Handle Sitecore Access Rights
An important Coveo for Sitecore feature is its ability to index Sitecore permissions. If you enable this option, Coveo for Sitecore emulates the Sitecore permission model, therefore ensuring that a user who doesn’t have access to an item in the Sitecore client can’t view the item in the results of a Coveo-powered search page either (see About the Indexing Manager - Security).
Understanding How Coveo for Sitecore Handles Sitecore Access Rights
The replication of the Sitecore security model involves the mapping of Sitecore security accounts to Coveo Cloud security identities, the extraction of Sitecore user
read access rights to items at indexing time, and the emulation of Sitecore item
read access logic in the form of Coveo Cloud permission levels and permission sets (see How Coveo for Sitecore Handles Sitecore Access Rights).
Security Identity Synchronization
When a Sitecore user queries the Coveo index in a secured search scenario, the index must be able to verify the user’s read access rights on an item for each security identity (user or group) the user is associated with. Coveo for Sitecore automatically manages a security identity cache which provides the index with this list of security identities a user can query as.
Coveo Cloud security identities are automatically synchronized with their Sitecore account equivalent according to a security provider schedule. Many events in Sitecore and Coveo for Sitecore also trigger security identity synchronizations. Manual synchronization is possible as well (see Synchronize Security Identities).
Using Separate Security Identity Providers Per Sitecore Index
Creating separate security identity providers for the
web indexes is a security leading practice. The way to configure this is explained in Use Separate Security Identity Providers per Sitecore Index.