 17, 2023, 2:37pm

Must-share information (formatted with Markdown):

which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension): Sonarqube CE 8.9.7
how is SonarQube deployed: zip, Docker, Helm: zip/jar
what are you trying to achieve: users can access projects
what have you tried so far to achieve this: re-applied permission templates, removed the users from Sonarqube, deleted and manually created permission templates/groups

We have a team that has been having a lot of weird, unexpected access/permissions issues. We have verified that the team was onboarded normally and all AD groups/Sonarqube groups/permissions were created successfully - however, when any of the users try to log in, they are either unable to view the projects under this team or they get an unauthorized access error.

We have re-applied permission templates, removed the users from Sonarqube, deleted and manually created permission templates/groups, but nothing solved the issue. This is happening to a few users on the team, as well as their Service ID - so the issue is not localized to one account. As well, many of the users on this team have access to other projects/teams in Sonarqube, and can access those without issue.

ganncamp · April 18, 2023, 4:04pm

Hi,

Can you upgrade to 9.9 and see if this is still replicable? We’ve done a lot of work around authentication in the 9-series.

Ann

aidenosi · April 18, 2023, 6:02pm

Hi, since we’re a few version behind and have several thousand users and projects, there would be a lot of work involved to upgrade. We currently have an upgrade planned to go to 9.8, Upgrading to 9.9 would take at least two full upgrade cycles, which for us is 6-8 months. Is there anything else we can try to troubleshoot? As I said, this is only affecting a very specific set of projects.

ganncamp · April 19, 2023, 1:20pm

Hi,

I don’t understand why you would upgrade to 9.8. It’s EOL. SonarQube 9.9 LTS is essentially a hardened version of 9.8.

Can you isolate some commonalities here?

Ann

aidenosi · April 19, 2023, 1:50pm

I was mistaken - we are moving from 8.9 to 9.3 first, then from 9.3 to 9.9. This was based on the recommendation from our Sonar rep, and past experiences with moving too many versions forward at once.

As far as I can tell, the only commonality is that all projects belong to the same team, ie all start with the key U0R0:. All of our onboarding is done through an automated pipeline, and we’ve verified that all were onboarded as normal.

ganncamp · April 19, 2023, 2:07pm

Hi,

Uhm… I’m a bit stymied by this, and I don’t understand why a “Sonar rep” would advise you to move from one unsupported version to another, particularly if adding this unsupported waypoint means it will take you 6-8mo to get to a supported version.

The project key is probably a red herring. Are there commonalities among your users? Can you set the server (briefly!) to debug logging and observe what’s logged when one of these problem users logs in?

Ann