Valid Privilege owner, targetDomain, and type Combinations
Valid Privilege owner, targetDomain, and type Combinations
Each Coveo REST API operation has its own set of minimum required privileges.
Whenever you perform a given REST API operation to interact with a specific Coveo organization, you must ensure that the access token you use to authenticate your API call grants you at least the minimum required privileges for that operation. Otherwise, you will likely get a 401 Unauthorized
response.
A privilege is represented by a valid combination of an owner
value (USAGE_ANALYTICS
, COVEO_ML
, PLATFORM
, or SEARCH_API
), and a targetDomain
value (REPORTS
, SOURCE
, EXECUTE_QUERY
, etc). Most privileges must also have a type
value (CREATE
, VIEW
or EDIT
).
The API keys, Groups, Sources, and Extensions domains offer the Custom access level option. This allows you to grant each API key, source, group, or extension its own access level (see API Keys Domain, Sources Domain, Groups Domain, and Extensions Domain.
The following table lists the owner
, targetDomain
, and type
value combinations which are recognized as Coveo organization privileges, and their corresponding display values in the Coveo Administration Console.
owner |
targetDomain |
type values allowed |
Administration Console Service | Administration Console Name | |
---|---|---|---|---|---|
USAGE_ANALYTICS |
ADMINISTRATE |
Analytics | Administrate | ||
USAGE_ANALYTICS |
ANALYTICS_DATA |
VIEW , EDIT
|
Analytics | Analytics data | |
USAGE_ANALYTICS |
CUSTOM_DIMENSIONS |
CREATE , VIEW , EDIT
|
Analytics | Dimensions | |
USAGE_ANALYTICS |
DELETE_USER_ANALYTICS_DATA |
Analytics | Delete user data | ||
USAGE_ANALYTICS |
EXPORTS |
CREATE , VIEW , EDIT
|
Analytics | Data exports | |
USAGE_ANALYTICS |
IMPERSONATE |
Analytics | Impersonate | ||
USAGE_ANALYTICS |
INCOHERENT_EVENTS |
VIEW |
Analytics | Incoherent events | |
USAGE_ANALYTICS |
METRIC_ALERTS |
VIEW , EDIT
|
Analytics | Metric alerts | |
USAGE_ANALYTICS |
NAMED_FILTERS |
CREATE , VIEW , EDIT
|
Analytics | Named filters | |
USAGE_ANALYTICS |
PERMISSION_FILTERS |
CREATE , VIEW , EDIT
|
Analytics | Permission filters | |
USAGE_ANALYTICS |
REPORTS |
CREATE , VIEW , EDIT
|
Analytics | Reports | |
USAGE_ANALYTICS |
VIEW_ALL_REPORTS |
Analytics | View all reports | ||
COVEO_ML |
MODELS |
CREATE , VIEW , EDIT
|
Machine learning | Models | |
PLATFORM |
FIELD |
CREATE , VIEW , EDIT
|
Content | Fields | |
PLATFORM |
INDEXING_PIPELINE_EXTENSION |
CREATE , VIEW , EDIT
|
Content | Extensions | |
PLATFORM |
LOGICAL_INDEX |
VIEW , EDIT
|
Content | Logical indexes | |
PLATFORM |
SECURITY_CACHE |
VIEW , EDIT
|
Content | Security identities | |
PLATFORM |
SECURITY_PROVIDER |
CREATE , VIEW , EDIT
|
Content | Security identity providers | |
PLATFORM |
SOURCE |
CREATE , VIEW , EDIT
|
Content | Sources | |
PLATFORM |
ACTIVITIES |
CREATE , VIEW , EDIT
|
Organization | Activities | |
PLATFORM |
API_KEY |
CREATE , VIEW , EDIT
|
Organization | Api keys | |
PLATFORM |
CRITICAL_UPDATE |
VIEW , EDIT
|
Organization | Critical updates | |
PLATFORM |
GROUP |
CREATE , VIEW , EDIT
|
Organization | Groups | |
PLATFORM |
ON_PREMISE_ADMINISTRATION |
VIEW , EDIT
|
Organization | On-premises administration | |
PLATFORM |
ORGANIZATION |
VIEW , EDIT
|
Organization | Organization | |
PLATFORM |
SAML_IDENTITY_PROVIDER |
CREATE , VIEW , EDIT
|
Organization | Single sign-on identity provider | |
PLATFORM |
SNAPSHOTS |
VIEW , EDIT
|
Organization | Snapshots | |
PLATFORM |
SUBSCRIPTION |
CREATE , VIEW , EDIT
|
Organization | Notifications | |
SEARCH_API |
AUTHENTICATION_EDITOR |
Search | Modify authentication provider | ||
SEARCH_API |
EXECUTE_QUERY |
Search | Execute queries | ||
SEARCH_API |
IMPERSONATE |
Search | Impersonate | ||
SEARCH_API |
QUERY_LOGS |
VIEW |
Search | View all raw query logs | |
SEARCH_API |
QUERY_PIPELINE |
CREATE , VIEW , EDIT
|
Search | Query pipelines | |
SEARCH_API |
SALESFORCE_AUTHENTICATION |
VIEW , EDIT
|
Search | Salesforce index configuration | |
SEARCH_API |
SEARCH_PAGES |
CREATE , VIEW , EDIT
|
Search | Search pages | |
SEARCH_API |
SEARCH_USAGE_METRICS |
VIEW , EDIT
|
Search | Search usage metrics | |
SEARCH_API |
VIEW_ALL_CONTENT |
Search | View all content |
-
An API key can’t have any of the privileges whose
targetDomain
isAPI_KEY
(i.e., API keys can’t view or edit other API keys). -
For the
ANALYTICS_DATA
targetDomain, theEDIT
type is replaced withPUSH
in the Coveo Administration Console display.