Grant users access to your Coveo Lightning components

This is for:

Developer System Administrator

You typically create and customize your Coveo Lightning components while they’re accessible only to Salesforce administrators. Once components are ready for your production environment, you must make them accessible to the appropriate Salesforce users. This article describes how to grant authenticated and anonymous users access to your Coveo Lightning components.

Authenticated user access

Authenticated users are those who require login credentials to access your Coveo-powered search experiences. This section describes how to grant authenticated users access to Coveo Lightning components in your Lightning Console apps and Experience Cloud sites. It also describes the permissions that must be set on custom objects to leverage key features of the Coveo for Salesforce package.

Before you begin, ensure you have:

  • A Salesforce administrator account to perform the necessary configuration in Salesforce Setup.

  • Identified the profiles who require access to your Coveo Lightning components (for example, Customer Community User).

  • Identified the users who must be assigned the Coveo User permission set to access your Coveo Lightning components (for example, Alex Smith)

Grant authenticated users access to Coveo Lightning components

  1. Log in to your Salesforce organization using an administrator account.

  2. In the upper-right corner, click Cog icon, and then select Setup.

  3. Make the Coveo Lightning component fields accessible to the appropriate profiles:

    1. In the navigation bar on the left, search for and select Field Accessibility.

      With Salesforce Lightning With Salesforce Classic

      Under Settings, select Security > Field Accessibility.

      Under App Setup, select Administer > SecurityControls > Field Accessibility.

    2. On the Field Accessibility page, click Coveo Lightning Settings.

    3. On the Coveo Lightning Settings page, click View by Profiles, and then select the profile that requires access to your Coveo Lightning components.

    4. Ensure the profile has Read-Only access to all fields.

    5. Repeat the previous two substeps for each profile that requires access to your Coveo Lightning components.

  4. Ensure the Coveo Lightning Settings custom object is accessible to each profile that requires access to your Coveo Lightning components:

    1. In Setup, search for and select Profiles.

      With Salesforce Lightning With Salesforce Classic

      Under Administration, select Users > Profiles.

      Under Administer, select ManageUsers > Profiles.

    2. On the Profiles page, click Edit next to the profile that requires access to your Coveo Lightning components.

    3. Under Custom Object Permissions, ensure the selected profile has Read access to the Coveo Lightning Settings custom object.

    4. Repeat the previous two substeps for each profile that requires access to your Coveo Lightning components.

  5. Assign the Coveo User permission set to each user who requires access to your Coveo Lightning components (see Assign Permission Sets to a Single User).

    Note

    If you don’t grant users access to your Coveo Lightning components, the following error message will be displayed when they try to view a component:

    Insufficient read access to the Coveo Lightning Configuration object

  6. (Optional) If you’ve integrated a Coveo Hosted Insight Panel component, you must create a permission set to grant users access to the HIPController and InsightTokenProvider Apex classes.

  7. (Optional) If you’ve integrated either a Coveo hosted search page in a Lightning Console app or a Coveo hosted search page in an Experience Cloud site, you must create a permission set to grant users access to the HSPController Apex class.

Grant access to custom objects

Use this section only if you plan to use one or both of the following features:

This section describes the required object and field-level permissions for these features.

Attach to Case permissions

This section describes the object and field-level permissions that must be set to leverage the Attach to Case functionality.

Object permissions

To enable service agents to leverage the Attach to Case functionality, set the following permissions on the Attached Results and Case Attached Results objects:

Custom object permissions for the Attached Results and the Case Attached Results objects in Salesforce
Tip

The Case Attached Results object applies only to cases, whereas the Attached Results object applies to all other types of records.

For information on setting object permissions, see Edit Object Permissions in Profiles.

Field-level permissions

In addition to object permissions, you must also set field-level permissions for the Attached Results and Case Attached Results objects. Specifically, enable Read Access on all fields and Edit Access on all fields except the Created By and Last Modified By fields as follows:

Field-level permissions for the Attached Results and Case Attached Results objects in Salesforce

For information on setting field-level permissions, see Set Field Permissions in Permission Sets and Profiles.

Page Content permissions

Available since

This feature was introduced in the August 2023 release of Coveo for Salesforce version 5.2.

This section describes the object and field-level permissions that must be set on the Page Content object. For information on how to specify sharing access for external users, see Set external sharing access.

Object permissions

To enable administrators to create or edit search pages using the Coveo Interface Editor, set the following permissions on the Page Content object:

Custom object permissions for the Page Content object in Salesforce

For information on setting object permissions, see Edit Object Permissions in Profiles.

Tip

The Coveo Authorized Administrator permission set that’s packaged with Coveo for Salesforce contains the required permissions to create and edit pages. To assign this permission set to a user, see Manage Permission Set Assignment.
Field-level permissions

In addition to object permissions, you must also set field-level permissions for the Page Content object. Specifically, enable Read Access on all fields and Edit Access on all fields except the Created By and Last Modified By fields as follows:

Field-level permissions for the Page Content object in Salesforce

For information on setting field-level permissions, see Set Field Permissions in Permission Sets and Profiles.

Anonymous user access

Anonymous users, also called guest users, are those who can access your public-facing Experience Cloud site and search pages without login credentials. This section describes how to grant guest users access to the Coveo Lightning components in your Experience Cloud site.

Grant guest users access to Coveo Lightning components

To grant guest users access to the Coveo Lightning components in your Experience Cloud site, you must:

  1. Control Public Access to Your Experience Builder Sites

  2. (Coveo for Salesforce v5.2+) Choose one of the following access models for the Page Content object records in your Experience Cloud site:

    • (Recommended) Restricted access to specific pages: Create guest user sharing rules to allowlist only the pages you want to expose. This is the most secure option with the highest level of control over the pages you want to expose to guest users.

    • Public access to all pages: Set external sharing access to Public Read Only for all guest users. This option is simpler to set up but less secure as it allows guest users to access all pages, including those you might not want to expose.

  3. Edit the guest user profile settings

  4. Validate guest user access

Create guest user sharing rules

Important

Use this option when you want to restrict guest access to specific pages by creating sharing rules with criteria that allowlist specific pages.

As of the Coveo for Salesforce v5.2 release, the HTML of your search pages is stored in the Page Content custom object. As a result, you must now create guest user sharing rules to allow guest users to access specific records in this custom object.

As a best practice, create an allowlist of specific pages that guest users can access by adding a condition such as PageName equals '<YourPageName>', for example:

Allowlist example showing Page Content sharing rule criteria in Salesforce

Where you replace <YourPageName> with the name of the page that you want to allow guest users to access, for example, communitySearchCoveo.

After you create the guest user sharing rule, it looks as follows:

Guest user sharing rule example in Salesforce

Set external sharing access

Important

Use this option if you want all guest users to read all Page Content records.

To access your search pages, Experience Cloud site users must be granted read access to the records of the Page Content custom object. That means the sharing access for all external users must be set to Public Read Only.

Tip

External users include all the Community-related user profiles in Salesforce, such as Customer Community User or Partner Community User.

To specify the sharing access for external users

  1. Edit the sharing rules.

  2. Set the Default External Access value of the Page Content object to Public Read Only as follows:

    Page Content object with Default External Access set to Public Read Only in Salesforce
    Tip

    Setting the Default External Access value to Public Read Only means external users, whom you’ve granted view permission via profiles, for example, will be able to read all the Page Content records. If instead you want to grant access only to specific pages, you can create sharing rules to only share those pages.

Edit the guest user profile

  1. Access the Salesforce Experience Builder.

  2. In the left sidebar, click settings-interface-editor to access the Settings menu.

  3. On the General tab, under Guest User Profile, click the guest user profile associated with your Experience Cloud site.

  4. On the guest user Profile page:

    1. Scroll to the Field-Level Security section.

    2. Under Custom Field-Level Security, next to Coveo Lightning Settings, click View.

  5. On the Coveo Lightning Settings Field-Level Security for profile page, ensure that the guest user profile has Read access to the Configuration and Site Name fields.

  6. Click Back to Profile to return to the guest user profile.

  7. Under Custom Object Permissions, ensure that the profile has Read access to the Coveo Lightning Settings.

  8. Scroll back to the top of the Profile page.

  9. In the Profile Detail section, click View Users.

  10. On the Profile page that appears, click Site Guest User.

  11. On the Site Guest User page, in the Permission Set Assignments section, click Edit Assignments.

  12. On the Permission Set Assignments page, in the Available Permission Sets list, select Coveo User and add it to the Enabled Permission Sets list.

  13. Click Save.

    The Coveo User permission is now assigned to the Guest User Profile.

Guest users now have access to the Coveo Lightning components in your Experience Cloud site.

Validate guest user access

  1. Open your Experience Cloud site in an incognito or private browsing window.

  2. Navigate to the pages where your Coveo Lightning components are embedded.

  3. Confirm that you can see the components and interact with them as expected.