Platform setup overview
Understand the platform setup model, ownership responsibilities, administrator roles, and next setup guide to read.
Platform setup prepares an organisation before asset teams start token operations. First administrators, permission managers, system managers, and reviewers use it to separate platform-level controls from token-level controls.
Organisation access, platform administrator roles, Organisation settings, component availability, compliance provider controls, operator wallets, and account abstraction infrastructure belong in platform setup. Asset terms, investor onboarding, custody policy, and token lifecycle operations belong in later asset guides.
Setup model
Platform setup separates access into three layers. Organisation roles decide what a signed-in user or API key can do in the active organisation. Platform administrator roles decide who can change system, identity, compliance, component, and infrastructure controls. Asset roles decide who can operate a specific token after that token exists.
The diagram shows the split that matters most during setup: Organisation settings prepares the organisation and platform capabilities. Asset creation uses those capabilities later and assigns token-specific roles per asset.
Admin operating sequence
Start with the organisation and administrator responsibility model, then open the task guide for the control you need to change.
- Create or select the organisation, then complete first administrator setup.
- Add the platform administrators who manage system, identity, verification, compliance, add-on, and gas duties.
- Keep organisation roles, platform administrator roles, and asset roles separate. Organisation roles affect application and API-key defaults. Platform administrator roles affect platform setup. Asset roles affect one token.
- Configure Organisation settings for the active organization: products and assets, compliance and verification settings, operations, admins and roles, and webhooks.
- Create API keys only from an account whose organisation and permissions match the integration job. API keys inherit the issuing user's permissions and stay scoped to the active organisation.
- Register webhook endpoints for downstream systems that need DALP event delivery, then monitor delivery history and endpoint settings from Organisation settings.
- Review account security, operator wallets, and account abstraction controls before asset teams rely on the setup for production workflows.
Choose the next setup guide
| If you need to... | Read next | Owner |
|---|---|---|
| Create the organisation, first administrator wallet, system infrastructure, and first supported asset types | First administrator setup | The first administrator |
| Grant another wallet platform-wide administrative duties | Add administrators | A Permission manager |
| Prepare users, roles, test data, and readiness checks for an evaluation environment | Prepare users for an evaluation environment | Platform administrators, Identity managers, and Verification issuers |
| Expand, reduce, or remove an existing administrator's roles | Change admin roles | A Permission manager |
| Understand advanced accounts and decide whether to enable transaction funding and gasless transactions | Advanced accounts | Admin or System manager |
| Review or manage the gas reserves, bundler, and paymaster infrastructure | Advanced accounts control center | Admin, System manager, Gas manager, or Auditor, depending on the action |
| Fund or troubleshoot the submission and sponsorship gas reserves | Gas reserves operations | System manager |
| Check configured operator wallet gas balances | Operator Wallets | Admin, System manager, or Gas manager |
| Monitor user lifecycle events after setup changes | Webhook events | Identity managers and organisation administrators |
| Create an API key for an integration | API integration getting started | The user or service owner that holds the required organisation role |
| Register or monitor webhook endpoints | Events catalogue | Integration owners and platform administrators |
| Add, review, or revoke compliance provider records and their trusted claim topics | Onboard a compliance provider | Compliance managers, System managers, and Admins |
| Define trusted verification sources for compliance checks | Configure trusted issuers | Verification policy and compliance operators |
| Understand the full user, identity, role, API-key, webhook, and operator-wallet model | Admin operating model | Platform administrators and security reviewers |
| Understand auditor access, system roles, and token-level roles | Authorization | Security reviewers, permission managers, and auditors |
Setup responsibilities
| In this section | Out of scope |
|---|---|
| First organisation setup, administrator grants, administrator role changes, Organisation settings, advanced accounts controls, and operator wallet monitoring | Asset terms, token issuance, investor eligibility evidence, transfer restrictions, custody design, and lifecycle operations |
| Organisation and platform permissions | Token-specific roles such as Asset Operator, Custodian, Supply Management, and Emergency |
| Component availability, templates, verification settings, compliance provider records, branding, exchange-rate operations, webhooks, and infrastructure controls | Off-chain approval policy, provider SLAs, legal sign-off, and operating runbooks outside the DALP UI |
Platform setup does not create asset authority
Platform administrator roles let operators prepare and maintain the platform. Asset-specific authority starts during asset creation and stays scoped to the token that receives the role grant.
Permission model
DALP separates application access from platform administration and token-specific authority. Use the narrowest role that fits the operator's duty. Split critical functions across different operators when your control framework requires it.
| Permission layer | Where it applies | What it controls |
|---|---|---|
| Organisation roles | Authenticated application sessions and API-key defaults | Whether a user can administer the organisation, manage settings, operate system functions, manage webhooks, or read data only |
| Platform administrator roles | Platform-wide administration | System setup, identity administration, compliance configuration, add-on management, and platform-level permission management |
| Asset roles | Individual tokens | Token-specific operations such as asset administration, custody actions, supply management, and emergency controls |
For the full model, including the auditor role, system roles, and per-asset roles, see Authorization.
Role changes apply immediately after the permission update is confirmed. Users may need to refresh their session before newly available functions appear in the interface.
Match users to interfaces
Start from the job the person needs to perform, then grant the narrowest organisation, platform, or asset role that lets them do that job. The same person may use more than one surface, but permissions stay scoped to the active organisation and, for asset operations, to the specific token. This keeps setup readable for the operator and defensible for a reviewer.
| User or team | Primary interface | Typical access model | What they should do first |
|---|---|---|---|
| First administrator | Console and Organisation settings | Organisation Admin plus the initial platform administrator duties needed to initialize the system | Complete First administrator setup. |
| Permission manager | Organisation settings > Admins & roles | Permission manager for platform role grants; organisation role only as needed for the same workspace | Add or change administrators only for the duties each operator owns. |
| Identity or verification operator | Organisation settings > Compliance & verification | Identity manager, Verification issuer, or Verification policy manager | Configure trusted issuers before relying on claims in compliance checks. |
| Asset operations team | Console, asset servicing guides, and API keys | Token-scoped asset roles such as governance, custodian, supply management, funds, or emergency | Confirm the asset role on the token before minting, burning, servicing, or freezing. |
| Auditor or read-only reviewer | Console, exported evidence, and read APIs | Auditor system role or Member organisation role for read access | Review the relevant system, asset, and event records without granting operating rights. |
| Integration owner or service agent | API keys, SDK, CLI, and webhook configuration | API key issued by a user with the minimum organisation permissions required by the integration | Create the API key from the correct organisation and avoid write scope for read-only jobs. |
Read-only is still scoped
A read-only reviewer or API key can inspect only the organisation and systems its session can access. Read-only access does not grant asset authority, custody policy control, or permission to change platform setup.
Organisation roles
Organisation roles set the default application and API-key permissions for signed-in users in the active organisation. When a user creates an API key, the key starts with the issuing user's admin permissions. If the issuing user is not an admin, the key starts with the user's owner or member permissions in the active organisation. Platform administrator roles and token-level asset roles remain separate controls.
| Organisation role | Use for | Permission scope |
|---|---|---|
| Admin | Organisation administrators who manage settings, system operations, exchange-rate operations, and compliance recall workflows | Full organisation, settings, system, exchange-rate, and webhook permissions |
| Owner | Organisation operators who manage organisation settings and permitted operational workflows without global theme control or exchange-rate maintenance | Settings read, list, upsert, and remove; system read, list, and create; exchange-rate read and list; webhook management and compliance recall |
| Member | Read-only users, reviewers, and team members who need visibility but should not change configuration or recall compliance webhooks | Settings read and list; system read and list; exchange-rate read and list; no webhook permissions |
Organisation settings surface
Use Console > Organisation settings for controls that apply to the active organisation or system component inventory. These controls prepare the operating surface. They do not replace asset roles or create token state.
| Section | Use it for | Scope |
|---|---|---|
| Organisation | Maintain the organisation profile and theme settings | Branding changes affect the application experience, not token permissions |
| Products & assets | Review asset classes and instrument templates before using them in asset workflows | Templates define reusable setup patterns; they are not live token state |
| Compliance & verification | Manage policy templates, verification topics, trusted issuers, and compliance providers | Verification settings define trusted claim sources and provider intake; individual claims still come from issuers |
| Operations | Review platform status, run system updates, manage advanced accounts and operator wallets, and configure data feeds | Operational controls depend on system manager permissions and the registered system directory |
| Admins & roles | Review and change organisation permissions | Organisation roles control application and API-key defaults; asset roles remain token-specific |
| Webhooks | Configure outbound event delivery and endpoint settings | These controls support integrations and operating data; they do not create assets by themselves |
Component management filters
System updates separates deployable components into instruments and add-ons. Each page includes search, filters, and status grouping so operators can find the right component before taking action.
- Instruments - Search and filter fixed income, flexible income, cash equivalent, and real-world asset instruments. The page groups instrument types by enabled, registered, and unregistered status. Enabled means the type is already deployed for the system. Registered means the type is available in the directory but not deployed yet. Unregistered means the type is not available for this system.
- Add-ons - Search and filter system add-ons such as distribution, settlement, and treasury capabilities, then narrow by functional category. The page groups visible add-ons by enabled, registered, and unregistered status.
Available platform roles
| Role | Use for | Scope |
|---|---|---|
| Permission manager | Granting and changing administrator roles | Permission changes affect platform duties, not asset roles |
| System manager | System configuration and component deployment | System changes depend on the active organisation and system directory |
| Asset manager | Starting asset creation workflows | Token authority is assigned on the asset after creation |
| Identity manager | Inviting users and managing identities | Identity administration does not grant custody or supply roles |
| Verification issuer | Issuing verification records | Issued claims are separate from trusted-issuer policy |
| Verification policy manager | Maintaining trusted issuers and verification topics | Policy changes define accepted claim sources |
| Compliance manager | Configuring global compliance controls | Compliance settings do not replace provider SLAs or legal approval |
| Addon manager | Installing and configuring platform add-ons | Add-ons become available through the platform component inventory |
Setup guides
Platform initialization
- First administrator setup - Create the first administrator and initialize platform infrastructure.
Administrator management
- Add administrators - Grant platform roles to team members.
- Prepare users for an evaluation environment - Prepare users, roles, test data, and readiness checks for a controlled demo, sandbox, or production rehearsal.
- Change admin roles - Modify existing role assignments.
Advanced accounts
- Advanced accounts - Understand transaction funding and gasless transactions, and decide when to enable them.
- Advanced accounts control center - Review and manage the gas reserves, bundler, and paymaster infrastructure.
- Gas reserves - Understand the submission and sponsorship reserves and why each must stay funded.
- Gas reserves operations - Fund, configure, and troubleshoot the reserves.