- Secure a Sonar instance by forcing login prior to access to any page
- Make a given project non accessible to anonymous
- Allow access to source code (Code Viewer) to a given set of users
- Restrict access to a project to a given group of users
- Define who can administer a project (setting exclusion patterns, tunning tuning plugins configuration for that project, …)
- Define who can administer a Sonar instance
Enter the old password, the new one and confirm it:
When the LDAP plugin is installed and activated, it is no longer possible for users to change their password. Then, only system administrators can do so through Settings > Security > Users.
The way authorization is implemented in Sonar is pretty standard. It is possible to create as many users and groups of users as required in the system. The users can then be attached (or not) to (multiple) groups. Groups and / or users are then given (multiple) roles. The roles grant access to projects, services and functionalities in Sonar.
- Anyone is a group that exists in the system, but that cannot be managed. Every user belongs to this group.
- sonar-users is the group to which users are automatically added. This group can be changed through the Security Global Settings. See Global Security Settings, property sonar.defaultGroup for more information.
Default user group: any new user created will automatically join this group.
Force user authentication: this is really the first question that should be answered when setting the security strategy in Sonar. Can anybody browse the Sonar instance or do you need to be authenticated?
- Allow users to sign up online: this means that anybody can access a form to create himself an account in the system. Note that after filling up the form, the user should log in.
Import sources: if set to false, source code will not be accessible for any user, to restrict access to source code for some users only, see Code viewers role.
Delegation to an External System