CoPilot User Account Administration
This section discusses user accounts for Aviatrix CoPilot and user account permissions required to use CoPilot features and functionality.
| Users should be granted only the permissions needed to perform their work. Review user privileges on a routine basis to confirm they are appropriate for current work tasks. | 
If you use an identity provider (IdP) to allow users to log in to Aviatrix Controller via SAML authentication, you can also allow users to log in to Aviatrix CoPilot via SAML authentication. See Set Up SAML Login for CoPilot.
About User Account to Be Used as CoPilot Service Account
Aviatrix CoPilot requires a dedicated service account. This account is used to retrieve data and make configuration changes on the Controller without requiring a logged-in user. You must create this service account on the Aviatrix Controller. See Create Your CoPilot Service Account.
During the initial setup of CoPilot, you will be prompted to specify the user account to be used as the CoPilot service account.
| The CoPilot service account must be added to the built-in  
 | 
| Removing the Service Account will limit CoPilot’s ability to perform critical tasks, including fetching topology data, collecting performance metrics, and applying configuration changes. | 
About CoPilot User Accounts
This section describes user accounts for CoPilot and permissions required for some features.
All valid user accounts created on Aviatrix Controller can log in to Aviatrix CoPilot.
For a user to enable ThreatIQ alerts or ThreatIQ blocking in CoPilot, they must log in to CoPilot with a user account that has all_write or all_security_write permissions.
CoPilot Read-Only Access Views
CoPilot hides/disables some actions in the UI for users logging in with a read-only account. The read_only permission group is a built-in permission group. It allows only full read access.
Controller user accounts that belong to a group that has read_only permissions cannot perform actions, such as:
- 
Deleting change-set data (Topology Replay) 
- 
Creating and deleting scaling policies (Performance) 
- 
Resolving and deleting alerts (Notifications) 
- 
Creating and deleting network domains (Security) 
For actions that are reserved for groups with all_write and all_security_write permissions, see Permissions Required for CoPilot Features.
User accounts with read-only permissions are able to perform the following tasks:
- 
Saving and deleting filter groups (FlowIQ) 
- 
Saving and deleting topology layouts (Topology) 
Permissions Required for CoPilot Features
The CoPilot ThreatIQ and Distributed Cloud Firewall features require that the CoPilot service account have a minimum of all_firewall_network_write permissions.
The CoPilot gateway scaling feature requires a minimum of all_gateway_write permissions to manage the spokes and transits.
The admin permissions (all_write) have full access to all CoPilot features. The admin permissions are required to perform the following:
- 
Adding, changing, or deleting Aviatrix networking constructs and policies 
- 
Enabling CoPilot features.