---
title: Navigate the Privileges tab
slug: '2807'
canonical_url: https://docs.coveo.com/en/2807/
collection: manage-an-organization
source_format: adoc
---
# Navigate the Privileges tab
If you have [permission](https://docs.coveo.com/en/223/) to create or edit [member](https://docs.coveo.com/en/2869/) [groups](https://docs.coveo.com/en/2867/), you can access the **Privileges** tab to manage the [privileges](https://docs.coveo.com/en/228/) granted to a [member group](https://docs.coveo.com/en/1980/).

![Privileges tab | Coveo](https://docs.coveo.com/en/assets/images/manage-an-organization/privilege-tab-anatomy.png)

[cols="2"]
|===
|1
|List of [services](https://docs.coveo.com/en/2821/)  
Coveo consists of several [services](https://docs.coveo.com/en/2821/), which each include several related [domains](https://docs.coveo.com/en/2819/) (see [Services, Domains, and Access Levels](https://docs.coveo.com/en/3151#services-domains-and-access-levels)).
In the [Coveo Administration Console](https://docs.coveo.com/en/1841/), each section of the navigation menu corresponds to a [service](https://docs.coveo.com/en/2821/).

|2
|List of domains  
Domains in the selected service.

|3
|**Access Level** column  
Each **Access Level** dropdown menu contains a list of [your access level options](https://docs.coveo.com/en/2822/).
Users with the No access (dash) access level can't access or use the corresponding features of Coveo.

|4
|List of [resources](https://docs.coveo.com/en/2820/)  
When you select the [**Custom** option](https://docs.coveo.com/en/3151#custom-access-level) offered for some domains, a list of the resources in this domain appears, allowing you to select an access level for each source individually.

|5
|**Can Create** ability  
See [Can create ability dependence](https://docs.coveo.com/en/3151#can-create-ability-dependence).

|6
|[Template menu](#about-the-template-menu)

|7
|Discard changes button  
Clicking this button discards all changes made on a domain.

|8
|Unsaved changes indicator  
You made changes on _n_ domains in the corresponding service.
These changes will apply once you click **Save**.

|9
|Warning indicator  
Your changes are subject to a warning.
We encourage you to review the [Privilege reference](https://docs.coveo.com/en/1707/) documentation before saving.
|===

> **Notes**
>
> * When you edit the privileges of a member group, your options may vary.
> For each domain, the access levels you can grant depend on your own access level and the level that currently applies.
> See [Confirm your options](https://docs.coveo.com/en/2822#confirm-your-options) for more information.
> 
> * Although services and domains are organized similarly to the Coveo Administration Console, not all domains affect a single page or resource type.
> See the [Privilege reference](https://docs.coveo.com/en/1707/) page for details on the abilities granted by each access level.

## Example

The following example shows the potential effects of varying access levels on the Coveo Administration Console.
The access levels assigned to a member group are as follows:

* The **Extensions** domain isn't assigned any access level.

* The **Sources** domain is set to **View all**.

![Privileges for domains of the Content service | Coveo](https://docs.coveo.com/en/assets/images/manage-an-organization/example-privileges.png)

As a result, the **Extensions** page isn't visible in the navigation menu for a member of this group.

![Navigation bar of resulting Administration Console | Coveo](https://docs.coveo.com/en/assets/images/manage-an-organization/example-console-1.png)

On the **Sources** page, members can review source configurations but not edit them.
Additionally, the **Add Source** button is grayed out and unresponsive.
When a member hovers over this button, a tooltip appears indicating that the member has insufficient privileges for adding a new source.

![Resulting Administration Console Sources page | Coveo](https://docs.coveo.com/en/assets/images/manage-an-organization/example-console-2.png)

## About the Template menu

To quickly and broadly grant privileges to a group, use the **Template** dropdown menu on the **Privileges** tab Action bar.
Your selection applies to all services.

In other words, when you grant a custom access level configuration, you can save time by selecting the template configuration closest to the access level set you want to grant, and then you can edit its privileges.
The **Template** dropdown menu then indicates: `Custom`.

> **Note**
>
> If you don't have all the privileges in the template you select, the missing privileges can't be applied to the group.
> To fully apply a template, you must have the same or a higher access level for each domain, as the access levels you can grant depend on [your own the access level](https://docs.coveo.com/en/2822#confirm-your-options).
> 
> For example, if you have the privilege to view all sources, you can't grant the **Edit all** or **Custom** access levels on the **Sources** domain to a group.
> Your only options are **View all** and **No access**.

### Template menu options

When granting privileges to a group, your options in the **Template** menu are:

* **Full access**, which allows grantees to edit all domains.
**Full access** is typically granted to administrators only.

* **View all**, which allows grantees to see all domains of the Administration Console but forbids editing resources or creating new ones.
This template can be granted to users who only have monitoring tasks.

* [**Minimal access**](https://docs.coveo.com/en/2822#minimum-privilege), which only grants the **View** access level for the [**Organization** domain](https://docs.coveo.com/en/1707#organization-domain), so that users can log in to the Coveo Administration Console.
Select an access level for the desired domains to allow grantees to access the corresponding resources.

* Six templates that correspond to the default privilege set of the [built-in groups](https://docs.coveo.com/en/1980#built-in-groups).
However, this option is only available when granting privileges to a group.

**Examples**

* You only want the members of a member group to be able to edit sources and fields.
You select the **Minimal access** template, click the **Content** services in the menu on the left, and then select the **Edit** access level for **Sources** and **Fields**.

* You want the members of a member group to be able to edit resources of the **Usage Analytics**, **Machine Learning**, and **Search** services, and view the resources of other services.
You select the **Full access** template and then, for the domains of the **Content** and **Organization** services, change the access levels from **Edit** to **View**.

## What's next?

Learn about [granting privileges](https://docs.coveo.com/en/2822/).