Valid Privilege owner, targetDomain, and type Combinations

Each Coveo Platform REST API operation has its own set of minimum required privileges.

Whenever you perform a given REST API operation to interact with a specific Coveo Cloud organization, you must ensure that the access token you use to authenticate your API call grants you at least the minimum required privileges for that operation. Otherwise, you’ll likely get a 401 Unauthorized response.

A privilege is represented by a valid combination of an owner value (USAGE_ANALYTICS, COVEO_ML, PLATFORM, or SEARCH_API), and a targetDomain value (REPORTS, SOURCE, EXECUTE_QUERY, etc). Most privileges must also have a type value (CREATE, VIEW or EDIT).

The API keys, Groups, Sources, and Extensions domains offer the Custom access level option. This allows you to grant each API key, source, group, or extension its own access level (see API Keys Domain, Sources Domain, Groups Domain, and Extensions Domain.

The following table lists the owner, targetDomain, and type value combinations which are recognized as Coveo Cloud organization privileges, and their corresponding display values in the Coveo Cloud Administration Console.

owner targetDomain type values allowed Administration Console Service Administration Console Name
USAGE_ANALYTICS ADMINISTRATE   Analytics Administrate
USAGE_ANALYTICS ANALYTICS_DATA VIEW, EDIT Analytics Analytics data
USAGE_ANALYTICS CUSTOM_DIMENSIONS CREATE, VIEW, EDIT Analytics Dimensions
USAGE_ANALYTICS DELETE_USER_ANALYTICS_DATA   Analytics Delete user data
USAGE_ANALYTICS EXPORTS CREATE, VIEW, EDIT Analytics Data exports
USAGE_ANALYTICS IMPERSONATE   Analytics Impersonate
USAGE_ANALYTICS INCOHERENT_EVENTS VIEW Analytics Incoherent events
USAGE_ANALYTICS METRIC_ALERTS VIEW, EDIT Analytics Metric alerts
USAGE_ANALYTICS NAMED_FILTERS CREATE, VIEW, EDIT Analytics Named filters
USAGE_ANALYTICS PERMISSION_FILTERS CREATE, VIEW, EDIT Analytics Permission filters
USAGE_ANALYTICS QUERY_SUGGEST   Analytics Suggest queries
USAGE_ANALYTICS REPORTS CREATE, VIEW, EDIT Analytics Reports
USAGE_ANALYTICS VIEW_ALL_REPORTS   Analytics View all reports
COVEO_ML MODELS CREATE, VIEW, EDIT Machine learning Models
PLATFORM FIELD CREATE, VIEW, EDIT Content Fields
PLATFORM INDEXING_PIPELINE_EXTENSION CREATE, VIEW, EDIT Content Extensions
PLATFORM LOGICAL_INDEX VIEW, EDIT Content Logical indexes
PLATFORM SECURITY_CACHE VIEW, EDIT Content Security identities
PLATFORM SECURITY_PROVIDER CREATE, VIEW, EDIT Content Security identity providers
PLATFORM SOURCE CREATE, VIEW, EDIT Content Sources
PLATFORM ACTIVITIES CREATE, VIEW, EDIT Organization Activities
PLATFORM API_KEY CREATE, VIEW, EDIT Organization Api keys
PLATFORM CRITICAL_UPDATE VIEW, EDIT Organization Critical updates
PLATFORM GROUP CREATE, VIEW, EDIT Organization Groups
PLATFORM INDEX VIEW, EDIT Organization Elasticsearch indexes
PLATFORM ON_PREMISE_ADMINISTRATION VIEW, EDIT Organization On-premises administration
PLATFORM ORGANIZATION VIEW, EDIT Organization Organization
PLATFORM SAML_IDENTITY_PROVIDER CREATE, VIEW, EDIT Organization Single sign-on identity provider
PLATFORM SNAPSHOTS VIEW, EDIT Organization Snapshots
PLATFORM SUBSCRIPTION CREATE, VIEW, EDIT Organization Notifications
SEARCH_API AUTHENTICATION_EDITOR   Search Modify authentication provider
SEARCH_API EXECUTE_QUERY   Search Execute queries
SEARCH_API IMPERSONATE   Search Impersonate
SEARCH_API QUERY_LOGS VIEW Search View all raw query logs
SEARCH_API QUERY_PIPELINE CREATE, VIEW, EDIT Search Query pipelines
SEARCH_API SALESFORCE_AUTHENTICATION VIEW, EDIT Search Salesforce index configuration
SEARCH_API SEARCH_PAGES CREATE, VIEW, EDIT Search Search pages
SEARCH_API SEARCH_USAGE_METRICS VIEW, EDIT Search Search usage metrics
SEARCH_API VIEW_ALL_CONTENT   Search View all content
  • An API key can’t have any of the privileges whose targetDomain is API_KEY (i.e., API keys can’t view or edit other API keys).

  • For the ANALYTICS_DATA targetDomain, the EDIT type is replaced by PUSH in the Coveo Cloud Administration Console display.

Recommended Articles