Core Docs - Core Concepts - Agent Security

Rock Version: v20.0
Last Modified: 2026-05-21 7:32 AM

Rock's agents work within the same security model you already use everywhere else in Rock. The roles, permissions and access controls you've set up apply here too.

New agents start locked down.
When you create a new agent, Rock restricts access to RSR - Rock Administrator by default. That is intentional - agents can write data, so Rock errs on the side of caution. Before staff can use a new agent, open the agent security and grant View access to the right role. For most organizations, RSR - Staff Workers is the right starting point for internal use.

Security works in layers

Agent security has three layers.

The agent itself. The Role field on each agent controls who can see and access it. People outside that role won't see it.

Skills. Each skill can be secured independently. If someone doesn't have permission to use a skill, the agent won't run it for them, even if the skill is assigned to the agent.

Tools. Individual tools carry their own permissions too. If a person can't view contribution records in Rock, the agent can't show them those records either.

The agent isn't a shortcut around your permissions. It works within them.

Internal vs. Public

The Audience setting on each agent (covered in Configure an Agent) also shapes what data the agent can share. A public agent should carry only the skills appropriate for an unknown visitor. Think carefully about which skills you attach and keep the set narrow.

What Spark sees

Spark Development Network does not have access to your organization's data. Your configurations, instructions and conversation history stay within Rock and the AI provider you've configured.