Selecting the appropriate content security option is crucial to ensure that, when returning search results, Coveo displays only the items that a search interface user is allowed to access. Understanding your options and their impact is therefore essential to ensure that only the desired users access your indexed content.
Typically, your content security options are:
Everyone, which makes the source content publicly available to anyone who can access the search interface
Source creator (Specific identities in Salesforce sources), which makes the content available to the source creator only
Determined by Source Permissions
When you select the Determined by source permissions content security option, Coveo secures your content by replicating the repository item permission system. As a result, through a Coveo-powered search interface, authenticated users only see the items that they’re allowed to access within the indexed repository. Anonymous and unauthenticated users are impossible to relate to a security identity in this repository, so they can’t access the source content.
The Determined by source permissions option is available when the repository is secured, i.e., when users must authenticate to gain access to its content, and when Coveo can extract its item-level permissions. The connector pages show whether a connector supports this option. When you want to index secured content with a connector that doesn’t support this option, the alternative is to set source-level permissions.
Select Determined by source permissions whenever this option is available.
You have a SharePoint Online source for which the content security is determined by source permissions. Your coworkers of other departments can all log in to your SharePoint Online instance, but they only see the SharePoint Online content that they have been allowed to access. When they use a Coveo-powered search interface in which they’re authenticated, they also only see search results for SharePoint Online content to which they were granted access by SharePoint Online administrators.
For more information on these secured sources and on how Coveo handles permissions, see Coveo Management of Security Identities and Item Permissions.
When you select the Everyone content security option, the source content is available to anyone who can access the search interface. In other words, all end users can access the whole content of the source through your search interface, regardless of whether they’re anonymous or authenticated.
When you select Everyone, all items accessible to your crawling account are publicly available. So, before you create a source, ensure that the content to index isn’t sensitive and can be disclosed to all search interface users.
When creating a source, if you select the Source creator option, only you can see content from this source in a Coveo-powered search interface. The source content is therefore private. However, the source is still visible in the Coveo Administration Console Sources page for other users who have the privilege to view or edit sources. The Source creator option is ideal for test sources or sources whose configuration is not final yet.
By default, only the source creator has access to the content of a private source. However, you can expand content access to specific users or groups by defining source-level permissions in the source JSON configuration.
The source creation/modification panel doesn’t currently show who the source creator is. However, this information is available in the source JSON configuration.