Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 30 Next »

Sonar allows you to manage security at two levels:

  • Authentication that enables users to customize their dashboards, subscribe to notifications, manage their favorites, etc.
  • Authorization that allows you to restrict access to your Sonar instance to solely logged users, restrict access to confidential projects to certain users, restrict access to code source visualization, etc.

Table of content


Use Sonar Embedded Authentication

Default administrator's credentials

The default credentials for the administrator are:

  • Login: admin
  • Password: admin


Forgot your admin's password?


See the following tutorial to reset the admin's password to admin.

Locked yourself out?


See the following tutorial to help you get back in.

Change your password

Log in and click on your name (the top right of the screen).

Enter the old password, the new one and confirm it:

Delegate Authentication to an External System

Sonar supports the delegation of authentication to the following external systems:


The way the authorization is implemented in Sonar is pretty standard. It is possible to create as many users and groups of users as required in the system. The users can then be attached (or not) to (multiple) groups. Groups and / or users are then given (multiple) roles. The roles grant access to projects, services and functionalities in Sonar.


A user is a set of basic information: login, password, name and email.

To create a new user, go to Configuration > Users > Add new user



A group is a set of users.

To create a new group, go to Configuration > Groups > Add new group:

To add/remove users to/from a group:

Special groups

Two groups have a special status in Sonar:

  • Anyone is a group that exists in the system, but that cannot be managed. Every user belongs to this group.
  • sonar-users is the group to which users are automatically added. This group can be changed through the Security Global Settings. See Global Settings for more information.



There are 4 roles in Sonar, 1 is global, the 3 others are defined at project level:

  • Global roles:
    • Global Administrators: have the ability to perform all administration tasks on the Sonar instance like global configuration, customization of the home page, of the time machine, etc.
  • Project roles:
    • Administrators: have the ability to perform administration tasks for a project by accessing its settings
    • Users: have the ability to navigate through every service of a project, except viewing source code and settings
    • Code viewers: have the ability to view source code of a project

Default project roles

It is possible to configure the system so that when a new project is created, some users/groups are automatically granted roles on this project.

In the example below, once a new project has been created:

  • All the users in the sonar-administrators group can administrate (Administrators), access the project (Users) and browse the source code (Code viewers).
  • The myAuditor user can access access the project (Users) and browse the source code (Code viewers).

Global Settings

  • Force user authentication: this is really the first question that should be answered when setting the security strategy in Sonar. Can anybody browse the Sonar instance or do you need to be authenticated?
  • Allow users to sign up online: this means that anybody can access a form to create himself an account in the system. To be noted that after filling the form, the user should log in.


To see: authorization with the LDAP Plugin

  • No labels