28. Settings

Your profile, your team, the look of the app, where notifications go, and the API tokens that drive Daalu from scripts.

At a glance

The Settings page gathers personal and tenant-level configuration behind a secondary nav. The five primary tabs are Profile, Team, Appearance, Notifications, and API tokens; admins get additional tenant-configuration panels at the bottom (covered at the end of this chapter).

Profile

Your own account:

• Full name.
• Email — changing it triggers a confirmation flow.
• Password — current password required to change.
• Avatar — an uploaded image or your email Gravatar.
• Time zone — drives briefing times, schedule UIs, and timestamps.

A Sign out everywhere button invalidates every session you have, including this one.

Team

The roster of users in your tenant — invite, change role, and remove. This is the same management surface introduced when you first invited teammates (Chapter 6). Admins see it; regular users don’t.

Appearance

Per-user interface preferences, saved automatically as you change them:

• Theme — light, dark, or follow the system.
• Density — compact or comfortable, affecting table row heights.
• Accent color — for highlighted UI elements.
• Sidebar collapsed by default — yes or no.
• Default page on login — Home, Alerts, Operations, or last-visited.

Notifications

Per-user, fine-grained toggles for which kinds of notification reach you and on which channel (in-app, Slack, email). This is your preferences; the tenant-wide routing that decides which alert goes to which channel by default lives in the admin Notification routing panel below, and the model behind it is Chapter 12.

API tokens

Personal access tokens are the durable credential for scripts and CI. How to use them is Chapter 43; this tab is the management UI.

Token list

A table of your tokens: name, prefix (the first characters of the token), created, last used, expiry (if set), and status (active / revoked / expired). The ⋯ menu offers Rotate, Revoke, and Delete.

Creating a token

New token opens a dialog for a name, an expiry (never, 30 days, 90 days, 1 year, or custom), and an optional description. Click Create, and the cleartext token is shown exactly once.

Warning — Copy the token immediately; you cannot retrieve it later. Paste it straight into the secret store of whatever’s going to use it.

Token format

Tokens look like dpat_xxxxxxxxxxxxxxxxxxxxxxxx. The dpat_ prefix makes them easy to spot in env files and diffs — and easy for secret scanners to catch if one is committed by accident.

Revoking

⋯ → Revoke is immediate; the next request using that token gets a 401. A revoked token can be reactivated within 7 days, after which it’s gone for good.

Admin panels

Tenant admins see additional panels beneath the primary tabs. These configure tenant-wide behaviour and are hidden from regular users.

• Tenant — tenant name, default time zone, default briefing time, data-retention windows, a full-data export, and tenant deletion.
• Alert rules — author and edit the alert rules that turn events into alerts. Referenced from Chapter 22.
• Notification routing — the default channel per severity, per-team routes by label match, and per-rule overrides (Chapter 12).
• Briefings — default briefing time, which sources feed the briefing, and the cost-anomaly thresholds the cost agent uses (Chapter 20).
• Reconciliation — defaults for the source-of-truth reconciler: interval, per-device overrides, concurrency, and a read-only mode that writes proposals but never executes them (Chapter 19).
• Inference routing — per-tier overrides for where inference runs: always your own GPU, always the Daalu-hosted tier, or prefer-your-own (the default), plus an emergency “force the hosted tier” switch. The model is Chapter 17.
• Audit log — every state-changing action in your tenant (who, what, when, result), filterable and exportable. The compliance team’s favourite page.

Next: Chapter 29 — Help and feedback