User Rights¶
Roles¶
There are different roles available to use Production Copilot and Copilot Studio. Learn more about the Production Copilot User Rights.
Copilot Studio¶
| Roles | Description |
|---|---|
mdsp:core:copilotstudio.viewer,mdsp:core:StandardUser | Can use Copilot Studio in read-only mode, but cannot see skill endpoints or instructions. |
mdsp:core:copilotstudio.admin,mdsp:core:TenantAdmin | Can use Copilot Studio and see all configured agents and skills. Can create skills in Visual Flow Creator. |
Example Configurations¶
Due to the usage of different services in Insights Hub, different roles are needed for the best user experience.
Refer to, for example, the following personas and their required roles.
| Persona | Roles Required | Descriptions |
|---|---|---|
| Tenant Administrator | mdsp:core:TenantAdmin, mdsp:core:idlmanager.admin | Tenant Admin with Copilot access. They handle the data in IDL with full access and are also able to sync files with the Production Copilot. |
| Copilot User with Access to IDL | mdsp:core:StandardUser, mdsp:core:idlmanager.user | This user can use the Production Copilot, check the references, and navigate to IDL Manager as well as preview the files. |
| Monitor User without Copilot Access | mdsp:core:oi.viewer, mdsp:core:launchpad.user | This user has only access to the Monitor but no Production Copilot access. |
| Copilot User with Restricted Rights | mdsp:core:oi.viewer, mdsp:core:oi.copilotUser, mdsp:core:launchpad.user | This user can use the Production Copilot but cannot verify the answers in IDL due to no access to IDL. |
| Copilot Admin with rights to sync files but no further administrative rights in the tenant. | mdsp:core:oi.viewer, mdsp:core:oi.copilotAdmin, mdsp:core:launchpad.user, mdsp:core:idlmanager.admin | This user can utilize the Production Copilot. They are also authorized to synchronize and administer files within the Integrated Data Lake (IDL). |
Last update: March 16, 2026