Handle Sitecore access rights

An important Coveo for Sitecore feature is its ability to index Sitecore permissions. If you enable this option, Coveo for Sitecore emulates the Sitecore permission model, therefore ensuring that a user who doesn’t have access to an item in the Sitecore client can’t view the item in the results of a Coveo-powered search page either (see About the Indexing Manager - Security).

Understanding how Coveo for Sitecore handles Sitecore access rights

The replication of the Sitecore security model involves the mapping of Sitecore security accounts to Coveo security identities, the extraction of Sitecore user read access rights to items at indexing time, and the emulation of Sitecore item read access logic in the form of Coveo permission levels and permission sets (see Handling of Sitecore access rights).

Security Identity Synchronization

When a Sitecore user queries the Coveo index in a secured search scenario, the index must be able to verify the user’s read access rights on an item for each security identity (user or group) the user is associated with. Coveo for Sitecore automatically manages a security identity cache which provides the index with this list of security identities a user can query as.

Coveo security identities are automatically synchronized with their Sitecore account equivalent according to a security provider schedule. Many events in Sitecore and Coveo for Sitecore also trigger security identity synchronizations. Manual synchronization is possible as well (see Synchronize security identities).