Coveo Cloud V2 Management of Security Identities and Item Permissions

Many enterprise systems are secured, meaning that users must authenticate to access the system and have the appropriate permissions to retrieve a specific item in the system. Each secured enterprise system type has its own permission model, i.e., a set of rules determining who can access an item.

Coveo Cloud can fully respect the permission model of each of its supported content sources, thus ensuring that every search result is returned only to the search users allowed to access it. To achieve this level of protection, Coveo Cloud crawlers extract the permissions associated to each item at the same moment they extract the item data, which ensures that every piece of information is correctly protected.

This series of articles provides an overview of the permission management within Coveo Cloud, as well as a glossary of the most important related terms (see Glossary).

To place the focus on item permission management, all the examples in this series of articles assume that the query made by the search page user matches the title of the desired items.

Documentation Subdivision

The identity and permission management articles are divided as follows. Readers are advised to browse these pages in order.

  1. Basic Secured Search

  2. Group and Granted Security Identities

  3. Security Identity Relationships

  4. Security Identity Cache and Provider

  5. Typical Coveo Cloud Secured Search

  6. Permission Sets

  7. Permission Levels

What’s Next?

In a basic secured search scenario, a user makes a query using a security identity that has access to an item. The search API then returns the desired item in the search results (see Basic Secured Search).


The articles in this section make use of the following terms (see Documentation Subdivision). Hover over a term to display a short definition or click the term for a complete definition.

See also the complete Coveo Glossary.