Grant users access to your Coveo Lightning components

This is for:

Developer System Administrator

You typically create and customize your Coveo components while they’re accessible only to Salesforce administrators. Once a component is ready for your production environment, you must make it accessible to the appropriate Salesforce users.

To grant users access to your Coveo Lightning components

  1. Log in to your Salesforce organization using an Administrator account.

  2. On the User menu in the upper-right corner, click Cog icon, and then select Setup.

  3. Make the Coveo Lightning components fields available to your desired profiles:

    1. In the navigation bar on the left, search for and select Field Accessibility.

      With Salesforce Lightning With Salesforce Classic

      Under Settings, select Security > Field Accessibility.

      Under App Setup, select Administer > SecurityControls > Field Accessibility.

    2. On the Field Accessibility page, select Coveo Lightning Settings.

    3. On the Field Accessibility Coveo Lightning Settings page, click View by Profiles, and then select the profile that should have access to your Coveo Lightning components.

    4. Ensure that the profile has at least Read-Only access to all fields.

    5. Repeat these steps for every profile that should have access to the Coveo Lightning components.

  4. Allow your users access to the Coveo Lightning settings:

    1. In Setup, search for and select Profiles.

      With Salesforce Lightning With Salesforce Classic

      Under Administration, select Users > Profiles.

      Under Administer, select ManageUsers > Profiles.

    2. On the Profiles page, click Edit next to the profile that should have access to your Coveo Lightning components.

    3. Under Custom Objects Permission, next to Coveo Lightning Settings, ensure that the profile has at least Read access.

    4. Repeat these steps for every profile that should have access to the Coveo Lightning components.

  5. Assign the Coveo User permission set to each user who should have access to the Coveo Lightning components (see Assign Permission Sets to a Single User).

    Important
    Important

    If you’re running a package that’s older than Coveo for Salesforce v3.43, you must first create a permission set to grant users access to the Coveo Apex Classes. Next, you must assign this permission set to the Guest User Profile. For more information, see the related Knowledge Base (KB) article.
    Note

    If you don’t grant your users access to the Coveo Lightning components, they will receive the following error when trying to view the component:

    Insufficient read access to the Coveo Lightning Configuration object

  6. (Optional) If you’ve integrated a Coveo Hosted Insight Panel component, you must create a permission set to grant users access to the HIPController and InsightTokenProvider Apex classes.

  7. (Optional) If you’ve integrated either a Coveo hosted search page in a Lightning Console app or a Coveo hosted search page in an Experience Cloud site, you must create a permission set to grant users access to the HSPController Apex class.

Grant anonymous users access to your community

You will sometimes want to have a public community that can welcome guest users. Therefore, you must ensure that guest users can access your components once they’re ready.

To enable the settings for your guest users to have access to your Coveo Lightning components, you must perform the following tasks:

Create guest user sharing rules

As of the Coveo for Salesforce v5.2 release, the HTML of your search pages is stored in the Page Content custom object. As a result, you must now create guest user sharing rules to allow guest users to access specific records in this custom object.

As a best practice, we recommend creating an allowlist of specific pages that guest users can access by adding a condition such as PageName equals '<YourPageName>', for example:

1022 create guest sharing rule

Where you replace <YourPageName> with the name of the page that you want to allow guest users to access, for example, communitySearchCoveo.

Once the guest user sharing rule has been created, it will look like this:

1022 guest sharing rule output

Edit the guest user profile

  1. Access the Salesforce Experience Builder.

  2. In the left sidebar, click gear icon to access the Settings menu.

  3. In the General tab, under Guest User Profile, click the guest user profile associated to your community.

  4. On the guest user Profile page:

    1. Scroll to the Field-Level Security section.

    2. Under Custom Field-Level Security, next to Coveo Lightning Settings, click View.

  5. On the Coveo Lightning Settings Field-Level Security for profile page, ensure that the guest user profile has at least Read Access to the Configuration and Site Name fields.

  6. Click Back to Profile to return to the guest user profile.

  7. Under Custom Object Permissions, ensure that the profile has at least Read access to the Coveo Lightning Settings.

  8. Scroll back to the top of the Profile page.

  9. In the Profile Detail section, click View Users.

  10. On the Profile page that appears, click Site Guest User.

  11. On the Site Guest User page, in the Permission Set Assignments section, click Edit Assignments.

  12. On the Permission Set Assignments page, in the Available Permission Sets list, select Coveo User and add it to the Enabled Permission Sets list.

    Important
    Important

    If you’re running a package that’s older than Coveo for Salesforce v3.43, you must first create a permission set to grant users access to the Coveo Apex Classes. Next, you must assign this permission set to the Guest User Profile. For more information, see the related Knowledge Base (KB) article.

  13. Click Save.

    The Coveo User permission is now assigned to the Guest User Profile.

Your guest users should now have access to your Coveo Lightning components in your community.

Grant access to custom objects

This section describes the permissions that must be set to leverage the Attach to Case functionality. It also describes the permissions that must be set on the Page Content object to create or edit search pages using the Coveo Interface Editor.

Important
Important

As of the Coveo for Salesforce v5 release, setting permissions for the Page Content object is now required to create or edit search pages using the Coveo Interface Editor. For more information, see What’s new in Coveo for Salesforce v5?.

Attach to Case permissions

This section describes the object and field-level permissions that must be set to leverage the Attach to Case functionality.

Object permissions

To enable service agents to leverage the Attach to Case functionality, you must set the following permissions on the Attached Results and Case Attached Results objects:

1022 object permissions attached result and case attached result
Tip
Tip

The Case Attached Results object only applies to cases where the Attached Results object applies to all other types of records.

For information on setting object permissions, see Edit Object Permissions in Profiles.

Field-level permissions

In addition to object permissions, you must also set field-level permissions for the Attached Results and Case Attached Results objects. Specifically, you must enable Read Access on all fields and Edit Access on all fields except the Created By and Last Modified By fields as follows:

1022 standard user attached results field permissions

For information on setting field-level permissions, see Set Field Permissions in Permission Sets and Profiles.

Page Content permissions

Coveo for Salesforce 5.2

This section describes the object and field-level permissions, as well as the external sharing access that must be set on the Page Content object.

Object permissions

To enable administrators to create or edit search pages using the Coveo Interface Editor, you must set the following permissions on the Page Content object:

1022 set page contents permissions

For information on setting object permissions, see Edit Object Permissions in Profiles.

Tip
Tip

The Coveo Authorized Administrator permission set that’s packaged with Coveo for Salesforce contains the required permissions to create and edit pages. To assign this permission set to a user, see Manage Permission Set Assignment.

Field-level permissions

In addition to object permissions, you must also set field-level permissions for the Page Content object. Specifically, you must enable Read Access on all fields and Edit Access on all fields except the Created By and Last Modified By fields as follows:

1022 page content field level permissions

For information on setting field-level permissions, see Set Field Permissions in Permission Sets and Profiles.

External sharing access

To allow Community users access to your search pages, you must grant them read access to the records of the Page Content custom object. To achieve that, you must ensure that the sharing access for all external users, which include all the Community-related user profiles in Salesforce such as Customer Community User or Partner Community User, is set to Public Read Only.

To specify the sharing access for external users

  1. Edit the sharing rules.

  2. Set the Default External Access value of the Page Content object to Public Read Only as follows:

    1022 external sharing access
    Tip
    Tip

    Setting the Default External Access value to Public Read Only means external users, whom you’ve granted view permission via profiles, for example, will be able to read all the Page Content records. If instead you want to grant access only to specific pages, you can create sharing rules to only share those pages.