Skip to content

Permissions

The Lynx AI Agent operates within Splunk's security model, inheriting the permissions of the logged-in user. This ensures that the agent can only access data and perform actions that the user is authorized to perform.

Access to the agent is controlled through Splunk roles, and all operations respect the user's existing permissions for indexes, apps, and knowledge objects.

Splunk Role

The app ships with a built-in role named lynx-ai. Users must be assigned the lynx-ai role (or the admin role) for the agent to function and be accessible.

Note

The agent inherits the permissions of the logged-in user, thereby gaining access to apps, indexes and knowledge objects. If a user can't access data, neither can the agent.

Capabilities

The lynx-ai role includes the following capabilities:

Capability Description In User role (default)
list_storage_passwords Required to read the encrypted license key from Splunk's password storage (/storage/passwords). No
rest_properties_get Required to read app configuration properties via the REST API (/services/properties). Yes
search Required to execute Splunk searches. The agent uses this capability to query indexes and knowledge objects. Yes

Knowledge Objects

The agent operates with read-only access to knowledge objects. This is scoped to the user's permissions - the agent cannot access data that the user does not have access to.

The agent can produce XML code for dashboards. In this case, the user can save the dashboard produced by the agent within the Lynx AI Agent app, subject to their write permissions.
Note that this is a user-initiated action, as the agent does not currently have the ability to autonomously create knowledge objects.

Currently supported knowledge objects:

  • Dashboards
  • Saved Searches (Alerts, Reports)
  • Macros
  • Lookup Definitions
  • Lookup Files
  • Data Models
  • Field Extractions
  • Custom Commands
  • Event Types
  • Event Tags
  • KV-Store Collections
  • More coming soon!

KV Store Access

The agent uses Splunk's KV store to persist chat history and user rules. Each user's data is isolated and private.

Requirements

  • KV store must be enabled on the Search Head for chat history and user rules to function.
  • Users automatically have read and write access to their own KV store collections through the lynx-ai role.
  • Administrators with the admin role can view all users' KV store data if needed.

Data Privacy

Chat conversations and user rules are stored per user in separate KV store collections. Non-admin users can only access their own data, ensuring privacy and security across the organization.

For more information about chat history storage, see Chat History.