Content security

This is for:

Developer System Administrator

When creating a source, the option that you select in the Content Security tab determines who can access the source items through a Coveo-powered search interface.

Selecting the appropriate content security option is crucial to ensure that, when returning search results, Coveo displays only the items that a search interface user is allowed to access. Understanding your options and their impact is therefore essential to ensure that only the desired users access your indexed content.

Typically, your content security options are:

  • Same users and groups as in your content system (Users following system permissions in Salesforce sources), which replicates in your search interface the original permission system.

  • Everyone, which makes the source content publicly available to anyone who can access the search interface, anonymous and logged-in users alike.

  • Specific users and groups (Specific identities in Salesforce sources), which makes the content available to only the users and groups you select.

Same users and groups as in your content system

When you select the Same users and groups as in your content system content security option, Coveo secures your content by replicating the repository item permission system. As a result, through a Coveo-powered search interface, authenticated users only see the items that they’re allowed to access within the indexed repository. Anonymous and unauthenticated users are impossible to relate to a security identity in this repository, so they can’t access the source content.

The Same users and groups as in your content system option is available when the repository is secured, that is, when users must authenticate to gain access to its content, and when Coveo can extract its item-level permissions. The connector pages show whether a connector supports this option. When you want to index secured content with a connector that doesn’t support this option, the alternative is to specify the users and groups allowed to access the entire source content.

Tip
Leading practice

Select Same users and groups as in your content system whenever this option is available.
Example

You have a SharePoint Online source whose content is secured following the same rules as in your repository’s permission system. Your coworkers of other departments can all log in to your SharePoint Online instance, but they only see the SharePoint Online content that they have been allowed to access. When they use a Coveo-powered search interface in which they’re authenticated, they also only see search results for SharePoint Online content to which they were granted access by SharePoint Online administrators.

For more information on these secured sources and on how Coveo handles permissions, see Coveo management of security identities and item permissions.

Everyone

When you select the Everyone content security option, the source content is available to anyone who can access the search interface. In other words, all end users can access the whole content of the source through your search interface, regardless of whether they’re anonymous or authenticated.

Important

When you select Everyone, all items accessible to your crawling account are publicly available. So, before you create a source, ensure that the content to index isn’t sensitive and can be disclosed to all search interface users.

Specific Users and Groups

When creating a source, if you select the Specific users and groups option, only the users associated to the specified email addresses can see content from this source in a Coveo-powered search interface. The source content is therefore private. The Specific users and groups option is ideal for test sources or sources whose configuration isn’t final yet.

Example

When you enter salesteam@example.com, only the users who are part of the sales team in your permission system can access the source content.

The Group box supports using the * wildcard to specify an entire domain. So, to allow all company employees to access the source content, you can enter *@companydomain.com.

When you select the Specific users and groups option, the source remains visible in the Coveo Administration Console Sources (platform-ca | platform-eu | platform-au) page for anyone who has the privilege to view or edit sources, regardless of the specified users or groups.