Manage permission filters

If sensitive information can be derived from your Coveo Analytics data, you can restrict access by creating permission filters so that certain report data is only accessible to specific Coveo organization members. This article explains how to create, edit, and delete permission filters from the Permission Filters (platform-ca | platform-eu | platform-au) page.

Permission filters can be assigned to any organization member or group and can also be modified or deleted at any time.

Example

You want your technical support team to see only the organization data that:

  • Is relevant to their department, that is, the small appliances department

  • Pertains to Canadian users, for which the team is responsible

Coveo Analytics data relative to other departments or countries aren’t relevant for this team and could cause confusion. You therefore create the following permission filter so that irrelevant data is excluded from the reports and the agents only see the information they need:

  • Origin 1 (Page/Hub) contains Small Appliances

  • Country is Canada

Permission filter example | Coveo

How permission filters apply

In reports and data exports, permission filters apply at the event level, meaning that users only see data that matches the filter conditions.

In the Visit Browser, permission filters work at the visit level. A visit is a full user session that can include multiple events. If at least one event within a session matches the filter, the entire visit is shown, including the other events.

Example

A filter set to Country is Canada will hide visits where no events came from Canada. However, if a user’s session includes one event from Canada and one from France, the whole visit is shown, including the French event.

Prerequisites

Add a permission filter

  1. Access the Permission Filters (platform-ca | platform-eu | platform-au) page, then click Add permission filter.

  2. In the Add a permission filter panel that appears, under Filter name, enter a suitable name for the filter.

    Example

    Small Appliances Technical Support Team_Canada

  3. Under Filters, click filter-add-2.

    1. In the list of available dimensions, select the dimension by which you want to filter the data.

      Note

      You can choose from multilevel dimensions only, that is, dimensions that can apply to click, search, and custom events, such as City and User Name.

    2. Click the dropdown menu, and then select an operator to apply between the selected dimension and the value. The list of available operators depends on the selected dimension.

    3. Click Add value and enter a value to use as a filter. To add more than one value, click Add value again or select Enter.

      Important

      The maximum number of values per filter is 75.

      Note

      When you select a suggested value, this value is case-sensitive. However, when you enter a value, this value is case-insensitive.

    4. Check the Include blank values in filter and Include n/a values in filter boxes if you want your filter to include blank and N/A values.

    5. Click Add filter.

  4. To add another filter, click filter-add-2 again.

  5. Under Members to whom the permission filter applies, use the dropdown menu to select the members you want to apply the filter to. Click x to deselect any unwanted member.

  6. Under Groups to which the permission filter applies, use the dropdown menu to select the member groups you want to apply the filter to. Click x to deselect any unwanted group.

    Example

    Your filter applies to a Canadian technical support team responsible of the small appliances department, so you select the Small Appliances Canadian Support Team group.

  7. Click Add filter.

Notes
  • As soon as a permission filter is created, it applies to all reports, data exports, and the Visit Browser. You’ll see the filter name is automatically applied in the upper-right corner of the page.

  • The more permission filters you assign to an organization member or group, the less data they can review. When there are conflicting permission filters (for example, Country is Canada and City is Seattle), no data is returned in the report, data export, or Visit Browser.

Edit a permission filter

  1. Access the Permission Filters (platform-ca | platform-eu | platform-au) page, select the filter you want to edit, and then click Edit in the Action bar.

  2. In the Edit a permission filter panel that appears, make your changes to the filter name, filter conditions, members, or groups.

  3. Click Save.

Delete a permission filter

When you no longer want a permission filter to apply, you can delete it in the Coveo Administration Console.

  1. Access the Permission Filters (platform-ca | platform-eu | platform-au) page, select the filter you want to edit, and then click Delete in the Action bar.

  2. In the confirmation prompt that appears, select Delete.

Deleted permission filters stop applying immediately.

Review permission filter management activities

As part of your duties, you may need to review activities related to permission filters for investigation or troubleshooting purposes. To do so, in the upper-right corner of the Permission Filters (platform-ca | platform-eu | platform-au) page, click clock.

See Review resource activity for details on activities and alternative ways to access this information.

Required privileges

The following table indicates the required privileges to view and edit elements of the Permission Filters (platform-ca | platform-eu | platform-au) page and associated panels (see Manage privileges and Privilege reference).

Action Service Domain Required access level

View permission filters

Analytics

Analytics data

View

Dimensions

View

Named filters

View

Permission filters

View

Organization

Groups

View

Organization

View

Edit permission filters

Analytics

Analytics data

View

Dimensions

View

Named filters

View

Permission filters

Edit

Organization

Groups

View

Organization

View

Access the Activity Browser and view all organization activities

Organization

Activities

View

Organization

View

Important

A member with the View access level on the Activities domain can access the Activity Browser. This member can therefore see all activities taking place in the organization, including those from Coveo Administration Console pages that they can’t access.

What’s next

If you assigned a group to a permission filter, verify that the correct members belong to that group.