Content Security

When creating a source, the option that you select in the Content Security tab determines who can access the source items through a Coveo-powered search interface.

Selecting the appropriate content security option is crucial to ensure that, when returning search results, Coveo displays only the items that a search interface user is allowed to access. Understanding your options and their impact is therefore essential to ensure that only the desired users access your indexed content.

Typically, your content security options are:

  • Determined by source permissions (Users following system permissions in Salesforce sources), which replicates in your search interface the original permission system

  • Everyone, which makes the source content publicly available to anyone who can access the search interface

  • Source creator (Specific identities in Salesforce sources), which makes the content available to the source creator only

Determined by Source Permissions

When you select the Determined by source permissions content security option, Coveo secures your content by replicating the repository item permission system. As a result, through a Coveo-powered search interface, authenticated users only see the items that they’re allowed to access within the indexed repository. Anonymous and unauthenticated users are impossible to relate to a security identity in this repository, so they can’t access the source content.

The Determined by source permissions option is available when the repository is secured, i.e., when users must authenticate to gain access to its content, and when Coveo can extract its item-level permissions. The connector pages show whether a connector supports this option. When you want to index secured content with a connector that doesn’t support this option, the alternative is to set source-level permissions.

Select Determined by source permissions whenever this option is available.

You have a SharePoint Online source for which the content security is determined by source permissions. Your coworkers of other departments can all log in to your SharePoint Online instance, but they only see the SharePoint Online content that they have been allowed to access. When they use a Coveo-powered search interface in which they’re authenticated, they also only see search results for SharePoint Online content to which they were granted access by SharePoint Online administrators.

For more information on these secured sources and on how Coveo handles permissions, see Coveo Management of Security Identities and Item Permissions.


When you select the Everyone content security option, the source content is available to anyone who can access the search interface. In other words, all end users can access the whole content of the source through your search interface, regardless of whether they’re anonymous or authenticated.

When you select Everyone, all items accessible to your crawling account are publicly available. So, before you create a source, ensure that the content to index isn’t sensitive and can be disclosed to all search interface users.

Source Creator

When creating a source, if you select the Source creator option, only you can see content from this source in a Coveo-powered search interface. The source content is therefore private. However, the source is still visible in the Coveo Administration Console Sources (platform-eu | platform-au) page for other users who have the privilege to view or edit sources. The Source creator option is ideal for test sources or sources whose configuration is not final yet.

What's next for me?