Built-In Groups

A Coveo Cloud organization comes with several built-in groups: Administrators, Analytics Managers, Analytics Viewers, Content Managers, Relevance Managers, and Users (see Adding and Managing Groups). Members of these groups are granted a set of privileges that allows them to access certain or all Coveo Cloud administration console domains (see Understanding Privileges and Privilege Reference).

You can use the Coveo Cloud built-in groups as an alternative to groups you create yourself or use their privilege set as a base when granting privileges to a new group (see About the Preset Menu).

In general, you should restrict the number of users who can edit the resources in your Coveo Cloud organization.

About the Administrators Group

Members of the Administrators group have the highest access level for all privileges. You should therefore only allow a few select users in the Administrators group of your Coveo Cloud organization.

The Administrators group cannot be deleted, and its privileges cannot be edited (see Delete a Group). You can however duplicate the Administrators group, and then edit the privilege set of the new group (see Duplicate a Group).

Built-In Group Privileges

The following table lists the built-in privileges for each group.

Service Domain Access level granted by default Recommended access level
Administrators Analytics managers Analytics viewers Content managers Relevance managers Users Developers2
Analytics Administrate Allowed            
Analytics Analytics data Push and view View View   View   Push and view
Analytics Data exports Edit Edit Edit   Edit   View
Analytics Delete user data Allowed    
Analytics Dimensions Edit Edit View       Edit
Analytics Impersonate Allowed            
Analytics Incoherent events View            
Analytics Metric alerts Edit            
Analytics Named filters Edit Edit View   Edit    
Analytics Permission filters Edit View View   View View  
Analytics Reports Edit Edit View   Edit   Edit
Analytics Suggest queries Allowed            
Analytics View all reports Allowed Allowed     Allowed    
Content Extensions Edit all     Edit all     Edit all
Content Fields Edit     Edit   View  
Content Logical indexes Edit     Edit    
Content Security identities Edit     Edit     Edit
Content Security identity providers Edit     Edit     Edit
Content Sources Edit all     Edit all   View all Edit all
Machine Learning Models Edit       Edit   View
Machine Learning User profiles Edit        
Organization API keys Edit all     View all View all    
Organization Activities Edit     View View    
Organization Critical updates Edit        
Organization Elasticsearch indexes Edit            
Organization Groups Edit all View all   Custom1 Custom1 Custom1  
Organization Notifications Edit            
Organization On-premises administration Edit            
Organization Organization Edit View View View View View View
Organization Single sign-on identity provider Edit            
Organization Snapshots Edit     View View    
Organization Temporary access Edit        
Search Execute queries Allowed     Allowed Allowed Allowed Allowed
Search Impersonate Allowed            
Search Modify authentication provider Allowed            
Search Query logs Allowed            
Search Query pipelines Edit all       Edit all   Edit all
Search Salesforce index configuration Edit            
Search Search pages Edit         View Edit
Search Search usage metrics Edit            
Search View all content Allowed            

Note 1: By default, members of this built-in group can edit this group only. They can therefore invite other people in their own group, but not in other groups. See Understanding the Custom Access Level for further information on the Custom access level.

Note 2: While the Developers group is not a built-in group, you should define it as indicated in this table and invite all developers working on your solution to join it (see Adding and Managing Groups).

Built-In Group Powers

The following table indicates the powers associated with each group.

Ability Administrators Analytics managers Analytics viewers Content managers Relevance managers Users Developers2
Access the organization
Make queries
Create and delete sources
View usage analytics reports
Manage usage analytics reports
Optimize search solution
Invite users 1 1 1
Revoke access/Cancel invitation
Grant/revoke group privileges
Change organization contact
Install and manage the Crawling Module

Note 1: By default, members of this built-in group can edit this group only. They can therefore invite other people in their own group, but not in other groups. See Understanding the Custom Access Level for further information on the Custom access level.

Note 2: The Developers group is not a built-in group.

What’s Next?

Learn how to navigate the Privileges tab (see Navigating the Privileges Tab).