Valid Privilege owner, targetDomain, and type Combinations

Manage an Organization Coveo Relevance Cloud System Administrator Product Documentation
In this article

Each Coveo REST API operation has its own set of minimum required privileges.

Whenever you perform a given REST API operation to interact with a specific Coveo organization, you must ensure that the access token you use to authenticate your API call grants you at least the minimum required privileges for that operation. Otherwise, you will likely get a 401 Unauthorized response.

A privilege is represented by a valid combination of an owner value (USAGE_ANALYTICS, COVEO_ML, PLATFORM, or SEARCH_API), and a targetDomain value (REPORTS, SOURCE, EXECUTE_QUERY, etc). Most privileges must also have a type value (CREATE, VIEW or EDIT).

The API keys, Groups, Sources, and Extensions domains offer the Custom access level option. This allows you to grant each API key, source, group, or extension its own access level (see API Keys Domain, Sources Domain, Groups Domain, and Extensions Domain.

The following table lists the owner, targetDomain, and type value combinations which are recognized as Coveo organization privileges, and their corresponding display values in the Coveo Administration Console.

owner targetDomain type values allowed Administration Console Service Administration Console Name  
USAGE_ANALYTICS ADMINISTRATE   Analytics Administrate  
USAGE_ANALYTICS ANALYTICS_DATA VIEW, EDIT Analytics Analytics data  
USAGE_ANALYTICS CUSTOM_DIMENSIONS CREATE, VIEW, EDIT Analytics Dimensions  
USAGE_ANALYTICS DELETE_USER_ANALYTICS_DATA   Analytics Delete user data  
USAGE_ANALYTICS EXPORTS CREATE, VIEW, EDIT Analytics Data exports  
USAGE_ANALYTICS IMPERSONATE   Analytics Impersonate  
USAGE_ANALYTICS INCOHERENT_EVENTS VIEW Analytics Incoherent events  
USAGE_ANALYTICS METRIC_ALERTS VIEW, EDIT Analytics Metric alerts  
USAGE_ANALYTICS NAMED_FILTERS CREATE, VIEW, EDIT Analytics Named filters  
USAGE_ANALYTICS PERMISSION_FILTERS CREATE, VIEW, EDIT Analytics Permission filters  
USAGE_ANALYTICS REPORTS CREATE, VIEW, EDIT Analytics Reports  
USAGE_ANALYTICS VIEW_ALL_REPORTS   Analytics View all reports  
COVEO_ML MODELS CREATE, VIEW, EDIT Machine learning Models  
PLATFORM FIELD CREATE, VIEW, EDIT Content Fields  
PLATFORM INDEXING_PIPELINE_EXTENSION CREATE, VIEW, EDIT Content Extensions  
PLATFORM LOGICAL_INDEX VIEW, EDIT Content Logical indexes  
PLATFORM SECURITY_CACHE VIEW, EDIT Content Security identities  
PLATFORM SECURITY_PROVIDER CREATE, VIEW, EDIT Content Security identity providers  
PLATFORM SOURCE CREATE, VIEW, EDIT Content Sources  
PLATFORM ACTIVITIES CREATE, VIEW, EDIT Organization Activities  
PLATFORM API_KEY CREATE, VIEW, EDIT Organization Api keys  
PLATFORM CRITICAL_UPDATE VIEW, EDIT Organization Critical updates  
PLATFORM GROUP CREATE, VIEW, EDIT Organization Groups  
PLATFORM ON_PREMISE_ADMINISTRATION VIEW, EDIT Organization On-premises administration  
PLATFORM ORGANIZATION VIEW, EDIT Organization Organization  
PLATFORM SAML_IDENTITY_PROVIDER CREATE, VIEW, EDIT Organization Single sign-on identity provider  
PLATFORM SNAPSHOTS VIEW, EDIT Organization Snapshots  
PLATFORM SUBSCRIPTION CREATE, VIEW, EDIT Organization Notifications  
SEARCH_API AUTHENTICATION_EDITOR   Search Modify authentication provider  
SEARCH_API EXECUTE_QUERY   Search Execute queries  
SEARCH_API IMPERSONATE   Search Impersonate  
SEARCH_API QUERY_LOGS VIEW Search View all raw query logs  
SEARCH_API QUERY_PIPELINE CREATE, VIEW, EDIT Search Query pipelines  
SEARCH_API SALESFORCE_AUTHENTICATION VIEW, EDIT Search Salesforce index configuration  
SEARCH_API SEARCH_PAGES CREATE, VIEW, EDIT Search Search pages  
SEARCH_API SEARCH_USAGE_METRICS VIEW, EDIT Search Search usage metrics  
SEARCH_API VIEW_ALL_CONTENT   Search View all content  

  • An API key can’t have any of the privileges whose targetDomain is API_KEY (i.e., API keys can’t view or edit other API keys).

  • For the ANALYTICS_DATA targetDomain, the EDIT type is replaced with PUSH in the Coveo Administration Console display.