The way authorization is implemented in SonarQube is pretty standard. It is possible to create as many users and groups of users as required in the system. The users can then be attached (or not) to (multiple) groups. Groups and / or users are then given (multiple) permissions. The permissions grant access to projects, services and functionalities.

To administer groups and users, choose Administration > Security, and use the sub-menu items.

User

Multiple integrations that allow the delegation of authentication are available (see Plugin Library and Other Plugins), but you can manually create and edit users at Settings > Security > Users. For manually-created users, login and password can be set at creation, but not edited afterward by administrators. Manually-created users can edit their passwords.

During both user creation and edit, you can set an account's screen name, email address. User login and email address will be implicitly recognized by the Issue Assignment feature as SCM accounts if applicable, but you can set additional SCM accounts explicitly. 

Group

A group is a set of users.

To create a new group, go to Settings > Security> Groups > Add new group:

To add/remove users to/from a group, click the icon next to the membership total:

Two groups have a special meaning:

Global Permissions

To set global permissions, log in as a System administrator and go to Administration > Security > Global Permissions

Project Permissions

Five different permissions can be set on project-level resources (projects, views, developers):

Note that permissions are not cumulative. For instance, if you want to be able to administer the project, you also have to be granted the Browse permission to be able to access the project.

You can either manually grant permissions for each project to some users and groups or apply permission templates to projects. 

Creating permission templates

To create a new template, use the "Create" button on Administration > Security > Permission TemplatesIt is possible to provide a Project key pattern. By default, every new project matching this key pattern will be granted permissions of this template.

Default project permissions

It is possible to configure the system so that when a new project (project, view, developer) is created, some users/groups are automatically granted permissions on this project.

This is done through permission templates. Go to Settings > Project Permissions > Permission Templates > Set default templates:

Apply permission templates to projects

To apply permission templates to projects to to the Project Permissions page, Administration > Security > Project Permissions. You can  either apply a template to a specific project through the Apply Template link or do some bulk changes through the Bulk Apply Template button.


Note that there is no relation between a project and a permission template, meaning that:

FAQ

I have locked myself out

To recreate a System administrator:

INSERT INTO user_roles(user_id, role) VALUES ((select id from users where login='mylogin'), 'admin');