Use Sonar Embedded Authentication System or Delegate It to an External System
You can either use:
- The authentication system embedded in Sonar
- Or you can delegate this authentication management to an external system by installing and configuring one of the following plug-ins:
Sonar Embedded Authentication System
Default administrator's credentials
The default credentials for the administrator are:
- Login: admin
- Password: admin
Change your password
Log in and click on your name (the top right of the screen).
Enter the old password, the new one and confirm it:
Roles and Groups
The way the security is implemented in Sonar is pretty standard. It is possible to create as many users and groups of users as required in the system. The users can then be attached (or not) to (multiple) groups. Groups and / or Users are then given (multiple) roles. The roles give access to the various services and functionalities in Sonar.
There are 4 roles in Sonar: 1 is global, the 3 others are defined at project level:
- Global roles:
- Global Administrators: have the ability to perform all administration tasks on the Sonar instance like global configuration, customization of the home page, of the time machine, etc.
- Project roles:
- Administrators: have the ability to perform administration tasks for a project by accessing its settings
- Users: have the ability to navigate through every service of a project, except viewing source code and settings
- Code viewers: have the ability to view source code of a project
Default project roles
It is possible to configure the system so that when a new project is created, the project roles are automatically assigned to users or / and groups
Two groups have a special status in Sonar :
- "Anyone" is a group that exists in the system, but that cannot be managed. Every user belongs to this group
- "sonar-users", when it exists, is the group to which user are automatically added. It is not possible to configure the name of this default group.
Force user authentication : this is really the first question that should be answered where putting some security in place in Sonar. Can anybody browse the instance or do you need to be authenticated.
Allow users to sign up online : this means that anybody can access a form to create himself an account in the system. To be noted that after filling the form, the users should log in.