Managing Permissions

Permissions give users the ability to perform certain operations such as analyzing projects, configuring project settings, and updating issues on projects within a SonarCloud organization of which they are a member. 

Permissions are administered by an organization administrator who has the right to grant and revoke permissions to users. The administrator is responsible for ensuring that users have the permissions that they need.

Permissions can be assigned on either an organization level or an individual project level. They can also be granted to multiple projects at once, or to a subset of a group of projects. 

The following table gives an overview of the different types of permissions that may be assigned to users at organization level and at project level for both public and private projects.

Permission TypeOrganization LevelProject LevelPublic ProjectPrivate Project
Browse*


Administer*
Administer Issues
See Source Code*


Administer Security Hotspots*
Execute Analysis
Administer Organization


Create


*users also need Browse permissions. 

Setting permissions on the UI

To administer permissions on an organizational level, go to Your Organization > Administration > Permissions

From the editing interface, you can grant or revoke permissions to users and groups:

Organization Level Permissions

To administer permissions on a project level, go to Project > Administration > Permissions. 

You can either manually grant permissions for each project to some users and groups, or apply permissions templates to projects.

Project level permissions

Permissions: Organization level

Users have to be added to an organization in order to acquire permissions. For GitHub users, this must be done on the GitHub side. Then, if any members are added or removed in the GitHub organization, the changes are made to SonarCloud either manually or, if you have selected the option within GitHub, by automatic synchronization. For other DevOps platforms, users must be added manually to the platform and then again to SonarCloud. Once a user is added, they are automatically made a regular member of an organization and are granted the set of permissions defined by the permissions template for that organization. See Managing Members.

Administrators are organization owners who have Administer Organization permissions.  Administrators can manually grant or revoke permissions at an individual user level or, in the case of large numbers, to groups of users at a group level or, apply a pre-configured permissions template to projects.

Organization owners are members of the Owner Group, who, by default have administer permissions, however, these permissions can be revoked. 

  • Administer: Allows you to perform any action on both Quality Profiles and Quality Gates.
  • Execute Analysis: Allows you to trigger an analysis and to push analysis results to the SonarCloud server.
  • Create Project: Allows you to initialize a project and configure its settings before the initial first analysis is performed.
  • Administer Organization: Allows you to perform all administrative functions for an organization.

Permissions: Project level

Permissions can also be granted or revoked on an individual project level. 

Permissions can be granted to a user or group to perform the following operations. Note that the permissions available to users depend on whether the plan in use is public or private.

Permissions for users of public projects 

  • Administer Issues: Change the type and severity of the issue; resolve issues as being "Won't Fix" or "False Positive" (users also need "Browse" permission).
  • Administer Security Hotspots: Change the status of a Security Hotspot.
  • Administer (Quality Profile and Quality Gate).
  • Execute Analysis

Permissions for users of private projects

Users of private projects can also be granted the following two permission types. 

  • Browse: Access a project; browse its measures, issues; perform some issue edits such as confirm/resolve/reopen, assignment, comment (also need "Administer Issues" permission); Browse Security Hotspots (also need "Administer Security Hotspots" permission); comment on or change the user assigned to a Security Hotspot. 
  • See Source Code: View the project's source code.

Administrators must have browse permissions for private projects. 

Permissions templates

SonarCloud comes with a default template that automatically grants a defined set of permissions to new projects in an organization. You can edit the default template and create additional templates from the editable template interface. 

To access the default template, go to Your Organization > Administration > Permission Templates > Default Permission Template. 

This takes you to the template interface which you can edit. New templates are empty, so you can adapt them to meet the needs of individual projects. 

To create a new template, go to Organization > Administration > Permission Templates and click the Create button. 

Your newly created template will then appear in the list of permission templates. 

Applying permission templates to groups of projects

To apply permissions templates to multiple projects, go to Your Organization > Administration > Projects Management. 

Permissions Templates

Select the check box for each project you want to apply the template to and then click Bulk Apply Permission Template in the top right corner. Then, choose your template from the dropdown list and click Apply

Applying permission templates to subsets of groups

If you want to apply a template to a subset of new projects in your organization, you can use a project key regular expression (the template's Project Key Pattern). By default, if a new project has a key that matches the supplied pattern, it will automatically have the template's permissions applied.

Creators permissions 

Creators is a special group that appears only in the permission template editing interface. Any permissions assigned to this group will, at the time of project creation, be granted to the single user account used to create the project. This allows SonarCloud administrators to let users autonomously create and administer (permissions) on their own projects.

Permissions and visibility in paid organizations

If you are on a paid plan organization but want to make a project public (for instance because you are developing an open-source library), you can make the change on the My Project>Administration > Permissions settings page.

If an organization is on a paid plan then, by default, you have to be a member of the organization to be able to see:

  • Projects
  • Issues
  • Quality Profiles
  • Quality Gates
  • Rules
  • Members

The administration pages are also restricted to administrators of the organization.

For more information, see Payment and visibility

Permissions and rules

The following actions are available only if you have the right permissions ("Administer Quality Profiles and Gates"):

  • Add/Remove tags
  • Extend description

For more information, see Rules.

© 2008-2022, SonarCloud by SonarSource SA. All rights reserved.