Coveo Cloud V2 Management of Security Identities and Item Permissions

Many enterprise systems are secured, meaning that users must authenticate to access the system and have the appropriate permissions to retrieve a specific item in the system. Each secured enterprise system type has its own permission model, i.e., a set of rules determining who can access an item.

Coveo Cloud can fully respect the permission model of each of its supported content sources, thus ensuring that every search result is returned only to the search users allowed to access it. To achieve this level of protection, Coveo Cloud crawlers use an early-binding permission retrieval method to import item permissions at crawling time (see Coveo Cloud V2 Indexing Pipeline). Thanks to the early-binding method, permissions are extracted at the same moment item data is retrieved, meaning that every piece of information is correctly protected. Furthermore, the fact that Coveo Cloud uses early binding to retrieve item permissions favors search performance since items for which specific users do not have access are filtered out before their queries, which is not the case for systems that use other permission retrieval methods.

This series of articles provides an overview of the permission management within Coveo Cloud, as well as a glossary of the most important related terms (see Glossary).

To place the focus on item permission management, all the examples in this series of articles assume that the query made by the search page user matches the title of the desired items.

Documentation Subdivision

The identity and permission management articles are divided as follows. Readers are advised to browse these pages in order.

  1. Basic Secured Search

  2. Group and Granted Security Identities

  3. Security Identity Relationships

  4. Security Identity Cache and Provider

  5. Typical Coveo Cloud Secured Search

  6. Permission Sets

  7. Permission Levels

What’s Next?

In a basic secured search scenario, a user makes a query using a security identity that has access to an item. The search API then returns the desired item in the search results (see Basic Secured Search).

Glossary

The articles in this section make use of the following terms (see Documentation Subdivision). Hover over a term to display a short definition or click the term for a complete definition.

See also the complete Coveo Glossary.