Cloud V2 for Administrators
- New Features
- Searching With Coveo Cloud
- Administration Console
- Coveo Cloud Security
- Management of Security Identities and Item Permissions
- Coveo Cloud V2 SAML SSO
- Troubleshooting Querying Issues
- IPs to Whitelist
- Coveo Index Items
- Supported File Formats
- Indexing by Reference
- Leverage Many Coveo Indexes
- About Non-Production Organizations
- Interface Editor
- Application Change Control Process
Coveo Cloud V2 Management of Security Identities and Item Permissions
Many enterprise systems are secured, meaning that users must authenticate to access the system and have the appropriate permissions to retrieve a specific item in the system. Each secured enterprise system type has its own permission model, i.e., a set of rules determining who can access an item.
Coveo Cloud can fully respect the permission model of each of its supported content sources, thus ensuring that every search result is returned only to the search users allowed to access it. To achieve this level of protection, Coveo Cloud crawlers use an early-binding permission retrieval method to import item permissions at crawling time (see Coveo Cloud V2 Indexing Pipeline). Thanks to the early-binding method, permissions are extracted at the same moment item data is retrieved, meaning that every piece of information is correctly protected. Furthermore, the fact that Coveo Cloud uses early binding to retrieve item permissions favors search performance since items for which specific users do not have access are filtered out before their queries, which is not the case for systems that use other permission retrieval methods.
This series of articles provides an overview of the permission management within Coveo Cloud, as well as a glossary of the most important related terms (see Glossary).
To place the focus on item permission management, all the examples in this series of articles assume that the query made by the search page user matches the title of the desired items.
The identity and permission management articles are divided as follows. Readers are advised to browse these pages in order.
In a basic secured search scenario, a user makes a query using a security identity that has access to an item. The search API then returns the desired item in the search results (see Basic Secured Search).
The articles in this section make use of the following terms (see Documentation Subdivision). Hover over a term to display a short definition or click the term for a complete definition.
- Crawling account
- Effective Permissions
- Granted identity
- Permission level
- Permission model
- Permission set
- Security identity
- Security identity cache
- Security identity provider
- Security identity relationship
- Virtual group
See also the complete Coveo Glossary.