Built-In Groups

A Coveo Cloud organization comes with several built-in groups: Administrators, Analytics Managers, Analytics Viewers, Content Managers, Relevance Managers, and Users (see Adding and Managing Groups). Members of these groups are granted a set of privileges that allows them to access certain or all Coveo Cloud administration console domains (see Understanding Privileges and Privilege Reference).

You can use the Coveo Cloud built-in groups as an alternative to groups you create yourself or use their privilege set as a base when granting privileges to a new group (see About the Preset Menu).

In general, you should restrict the number of users who can edit the resources in your Coveo Cloud organization.

About the Administrators Group

Members of the Administrators group have the highest access level for all privileges. You should therefore only allow a few select users in the Administrators group of your Coveo Cloud organization.

The Administrators group cannot be deleted, and its privileges cannot be edited (see Delete a Group). You can however duplicate the Administrators group, and then edit the privilege set of the new group (see Duplicate a Group).

Built-In Group Privileges

The following table lists the built-in privileges for each group.

Service Domain Access level granted by default Recommended access level
Administrators Analytics managers Analytics viewers Content managers Relevance managers Users Developers1
Analytics Administrate Allowed
Analytics Analytics data Push and view View View View Push and view
Analytics Data exports Edit Edit Edit Edit View
Analytics Delete user data Allowed
Analytics Dimensions Edit Edit View Edit
Analytics Impersonate Allowed
Analytics Incoherent events View
Analytics Metric alerts Edit
Analytics Named filters Edit Edit View Edit
Analytics Permission filters Edit View View View
Analytics Reports Edit Edit View Edit Edit
Analytics Suggest queries Allowed
Analytics View all reports Allowed Allowed Allowed
Commerce Catalogs Edit
Content Crawling Module Edit View2 View2
Content Extensions Edit all Edit all Edit all
Content Fields Edit Edit View
Content Logical indexes Edit Edit
Content Security identities Edit Edit Edit
Content Security identity providers Edit Edit Edit
Content Sources Edit all Edit all View all Edit all
Machine Learning Models Edit Edit View
Machine Learning User profiles Edit
Organization API keys Edit all View all View all
Organization Activities Edit View View
Organization Critical updates Edit
Organization Elasticsearch indexes Edit
Organization Groups Edit all View all Custom3 Custom3
Organization Notifications Edit
Organization On-premises administration Edit
Organization Organization Edit View View View View View View
Organization Single sign-on identity provider Edit
Organization Snapshots Edit View View
Organization Temporary access Edit
Search Execute queries Allowed Allowed Allowed Allowed Allowed
Search Impersonate Allowed
Search Modify authentication provider Allowed
Search Query logs Allowed
Search Query pipelines Edit all Edit all Edit all
Search Salesforce index configuration Edit
Search Search pages Edit View Edit
Search Search usage metrics Edit
Search View all content Allowed

Note 1: While the Developers group is not a built-in group, you should define it as indicated in this table and invite all developers working on your solution to join it (see Adding and Managing Groups).

Note 2: Only content managers and users of organizations created after November 19th, 2019 are granted this privilege by default. Content managers and users of older organizations can be granted this power manually if needed (see Granting Privileges).

Note 3: By default, members of this built-in group can edit this group only. They can therefore invite other people in their own group, but not in other groups. See Understanding the Custom Access Level for further information on the Custom access level.

Built-In Group Powers

The following table indicates the powers associated with each group.

Ability Administrators Analytics managers Analytics viewers Content managers Relevance managers Users Developers1
Access the organization
Make queries
Create and delete sources
View usage analytics reports
Manage usage analytics reports
Optimize search solution
Invite users 2 2 2
Revoke access/Cancel invitation
Grant/revoke group privileges
Change organization contact
Install and manage the Crawling Module 3

Note 1: The Developers group is not a built-in group.

Note 2: By default, members of this built-in group can edit this group only. They can therefore invite other people in their own group, but not in other groups. See Understanding the Custom Access Level for further information on the Custom access level.

Note 3: Only content managers of organizations created after November 19th, 2019 are granted this power by default. Content managers of older organizations can be granted this power manually if needed (see Granting Privileges).

What’s Next?

Learn how to navigate the Privileges tab (see Navigating the Privileges Tab).