Skip to main content
Darpan access is session-based. Users sign in, receive a session, and operate within the company or tenant context available to them.

User context

Some users may belong to more than one company or tenant. When that is enabled, the active context controls which scoped records they read and write.

Permission context

Permissions are evaluated for the active context. A user can have different capabilities in different companies or tenants.

Product roles

RoleTypical scope
Super AdminManages Darpan platform settings, users, tenants, permission assignments, and tenant data.
Tenant AdminManages tenant-owned settings, connections, schemas, saved runs, automations, and results for the active tenant.
Tenant UserViews tenant data, uploads files, runs reconciliation, and reviews output without changing tenant setup records.
Tenant Admins should confirm the active tenant before saving settings, connection records, schemas, saved runs, or automations.

Sensitive auth values

Examples use placeholders for usernames, passwords, session cookies, login keys, CSRF tokens, and sensitive auth artifacts.

API calls

Backend JSON-RPC calls usually require:
  • An authenticated session cookie
  • A valid X-CSRF-Token
  • Permission for the target service