A Coveo Cloud organization comes with several built-in groups: Administrators, Analytics Managers, Analytics Viewers, Content Managers, Relevance Managers, and Users (see Adding and Managing Groups). Members of these groups are granted a set of privileges that allows them to access certain or all Coveo Cloud administration console domains (see Understanding Privileges and Privilege Reference).
You can use the Coveo Cloud built-in groups as an alternative to groups you create yourself or use their privilege set as a base when granting privileges to a new group (see About the Preset Menu).
In general, you should restrict the number of users who can edit the resources in your Coveo Cloud organization.
About the Administrators Group
Members of the Administrators group have the highest access level for all privileges. You should therefore only allow a few select users in the Administrators group of your Coveo Cloud organization.
The Administrators group cannot be deleted, and its privileges cannot be edited (see Delete a Group). You can however duplicate the Administrators group, and then edit the privilege set of the new group (see Duplicate a Group).
Built-In Group Privileges
The following table lists the built-in privileges for each group.
|Service||Domain||Access level granted by default||Recommended access level|
|Administrators||Analytics managers||Analytics viewers||Content managers||Relevance managers||Users||Developers1|
|Analytics||Analytics data||Push and view||View||View||View||Push and view|
|Analytics||Delete user data||Allowed|
|Analytics||View all reports||Allowed||Allowed||Allowed|
|Content||Extensions||Edit all||Edit all||Edit all|
|Content||Security identity providers||Edit||Edit||Edit|
|Content||Sources||Edit all||Edit all||View all||Edit all|
|Machine Learning||User profiles||Edit|
|Organization||API keys||Edit all||View all||View all|
|Organization||Groups||Edit all||View all||Custom3||Custom3|
|Organization||Single sign-on identity provider||Edit|
|Search||Modify authentication provider||Allowed|
|Search||Query pipelines||Edit all||Edit all||Edit all|
|Search||Salesforce index configuration||Edit|
|Search||Search usage metrics||Edit|
|Search||View all content||Allowed|
Note 1: While the Developers group is not a built-in group, you should define it as indicated in this table and invite all developers working on your solution to join it (see Adding and Managing Groups).
Note 2: Only content managers and users of organizations created after November 19th, 2019 are granted this privilege by default. Content managers and users of older organizations can be granted this power manually if needed (see Granting Privileges).
Note 3: By default, members of this built-in group can edit this group only. They can therefore invite other people in their own group, but not in other groups. See Understanding the Custom Access Level for further information on the Custom access level.
Built-In Group Powers
The following table indicates the powers associated with each group.
|Ability||Administrators||Analytics managers||Analytics viewers||Content managers||Relevance managers||Users||Developers1|
|Access the organization|
|Create and delete sources|
|View usage analytics reports|
|Manage usage analytics reports|
|Optimize search solution|
|Revoke access/Cancel invitation|
|Grant/revoke group privileges|
|Change organization contact|
|Install and manage the Crawling Module||3|
Note 1: The Developers group is not a built-in group.
Note 2: By default, members of this built-in group can edit this group only. They can therefore invite other people in their own group, but not in other groups. See Understanding the Custom Access Level for further information on the Custom access level.
Note 3: Only content managers of organizations created after November 19th, 2019 are granted this power by default. Content managers of older organizations can be granted this power manually if needed (see Granting Privileges).
Learn how to navigate the Privileges tab (see Navigating the Privileges Tab).