which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension): Sonarqube CE Version 9.3 (build 51899)
how is SonarQube deployed: zip, Docker, Helm: zip/jar
what are you trying to achieve: users can access projects
what have you tried so far to achieve this: re-applied permission templates, removed the users from Sonarqube, deleted and manually created permission templates/groups
We have a team that has been having a lot of weird, unexpected access/permissions issues. We have verified that the team was onboarded normally and all AD groups/Sonarqube groups/permissions were created successfully - however, when any of the users try to log in/submit scans, they are unable to view the projects under this team/get an unauthorized access error. We recently upgraded from 8.9 to 9.3 and the issue persists.
We have re-applied permission templates, removed the users from Sonarqube, deleted and manually created permission templates/groups, but nothing solved the issue. This is happening to a few users on the team, as well as their Service ID - so the issue is not localized to one account. As well, many of the users on this team have access to other projects/teams in Sonarqube, and can access those without issue.
We determined the issue was due to case-sensitivity on Sonarqube’s part. In Sonarqube the groups were all capital letters, but in AD the groups were formatted LikeThis. Changing the groups in Sonarqube to match the case of the AD groups fixed the issue.
Is this intentional? I can’t think of any of the other tools we support that requires case sensitive group names for AD groups.
If not intentional can we confirm if this bug is fixed in later versions?
I’m not aware of any work on this topic or any intent to work on it. Instead, we’re moving in the direction of automatic user/group synchronization from the IDP. SonarQube 10.1 added that for GitHub, and I believe it’s already present in the LTS for SAML/Okta.