Privileges required to manage snapshots
Privileges required to manage snapshots
In the Coveo Administration Console, what you can do in a page, subpage, or panel is determined by the privileges you have been granted. These privileges also apply to the resource snapshot feature, so that it cannot be used for privilege escalation. In other words, you can’t leverage the snapshot feature to view or edit the configuration of a resource if your privileges don’t allow you to do so.
Your privilege set allows you to view all query pipelines in your organization, but you can only edit pipeline ABC. As a result, you can create a snapshot that contains all these pipelines, but you can’t apply this snapshot to an organization since you’re not allowed to edit all pipelines.
Required privileges
The following table indicates the privileges required to perform actions relative to resource snapshots. As explained above, one can’t leverage the snapshot feature to view or edit the configuration of a resource if their privilege set does not allow them to do so. See Manage privileges for details on how privileges work and Privilege reference for further information on each privilege.
| Action | Service - Domain | Required access level |
|---|---|---|
| Create a snapshot of an organization |
Organization - Organization All domains corresponding to the resources to include in the snapshot |
View |
| Organization - Snapshot | Edit | |
| Create a snapshot from JSON or ZIP | Organization - Organization | View |
| Organization - Snapshot | Edit | |
| Copy or download a snapshot |
Organization - Organization Organization - Snapshot All domains corresponding to the resources in the snapshot |
View |
| Export a snapshot to a destination organization |
Organization - Organization All domains corresponding to the resources (from the origin organization) in the snapshot |
View |
| Organization - Snapshot (in both the origin and the destination organization) | Edit | |
| Match analogous resources | Organization - Organization |
View |
|
Organization - Link Organization - Snapshot |
Edit | |
| Import sensitive information | Organization - Vault entry (in the origin organization) | View |
| Organization - Vault entry (in the destination organization) | Edit | |
| View changes to apply |
Organization - Link Organization - Organization All domains corresponding to the resources in the snapshot |
View |
Organization - Snapshot |
Edit | |
| Apply a snapshot | Organization - Organization | View |
|
Organization - Link Organization - Snapshot Organization - Vault entry (if the snapshot contains sensitive information) All domains corresponding to the resources in the snapshot |
Edit | |
| Delete a snapshot | Organization - Organization | View |
| Organization - Snapshot | Edit |
What’s next?
Read on how Coveo matches analogous resources to determine how to apply your resource snapshots. This article is recommended for advanced users only.
Very useful
Not really
Very useful
Not really