Review Item Properties

The Content Browser (platform-eu | platform-au) includes a Properties button that opens a panel allowing members of the Administrators and Content Managers built-in groups to view the selected item fields, permissions and its Quick View (see About Fields). The panel is useful for troubleshooting and ensures that items have the expected fields and values as well as the correct permissions so that restricted information can only be accessed by the authorized groups or members (see Coveo Management of Security Identities and Item Permissions).

"Fields" Tab

The Fields tab provides more information about the item (see About Fields). Each item comes with a certain number of fields that help you quickly grasp the item content.

Access the "Fields" Tab

  1. Log in to Coveo (platform-eu | platform-au) as a member of a group with the required privileges to review content in the target Coveo organization, if not already done.

  2. In the main menu on the left, under Content, select Content Browser.

  3. On the Content Browser (platform-eu | platform-au) page, select the card of the item for which you want to inspect properties, and then click Properties in the Action bar.

  4. In the panel that appears, select the Fields tab.

Open the Item in its Original System

  1. Access the "Fields" tab.

  2. In the Fields tab, in the Value column, next to fields that have clickable URIs (when defined) as values, click the link to open the item in its original system.

Review Item Fields and Field Values

The body of the Fields tab is essentially a table listing all fields defined on the item (see Access the "Fields" Tab and About Fields). The available fields vary depending on the type of source as each type comes with built-in fields, and on the user-defined and system fields selected to be displayed in result cards (see About Fields).

  • The top of the tab displays the Item Unique ID that uniquely identifies the item in the organization index.

    The Unique ID can be used when troubleshooting item permissions or fields, or when pushing items with API calls.

  • Fields column indicates the field name that was entered when creating the field, or the name of the built-in and system fields (see Manage Fields and Field Origins).

    Note

    Fields must meet the following requirements to be displayed in the column:

    • Contain a value (e.g., syslanguage is displayed only if the language of the item is recognized by Coveo).

    • Have the Displayable in results option selected in their configuration (see Add or Edit a Field).

  • Value column indicates the value for each field (see About Fields).

"Permissions" Tab

The Permissions tab helps you review which users, groups, and virtual groups are associated with a specific item, and whether those security identities are allowed or denied to view the item in search results (see Coveo Management of Security Identities and Item Permissions).

Notes

The top of the tab displays the item permission status:

  • A user must be explicitly allowed and not denied to view this item in search results.

    To view the selected item, a user must:

    • Be authenticated in the search page.

    • Have one of their security identities marked as allowed to access the item (see Basic Secured Search).

    • Have none of their security identities marked as denied to access the item.

  • All users can view this item in search results.

    This item is public (see Public Items and Anonymous Users). Users don’t have to be authenticated to view this item. Anyone that can access your search page can also access this item.

  • All users can view this item in search results, except explicitly denied users.

    This item is public (see Public Items and Anonymous Users). Users don’t have to be authenticated to view this item. Anyone that can access your search page can also access this item, except users that are explicitly marked as denied.

  • No user can currently view this item in search results. Review the Permission Details tab or contact Coveo Support to troubleshoot the issue.

    Users must be authenticated to access this item, but no permission on the item has been found.

The table contains the following columns and values:

  • Identity Provider Name

    The name of the security identity provider the Identity belongs to. You can see all identity providers on the Security Identities (platform-eu | platform-au) page (see Manage Security Identities).

  • Type

    The type of the security identity, which can be either User, Group, or Virtual Group (see Coveo Management of Security Identities and Item Permissions).

  • Identity

    The name that uniquely represents the security identity.

    Note

    @ is a group that contains all known users of the Email identity provider.

  • State

    The state of the security identity. The possible states are the following:

    State Details Action to take

    Not updated

    Security identity not updated yet.

    None. Wait for first automatic update (see Manage Security Identities). Contact Coveo Support if the update doesn’t start after a few days.

    In error

    Last update failed with an error. Relationships of the security identity are cleared (see Note).

    Check Last update result for more information, solve issue, and update security identity again (see Last update result and Manage Security Identities).

    Out of date

    Last update failed, but the security identity has previously been updated successfully.

    Check Last update result for more information, solve issue, and update security identity again (see Last update result and Manage Security Identities).

    Disabled

    Security identity may have been deleted in the corresponding indexed system. Relationships of the security identity are cleared (see Note).

    None. Security identity will be re-enabled next time Coveo encounters it.

    Up to date

    Security identity successfully updated. No issue encountered.

    None.

    Note

    Clearing the relationships of a security identity means that the security identity cache deletes the links between a security identity that’s disabled or in error and its associated parent security identities, child security identities, granted security identities, and aliases (see Security Identity Relationships). Users logging in to Coveo therefore don’t receive this additional security identity.

    For example, John Smith is a member of the Accountants and Finances Department groups. The Accountants group security identity is in error. When logging in to Coveo, John Smith receives the Finances Department group security identity as an additional security identity. However, since the relationship between his user security identity and the Accountants group security identity has been deleted, he can’t access items that the Accountants group is allowed to access, unless his user security identity or the Finances Department group security identity is also allowed to access them. John Smith’s search results are therefore the same as they would be if he was not a member of the Accountants group in the original enterprise system.

    In other words, when the most recent information regarding a security identity is lacking, Coveo doesn’t allow access to items via this identity to prevent security holes.

    Click Expand to expand an identity. In the expansion, next to the Last update date, the Last update result displays a security provider message for troubleshooting:

    Last update result Description

    Success

    Security identity successfully updated. No issue encountered.

    None

    Security identity not updated yet.

    Access denied

    Security identity provider is denied access to the enterprise system.

    Timed out

    A timeout error occurred while calling the enterprise system to update the security identity.

    Entity is invalid

    Security identity is invalid (e.g., inadequate format or configuration) or doesn’t exist in the enterprise system anymore.

    Entity is unavailable

    Security identity update failed.

    Security provider is unavailable

    Security identity provider not found.

    Security provider is unreachable

    Security identity provider can’t be reached.

    Security provider isn’t ready

    Security identity provider isn’t ready to provide the requested information. Try again later.

    Unexpected error

    An unexpected error occurred while updating the security identity. Contact Coveo Support for help.

  • Permissions

    A green check mark indicates that the specified security identity is allowed to view the item in search results (see Coveo Management of Security Identities and Item Permissions).

    A red X indicates that the specified security identity isn’t allowed to view the item in search results.

    When you select a security identity, the Browse relationships button appears in the Action bar. This button leads to the Security Identity Relationship Browser page, which lists the direct and indirect parents and children of the selected security identity in different tabs. This information is especially useful when investigating content access issues that are due to the effective permissions of an item. For details on this feature, see Browse the Relationships of an Identity.

Access the "Permissions" Tab

  1. Log in to Coveo (platform-eu | platform-au) as a member of a group with the required privileges to review the content and permissions in the target Coveo organization, if not already done.

  2. In the main menu on the left, under Content, select Content Browser.

  3. On the Content Browser (platform-eu | platform-au) page, select the card of the item for which you want to inspect properties, and then click Properties in the Action bar.

  4. In the panel that appears, select the Permissions tab.

Review the State of the Item Permissions

  1. Access the "Permissions" tab.

  2. In the Permissions tab, click the State drop-down menu, select one of the following options: All, Up to date, Not updated, Out of date, In error, or Disabled.

Note

By default, all permissions are listed regardless of their state.

Review Effective Permissions on the Item

  1. Access the "Permissions" tab.

  2. In the Permissions tab, click the Permissions drop-down menu, select one of the following options: All, Allowed, or Denied, and then ensure item permissions are accurate.

By default, all identities are listed regardless or their permissions.

  1. Access the "Permissions" tab.

  2. In the Permissions tab, at the lower right of the table, click the left and right arrow icons, or a page number to navigate through pages.

"Permission Details" Tab

The Permission Details tab shows the permission model of the item in its original system the last time the item source was refreshed. It also allows you to inspect the access rights of a specific search interface user.

A permission model is composed of one or many permission levels that each contains one or many permission sets that each contains one or many security identities (users, groups, and virtual groups). This architecture defines who will be able to view the item in the search results, which a resulting security identity list is displayed in the Permissions Tab.

Note

If you think the permission model doesn’t accurately represent the item access rights, perform a source refresh, which may resolve the issue. If the problem persists, contact Coveo Support.

The top of the table contains the following parameters and values:

  • Last Update

    Date/time of the last system permission model refresh.

    Note

    The Permission Details tab is updated each time the source of the item is refreshed (refresh, rescan or rebuild) and a content change.

  • State

    The state of the permission model, which can be either Unknown, Valid, Pending, Incomplete, In error, or Warning.

    Update result Description Action to take
    Valid Permission model updated. All identities in the permission model are valid and up to date (see State). None
    Pending Permission model not updated yet. If the permission model is still not updated after several days, contact Coveo Support for help.
    Incomplete

    Permission model updated. However:

    The effective Allowed permissions may be incomplete.

    Check the Permissions tab to determine which identities are out of date or in error (see Permissions Tab and State). If you can't see the problematic identities, contact Coveo Support.

    Warning The permission model has been updated, but at least one denied entity is out of date. The Denied effective permission list may therefore be incomplete. This issue requires immediate attention, as it can cause a security hole. Check the Permissions tab to determine which identities are out of date and solve this issue immediately. Contact Coveo Support for help.
    In error Permission model updated. However, permission level 0 contains at least one denied identity that was not successfully updated. The item won't be displayed in the search results to prevent security holes. Check the Permissions tab to determine which identities are out of date or in error (see Permissions Tab and State). If you can't see the problematic identities, contact Coveo Support.

The table lists the two components of a system permission model:

Note

When available, permission level and set names hint at the level or set origin in the item system (e.g., Sharing Permissions, Administrator Set, etc.). Otherwise, Coveo generates names in the following format:

  • Permission level

  • Permission set

  • Permission Level

    The name of the permission level that’s assigned to the item.

  • Permission Set

    The name of the permission set contained in the selected permission level that are assigned to the item.

    Note

    A permission level can contain one or more permission sets.

    Next to the permission set name, an icon (Public-Item or Lock) indicates whether this permission set allows users represented by an anonymous identity to access the item (see Permission Sets and Public Items and Anonymous Users).

    For each permission set, the table lists the following information:

    • Identity Provider Name

      The name of the security identity provider. You can see all identity providers on the Security Identities (platform-eu | platform-au) page (see Manage Security Identities).

    • Type

      The type of the security identity, which can be either User, Group, or Virtual Group.

    • Identity

      The name that uniquely represents the security identity.

      Note

      @ is a group that contains all known users of the Email identity provider.

    • State

      The state of the security identity, which can be either Up to date, Not updated, Out of date, In error, or Disabled (see State).

    • Permissions

      A green check mark indicates that the specified security identity is allowed to view the item in search results (see Coveo Management of Security Identities and Item Permissions).

      A red X indicates that the specified security identity isn’t allowed to view the item in search results.

      When you select a security identity, the Browse relationships button appears in the Action bar. This button leads to the Security Identity Relationship Browser page, which lists the direct and indirect parents and children of the selected security identity in different tabs. This information is especially useful when investigating content access issues that are due to the effective permissions of an item. For details on this feature, see Browse the Relationships of an Identity.

Access the "Permission Details" Tab

  1. Log in to Coveo (platform-eu | platform-au) as a member of a group with the required privileges to review the content and permissions in the target Coveo organization, if not already done.

  2. In the main menu on the left, under Content, select Content Browser.

  3. On the Content Browser (platform-eu | platform-au) page, select the card of the item for which you want to inspect properties, and then click Properties in the Action bar.

  4. In the panel that appears, select the Permission Details tab.

Review Permission Levels and Sets

  1. Access the "Permission Details" tab.

  2. In the Permission Details tab, in the Level column, select a permission level, and then in the Set column, select the permission set that you want to review (see Coveo Management of Security Identities and Item Permissions).

Inspect the Access Rights of a User

The Item Access Inspector is still a beta feature. Enhancements are to be expected in a future release.

The Permission details tab includes a way to search for a specific search interface user and inspect its access rights for the selected item. This tab shows whether the desired user is allowed to see the selected item in a Coveo-powered search interface, and through which permission levels, permission sets, and security identity relationships they are granted or denied access. This feature is therefore useful when troubleshooting permission issues, such as:

  • A user accessing an item they shouldn’t be able to access.

  • An item not being visible to a user when it should be.

For more information on sources that index permissions and on how Coveo handles these permissions, see Coveo Management of Security Identities and Item Permissions.

Under Email, enter the email address representing the desired user, and then click Inspect. Under Access, you should see whether the user can access this item through your search interface, according to the item’s effective permissions. Possible results are:

  • Allowed, which means that the user is allowed to access the item.

  • Denied, which indicates that the user is denied access to the item.

  • Not allowed, which means that the user is not specified in the item’s effective permissions. Therefore, Coveo won’t show the item to this user in a search interface.

  • Not found, which indicates that the provided email address is unknown to Coveo’s security identity cache. The corresponding user identity may have been recently created in your repository and not yet indexed by Coveo, or the email address you provided may be incorrect.

When the result is either Allowed or Denied, green check marks and red Xs appear in the item’s permission model to call attention to the levels, sets, and identities through which the user is allowed/denied access to the item.

In the Level column, select a permission level, and then, in the Set column, select a permission set. The right portion of the panel then displays the security identities in this set to which the user is related. Click an identity to display the full permission path, i.e., through which parent/child relationships the desired user ends up in the item’s effective permissions. See "Permission Details" Tab for details on the information presented in this section.

"Quick View" Tab

The Quick View tab helps you review item content without having to access its original system. The tab is only displayed when a preview is available for this item (see Access the "Quick View" tab).

Access the "Quick View" Tab

  1. Log in to Coveo (platform-eu | platform-au) as a member of a group with the required privileges to review content in the target Coveo organization, if not already done.

  2. In the main menu on the left, under Content, select Content Browser.

  3. On the Content Browser (platform-eu | platform-au) page, select the card of the item for which you want to inspect properties, and then click Properties in the Action bar.

  4. In the panel that appears, select the Quick View tab.

    Note

    The maximum supported item size is 10,000 bytes.

"Item JSON" Tab

The Item JSON tab shows the item properties in JSON format, which is especially useful for troubleshooting purposes.

Access the "Item JSON" Tab

  1. Log in to Coveo (platform-eu | platform-au) as a member of a group with the required privileges to review content in the target Coveo organization, if not already done.

  2. In the main menu on the left, under Content, select Content Browser.

  3. On the Content Browser (platform-eu | platform-au) page, select the card of the item for which you want to inspect properties, and then click Properties in the Action bar.

  4. In the panel that appears, select the Item JSON tab.

Search for a Keyword

The Item JSON tab content can be pretty long. Therefore, you can use the implemented search feature to easily find item properties such as field names and values.

  1. Access the "Item JSON" tab.

  2. In the Item JSON tab, fill the Search box with the desired keyword(s):

    1. Click anywhere in the JSON box.

    2. Press Ctrl-F (Windows) or cmd-F (Mac).

    3. In the Search box that appears at the top of the JSON box, type the desired keyword(s).

    OR

    In the JSON box, select the keyword(s) you want to search, and then press Ctrl-F (Windows) or cmd-F (Mac).

    The selected keyword(s) automatically appears in the Search box.

  3. Press Enter.

    When present, the keyword occurrences are highlighted with a yellow background. The box content scrolls when needed to ensure that the first keyword occurrence is visible.

  4. Repeat steps 1 and 2 to automatically scroll in the JSON box to review the other keyword occurrences.

Note

The search feature also supports regular expressions (regex).