Sonar Server 6.7.1.
I have following queries wrt how permission works in SonarQube
1. How to enable window NT authentication on sonar portal. I believe by default it is open to everybody, no authentication.
Using sonar admin account I can create the quality profiles (add/remove rules) & assign it to a project. Can I do it as project admin account as well? My use case is I have couple of projects hosted, I do not want to share admin account with each project.
I created many users and groups on sonar portal, but I could not see them under Global Permission page. How to projet administrators?
Let's say I have set of issues reported by sonar for a project. From the portal I want to mark some of the issues as "Won't fixed". What is the minimal permission required user/project admin/sonar admin to do it?
Appreciate your response on above queries.
Disable anonymous access: Disallow anonymous users to access Sonar
You need Administer Quality Gates global permission
You have to start typing username you are looking for in Search field
You need Administer Issues project permission
Please take a look at SonarQube documentation: https://docs.sonarqube.org/display/SONAR/Authorization
Related
We configured our Jenkins to use the AD using LDAP plugin and AD plugin (Both), for most of the users the Jenkins then works very slow (Sometimes login or opening new link takes few minutes) while some have reasonable performance.
I checked using the /whoAmI option, and found that a user with good performance was connected to "Domain users" group, while a user with bad performance was instead connected to "authenticated" group (Which does not exist on the AD).
Both users are on the "Domain users" group in AD, but Jenkins does not recognize it on the users with slow performance. (And it identified the "authenticated" group which does not exist in AD, and does not appear with the user with good performance).
Any ideas?
Thanks in advance!!!!
Finally the answer was in another link of cloudbees-
https://support.cloudbees.com/hc/en-us/articles/218625237-How-to-diagnose-AD-integration-problems-
Issue number 1- Jenkins should use global catalog (ports 3268/3269) and not LDAP catalog (ports 389/636), after I switched to global catalog problems were resolved
How to view authorized list of users and groups configured for a project in Sonarqube 6.7? (feature was there in earlier versions of Sonarqube (refer screenshots))
We have recently migrated from Sonarqube 4.5 to 6.7 and in v4.5 access for few projects were configured using template and for few it was configured directly without template. Now after migration we are facing access issue for many projects. Before applying new access template to such projects we would like to view current settings but Projects Management page list only 2 options; Restore Access and Apply Permission Template. Here we want to understand,
Current access configuration
Access configuration that Restore Access option enables
Permissions web services too is not listing any api to fetch project wise users/group configuration.
From the Project homepage, go to Administration > Permissions. There you can see the groups and individual users granted permissions on the project and update those settings.
I am new to SonarQube and trying to setup up a proper access control, with requirements as follows:
We have a few project areas, each area should have someone able to
manage their area, such as creating new projects and manage the
boards, not sure exactly what. This is something like project area
administrators.
A few administrators can do anything.
Integrate to AD
A few questions:
In a few places like this link: http://www.sonarsource.com/products/features/security/, I see this role based method, but I can't find these default roles, "SonarSource products come with three project-specific roles – project administrators, project users and project code viewers" anywhere in the system. Right now, I am using the community edition I guess without a license. Is there any more detailed document on that?
I kind of understand the default Global Permissions and Project Permissions. In my case, shall I create e.g. three groups in AD, sonar-administrators,sonar-project-administrators, sonar-users to map to the default groups?
I notice the following: right now I don't have the above AD groups, when I integrate to AD, I can login with my domain id/password, but once logout/in, the group information I added to the local user gone. I guess it sych with AD. So to use AD, I have to create these groups in AD?
Jirong
Access control in SonarQube is managed through Global Permissions and Project Permissions. Each permission can be granted to user(s) and/or to group(s). The documentation you pointed at is quite outdated, read the Authorization page for the most up to date details.
AD/LDAP integration is a different topic, documented here. With group mapping, group membership stays managed in AD but will be replicated in SonarQube when users log in (the AD groups must first be created in SonarQube with the same name).
To your example: if AD users belonging to group foo deserve to administer your SonarQube, just create group foo in SonarQube, and (in the Global Permissions settings) give Administer System permission to group foo.
The Release notes for SonarQube 5.2 indicate that scanners no longer access the database directly.
With SonarQube 5.1, it's possible to ensures that the dashboard only ever shows reports on code in version control by configuring the database to only accept connections from the build server.
With SonarQube 5.2, I wouldn't expect this approach to work, because scanners aren't connecting directly to the database.
How can SonarQube 5.2 be secured so that only the build server can update the results shown on the dashboard?
This is really straightforward:
Make sure that your build server runs SQ analyses with non-empty sonar.login and sonar.password properties
Usually, the user corresponding to this sonar.login is a technical user
In the SQ Web Administration console, go to "Security > Global Permissions" and make sure that only the user corresponding to sonar.login has the "Execute Analysis" permission
Note that this can (or I'd even say "should") be done even on versions older than 5.2.
I cannot get administration of issues to be active for Anyone.
I have added the group Anyone to both browse and administer issues for the project.
Anyone can browse, but not administer issues.
It works if i create a user and add it to administer issues (when logged in as that user), but i do not want to use users at all.
I want anyone to be able to administer issues.
I tried deleting the project and created a default template with Anyone for browse and administer thinking that perhaps the setting cannot be changed for existing projects for some reason, but that did not help.
Running sonarqube 4.4
Plugins:
Checkstyle 2.1
Findbugs 3.0
Java 2.4
PMD 2.2
SCM Activity 1.8
Scm Stats 0.3.1
By definition, to do actions on issues on SQ (SonarQube), you must be authenticated because SQ needs to keep track of who did what. By default, authenticated users in SQ are part of the "sonar-users" group. So you just have to add the "sonar-users" group to the "Administer Issues" permission.