Access Privileges For SonarQube

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Access Privileges For SonarQube

Kyle Smith
Hi SonarQube Users and Experts,

Does anyone have any information on what rights the SonarQube application should have in the DBMS?

Should the application have full access or only be able to do certain things such as INSERT, ALTER, or UPDATE for example? It seems like a serious logical security issue to have the application have unrestricted access.

Thank-you for reading.

Reply | Threaded
Open this post in threaded view
|

Re: Access Privileges For SonarQube

willman
Indeed the application must have access to create, edit, or delete any schema object whatsoever (tables, indexes, triggers, whatever). It does not need system administrator privs.

Our first installation at my work was seriously screwed up because our anal security and database admin teams would not give our application the schema roles it required. Think of problems like poor referential integrity and missing indexes.... it wasn't pretty.

If you don't trust the application then install both the app and database in a segregated network, I guess.