This topic contains the following sections:

• Granting super user access

• Revoking super user access

• Monitoring super user access

Granting super user access

1. On the Coveo server, access the Administration Tool (see Opening the Administration Tool).

2. Verify that your Coveo license includes the super user access feature:

   1. Select Configuration > License.

   2. In the License page, validate that Super Users Allowed appears with a check mark.

      

      When it does not appear and you want to use the super user access feature, contact Coveo Sales to change the license terms.

3. Select Configuration > Security.

4. In the panel on the left, select Super User Access.

5. In the panel on the right, click Add.

6. In the Super User Access page:

   

   1. In the Granted To section, click Add.

   2. In the Add Identity dialog box, specify the user or group to which you want to grant super user privileges (see Using the Identity Picker Form), and then click Add.

      

      The specified user or group appears in the Granted To list.

   3. Repeat the above steps to add other users or groups to this super user token.

   4. In Description, enter a short description that describes the scope of the super user token. This text appears in the Do more menu when the granted user accesses the .NET search interface.

   5. Set the Start and Expiration dates to specify when the super user access privileges respectively begin and end.

   6. Specify the access granted with this super user token: 

      1. Select the Access Everything check box when you want the users or groups of this super user token to gain access to all indexed contents.

      2. When the Access Everything check box is cleared, in the Users/Groups section that appears, click Add to select to which user(s) or group(s) permissions the users or groups of this super user token gain access (see Using the Identity Picker Form).

      3. Repeat the previous step to add other users or groups equivalent permissions.

   7. When one or more remote indexes are available, in the Remote Indexes section, select the check box for the remote indexes for which you want this super user token to get access to.

      Note: In the case where the super user can access remote indexes, the MismatchingInstance: Instance access is denied. message may appear. The super user access is granted on the remote Coveo instances only if the remote instance impersonates the user that runs IIS on the Front-End server, typically the [Server_Name]$ or the NT Authority\Network Service user (see Granting Impersonator Privileges).

   8. Because you cannot edit a super user token once it is created, carefully verify all settings, and then click Save.

Revoking super user access

1. On the Coveo server, access the Administration Tool (see Opening the Administration Tool).

2. Select Configuration > Security.

3. In the panel on the left, select Super User Access.

4. In the panel on the right:

   1. Select the super user access that you want to revoke.

   2. Click Revoke.

   

Monitoring super user access

1. On the Coveo server, access the Administration Tool (see Opening the Administration Tool).

2. Select Logs > Queries.

3. In the Queries page:

   1. In the panel on the left, select the period over which you want to review the logs as well as the content of the logs, ensuring that the Super User Access check box is selected.

   2. At the top of the panel on the right, click View Log.

      In the logs, the Super User Access column indicates the super user token used, the On behalf column indicates the user that performed the super user queries, and the Full access from index browser column indicates if the query was performed in the Index Browser.