Persona, RBAC, and Entitlements
Valhalla uses three separate decision layers:
| Layer | Purpose | Example |
|---|---|---|
| RBAC | Authorizes access to APIs, objects, controls, and secrets. | A user can or cannot open TrustFabric, decrypt a field, publish MCP, or edit users. |
| Subscription/features | Gates paid product capabilities. | TrustFabric Compliance and Auditing is Enterprise or a Team add-on. |
| Persona mode | Personalizes the UX over the items the user is already allowed to see. | CXO sees strategy/GrayMatter/tasks first; engineer sees API Designer/App Generation/deployment first. |
Persona mode must never grant access. It only changes emphasis, defaults, language, density, and complexity.
Persona Sources
- Signup and white-paper funnel customer type.
persona-modeUserPreference type generated fromapi.hbs.yaml.- User Preferences control for changing persona after signup.
- Dashboard mode pill next to credits to show/switch the current persona lens.
Current Personas
| Persona | UX emphasis |
|---|---|
| CXO | Strategy, tasks, GrayMatter, metrics, TrustFabric where entitled. |
| Solopreneur | App builder, CMS/CRM/ecommerce, guided Valor workflows, deployment. |
| Engineer | OpenAPI Designer, ThorAPI generation, generated clients, deployment, ValorIDE. |
| Reseller | Customer instances, packaging, onboarding, billing, deployment. |
| Student | Learning paths, examples, safe defaults, lower-complexity docs. |
| Content publisher | CMS, ecommerce, DigitalProductPro, social workflows, scheduled publishing. |
| Workflow designer | Studio, ExecModules, IntegrationAccounts, MCP publishing. |
Implementation Anchors
- OpenAPI enum/preference fields:
valkyrai/src/main/resources/openapi/api.hbs.yaml,thorapi/src/main/resources/openapi/api.hbs.yaml - Frontend utility:
src/utils/customerExperienceMode.ts - Funnel:
src/website/funnel - Dashboard sidebar filtering:
src/components/Dashboard/LcarsSidebar.tsx - Dashboard mode pill: navbar/sidebar mode switcher near the credits indicator
Testing Rule
Test persona modes by changing User Preferences or the signup funnel customer type. Test authorization separately with RBAC roles and subscription/feature fixtures.