# Plan your first users

Plan the users and role assignments that must exist before the environment starts. These users must be able to satisfy every policy workflow that is required at launch.

## Inputs

Use the domain model from [Design your domains](/products/custody/v1.36/governance/genesis/design-your-domains) and list:

- Roles that create launch-critical intents.
- Roles that approve launch-critical intents.
- Roles that need read access.
- Bot users required for automated workflows.
- Emergency or recovery users.


## Role model

Start with role responsibilities, not names.

| Responsibility | Example role |
|  --- | --- |
| Root administration | `platform-admin` |
| Policy changes | `policy-operator` |
| Transaction operations | `transaction-operator` |
| Compliance review | `compliance` |
| Emergency recovery | `emergency-operator` |
| Read-only audit | `auditor` |
| Automation | `transaction-operator-bot` |


Choose names that operators will understand. Role names are strings that you can define whenever you need them, but users receive those roles only through genesis or a governed user intent after launch. Use the same role names in users, policies, and domain read access.

## Quorum coverage

For each policy workflow, confirm that the launch users can satisfy quorum.

| Workflow | Check |
|  --- | --- |
| Maker step | At least one launch user has the role that creates the intent. |
| Checker step | Enough independent users have the checker role. |
| Multi-role approval | Each required role has enough users. |
| Emergency approval | Emergency roles exist and credentials are controlled. |
| Bot workflow | Bot users exist only where automation is intentional. |


Do not rely on users that can only be created after launch to satisfy policies that must work at launch.

## Genesis user guidance

Genesis users are the initial root of trust. They cannot be deleted, so choose them carefully. They can be locked later, but the launch model should not depend on a single person or a single credential.

Recommended checks:

- At least two human users for critical human roles.
- No single user can complete a high-risk workflow alone.
- Bot users are limited to the workflows they need.
- Emergency users are independent from routine operators where possible.
- Role names match the policy workflows exactly.


## Genesis user examples

The following example shows users as they appear inside a genesis domain's `users` array. Genesis users do not include a `type` field because they are embedded in the genesis domain setup, not submitted as `v0_CreateUser` intents. For post-genesis user creation, see [Manage users and roles](/products/custody/v1.36/governance/users/manage-users-and-roles#create-a-user-with-the-api).


```json
[
  {
    "id": "e1fe3431-f899-427b-9e67-a75fb9fe5e57",
    "alias": "platform-admin-1@example.com",
    "publicKey": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEe32vCCfM0LXmT6VuZo4AykiZ8YfBMB92nKNX8K+PRhN7/qPhILzGlOv/7kDyefTxHSrytXG28OB0cPwErlHgyQ==",
    "roles": ["platform-admin", "policy-operator"],
    "loginIds": [
      {
        "id": "platform-admin-1@example.com",
        "providerId": "harmonize"
      }
    ],
    "lock": "Unlocked",
    "description": "Genesis platform administrator",
    "customProperties": {
      "userType": "human"
    }
  },
  {
    "id": "7bf37a53-51a5-48da-b7d1-c2fa05bd3f14",
    "alias": "compliance-1@example.com",
    "publicKey": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET1BnSIvToEO6r5BMmaG+O3GL0/A7JilzCdmJ3trIWIsXDuv8jAcGizraMouqWIHTx2hi3rxoH7eABURbfSSryw==",
    "roles": ["compliance"],
    "loginIds": [
      {
        "id": "compliance-1@example.com",
        "providerId": "harmonize"
      }
    ],
    "lock": "Unlocked",
    "description": "Genesis compliance approver",
    "customProperties": {
      "userType": "human"
    }
  }
]
```

Use the same role strings in:

- The `roles` array for each user.
- Domain read access permissions.
- Policy workflow steps.
- Policy conditions that check author or target roles.


## Output

By the end of this step, you should have:

- First-user list.
- Role assignments by domain.
- Quorum coverage table.
- Bot user list.
- Emergency user list.


Use the output as input for [Design your policies](/products/custody/v1.36/governance/genesis/design-your-policies).