Gravatar for

Question by jbachmann, Oct 20, 2014 2:46 PM

You do not have the permissions to view the document properties.

I'm seeing the message "You do not have the permissions to view the document properties." on all of my documents which have been indexed by Coveo for Sitecore when viewing my index on the CES Admin tool. I followed the directions for installing CES on a separate box from Sitecore and immediately encountered this behavior, but never saw this behavior when installing CES and Sitecore on the same box.

I've pushed a few things through the default workflow, I've republished everything and I've re-indexed the entire shebang from control panel to no avail.

Everything seems to get into index, but I can't manage individual documents from the CES Admin tool, nor do any of the documents come back when hitting "http:///coveo/rest".

This is how all of the index documents look to me:

And here is what I'm guessing is the permission set that's causing my viewing issues:

For the life of me, I can't find where coveo_sitecoreadministrators is actually defined. I can't find it anywhere in the CES Configuration -> Security and I couldn't find it as a role or user in Sitecore security either.

Any thoughts or insights would be very welcome.

Thanks, Jordan

(why does the markdown preview have every word capitalized?)

3 Replies
Gravatar for

Answer by Simon, Oct 20, 2014 2:51 PM

I believe that you need to add your current user as a System Admin (Full Access) in the Role menu of the Administration Tools. See this documentation on Roles:


Gravatar for

Comment by jbachmann, Oct 20, 2014 5:46 PM

Thank you for the very speedy reply. I was able to get management access to the documents in CES Admin by following your recommendation.

I'm still curious about the origin of the "Administrator Level - Administrator Set" shown in my second screenshot. I'm not sure where I would look for the definition of "coveo_sitecoreadministrators". I didn't spot it in CES Admin Configuration -> Security and didn't see it in the role list in Sitecore.

Any thoughts on that one? I suspect the "Administrator Set" is what's blocking my "http:///coveo/rest" results.

Gravatar for

Comment by Simon, Oct 20, 2014 5:53 PM

This is an out of the box permission which regroups the Sitecore admin roles. But it should not prevent you from seeing the Rest response. On your Effective combined permissions set, what do you see? Is Anonymous allowed?

When you access your Rest page, it should send a query to the CES Console with the user on it. Does this user has access to the index content?

Gravatar for

Comment by jbachmann, Oct 21, 2014 11:43 AM

The effective combined permissions set was blocking anonymous access. I resolved the problem I was having by adding extranet\anonymous and sitecore\admin to the source's permissions list.

In a strange turn of events though, I later removed those two permissions from the source just to verify that they were truly the solution, but everything continued to function even without them. So really, I'm not entirely sure what the real solution was.

I'll add to this thread if I find any more details.

Thanks for the help!

Gravatar for

Comment by mohamed krimi, Nov 5, 2014 1:34 PM

Did you rebuild your index after removing them from Permission List ?

Gravatar for

Comment by Simon, Nov 5, 2014 2:23 PM

Rebuilding the index will not help since the permissions are not at the document level but at the user level. I believe a refresh of the security cache would be the right way to go. The cache is by default refreshed every day. You change the schedule in the Configuration options of the Admin Tool (Coveo) or refresh it manually in the System state section of the Status Tab, in the Admin Tool again.

Gravatar for

Answer by jrappel, Jan 20, 2015 10:12 AM

I am experiencing the same issue in this thread, and after following the fixes described here, the issue persists.

My searches are being executed as "extranet/anonymous". I've exhausted every method I can think of to give this user access to the items.

Configuration > Security > User Identities

  • I added Anonymous, with User: "extranet\anonymous". Support basic authentication selected.

Configuration > Security > Security Providers

  • I have a Sitecore Security Provider that was created after the installation.
  • I added "extranetanonymous, extranet\anonymous" to the Anonymous User Names field

Index > Sources and Collections > Permissions (on the active index I'm hitting)

  • Permissions: Index security permissions and specify additional security permissions to index
  • I then added:
  • anonymous, with the Sitecore security provider selected
  • I also added "extranet\anonymous" and "extranetanonymous" with the same security provider

Can I select Index security permissions as the Permissions field? Wouldn't this then apply the permissions that are assigned to each item?

While arriving at my latest configuration setup, I deleted all index content and reindexed after each configuration change.

When I go to Index Browser and perform my search, here is what a result looks like:

In Sitecore, this is a normal page, with no security permissions applied. The extranet\anonymous user has access to this page. I've confirmed in Access Viewer.

Can someone please explain why I continue to receive no results when executing the same search with the prebuild coveo controls on the Coveo Search page in Sitecore?

Gravatar for

Comment by jrappel, Jan 20, 2015 10:28 AM

Also, when I update the security cache, the Admin Console shows:

Error while expanding group "coveo_sitecoreadministrators"… exception in method GetMembersAndMappings… Unable to get databasename with TargetSite : website

We do not have a definition of "website" in our sites node. Is this a requirement of the service?

Gravatar for

Comment by Jean-François L'Heureux, Jan 20, 2015 10:50 AM

Do you have a "website" Sitecore database?

You can look in your Coveo.SearchProvider.config file for "website" in the section. you should have references to "core", "master" and "web" databases by default.

Gravatar for

Comment by jrappel, Jan 20, 2015 11:06 AM

Nope. Just the standard master, web, core.

Gravatar for

Comment by Jean-François L'Heureux, Jan 20, 2015 12:00 PM

The default public-facing website in Sitecore is "website". If the Coveo security provider cannot access it, that means it wasn't configured with valid Sitecore administrator username/password.

Follow the instructions on this page to set valid Sitecore administrator credentials:

Then, do any indexing operation like re-indexing an index or a leaf item in your Sitecore item tree. This will update the Coveo Security Provider with the new credentials.

Then, you will be able to update the security cache.

Gravatar for

Comment by jrappel, Jan 20, 2015 12:34 PM

Thank you, I can now clear the security cache without errors.

Gravatar for

Answer by Mrunal Daftari, Apr 21, 2016 9:30 AM

i know this post got answer but in my case the issue was that my CES server was not able to browse the site where i asked CES to perform indexeing. So as a result i wasa getting the access denied error. I added proper host entries on CES server so that it can access the site and it worked for me.

Of course you need to rebuild indexes and let coveo process documents by adding proper access.

Also make sure that the sites have no restrictions like windows auth or basic auth enabled. If they are make proper changes so that CES can browse the site.

Thanks Mrunal

Ask a question