Ensure that content permissions have been correctly applied


This guide provides guidelines to analyze, review, and test different aspects of a Coveo-powered implementation.

It shouldn’t be considered an official, definitive guide to testing an implementation before it goes live, but rather a guide showcasing the basic components that Coveo implementations typically include.

Every Coveo implementation is different and may require custom configuration.

Therefore, you may notice discrepancies between the components and features listed in this guide and those you’re using in your actual implementation.

If you encounter issues, or have any questions related to this article, contact Coveo Support for help.

When you create a source, the Same users and groups as in your content system content security option lets you index your content’s permission system and replicate it in your search interface. As a result, authenticated users only see the items that they’re allowed to access, while unauthenticated or anonymous users only see the content that has been specified as public.

When you select this option, you should check that the permissions have been applied correctly (that is, that your secured content isn’t accessible to unauthenticated and anonymous users).

To do so, in the Content Browser (platform-ca | platform-eu | platform-au), select the Empty pipeline, and then impersonate the security identity *@\*. This identity represents all users, including unauthenticated or anonymous ones. The Content Browser shouldn’t display any item that you don’t want to be publicly available.