Understanding the Custom Access Level

For some domains, you can select the granular Custom access level as an alternative to the View all and Edit all options (see Understanding Privileges and Privilege Reference). When you do so, a list of the resources in this domain appears, and you can select access levels in a granular fashion, resource by resource. For instance, in the Sources domain, each source in your organization is a resource.

In other words, the Custom access level allows you to decide whether an API key or the members of a group can view or edit each resource individually. So, by selecting View for some resources and Edit for some others, you grant a group or an API key the privilege to modify only certain resources in a domain. For instance, you could grant members of group A the Edit access level for resources 1 and 2, but only the View access level for resources 3, 4, and 5, and grant members of group B the Edit access level for resources 1, 3, and 5, but only the View access level for resources 2 and 4.

Domains that offer a custom access level and granular access levels are:

Your company uses Coveo Cloud to make its internal Atlassian content, its social media content, and its website content searchable by its employees. In your Coveo Cloud administration console, on the Sources page, there is therefore a Confluence Cloud source, a Jira Software Cloud source, a Twitter source, a YouTube source, and a Web source.

As a Coveo Cloud administrator, you can edit all sources. However, you want to delegate the responsibility to manage sources to other people, i.e., your Atlassian administrator and your marketing coordinator. The Atlassian administrator should only be able to edit the Confluence Cloud and Jira Software Cloud sources, and your marketing coordinator should only be allowed to manage the Twitter, YouTube, and Web sources. Moreover, since you want these people to be responsible for sources and the related content management features only, and they should not be able to view or use other Coveo Cloud functionalities, such as usage analytics. The access levels you intend to grant are the following:

Service Privilege Access level
Content Extensions Edit all
Fields Edit
Sources Custom
Organization Activities View
Organization View1
Search Execute Queries Enable

Note 1: The privilege to view an organization is required for a user to access the Coveo Cloud administration console (see Minimum Privilege).

To apply your restrictions, you must create two groups: one for your Atlassian administrator and one for your marketing coordinator. Since you want them to be nearly identical, you do the following:

  1. Create the Atlassian Administrator group (see Create a New Group).
  2. Grant the group members the desired access levels (see table above, Grant Privileges, and Privilege Reference). For the Sources domain, you select the Custom access level, and then the Edit access level for the two Atlassian sources.

    Custom Access Levels

  3. Save the Atlassian Administrator group.
  4. Back on the Groups page, duplicate the Atlassian Administrator group, and name the new group Marketing Coordinator (see Duplicate a Group).
  5. In the Edit a Group: Marketing Coordinator panel, in the Privileges tab, grant the marketing coordinator the privilege to view or edit the appropriate sources, and then click Save (see Edit a Group).

    Custom Access Levels

  6. Back on the Groups page, edit each of the new groups to invite the appropriate users (see Edit a Group Panel).

As a result, when the members of a group click a source on the administration console Sources page, the options available in the Action bar vary depending on their group’s access level for the selected source. Members of the Marketing Coordinator group, when clicking an Atlassian source, only have the View option in the Action bar. The Atlassian sources are also grayed out to indicate that due to their access level for these resources, the members of the Marketing Coordinator group cannot make any changes to these sources.

Source configuration can only be viewed

Conversely, if they click the Twitter source, which they have the privilege to edit, the Action bar offers an Edit button as well as content update options (see Refresh, Rescan, and Rebuild).

Source configuration can be edited

What’s Next?

  • Coveo Cloud offers built-in groups with various privilege sets as an alternative to groups created from scratch (see Built-In Groups)
  • The Custom access level works together with the resource access feature (see Understanding Resource Access).