Privileges required to manage snapshots
Privileges required to manage snapshots
Like with any other feature of the Coveo Administration Console, your privileges determine what you can do with the resource snapshot feature. For example, you may be able to create a snapshot, but not apply it to an organization, as this action requires additional privileges.
However, resource snapshots provide access to the configuration of other resources, such as sources, fields, and query pipelines. Therefore, in addition to the privileges required to manage snapshots, you must also have the privileges to view or edit all resources included in a snapshot.
This requirement prevents privilege escalation, that is, using the snapshot feature to access the configuration of a resource you wouldn’t otherwise be able to access.
In other words, you can’t leverage the snapshot feature to view or edit a resource’s configuration unless your privileges allow you to view or edit this resource outside of the snapshot feature.
The table below lists the privileges required to manage snapshots. Lines in italics remind you that the complete set of privileges you need depends on the content of your snapshot.
See Manage privileges for details on how privileges work and Privilege reference for further information about each privilege.
Example
Your privilege set includes the following privileges:
-
View all query pipelines in your organization
-
Edit pipeline
ABConly -
Organization - Snapshot: Edit
To create a snapshot, you need the privilege to edit a snapshot, which you have. You also need the privilege to view the resources you include in the snapshot, which you also have for all pipelines. Therefore, you can create a snapshot that contains all pipelines in your organization.
However, to apply a snapshot to an organization, you need the privilege to edit the snapshot, which you have, and the privilege to edit all resources included in the snapshot, which you don’t have since you can only edit pipeline ABC.
Therefore, you can’t apply this snapshot to an organization since you’re not allowed to edit all pipelines.
| Action | Service - Domain | Required access level |
|---|---|---|
Create a snapshot of an organization |
Organization - Organization |
View |
All domains corresponding to the resources to include in the snapshot |
View |
|
Organization - Snapshot |
Edit |
|
Create a snapshot from JSON or ZIP |
Organization - Organization |
View |
Organization - Snapshot |
Edit |
|
Copy or download a snapshot |
Organization - Organization |
View |
Organization - Snapshot |
View |
|
All domains corresponding to the resources in the snapshot |
View |
|
Copy a snapshot to another organization |
Organization - Organization |
View |
All domains corresponding to the resources (from the origin organization) in the snapshot |
View |
|
Organization - Snapshot (in both the origin and the destination organization) |
Edit |
|
Match analogous resources |
Organization - Organization |
View |
Organization - Link |
Edit |
|
Organization - Snapshot |
Edit |
|
Import sensitive information |
Organization - Vault entry (in the origin organization) |
View |
Organization - Vault entry (in the destination organization) |
Edit |
|
View changes to apply |
Organization - Link |
View |
Organization - Organization |
View |
|
All domains corresponding to the resources in the snapshot |
View |
|
Organization - Snapshot |
Edit |
|
Apply a snapshot |
Organization - Organization |
View |
Organization - Link |
Edit |
|
Organization - Snapshot |
Edit |
|
Organization - Vault entry (if the snapshot contains sensitive information) |
Edit |
|
All domains corresponding to the resources in the snapshot |
Edit |
|
Delete a snapshot |
Organization - Organization |
View |
Organization - Snapshot |
Edit |
What’s next?
Read on how Coveo matches analogous resources to determine how to apply your resource snapshots. This article is recommended for advanced users only.
Very useful
Not really
Very useful
Not really