In an enterprise environment, a good practice would be to limit access to administration settings and project analysis data according to different members' responsibilities. Administrators should have access to everything, project managers and developers to projects they belong to, while public users could be further limited by preventing them from browsing source code.
Apart from Sonar's standard authentication mechanism, delegation to third-party systems is possible with the use of plugins. If a configured Active Directory or Atlassian's JIRA Crowd Single Sign On solution is already available, you might be interested in the following plugins, which leverage authentication functionality of the aforementioned systems:
LDAP plugin:http://docs.codehaus.org/display/SONAR/LDAP+Plugin
Crowd plugin:http://docs.codehaus.org/display/SONAR/Crowd+Plugin