Content security

When creating a source, the option that you select in the Content Security tab determines who can access the source items through a Coveo-powered search interface.

Selecting the appropriate content security option is crucial to ensure that, when returning search results, Coveo displays only the items that a search interface user is allowed to access. Understanding your options and their impact is therefore essential to ensure that only the desired users access your indexed content.

Typically, your content security options are:

  • Same users and groups as in your content system (Users following system permissions in Salesforce sources), which replicates in your search interface the original permission system.

  • Everyone, which makes the source content publicly available to anyone who can access the search interface, anonymous and logged-in users alike.

  • Specific users and groups (Specific identities in Salesforce sources), which makes the content available to only the users and groups you select.

Same users and groups as in your content system

When you select the Same users and groups as in your content system content security option, Coveo secures your content by replicating the repository item permission system. As a result, through a Coveo-powered search interface, authenticated users only see the items that they’re allowed to access within the indexed repository. Anonymous and unauthenticated users are impossible to relate to a security identity in this repository, so they can’t access the source content.

The Same users and groups as in your content system option is available when the repository is secured, that is, when users must authenticate to gain access to its content, and when Coveo can extract its item-level permissions. The connector pages show whether a connector supports this option. When you want to index secured content with a connector that doesn’t support this option, the alternative is to specify the users and groups allowed to access the entire source content.

Tip
Leading practice

Select Same users and groups as in your content system whenever this option is available.

Example

You have a SharePoint Online source whose content is secured following the same rules as in your repository’s permission system. Your coworkers of other departments can all log in to your SharePoint Online instance, but they only see the SharePoint Online content that they have been allowed to access. When they use a Coveo-powered search interface in which they’re authenticated, they also only see search results for SharePoint Online content to which they were granted access by SharePoint Online administrators.

For more information on these secured sources and on how Coveo handles permissions, see Coveo management of security identities and item permissions.

Everyone

When you select the Everyone content security option, the source content is available to anyone who can access the search interface. In other words, all end users can access the whole content of the source through your search interface, regardless of whether they’re anonymous or authenticated.

Important

When you select Everyone, all items accessible to your crawling account are publicly available. So, before you create a source, ensure that the content to index isn’t sensitive and can be disclosed to all search interface users.

Specific users and groups

When creating a source, if you select the Specific users and groups option, only the users associated to the specified email addresses can see content from this source in a Coveo-powered search interface. The source content is therefore private. For example, when you enter human-resources@example.com, only HR employees will be able to see search results. You may decide to permanently enable this setting when working with sensitive information like salaries.

The Specific users and groups option is also ideal for test sources or sources whose configuration isn’t final. This option allows administrators to work on indexed content while maintaining a clutter-free experience for search interface end users. For example, when you enter developers@example.com, only developers will be able to see search results. Once satisfied with how your content is indexed, you may decide to switch to a different content security option.

Tip
Leading practice

When working with a non-final source, it is best to work iteratively. Source rebuild takes time and resources, so it is most efficient to index a few items, check that everything is indexed properly, then repeat.

The Group box supports using the * wildcard to specify an entire domain. So, to allow all company employees to access the source content, you can enter *@companydomain.com.

When you select the Specific users and groups option, the source remains visible in the Coveo Administration Console Sources (platform-ca | platform-eu | platform-au) page for anyone who has the privilege to view or edit sources, regardless of the specified users or groups.