Navigating the Privileges Tab
When you’re allowed to create or edit member groups and/or API keys, you can access the Privileges tab, which allows you to manage the privileges granted to a group or API key (see Adding and Managing Groups and Adding and Managing API Keys).
|1||List of services
The Coveo Platform consists of five services, which each include several related domains (see Services, Domains, and Access Levels). In the Coveo Cloud Administration Console, each section of the navigation menu corresponds to a service.
|2||List of domains
Domains in the selected service.
|3||Access Level column
Each Access Level drop-down menu contains a list of your access level options. Users or API keys with the No access (dash) access level can't access or use the corresponding features of Coveo Cloud.
|4||List of resources
When you select the Custom option offered for some domains, a list of the resources in this domain appears, allowing you to select an access level for each source individually.
|5||Can Create ability
See Can Create Ability Dependance.
See About the Preset Menu.
|7||Discard changes button
Clicking this button discards all changes made on a domain.
|8||Unsaved changes indicator
You made changes on n domains in the corresponding service. These changes will apply once you click Save.
Your changes are subject to a warning. You're encouraged to review the Privilege Reference documentation before saving.
When you edit the privileges of a group, your options may vary. For each domain, the access levels you can grant depend on the access level you have yourself, as well as the level that currently applies (see Confirm Your Options).
Depending on the privilege, the View and Edit access levels may not be applicable, i.e., users can only be allowed or not to access the domain.
The following capture shows the access levels selected for domains of the Content service.
The following captures show the resulting pages of the Coveo Cloud Administration Console for a user granted these privileges. In the navigation menu on the left-hand side, the Extensions page isn’t visible. On the Sources page, source configurations can be reviewed, but not edited. The Add Source button is also grayed out and unresponsive, indicating that the user doesn’t have the Can Create ability.
In contrast, on the Fields page, the user can edit fields and create new ones.
About the Preset Menu
To quickly and broadly grant privileges to a group or API key, you can use the Preset drop-down menu in the Privileges tab Action bar. The options in this menu are named after the built-in groups and consist in their default privilege set. You can select one of these options as a base and edit the desired access levels. Your selection applies to all services. The Preset menu options are:
Full access, which allows grantees to edit all domains. Full access is typically granted to administrators only.
View all, which allows grantees to see all domains of the Administration Console but forbids to edit resources or create new ones. This preset can be granted to users that only have monitoring tasks.
Minimal access, which only grants the View access level for the Organization domain, so that users can log in to the Coveo Cloud Administration Console (see Minimum Privilege and Organization Domain). You must then select an access level for the desired domains to allow grantees to access the corresponding resources.
Five templates corresponding to the default privilege set of the built-in groups. This option is however only available when granting privileges to a group.
When granting a custom access level configuration, you can save time by selecting the preset configuration closest to the access level set you want to grant, and then editing the desired privileges. The Preset drop-down menu then indicates:
You want the members of a group to only be able to edit sources and fields. You therefore select the Minimal access preset configuration, click the Content services in the menu on the left, and then select the Edit access level for Sources and Fields.
You want the members of a group to be able to edit resources of the Usage Analytics, Machine Learning, and Search services and view the resources of other services. You therefore select the Full access preset configuration and then, for the domains of the Content and Organization services, change the access levels from Edit to View.
If you don’t have all the privileges in the preset you select, the missing privileges can’t be applied to the group. To fully apply a preset, you must have the same or a higher access level for each domain, as the access levels you can grant depend on the access level you have yourself (see Confirm Your Options).
If you have the privilege to view all sources, you can’t grant the Edit all or Custom access levels on the Sources domain to an API key or group. Your only options are therefore View all and No access.
Editing the privileges of a built-in group doesn’t change the privilege sets associated with the Preset menu options.
Read on the process of granting privileges.