Privileges Required to Manage Snapshots

In the Coveo Administration Console, what you can do in a page, subpage, or panel is determined by the privileges you have been granted. These privileges also apply to the resource snapshot feature, so that it cannot be used for privilege escalation. In other words, you can’t leverage the snapshot feature to view or edit the configuration of a resource if your privileges don’t allow you to do so.

Your privilege set allows you to view all query pipelines in your organization, but you can only edit pipeline ABC. As a result, you can create a snapshot that contains all these pipelines, but you can’t apply this snapshot to an organization since you’re not allowed to edit all pipelines.

Required Privileges

The following table indicates the privileges required to perform actions relative to resource snapshots. As explained above, one can’t leverage the snapshot feature to view or edit the configuration of a resource if their privilege set does not allow them to do so. See Manage Privileges for details on how privileges work and Privilege Reference for further information on each privilege.

Action Service - Domain Required access level
Create a snapshot of an organization

Organization - Organization

All domains corresponding to the resources to include in the snapshot

View
Organization - Snapshot Edit
Create a snapshot from JSON or ZIP Organization - Organization View
Organization - Snapshot Edit
Copy or download a snapshot

Organization - Organization

Organization - Snapshot

All domains corresponding to the resources in the snapshot

View
Export a snapshot to a destination organization

Organization - Organization

All domains corresponding to the resources (from the origin organization) in the snapshot

View
Organization - Snapshot (in both the origin and the destination organization) Edit
Match analogous resources

Organization - Organization

View

Organization - Link

Organization - Snapshot

Edit
Import sensitive information Organization - Vault entry (in the origin organization) View
Organization - Vault entry (in the destination organization) Edit
View changes to apply

Organization - Link

Organization - Organization

All domains corresponding to the resources in the snapshot

View

Organization - Snapshot

Edit
Apply a snapshot Organization - Organization View

Organization - Link

Organization - Snapshot

Organization - Vault entry (if the snapshot contains sensitive information)

All domains corresponding to the resources in the snapshot

Edit
Delete a snapshot Organization - Organization View
Organization - Snapshot Edit

What’s Next?

Read on how Coveo matches analogous resources to determine how to apply your resource snapshots. This article is recommended for advanced users only.