Community

Product DocsMenu

Modifying Source Security Permissions

Three levels of security exist in CES index (see Security Control Levels in CES):

  • Collection-level security

  • Source-level security

  • Document-level security

Source-level permissions determine which users have access to a source. By default, sources can be accessed by all users who have access to the parent collection. You can however override these permissions. Even if a user has access to a source, document-level permissions are required to display its content.

Note: Source-level permissions are not indexed for Web Pages sources; however, if Web files are stored locally (i.e., on the same network as CES), it is possible to associate file server permissions to them.

This topic contains the following sections:

Modifying the permissions

  1. On the Coveo server, access the Administration Tool (see Opening the Administration Tool).

  2. In the Administration Tool, select Index > Sources and Collections.

  3. In the Sources and Collections page: 

    1. In the Collections section, select the collection the source that you want to modify.

    2. In the Sources section, select the source that you want to modify.

    3. In the navigation panel on the left, select Permissions.

  4. In the Permissions page, in the Permissions section, select one of the following options:

    Index security permissions

    Grants access to all users having the appropriate collection permissions. Document-level security is indexed.

    Specify the security permissions to index

    Grants access only to users whose accounts are entered in the Allowed Users box. Document-level permissions are not indexed.

    Important: Because document-level permissions are not indexed, a user added to the Allowed Users list that do not have access to a document in the original repository will be able to view its excerpt, summary and Quick View from the search results.

    Index security permissions and specify additional security permissions to index

    Indexes document-level permissions and grants additional access to users whose accounts are entered in the Allowed Users box and denies access to users whose accounts are entered in the Denied Users box.

    Important: The accounts entered in the Allowed Users box override document-level permissions. This means that even users who do not have access to a document are able to view its search result excerpt, summary, and Quick View.

    Late Binding

    When it is not possible to gather permission information at indexing time, as a last option to support secure search results, select Late Binding to identify which documents a user is allowed to see at query time. With this method, query response time is very slow the first time a query is performed, but much faster on next occurrences (see External Security Cache).

  5. When you selected Specify the security permissions to index or Index security permissions and specify additional security permissions to index, for each user to which you want to modify the source permissions:

    • To grant access to the source, in the Allowed Users section:

      1. Enter the account name of the user or group.

        Example: For an Active Directory account, enter the name in the domain\username form.

      2. Select if the entered name is a User or a Group.

      3. Select the security provider in which this user or group is defined.

      4. Click Add.

    • To revoke access to the source for an account that is listed in the Allowed Users box, select the account, and then click Remove.

    • To revoke access to the source for an account that is not listed in the Allowed Users box, in the Denied Users section:

      1. Enter the account name of the user or group.

        Example: For an Active Directory account, enter the name in the domain\username form.

      2. Select if the entered name is a User or a Group.

      3. Select the security provider in which this user or group is defined.

      4. Click Add.

  6. Click Apply Changes.

Tip: CES 7.0.5388+ (April 2013) When you add source level permissions, these permissions are automatically assigned to a Custom Source Permissions level that is visible from the Index Browser (see Reviewing Document Details from the Index Browser and Permission Levels and Sets).

Mapping the security permissions of a Web source

You can map Web Page sources with local files to indexing of document-level security permissions for these sources.

Example: If http://www.coveo.com is mapped with its equivalent folder on \\CoveoServer\WebPage\, the permissions granted to the files in the \\CoveoServer\WebPage\ folder are also indexed for the Web Pages sources.

  1. On the Coveo server, access the Administration Tool (see Opening the Administration Tool).

  2. In the Permissions page corresponding to the source is displayed, click Add.

  3. In the Edit Web File Security page:

    1. In the Web Address box, enter the address of the Web source.

      Example: http://www.coveo.com

    2. In the Network File Path box, enter the path of the folder containing the Web files.

      Example: \\CoveoServer\WebPage\.

    3. Click Save.

People who viewed this topic also viewed