Administer issues does not work as Anyone - sonarqube

I cannot get administration of issues to be active for Anyone.
I have added the group Anyone to both browse and administer issues for the project.
Anyone can browse, but not administer issues.
It works if i create a user and add it to administer issues (when logged in as that user), but i do not want to use users at all.
I want anyone to be able to administer issues.
I tried deleting the project and created a default template with Anyone for browse and administer thinking that perhaps the setting cannot be changed for existing projects for some reason, but that did not help.
Running sonarqube 4.4
Plugins:
Checkstyle 2.1
Findbugs 3.0
Java 2.4
PMD 2.2
SCM Activity 1.8
Scm Stats 0.3.1

By definition, to do actions on issues on SQ (SonarQube), you must be authenticated because SQ needs to keep track of who did what. By default, authenticated users in SQ are part of the "sonar-users" group. So you just have to add the "sonar-users" group to the "Administer Issues" permission.

Related

How to setup project level permissions in sonar

Sonar Server 6.7.1.
I have following queries wrt how permission works in SonarQube
1. How to enable window NT authentication on sonar portal. I believe by default it is open to everybody, no authentication.
Using sonar admin account I can create the quality profiles (add/remove rules) & assign it to a project. Can I do it as project admin account as well? My use case is I have couple of projects hosted, I do not want to share admin account with each project.
I created many users and groups on sonar portal, but I could not see them under Global Permission page. How to projet administrators?
Let's say I have set of issues reported by sonar for a project. From the portal I want to mark some of the issues as "Won't fixed". What is the minimal permission required user/project admin/sonar admin to do it?
Appreciate your response on above queries.
Disable anonymous access: Disallow anonymous users to access Sonar
You need Administer Quality Gates global permission
You have to start typing username you are looking for in Search field
You need Administer Issues project permission
Please take a look at SonarQube documentation: https://docs.sonarqube.org/display/SONAR/Authorization

View list of users and groups configured for a project in Sonarqube 6.7

How to view authorized list of users and groups configured for a project in Sonarqube 6.7? (feature was there in earlier versions of Sonarqube (refer screenshots))
We have recently migrated from Sonarqube 4.5 to 6.7 and in v4.5 access for few projects were configured using template and for few it was configured directly without template. Now after migration we are facing access issue for many projects. Before applying new access template to such projects we would like to view current settings but Projects Management page list only 2 options; Restore Access and Apply Permission Template. Here we want to understand,
Current access configuration
Access configuration that Restore Access option enables
Permissions web services too is not listing any api to fetch project wise users/group configuration.
From the Project homepage, go to Administration > Permissions. There you can see the groups and individual users granted permissions on the project and update those settings.

Sonar analysis & report publishing permissions

Is it possible to restrict the publishing of new analysis on a sonar instance. My use case is I created new instance of sonar with the latest version. There are couple of projects configured with the old version. I want to make sure that no project team use old instance of sonar. At server level, is it possible to stop publishing new report.
Also what customization options sonar server gives for its home page. I want to display a custom message with Sonar 5.6 version
Atul
You seem to have stood up two different instances of SonarQube side by side. In doing so, you impose on your teams the requirement to update their CI configuration to point to the new instance.
You should instead replace the old version with the new one. See the Upgrading docs for details.

How to secure SonarQube 5.2?

The Release notes for SonarQube 5.2 indicate that scanners no longer access the database directly.
With SonarQube 5.1, it's possible to ensures that the dashboard only ever shows reports on code in version control by configuring the database to only accept connections from the build server.
With SonarQube 5.2, I wouldn't expect this approach to work, because scanners aren't connecting directly to the database.
How can SonarQube 5.2 be secured so that only the build server can update the results shown on the dashboard?
This is really straightforward:
Make sure that your build server runs SQ analyses with non-empty sonar.login and sonar.password properties
Usually, the user corresponding to this sonar.login is a technical user
In the SQ Web Administration console, go to "Security > Global Permissions" and make sure that only the user corresponding to sonar.login has the "Execute Analysis" permission
Note that this can (or I'd even say "should") be done even on versions older than 5.2.

Receiving "Not authorized" error after upgrading to SonarQube 4.2

When executing the sonar analysis using the Maven Sonar Plugin:
Without any other change, except upgrading from SonarQube 3.7 to 4.2
We receive the following error:
[ERROR] Failed to execute goal org.codehaus.mojo:sonar-maven-plugin:2.2:sonar (default- cli) on project museum-mobile: Can not execute SonarQube analysis: Not authorized. Please check the properties sonar.login and sonar.password. -> [Help 1]
Our account is still listed as "sonar-administrator", with full access to all Global Permissions: Administer Quality Profiles, Administer System, Execute Analysis, Execute Preview Analysis, Provision Projects, Share Dashboards And Filters
When we run with the default "admin" account we are able to execute the analysis.
Environment:
Windows 7 64-bit
Java JDK 1.6.0_31 and 1.7.0_25
Maven 3.0.5
sonar-maven-plugin 2.0 and 2.3
JIRA opened: MSONAR-66
If you use LDAP users in your Sonar installation, and a non-LDAP user to maven sonar plugin, this may explain the problem:
http://sonarqube.15.x6.nabble.com/cannot-login-to-sonar-using-created-user-and-ldap-td5025428.html
http://jira.codehaus.org/browse/SONAR-4543
I fixed the problem editing the sonar.properties like this:
# LDAP
sonar.security.realm=LDAP
sonar.security.localUsers=admin,jenkinsuser
ldap.url=....
I have sent 3-4 emails stating the problem and issues that we have faced. I have also sent a summary as Jared and David have mentioned.
Answers to the above comments and questions:-
Q- From which version did you upgrade ? – Simon Brandhof yesterday
-
3.7**
Q-If you upgraded from a version less than 3.7, then the account has probably not the permission "Execute Analysis". See docs.codehaus.org/display/SONAR/… – Simon Brandhof yesterday.
- We have that set to Anyone in the Groups. We have also set it to sonar-users/sonar-administrators which means access to all the users in the system.
Q-Or it means that you have activated the force authentication feature. See docs.codehaus.org/display/SONAR/Authentication. – David RACODON - SonarSource yesterday
- sonar.forceAuthentication=true is already set to true. Yes it is correct.
"upgrading from SonarQube 3.7 to 4.2" – David M. Karr yesterday
-Right.
Q-I added each of the global permissions above. The upgrade was from 3.7 (working) to 4.2 (not working). We will check the force authentication feature. Is that new to 4.2?
After reading about the feature I am not sure how it would explain why my user in the sonar-administrator group can no longer execute an analysis. – Jared yesterday
- It is set to true but it is needed and we want users to be authenticated.
Thanks,
Jitesh
For whatever reason, version 4.2 has to use the "admin" userid to execute analysis. We were able to work around this bug by doing the following:
Create a new default Administrator User and name it anything you
like. We used "sonar_admin".
For the "admin" userid, ensure that it has permissions "Execute Analysis" and if you want it to add new projects to Sonarqube "Provision Projects".
You can change the password of "admin" to whatever you like.
Ensure sonar.login and sonar.password properties are being defined within your build script, and set to the "admin" userid and password.
You just need to add below 2 properties to get it work -
sonar.login=
sonar.password=
These properties can be added in 2 ways :
1. By setting it in build.xml with sonar target
2. By setting system property using -Dsonar.login=admin -Dsonar.password=password

Resources