Manage temporary access

This is for:

System Administrator

When you encounter an issue with your Coveo-powered solution, you may request help from the Coveo Support team. To help you fix your issue, Coveo’s product specialists often need to access your Coveo organization to assess the problem and conduct some tests.

Coveo has high security standards and enforces the principle of least privilege whenever possible. Your product specialist and other Coveo employees may therefore need additional privileges to investigate your issue thoroughly.

Notes
  • The vast majority of issues don’t require Coveo Support to be granted administrative privileges in your Coveo organization. Coveo Support employees aren’t authorized to grant privileges to customers in a Coveo organization. If you want to be granted access to a Coveo organization, you must follow the access request workflows of your company.

  • Coveo’s security team has established which additional privileges each category of personnel can occasionally request for troubleshooting, advice, or other purposes. The temporary access request feature enforces this restricted list of additional privileges. As a result, no one can use this feature to grant themselves privileges that are unnecessary within the scope of their duties.

As an administrator, you can review the privileges Coveo employees are temporarily granted on the Temporary Access (platform-ca | platform-eu | platform-au) page.

Reviewing temporary access requests

The Temporary Access page is a list of the privilege requests that have recently been submitted by Coveo employees for your organization. It shows whether each request is active or inactive (that is, whether the employee currently has the corresponding privileges), a justification for the request, and the date on which the temporarily granted privileges will automatically be revoked.

To review the privileges associated with a request, click this request, and then click Details in the Action bar. You can also click clock to display the recent activity related to temporary access requests.

The privileges associated with an active request can be permanently revoked by clicking the request, and then clicking Revoke in the Action bar. Inactive requests can’t be reactivated.

Tip

Subscribe to notifications to receive an email whenever a new temporary access request is submitted for this organization.

Temporary access request process

The following table illustrates how the process of a temporary access request unfolds in a support case context. The Administrator is you, an administrator of this organization. The Requester is a Coveo employee that needs a certain set of privileges to access your organization and solve your issue.

Step Administrator’s perspective Requester’s perspective

1

You encounter an issue with your Coveo-powered solution. You report it to the Coveo Support team.

2

The Requester analyzes the support case and determines whether they need additional privileges to solve it. If they do, they fill a temporary access request, in which they list the required privileges.

3

Once the request is sent, the requested privileges are automatically granted.

4

Since you subscribed to notifications of new temporary access requests, you receive an email with a link to the request in the Coveo Administration Console.

5

You review the request details, which include a justification and the privileges granted. You have the option to revoke the request, for example when your issue is solved before the request expiration date.

6

The Requester uses their new privilege set to help you solve your issue.

7

On the request expiration date, the temporarily granted privileges are revoked.

8

The privilege request remains visible in the table for some time after its expiration or revocation.

Required privileges

The following table indicates the privileges required to view or revoke temporary access requests on the Temporary Access (platform-ca | platform-eu | platform-au) page (see Manage privileges and Privilege reference).

Action Service - Domain Required access level

View who at Coveo has been granted temporary access to your organization

Organization - Organization

Organization - Temporary access

View

Revoke temporarily granted privileges

Organization - Organization

View

Organization - Temporary access

Edit

Access the Activity Browser and view all organization activities

Organization - Activities

Organization - Organization

View

Important

A member with the View access level on the Activities domain can access the Activity Browser. This member can therefore see all activities taking place in the organization, including those from Coveo Administration Console pages that they can’t access.