Navigating the Privileges Tab
When you are allowed to create or edit groups and/or API keys, you can access the Privileges tab, which allows you to manage the privileges granted to a group or API key (see Adding and Managing Groups and Adding and Managing API Keys).
|1||List of services
The Coveo Cloud platform consists of five services, which each include several related domains (see Understanding Privileges). In the Coveo Cloud administration console, each section of the navigation menu corresponds to a service (see Coveo Cloud V2 Administration Console).
|2||List of domains
Domains in the selected service.
|3||Access Level column
Each Access Level drop-down menu contains a list of your available access level options (see Confirm Your Options). Selecting the No access (dash) option does not grant any ability for the corresponding domain. Users or API keys with this access level cannot access or use the features of Coveo Cloud requiring the ability to view this domain.
|4||List of resources
When you select the Custom option offered for some domains, a list of the resources in this domain appears, allowing you to select an access level for each source individually.
|5||Can Create ability
See About the Can Create Ability.
See About the Preset Menu.
|7||Discard changes button
Clicking this button discards all changes made on a domain.
|8||Unsaved changes indicator
You made changes on n domains in the corresponding service. These changes will apply once you click Save.
Your changes are subject to a warning. You are encouraged to review the Privilege Reference documentation before saving.
When you edit the privileges of a group, your options may vary. For each domain, the access levels you can grant depend on the access level you have yourself, as well as the level that was last saved (see Confirm Your Options).
Depending on the privilege, the View and Edit access levels may not be applicable, i.e., users can only be Allowed or not to access the resource.
The following capture shows the access levels selected for domains of the Content service.
The following captures show the resulting pages of the Coveo Cloud administration console for a user granted these privileges. In the navigation on the left-hand side, the Extensions s are not visible. On the Sources page, source configurations can be reviewed, but not edited. The Add Source button is also grayed and unresponsive, indicating that the user does not have the Can Create ability.
In contrast, on the Fields page, the user can edit fields and create new ones.
About the Preset Menu
To quickly and broadly grant privileges to a group or API key, you can use the Preset drop-down menu in the Privileges tab Action bar. Your selection applies to all services. Your options are:
Full access, which allows grantees to edit all domains. Full access is typically granted to administrators only.
View all, which allows grantees to see all domains of the administration console but forbids to edit resources or create new ones. This preset can be granted to users that only have monitoring tasks.
Minimal access, which only grants the View access level for the Organization domain, so that users can log in to the Coveo Cloud administration console (see Minimum Privilege and Organization Domain). You must then select an access level for the desired domains to allow grantees to access the corresponding resources.
Five templates corresponding to the default privilege set of the built-in groups (see Built-In Groups). This option is however only available when granting privileges to a group.
When granting a custom access level configuration, you can save time by selecting the preset configuration closest to the access level set you want to grant, and then editing the desired privileges. The Preset drop-down menu then indicates:
You want the members of a group to only be able to edit sources and fields. You therefore select the Minimal access preset configuration, select the Content services in the menu on the left, and then select the Edit access level for Sources and Fields.
If you do not have all the privileges in the preset you select, the missing privileges cannot be applied to the group. To fully apply a preset, your user must have the same or a higher access level for each domain, as the access levels you can grant depend on the access level you have yourself (see Confirm Your Options).
If you only have the privilege to view sources, you cannot grant the Edit all or Custom access levels on the Sources domain to an API key or group. Your only options are therefore View all and No access.
About the Can Create Ability
For each domain, an icon in the Can Create column indicates whether a grantee can create new resources.
In most domains, the ability to create data is dependent on the selected access level. So, groups or API keys granted the Edit access level on a domain are also automatically granted the ability to create resources in the domain, while those granted the View access level are not granted this additional ability. You therefore have no decision to make in this regard.
However, when you select the View all or Custom access level for a domain that offer these options, you must decide whether the grantee should also be able to create new resources in this domain (see Understanding the Custom Access Level). In the Can Create column, you can check the box to grant this ability in addition to the selected access level.
The following table summarizes the meaning of the icons displayed in the Can Create column.
|In this domain, the ability to create new resources is determined by the selected access level. You selected Edit, so the grantee can create new resources.|
|In this domain, the ability to create new resources is determined by the selected access level. You selected View, so the grantee cannot create new resources.|
|You chose to forbid access to this domain, so the grantee cannot create new resources.|
|You selected the Edit All access level, so the grantee can create new resources.|
|In this domain, the ability to create new resources is not always determined by the selected access level. You selected the Custom or View All access level and allowed the grantee to create new resources. Deselect the box to forbid resource creation.|
|In this domain, the ability to create new resources is not always determined by the selected access level. You selected the Custom or View All access level, but forbade the grantee to create new resources. Check the box to allow resource creation.|
|(none)||It is not possible to create new resources in this domain, so there is no Can Create ability for this domain.|
When you grant the Edit access level on the Fields domain, the Can Create ability is automatically granted. The privilege to edit fields therefore includes the ability to create new fields.
You granted the privilege to view extensions as well as the privilege to create extensions.
Read on the process of granting privileges (see Granting Privileges).