Permission Levels

The Permission Sets article covers how permission sets are managed by Coveo Cloud. As mentioned before, a secured item has a permission model listing the security identities that are respectively allowed and denied access to this item.

In certain secured enterprise systems, permission models consists of more than one permission set. However, in some permission models, some permission sets prevail over other permission sets. In such case, the permission model of each item consists of two or more permission levels, which in turn consist in one or more permission sets.


The typical Coveo Cloud secured search example illustrates how permissions are managed when the item permission model consists of a single permission set within a single permission level. This article covers how permission models are resolved when they contain more than one permission level.

To place the focus on item permission management, all examples in this article assume that the query made by the search page user matches the title of the desired items.

Permission levels are analyzed one at a time. So, if the first one is satisfied and the user is allowed or denied access to the item, the other levels are ignored. If a user isn’t specified in the first permission level, the analysis is inconclusive. The second level must therefore be analyzed and so on, until a level is satisfied. Then, whether the user is allowed or denied access to the item by the subsequent permission levels is irrelevant.

The following flowchart summarizes the permission sets analysis process executed for each item matching a query to determine whether the item should appear in the querying user’s search results. The process is the same as that involved in the typical Coveo Cloud secured search scenario, except that there are several permission sets and levels involved rather than a single one.


In this example, for simplification purposes, each permission level consists of only one permission set (see Permission Sets). However, depending on the enterprise system, each permission level can have a different number of permission sets.

MyCompany has chosen to index a secured enterprise system to make its content searchable via Coveo Cloud. John Smith is an administrator of this system. With this role, he can access all content, regardless of whether his security identities are allowed, denied, or unspecified in an item permission model. Therefore, in this enterprise system, the Administrators permission level prevails over the Item-Specific Permissions level.

When John Smith queries Handbook in a Coveo-powered search page, the item Employee Handbook is returned in his search results. Although none of John Smith’s security identities is specified in the Item-Specific Permissions permission level, his user security identity is specified as allowed to access Employee Handbook in the first permission level, Administrators. The second permission level, Item-Specific Permissions, is therefore ignored, and John Smith can access Employee Handbook. Similarly, if John Smith were marked as denied access in the Item-Specific Permissions permission level, he would see Employee Handbook in his search results anyway since the Administrators level prevails.

Barbara Allen, the owner of Employee Handbook, can also access this item through the Coveo-powered search page, but for a different reason. When she queries Handbook, the first permission level of this item, Administrators, is analyzed. Since Barbara Allen isn’t an administrator in this enterprise system, none of her security identities is specified in the first permission level. The next level, Item-Specific Permissions, is then analyzed. Barbara Allen’s security identity is marked as allowed to access Employee Handbook, and none of her security identities is denied access. She can therefore see this item in her search results.


However, if another user at MyCompany isn’t an administrator of the enterprise system and isn’t allowed to access the item as per the Item-Specific Permissions permission level, all level analysis are inconclusive. Since sufficient information is lacking, this user can’t see Employee Handbook in their search results when querying Handbook (see Unspecified Security Identities).

The item effective permissions, i.e., the global permissions that apply to Employee Handbook once all permission levels and sets have been analyzed, is the following:

  • Allowed users: John Smith and Barbara Allen

  • Denied users: None

What's Next for Me?