Access model
Darpan access is session-based. Users sign in, receive a session, and operate within the active company or active tenant available to them. Permissions are evaluated per active context, so a user can have different capabilities in different companies or tenants. Tenant permission membership is separate from tenant identity. A user’s permission level for a given tenant comes from membership records, not from a single global role applied everywhere.Roles
| Role | Typical scope |
|---|---|
| Super Admin | Manages Darpan platform settings, users, tenants, permission assignments, and tenant data. |
| Tenant Admin | Manages tenant-owned settings, connections, schemas, saved runs, automations, and results for the active tenant. |
| Tenant User | Views tenant data, uploads files, runs reconciliation, and reviews output without changing tenant setup records. |
Before you start
Confirm:- You are signed in as a Super Admin.
- The user’s identifier is known.
- You know which active company or active tenant the user should access.
- You know the role to assign: Super Admin, Tenant Admin, or Tenant User.
Steps
User creation, access grants, and role assignment are not available in the PWA or Ask Darpan. A Super Admin performs them in the server-rendered admin screens under
/apps/darpan, which are restricted to Super Admins. The sequence reflects what a Super Admin does: create the user, grant access, assign the role.- As a Super Admin, open the server-rendered admin screens under
/apps/darpan. - Create the user record and set the user’s identifier.
- Grant access to the intended active company or active tenant.
- Assign the role: Super Admin, Tenant Admin, or Tenant User.
- Confirm the user can sign in and that the active tenant context is correct after first sign-in.