Personas
Who uses Unphish v2 and what they need from it.
Unphish v2 has seven distinct user personas. Roles in the application correspond to capabilities, but the personas below describe humans and what they are trying to accomplish.
1. Unphish staff — analyst
The day-to-day operator of the platform. Triages incoming threats, sets priority, coordinates client review, prepares enforcement, monitors provider responses, and watches for resurrection.
- Primary surfaces: Dashboard, Threat Feed, Enforcement, Approvals queue, Verification, Intelligence, Reports.
- Typical role:
analyst(most common);viewerfor read-only access. - Hub access: No (unless separately given staff system role).
- Time-on-tool: Many hours per day. UX density and keyboard-friendliness matter.
2. Unphish staff — admin / operations
Manages the platform itself: tenant onboarding, client setup, user invitations, integration configuration, quota management, and audit. Operates across all clients in the platform organization.
- Primary surfaces: Admin (
/admin/*), Hub for operational tasks, plus analyst surfaces when investigating. - Typical role:
adminwith internal-domain email and elevatedsystem_role. - Hub access: Yes — team, secrets, readiness, delivery board, audit.
- Time-on-tool: Hours per day, more episodic than analyst.
3. Engram developer
Builds and maintains the platform. Needs full visibility into deployments, branches, feature flags, environment health, and the workbench. Frequently switches between writing code, deploying, and verifying behavior in staging or demo.
- Primary surfaces: Hub, Workbench, all analytics, source code.
- Typical role:
system_role: admin, organization roleowneroradmin. - Hub access: Yes — full.
- Notable: Has support-preview (impersonation) capability for debugging customer-reported issues, with audit trail.
4. Partner operator
A reseller or channel partner running their own branded Unphish instance for their portfolio of clients. Functionally an analyst, but scoped to their portfolio and presented under their brand.
- Primary surfaces:
/partner/*and partner-scoped versions of the analyst routes. - Typical role:
adminoranalystwithin the partner organization. - Hub access: No.
- Notable: Same workflow as Unphish internal analysts. Partner is a scope, not a separate codebase. White-label is branding plus portfolio filtering.
5. Client admin
The customer-side account owner for a client (rights owner). Manages their own users, brands, quotas, API applications, SSO domains, proof-of-authorization. Onboards new team members, configures notifications, sets up reporting cadence.
- Primary surfaces: Client portal — team, brand assets, API configuration, reports, notifications.
- Typical role:
adminwithin the client. - Hub access: No.
6. Client reviewer (approver)
The customer-side security or legal contact whose job is to approve or reject enforcement actions on behalf of the rights owner. Sees the threat summary, evidence, and analyst recommendation; clicks Approve, Reject, or Request More Info.
- Primary surfaces: Client portal review queue (
/client/review), case detail, comments. - Typical role:
client_approver. Read-only on team and configuration. - Hub access: No.
- Time-on-tool: Episodic. The portal must respect their attention — minimal noise, clear evidence, fast decisions.
7. Sales / customer demo
Sales engineers and account executives showing the product to prospects and existing customers. Use the Demo environment, not staging or production.
- Primary surfaces:
unphish-demo.engram.org— same routes as the rest of the app, with demo fixtures and curated scenes. - Typical role: No real authorization. Demo provides scripted personas.
- Hub access: No.
- Notable: Demo has three required scenes — autonomous enforcement, client approval trust, and partner white-label — and mutations are no-ops or scripted. No real takedowns happen.
How role and persona relate
Personas are humans; roles are capabilities the application understands. The mapping is many-to-many, but the common patterns are:
| Persona | Primary role | Common system role |
|---|---|---|
| Unphish analyst | analyst | user or staff |
| Unphish admin | admin | admin |
| Engram developer | owner or admin | admin |
| Partner operator | admin or analyst | user |
| Client admin | admin (client-scoped) | user |
| Client reviewer | client_approver | user |
| Sales / demo | n/a (scripted) | n/a |
See Security & Architecture → Auth and RBAC for how roles, capabilities, and route guards combine.