---
title: Grant users access to your Coveo Lightning components
slug: '1022'
canonical_url: https://docs.coveo.com/en/1022/
collection: coveo-for-salesforce
source_format: adoc
---
# Grant users access to your Coveo Lightning components
You typically create and customize your Coveo components while they're accessible only to Salesforce administrators.
Once a component is ready for your production environment, you must make it accessible to the appropriate Salesforce users.

To grant users access to your Coveo Lightning components


. Log in to your Salesforce organization using an Administrator account.

. On the User menu in the upper-right corner, click ![Cog icon](coveo-for-salesforce/setup-cog-icon.png), and then select **Setup**.

. Make the Coveo Lightning components fields available to your desired profiles:

.. In the navigation bar on the left, search for and select **Field Accessibility**.

[%autowidth]
|===
|With Salesforce Lightning | With Salesforce Classic

|Under **Settings**, select **Security** > **Field Accessibility**.
|Under **App Setup**, select **Administer** > **SecurityControls** > **Field Accessibility**.
|===

.. On the **Field Accessibility** page, select **Coveo Lightning Settings**.

.. On the **Field Accessibility Coveo Lightning Settings** page, click **View by Profiles**, and then select the profile that should have access to your Coveo Lightning components.

.. Ensure that the profile has at least **Read-Only** access to all fields.

.. Repeat these steps for every profile that should have access to the Coveo Lightning components.

. Allow your users access to the Coveo Lightning settings:

.. In **Setup**, search for and select **Profiles**.

[%autowidth]
|===
|With Salesforce Lightning | With Salesforce Classic

|Under **Administration**, select **Users** > **Profiles**.
|Under **Administer**, select **ManageUsers** > **Profiles**.
|===

.. On the **Profiles** page, click **Edit** next to the profile that should have access to your Coveo Lightning components.

.. Under **Custom Objects Permission**, next to **Coveo Lightning Settings**, ensure that the profile has at least **Read** access.

.. Repeat these steps for every profile that should have access to the Coveo Lightning components.

. Assign the **Coveo User** permission set to each user who should have access to the Coveo Lightning components (see [Assign Permission Sets to a Single User](https://help.salesforce.com/s/articleView?id=sf.perm_sets_assigning.htm&type=5)).

> **Important**
>
> If you're running a package that's older than [Coveo for Salesforce v3.43](https://docs.coveo.com/en/1280#december-2019-maintenance-release-v343), create a permission set to grant users access to the Coveo Apex Classes. Then, assign this permission set to the **Guest User Profile**.
> For more information, see the related [Knowledge Base (KB)](++https://connect.coveo.com/s/article/5770++) article.

> **Note**
>
> If you don't grant your users access to the Coveo Lightning components, they will receive the following error when trying to view the component:
> 
> ```text
Insufficient read access to the Coveo Lightning Configuration object
```

. (Optional) If you've [integrated a Coveo Hosted Insight Panel component](https://docs.coveo.com/en/m7ed8015/), you must [create a permission set](https://help.salesforce.com/s/articleView?id=sf.perm_sets_create.htm&type=5) to grant users access to the `HIPController` and `InsightTokenProvider` Apex classes.

. (Optional) If you've integrated either a [Coveo hosted search page in a Lightning Console app](https://docs.coveo.com/en/o4b80259/) or a [Coveo hosted search page in an Experience Cloud site](https://docs.coveo.com/en/o3lb0328/), you must [create a permission set](https://help.salesforce.com/s/articleView?id=sf.perm_sets_create.htm&type=5) to grant users access to the `HSPController` Apex class.

## Grant anonymous users access to your community

You'll sometimes want to have a public community that can welcome guest users.
In such cases, you must grant guest users access your components once they're ready.

To enable the settings that let guest users access your Coveo Lightning components, perform the following tasks:

- [Control Public Access to Your Experience Builder Sites](++https://help.salesforce.com/s/articleView?id=sf.community_builder_page_access_settings.htm&type=5++)

- <<create-guest-user-sharing-rules,Create guest user sharing rules>> (Coveo for Salesforce v5.2+)

- <<edit-the-guest-user-profile,Edit the guest user profile settings>>

### Create guest user sharing rules

As of the [Coveo for Salesforce v5.2 release](https://docs.coveo.com/en/n5bj0150#august-2023-release-v5-2-initial-release), the HTML of your search pages is stored in the `Page Content` custom object.
As a result, you must now [create guest user sharing rules](https://help.salesforce.com/s/articleView?id=sf.security_sharing_rules_guest.htm&type=5) to allow guest users to access specific records in this custom object.

As a best practice, create an allowlist of specific pages that guest users can access by adding a condition such as `PageName equals '<YourPageName>'`, for example:

![Allow list example in Salesforce](https://docs.coveo.com/en/assets/images/coveo-for-salesforce/create-guest-sharing-rule.png)

Where you replace `<YourPageName>` with the name of the page that you want to allow guest users to access, for example, `communitySearchCoveo`.

Once the guest user sharing rule has been created, it will look like this:

![Guest user sharing rule example in Salesforce](https://docs.coveo.com/en/assets/images/coveo-for-salesforce/guest-sharing-rule-output.png)

### Edit the guest user profile

. [Access the Salesforce **Experience Builder**](++https://help.salesforce.com/articleView?id=community_designer_ui.htm&type=5++).

. In the left sidebar, icon:settings-interface-editor[alt=settings-interface-editor,width=16] to access the **Settings** menu.

. On the **General** tab, under **Guest User Profile**, click the guest user profile associated to your community.

. On the guest user **Profile** page:

.. Scroll to the **Field-Level Security** section.

.. Under **Custom Field-Level Security**, next to **Coveo Lightning Settings**, click **View**.

. On the **Coveo Lightning Settings Field-Level Security for profile** page, ensure that the guest user profile has at least **Read Access** to the **Configuration** and **Site Name** fields.

. Click **Back to Profile** to return to the guest user profile.

. Under **Custom Object Permissions**, ensure that the profile has at least **Read** access to the **Coveo Lightning Settings**.

. Scroll back to the top of the **Profile** page.

. In the **Profile Detail** section, click **View Users**.

. On the **Profile** page that appears, click **Site Guest User**.

. On the **Site Guest User** page, in the **Permission Set Assignments** section, click **Edit Assignments**.

. On the **Permission Set Assignments** page, in the **Available Permission Sets** list, select **Coveo User** and add it to the **Enabled Permission Sets** list.

> **Important**
>
> If you're running a package that's older than [Coveo for Salesforce v3.43](https://docs.coveo.com/en/1280#december-2019-maintenance-release-v343), create a permission set to grant users access to the Coveo Apex Classes. Then, assign this permission set to the **Guest User Profile**.
> For more information, see the related [Knowledge Base (KB)](++https://connect.coveo.com/s/article/5770++) article.

. Click **Save**.

The **Coveo User** permission is now assigned to the **Guest User Profile**.

Your guest users should now have access to your Coveo Lightning components in your community.

## Grant access to custom objects

This section describes the permissions that must be set to leverage the [Attach to Case](https://docs.coveo.com/en/2934#attach-to-case) functionality. It also describes the permissions that must be set on the [`Page Content`](#page-content-permissions) object to create or edit search pages using the [Coveo Interface Editor](https://docs.coveo.com/en/3081/).

> **Important**
>
> As of the [Coveo for Salesforce v5](https://docs.coveo.com/en/n5bj0150/) release, setting permissions for the `Page Content` object is now required to create or edit search pages using the Coveo Interface Editor.
> For more information, see [What's new in Coveo for Salesforce v5?](https://docs.coveo.com/en/n4qa0444/).

### Attach to Case permissions

This section describes the object and field-level permissions that must be set to leverage the Attach to Case functionality.

#### Object permissions

To enable service agents to leverage the [Attach to Case](https://docs.coveo.com/en/2934#attach-to-case) functionality, set the following permissions on the `Attached Results` and `Case Attached Results` objects:

![Custom object permissions for the Attached Results and the Case Attached Results objects in Salesforce](https://docs.coveo.com/en/assets/images/coveo-for-salesforce/object-permissions-attached-result-and-case-attached-result.png)

> **Tip**
>
> The `Case Attached Results` object only applies to cases where the `Attached Results` object applies to all other types of records.

For information on setting object permissions, see [Edit Object Permissions in Profiles](++https://help.salesforce.com/s/articleView?id=sf.perm_sets_object_perms_edit.htm&type=5++).

#### Field-level permissions

In addition to object permissions, you must also set field-level permissions for the `Attached Results` and `Case Attached Results` objects.
Specifically, enable **Read Access** on all fields and **Edit Access** on all fields except the `Created By` and `Last Modified By` fields as follows:

![Field-level permissions for the Attached Results and Case Attached Results objects in Salesforce](https://docs.coveo.com/en/assets/images/coveo-for-salesforce/standard-user-attached-results-field-permissions.png)

For information on setting field-level permissions, see [Set Field Permissions in Permission Sets and Profiles](++https://help.salesforce.com/s/articleView?id=sf.users_profiles_fls.htm&type=5++).

### `Page Content` permissions

> **Available since**
>
> This feature was introduced in the August 2023 release of Coveo for Salesforce version [5.2](https://docs.coveo.com/en/n5bj0150#august-2023-release-v5-2-initial-release).

This section describes the object and field-level permissions, as well as the external sharing access that must be set on the `Page Content` object.

#### Object permissions

To enable administrators to create or edit search pages using the [Coveo Interface Editor](https://docs.coveo.com/en/3081/), set the following permissions on the `Page Content` object:

![Custom object permissions for the Page Content object in Salesforce](https://docs.coveo.com/en/assets/images/coveo-for-salesforce/set-page-contents-permissions.png)

For information on setting object permissions, see [Edit Object Permissions in Profiles](++https://help.salesforce.com/s/articleView?id=sf.perm_sets_object_perms_edit.htm&type=5++).

> **Tip**
>
> The **Coveo Authorized Administrator** permission set that's packaged with Coveo for Salesforce contains the required permissions to create and edit pages.
> To assign this permission set to a user, see [Manage Permission Set Assignment](++https://help.salesforce.com/s/articleView?id=sf.perm_sets_manage_assignments.htm&type=5++).

#### Field-level permissions

In addition to object permissions, you must also set field-level permissions for the `Page Content` object.
Specifically, enable **Read Access** on all fields and **Edit Access** on all fields except the `Created By` and `Last Modified By` fields as follows:

![Field-level permissions for the Page Content object in Salesforce](https://docs.coveo.com/en/assets/images/coveo-for-salesforce/page-content-field-level-permissions.png)

For information on setting field-level permissions, see [Set Field Permissions in Permission Sets and Profiles](++https://help.salesforce.com/s/articleView?id=sf.users_profiles_fls.htm&type=5++).

#### External sharing access

To allow Community users access to your search pages, you must grant them read access to the records of the `Page Content` custom object.
To achieve that, ensure that the sharing access for all _external users_, which include all the Community-related user profiles in Salesforce such as `Customer Community User` or `Partner Community User`, is set to **Public Read Only**.

To specify the sharing access for external users

. [Edit the sharing rules](https://help.salesforce.com/s/articleView?id=sf.security_sharing_rules_edit.htm&type=5).

. Set the **Default External Access** value of the `Page Content` object to **Public Read Only** as follows:

![Page Content object with Default External Access set to Public Read Only in Salesforce](https://docs.coveo.com/en/assets/images/coveo-for-salesforce/external-sharing-access.png)

> **Tip**
>
> Setting the **Default External Access** value to **Public Read Only** means external users, whom you've granted view permission via [profiles](https://help.salesforce.com/s/articleView?id=sf.admin_userprofiles.htm&type=5), for example, will be able to read all the `Page Content` records.
> If instead you want to grant access only to specific pages, you can [create sharing rules](https://help.salesforce.com/s/articleView?id=sf.security_sharing_rules_criteria.htm&type=5) to only share those pages.