Skip to end of metadata
Comment: Migrated to Confluence 4.0
Go to start of metadata
You are viewing an old version of this page. View the current version. Compare with Current ·  View Page History
<< Previous Version 8 Next >>

Security

Table of content

The default login / password for the administrator in Sonar admin / admin.

Changing my password

Log in, and click on my name on the top right. Enter the old password, the new one and confirm the new one.

Overview

The way security is implemented in Sonar is pretty standard. It is possible to create as many users and groups of users as required in the system. The users can then be attached (or not) to (multiple) groups. Groups and / or Users are then given (multiple) roles. The roles give access to the various services and functionality in Sonar.

Roles

There are 4 roles in Sonar, 1 is global, the 3 other are attached to a project :

  • Global Administrators : Ability to perform all administration functions for the instance: global configuration, personalization of TimeMachine and Home Page
    Warning

    Be careful not to suppress the latest administrator, otherwise, you will be locked out

  • Project Administrators : Ability to perform administration functions for a project by accessing its settings
  • Project Users : Ability to navigate through every service of a project, except viewing source code and settings
  • Project Code viewers : Ability to view source code of a project

Default project roles

It is possible to configure the system so that when a new project is created, the project roles are automatically assigned to users or / and groups

Special groups

Two groups have a special status in Sonar :

  • "Anyone" is a group that exists in the system, but that cannot be managed. Every user belongs to this group
  • "sonar-users", when it exists, is the group to which user are automatically added. It is not possible to configure the name of this default group.

Global settings



Force user authentication : this is really the first question that should be answered where putting some security in place in Sonar. Can anybody browse the instance or do you need to be authenticated.

Allow users to sign up online : this means that anybody can access a form to create himself an account in the system. To be noted that after filling the form, the users should log in.

External password management : this should be used to indicate that an external system is used for authentication

Labels
  • None