Gravatar for

Question by fcote, Apr 29, 2015 2:42 PM

Applying security permissions to the CoveoItem during post processing


We have some items that do not own or inherit permissions in SItecore, but must have them applied dynamically during indexing,

I have been trying to add permissions to the CoveItem in the post indexing processing ags. While it seems to be working - i.e. no errors are generated when the index is run. I'm not seeing results them show up in the CES backend.

There are 2 tasks I'm trying to performt he first is to remove anonymous access to the document and the second is to add read access to multiple roles.

When I don't include code to remove anonymous access and just apply the the new access roles it will index the documents, but the access roles are not showing in the permisssions tab in the indexed documents search.

I found this link that suggests that the permissions property should not be touched. It is public so I didn't know if this is an unimplemented feature or if I'm going about things the wrong way.

Can you suggest a way without changing permissions in the SItecore tree to get these permissions added to the document?

Gravatar for

Comment by Jean-François L'Heureux, Apr 29, 2015 4:32 PM

I read your code and I don't understand why you need to add security rules for the item's parent access rules. Coveo for Sitecore is supposed to take care of the anonymous accessibility and the permissions of the indexed documents out of the box. Coveo for Sitecore is extracting securities for the item and all his parents to the root item by default.

Can you describe your Sitecore items setup with more details to understand your motivation of modifying the permissions of indexed documents?

Can you also tell me which version of Coveo for Sitecore and Coveo Enterprise Search you are using?

1 Reply
Gravatar for

Answer by mvincent, May 7, 2015 11:29 AM

Hi jflheureux, these specific documents are created using the SharePoint connector which is constantly refreshed. so setting permissions manually on the tree is a losing battle, and I was attempting to avoid post processing as the requirements for the index are different to the requirements for direct access. The intention was to attempt to cascade the permissions that did come through from SharePoint on the document folders, to the documents themselves.

We have a work around that processes security roles at runtime to restrict access. I know this is an unusual requirement. The confusion arose from the property being public but not annotated to instruct developers not to use it.

For anyone else with similar crazy aspirations, Coveo support have confirmed that this something that could be feasible but would require additional effort to prove out.

It's definitely not the recommended approach to applying security, and I completely understand why. If only the business logic was on he same page, I could have saved myself some time.

We are using the latest and greatest April 2015 releases of CFS and CES.

Ask a question