feat: refactored code and addressed feedbacks

* feat: adding aws service definitions in types

* refactor: moving definitions to module fs

.github/workflows/integrationci.yaml

@@ -51,6 +51,7 @@ jobs:
           - alerts
           - ingestionkeys
           - rootuser
+          - serviceaccount
         sqlstore-provider:
           - postgres
           - sqlite

conf/example.yaml

@@ -354,3 +354,13 @@ identn:
   impersonation:
     # toggle impersonation identN, when enabled, all requests will impersonate the root user
     enabled: false
+
+##################### Service Account #####################
+serviceaccount:
+  email:
+    # email domain for the service account principal
+    domain: signozserviceaccount.com
+
+  analytics:
+    # toggle service account analytics
+    enabled: true

docs/api/openapi.yml

@@ -2447,7 +2447,7 @@ components:
       - start
       - end
       type: object
-    ServiceaccounttypesFactorAPIKey:
+    ServiceaccounttypesGettableFactorAPIKey:
       properties:
         createdAt:
           format: date-time
@@ -2457,8 +2457,6 @@ components:
           type: integer
         id:
           type: string
-        key:
-          type: string
         lastObservedAt:
           format: date-time
           type: string
@@ -2471,7 +2469,6 @@ components:
           type: string
       required:
       - id
-      - key
       - expiresAt
       - lastObservedAt
       - serviceAccountId
@@ -2499,27 +2496,23 @@ components:
       type: object
     ServiceaccounttypesPostableServiceAccount:
       properties:
-        email:
-          type: string
         name:
           type: string
-        roles:
-          items:
-            type: string
-          type: array
       required:
       - name
-      - email
-      - roles
+      type: object
+    ServiceaccounttypesPostableServiceAccountRole:
+      properties:
+        id:
+          type: string
+      required:
+      - id
       type: object
     ServiceaccounttypesServiceAccount:
       properties:
         createdAt:
           format: date-time
           type: string
-        deletedAt:
-          format: date-time
-          type: string
         email:
           type: string
         id:
@@ -2528,9 +2521,57 @@ components:
           type: string
         orgId:
           type: string
-        roles:
+        status:
+          type: string
+        updatedAt:
+          format: date-time
+          type: string
+      required:
+      - id
+      - name
+      - email
+      - status
+      - orgId
+      type: object
+    ServiceaccounttypesServiceAccountRole:
+      properties:
+        createdAt:
+          format: date-time
+          type: string
+        id:
+          type: string
+        role:
+          $ref: '#/components/schemas/AuthtypesRole'
+        roleId:
+          type: string
+        serviceAccountId:
+          type: string
+        updatedAt:
+          format: date-time
+          type: string
+      required:
+      - id
+      - serviceAccountId
+      - roleId
+      - role
+      type: object
+    ServiceaccounttypesServiceAccountWithRoles:
+      properties:
+        createdAt:
+          format: date-time
+          type: string
+        email:
+          type: string
+        id:
+          type: string
+        name:
+          type: string
+        orgId:
+          type: string
+        serviceAccountRoles:
           items:
-            type: string
+            $ref: '#/components/schemas/ServiceaccounttypesServiceAccountRole'
+          nullable: true
           type: array
         status:
           type: string
@@ -2541,10 +2582,9 @@ components:
       - id
       - name
       - email
-      - roles
       - status
       - orgId
-      - deletedAt
+      - serviceAccountRoles
       type: object
     ServiceaccounttypesUpdatableFactorAPIKey:
       properties:
@@ -2557,28 +2597,6 @@ components:
       - name
       - expiresAt
       type: object
-    ServiceaccounttypesUpdatableServiceAccount:
-      properties:
-        email:
-          type: string
-        name:
-          type: string
-        roles:
-          items:
-            type: string
-          type: array
-      required:
-      - name
-      - email
-      - roles
-      type: object
-    ServiceaccounttypesUpdatableServiceAccountStatus:
-      properties:
-        status:
-          type: string
-      required:
-      - status
-      type: object
     TelemetrytypesFieldContext:
       enum:
       - metric
@@ -2702,43 +2720,6 @@ components:
       required:
       - id
       type: object
-    TypesGettableAPIKey:
-      properties:
-        createdAt:
-          format: date-time
-          type: string
-        createdBy:
-          type: string
-        createdByUser:
-          $ref: '#/components/schemas/TypesUser'
-        expiresAt:
-          format: int64
-          type: integer
-        id:
-          type: string
-        lastUsed:
-          format: int64
-          type: integer
-        name:
-          type: string
-        revoked:
-          type: boolean
-        role:
-          type: string
-        token:
-          type: string
-        updatedAt:
-          format: date-time
-          type: string
-        updatedBy:
-          type: string
-        updatedByUser:
-          $ref: '#/components/schemas/TypesUser'
-        userId:
-          type: string
-      required:
-      - id
-      type: object
     TypesIdentifiable:
       properties:
         id:
@@ -2793,16 +2774,6 @@ components:
       required:
       - id
       type: object
-    TypesPostableAPIKey:
-      properties:
-        expiresInDays:
-          format: int64
-          type: integer
-        name:
-          type: string
-        role:
-          type: string
-      type: object
     TypesPostableBulkInviteRequest:
       properties:
         invites:
@@ -2863,33 +2834,6 @@ components:
       required:
       - id
       type: object
-    TypesStorableAPIKey:
-      properties:
-        createdAt:
-          format: date-time
-          type: string
-        createdBy:
-          type: string
-        id:
-          type: string
-        name:
-          type: string
-        revoked:
-          type: boolean
-        role:
-          type: string
-        token:
-          type: string
-        updatedAt:
-          format: date-time
-          type: string
-        updatedBy:
-          type: string
-        userId:
-          type: string
-      required:
-      - id
-      type: object
     TypesUpdatableUser:
       properties:
         displayName:
@@ -4966,222 +4910,6 @@ paths:
       summary: Update org preference
       tags:
       - preferences
-  /api/v1/pats:
-    get:
-      deprecated: false
-      description: This endpoint lists all api keys
-      operationId: ListAPIKeys
-      responses:
-        "200":
-          content:
-            application/json:
-              schema:
-                properties:
-                  data:
-                    items:
-                      $ref: '#/components/schemas/TypesGettableAPIKey'
-                    type: array
-                  status:
-                    type: string
-                required:
-                - status
-                - data
-                type: object
-          description: OK
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: List api keys
-      tags:
-      - users
-    post:
-      deprecated: false
-      description: This endpoint creates an api key
-      operationId: CreateAPIKey
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/TypesPostableAPIKey'
-      responses:
-        "201":
-          content:
-            application/json:
-              schema:
-                properties:
-                  data:
-                    $ref: '#/components/schemas/TypesGettableAPIKey'
-                  status:
-                    type: string
-                required:
-                - status
-                - data
-                type: object
-          description: Created
-        "400":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Bad Request
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "409":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Conflict
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: Create api key
-      tags:
-      - users
-  /api/v1/pats/{id}:
-    delete:
-      deprecated: false
-      description: This endpoint revokes an api key
-      operationId: RevokeAPIKey
-      parameters:
-      - in: path
-        name: id
-        required: true
-        schema:
-          type: string
-      responses:
-        "204":
-          description: No Content
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "404":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Not Found
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: Revoke api key
-      tags:
-      - users
-    put:
-      deprecated: false
-      description: This endpoint updates an api key
-      operationId: UpdateAPIKey
-      parameters:
-      - in: path
-        name: id
-        required: true
-        schema:
-          type: string
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/TypesStorableAPIKey'
-      responses:
-        "204":
-          content:
-            application/json:
-              schema:
-                type: string
-          description: No Content
-        "400":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Bad Request
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "404":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Not Found
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: Update api key
-      tags:
-      - users
   /api/v1/public/dashboards/{id}:
     get:
       deprecated: false
@@ -5956,7 +5684,7 @@ paths:
               schema:
                 properties:
                   data:
-                    $ref: '#/components/schemas/ServiceaccounttypesServiceAccount'
+                    $ref: '#/components/schemas/ServiceaccounttypesServiceAccountWithRoles'
                   status:
                     type: string
                 required:
@@ -6010,7 +5738,7 @@ paths:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/ServiceaccounttypesUpdatableServiceAccount'
+              $ref: '#/components/schemas/ServiceaccounttypesPostableServiceAccount'
       responses:
         "204":
           content:
@@ -6075,7 +5803,7 @@ paths:
                 properties:
                   data:
                     items:
-                      $ref: '#/components/schemas/ServiceaccounttypesFactorAPIKey'
+                      $ref: '#/components/schemas/ServiceaccounttypesGettableFactorAPIKey'
                     type: array
                   status:
                     type: string
@@ -6298,35 +6026,35 @@ paths:
       summary: Updates a service account key
       tags:
       - serviceaccount
-  /api/v1/service_accounts/{id}/status:
-    put:
+  /api/v1/service_accounts/{id}/roles:
+    get:
       deprecated: false
-      description: This endpoint updates an existing service account status
-      operationId: UpdateServiceAccountStatus
+      description: This endpoint gets all the roles for the existing service account
+      operationId: GetServiceAccountRoles
       parameters:
       - in: path
         name: id
         required: true
         schema:
           type: string
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/ServiceaccounttypesUpdatableServiceAccountStatus'
       responses:
-        "204":
+        "200":
           content:
             application/json:
               schema:
-                type: string
-          description: No Content
-        "400":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Bad Request
+                properties:
+                  data:
+                    items:
+                      $ref: '#/components/schemas/AuthtypesRole'
+                    nullable: true
+                    type: array
+                  status:
+                    type: string
+                required:
+                - status
+                - data
+                type: object
+          description: OK
         "401":
           content:
             application/json:
@@ -6356,7 +6084,184 @@ paths:
         - ADMIN
       - tokenizer:
         - ADMIN
-      summary: Updates a service account status
+      summary: Gets service account roles
+      tags:
+      - serviceaccount
+    post:
+      deprecated: false
+      description: This endpoint assigns a role to a service account
+      operationId: CreateServiceAccountRole
+      parameters:
+      - in: path
+        name: id
+        required: true
+        schema:
+          type: string
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ServiceaccounttypesPostableServiceAccountRole'
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                properties:
+                  data:
+                    $ref: '#/components/schemas/TypesIdentifiable'
+                  status:
+                    type: string
+                required:
+                - status
+                - data
+                type: object
+          description: Created
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Bad Request
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - ADMIN
+      - tokenizer:
+        - ADMIN
+      summary: Create service account role
+      tags:
+      - serviceaccount
+  /api/v1/service_accounts/{id}/roles/{rid}:
+    delete:
+      deprecated: false
+      description: This endpoint revokes a role from service account
+      operationId: DeleteServiceAccountRole
+      parameters:
+      - in: path
+        name: id
+        required: true
+        schema:
+          type: string
+      - in: path
+        name: rid
+        required: true
+        schema:
+          type: string
+      responses:
+        "204":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: No Content
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - ADMIN
+      - tokenizer:
+        - ADMIN
+      summary: Delete service account role
+      tags:
+      - serviceaccount
+  /api/v1/service_accounts/me:
+    get:
+      deprecated: false
+      description: This endpoint gets my service account
+      operationId: GetMyServiceAccount
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                properties:
+                  data:
+                    $ref: '#/components/schemas/ServiceaccounttypesServiceAccountWithRoles'
+                  status:
+                    type: string
+                required:
+                - status
+                - data
+                type: object
+          description: OK
+        "404":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Not Found
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      summary: Gets my service account
+      tags:
+      - serviceaccount
+    put:
+      deprecated: false
+      description: This endpoint gets my service account
+      operationId: UpdateMyServiceAccount
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ServiceaccounttypesPostableServiceAccount'
+      responses:
+        "204":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: No Content
+        "404":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Not Found
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      summary: Updates my service account
       tags:
       - serviceaccount
   /api/v1/user:

ee/auditor/otlphttpauditor/provider.go

@@ -76,12 +76,12 @@ func (provider *provider) Start(ctx context.Context) error {
 }
 
 func (provider *provider) Audit(ctx context.Context, event audittypes.AuditEvent) {
-	if event.PrincipalOrgID.IsZero() {
+	if event.PrincipalAttributes.PrincipalOrgID.IsZero() {
 		provider.settings.Logger().WarnContext(ctx, "audit event dropped as org_id is zero")
 		return
 	}
 
-	if _, err := provider.licensing.GetActive(ctx, event.PrincipalOrgID); err != nil {
+	if _, err := provider.licensing.GetActive(ctx, event.PrincipalAttributes.PrincipalOrgID); err != nil {
 		return
 	}
 

ee/authz/openfgaserver/server.go

@@ -34,9 +34,22 @@ func (server *Server) Stop(ctx context.Context) error {
 }
 
 func (server *Server) CheckWithTupleCreation(ctx context.Context, claims authtypes.Claims, orgID valuer.UUID, relation authtypes.Relation, typeable authtypes.Typeable, selectors []authtypes.Selector, _ []authtypes.Selector) error {
-	subject, err := authtypes.NewSubject(authtypes.TypeableUser, claims.UserID, orgID, nil)
-	if err != nil {
-		return err
+	subject := ""
+	switch claims.Principal {
+	case authtypes.PrincipalUser:
+		user, err := authtypes.NewSubject(authtypes.TypeableUser, claims.UserID, orgID, nil)
+		if err != nil {
+			return err
+		}
+
+		subject = user
+	case authtypes.PrincipalServiceAccount:
+		serviceAccount, err := authtypes.NewSubject(authtypes.TypeableServiceAccount, claims.ServiceAccountID, orgID, nil)
+		if err != nil {
+			return err
+		}
+
+		subject = serviceAccount
 	}
 
 	tupleSlice, err := typeable.Tuples(subject, relation, selectors, orgID)

ee/modules/dashboard/impldashboard/module.go

@@ -213,8 +213,8 @@ func (module *module) Update(ctx context.Context, orgID valuer.UUID, id valuer.U
 	return module.pkgDashboardModule.Update(ctx, orgID, id, updatedBy, data, diff)
 }
 
-func (module *module) LockUnlock(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, role types.Role, lock bool) error {
-	return module.pkgDashboardModule.LockUnlock(ctx, orgID, id, updatedBy, role, lock)
+func (module *module) LockUnlock(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, isAdmin bool, lock bool) error {
+	return module.pkgDashboardModule.LockUnlock(ctx, orgID, id, updatedBy, isAdmin, lock)
 }
 
 func (module *module) MustGetTypeables() []authtypes.Typeable {

ee/query-service/app/api/cloudIntegrations.go

@@ -14,10 +14,9 @@ import (
 
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/http/render"
-	"github.com/SigNoz/signoz/pkg/modules/user"
 	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
-	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/serviceaccounttypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/gorilla/mux"
 )
@@ -50,7 +49,7 @@ func (ah *APIHandler) CloudIntegrationsGenerateConnectionParams(w http.ResponseW
 		return
 	}
 
-	apiKey, apiErr := ah.getOrCreateCloudIntegrationPAT(r.Context(), claims.OrgID, cloudProvider)
+	apiKey, apiErr := ah.getOrCreateCloudIntegrationFactorAPIKey(r.Context(), valuer.MustNewUUID(claims.OrgID), cloudProvider)
 	if apiErr != nil {
 		RespondError(w, basemodel.WrapApiError(
 			apiErr, "couldn't provision PAT for cloud integration:",
@@ -110,84 +109,44 @@ func (ah *APIHandler) CloudIntegrationsGenerateConnectionParams(w http.ResponseW
 	ah.Respond(w, result)
 }
 
-func (ah *APIHandler) getOrCreateCloudIntegrationPAT(ctx context.Context, orgId string, cloudProvider string) (
+func (ah *APIHandler) getOrCreateCloudIntegrationFactorAPIKey(ctx context.Context, orgID valuer.UUID, cloudProvider string) (
 	string, *basemodel.ApiError,
 ) {
-	integrationPATName := fmt.Sprintf("%s integration", cloudProvider)
-
-	integrationUser, apiErr := ah.getOrCreateCloudIntegrationUser(ctx, orgId, cloudProvider)
+	integrationPATName := fmt.Sprintf("%s", cloudProvider)
+	serviceAccount, apiErr := ah.getOrCreateCloudIntegrationServiceAccount(ctx, orgID)
 	if apiErr != nil {
 		return "", apiErr
 	}
 
-	orgIdUUID, err := valuer.NewUUID(orgId)
-	if err != nil {
-		return "", basemodel.InternalError(fmt.Errorf(
-			"couldn't parse orgId: %w", err,
-		))
-	}
-
-	allPats, err := ah.Signoz.Modules.UserSetter.ListAPIKeys(ctx, orgIdUUID)
-	if err != nil {
-		return "", basemodel.InternalError(fmt.Errorf(
-			"couldn't list PATs: %w", err,
-		))
-	}
-	for _, p := range allPats {
-		if p.UserID == integrationUser.ID && p.Name == integrationPATName {
-			return p.Token, nil
-		}
-	}
-
-	slog.InfoContext(ctx, "no PAT found for cloud integration, creating a new one",
-		"cloud_provider", cloudProvider,
-	)
-
-	newPAT, err := types.NewStorableAPIKey(
-		integrationPATName,
-		integrationUser.ID,
-		types.RoleViewer,
-		0,
-	)
+	factorAPIKey, err := serviceAccount.NewFactorAPIKey(integrationPATName, 0)
 	if err != nil {
 		return "", basemodel.InternalError(fmt.Errorf(
 			"couldn't create cloud integration PAT: %w", err,
 		))
 	}
 
-	err = ah.Signoz.Modules.UserSetter.CreateAPIKey(ctx, newPAT)
+	factorAPIKey, err = ah.Signoz.Modules.ServiceAccount.GetOrCreateFactorAPIKey(ctx, factorAPIKey)
 	if err != nil {
 		return "", basemodel.InternalError(fmt.Errorf(
 			"couldn't create cloud integration PAT: %w", err,
 		))
 	}
-	return newPAT.Token, nil
+	return factorAPIKey.Key, nil
 }
 
-func (ah *APIHandler) getOrCreateCloudIntegrationUser(
-	ctx context.Context, orgId string, cloudProvider string,
-) (*types.User, *basemodel.ApiError) {
-	cloudIntegrationUserName := fmt.Sprintf("%s-integration", cloudProvider)
-	email := valuer.MustNewEmail(fmt.Sprintf("%s@signoz.io", cloudIntegrationUserName))
-
-	cloudIntegrationUser, err := types.NewUser(cloudIntegrationUserName, email, valuer.MustNewUUID(orgId), types.UserStatusActive)
+func (ah *APIHandler) getOrCreateCloudIntegrationServiceAccount(ctx context.Context, orgId valuer.UUID) (*serviceaccounttypes.ServiceAccount, *basemodel.ApiError) {
+	domain := ah.Signoz.Modules.ServiceAccount.Config().Email.Domain
+	cloudIntegrationServiceAccount := serviceaccounttypes.NewServiceAccount("integration", domain, serviceaccounttypes.ServiceAccountStatusActive, orgId)
+	cloudIntegrationServiceAccount, err := ah.Signoz.Modules.ServiceAccount.GetOrCreate(ctx, orgId, cloudIntegrationServiceAccount)
 	if err != nil {
-		return nil, basemodel.InternalError(fmt.Errorf("couldn't create cloud integration user: %w", err))
+		return nil, basemodel.InternalError(fmt.Errorf("couldn't create cloud integration service account: %w", err))
+	}
+	err = ah.Signoz.Modules.ServiceAccount.SetRoleByName(ctx, orgId, cloudIntegrationServiceAccount.ID, authtypes.SigNozViewerRoleName)
+	if err != nil {
+		return nil, basemodel.InternalError(fmt.Errorf("couldn't create cloud integration service account: %w", err))
 	}
 
-	password := types.MustGenerateFactorPassword(cloudIntegrationUser.ID.StringValue())
-
-	cloudIntegrationUser, err = ah.Signoz.Modules.UserSetter.GetOrCreateUser(
-		ctx,
-		cloudIntegrationUser,
-		user.WithFactorPassword(password),
-		user.WithRoleNames([]string{authtypes.SigNozViewerRoleName}),
-	)
-	if err != nil {
-		return nil, basemodel.InternalError(fmt.Errorf("couldn't look for integration user: %w", err))
-	}
-
-	return cloudIntegrationUser, nil
+	return cloudIntegrationServiceAccount, nil
 }
 
 func (ah *APIHandler) getIngestionUrlAndSigNozAPIUrl(ctx context.Context, licenseKey string) (

ee/query-service/app/server.go

@@ -229,7 +229,7 @@ func (s *Server) createPublicServer(apiHandler *api.APIHandler, web web.Web) (*h
 		s.config.APIServer.Timeout.Default,
 		s.config.APIServer.Timeout.Max,
 	).Wrap)
-	r.Use(middleware.NewLogging(s.signoz.Instrumentation.Logger(), s.config.APIServer.Logging.ExcludedRoutes).Wrap)
+	r.Use(middleware.NewAudit(s.signoz.Instrumentation.Logger(), s.config.APIServer.Logging.ExcludedRoutes, nil).Wrap)
 	r.Use(middleware.NewComment().Wrap)
 
 	apiHandler.RegisterRoutes(r, am)

frontend/src/AppRoutes/Private.tsx

@@ -1,9 +1,8 @@
 import { ReactChild, useCallback, useEffect, useMemo, useState } from 'react';
-import { useQuery } from 'react-query';
 import { matchPath, Redirect, useLocation } from 'react-router-dom';
 import getLocalStorageApi from 'api/browser/localstorage/get';
 import setLocalStorageApi from 'api/browser/localstorage/set';
-import getAll from 'api/v1/user/get';
+import { useListUsers } from 'api/generated/services/users';
 import { FeatureKeys } from 'constants/features';
 import { LOCALSTORAGE } from 'constants/localStorage';
 import { ORG_PREFERENCES } from 'constants/orgPreferences';
@@ -12,12 +11,9 @@ import { useGetTenantLicense } from 'hooks/useGetTenantLicense';
 import history from 'lib/history';
 import { isEmpty } from 'lodash-es';
 import { useAppContext } from 'providers/App/App';
-import { SuccessResponseV2 } from 'types/api';
-import APIError from 'types/api/error';
 import { LicensePlatform, LicenseState } from 'types/api/licensesV3/getActive';
 import { OrgPreference } from 'types/api/preferences/preference';
 import { Organization } from 'types/api/user/getOrganization';
-import { UserResponse } from 'types/api/user/getUser';
 import { USER_ROLES } from 'types/roles';
 import { routePermission } from 'utils/permission';
 
@@ -63,18 +59,10 @@ function PrivateRoute({ children }: PrivateRouteProps): JSX.Element {
 
 	const [orgData, setOrgData] = useState<Organization | undefined>(undefined);
 
-	const { data: usersData, isFetching: isFetchingUsers } = useQuery<
-		SuccessResponseV2<UserResponse[]> | undefined,
-		APIError
-	>({
-		queryFn: () => {
-			if (orgData && orgData.id !== undefined) {
-				return getAll();
-			}
-			return undefined;
+	const { data: usersData, isFetching: isFetchingUsers } = useListUsers({
+		query: {
+			enabled: !isEmpty(orgData) && user.role === 'ADMIN',
 		},
-		queryKey: ['getOrgUser'],
-		enabled: !isEmpty(orgData) && user.role === 'ADMIN',
 	});
 
 	const checkFirstTimeUser = useCallback((): boolean => {

frontend/src/AppRoutes/__tests__/Private.test.tsx

@@ -67,9 +67,12 @@ jest.mock('hooks/useGetTenantLicense', () => ({
 
 // Mock react-query for users fetch
 let mockUsersData: { email: string }[] = [];
-jest.mock('api/v1/user/get', () => ({
-	__esModule: true,
-	default: jest.fn(() => Promise.resolve({ data: mockUsersData })),
+jest.mock('api/generated/services/users', () => ({
+	...jest.requireActual('api/generated/services/users'),
+	useListUsers: jest.fn(() => ({
+		data: { data: mockUsersData },
+		isFetching: false,
+	})),
 }));
 
 const queryClient = new QueryClient({
@@ -306,11 +309,19 @@ describe('PrivateRoute', () => {
 			);
 		});
 
-		it('should redirect /settings/access-tokens to /settings/api-keys', () => {
+		it('should redirect /settings/access-tokens to /settings/service-accounts', () => {
 			renderPrivateRoute({ initialRoute: '/settings/access-tokens' });
 
 			expect(screen.getByTestId('location-display')).toHaveTextContent(
-				'/settings/api-keys',
+				'/settings/service-accounts',
+			);
+		});
+
+		it('should redirect /settings/api-keys to /settings/service-accounts', () => {
+			renderPrivateRoute({ initialRoute: '/settings/api-keys' });
+
+			expect(screen.getByTestId('location-display')).toHaveTextContent(
+				'/settings/service-accounts',
 			);
 		});
 

frontend/src/AppRoutes/pageComponents.ts

@@ -157,10 +157,6 @@ export const IngestionSettings = Loadable(
 	() => import(/* webpackChunkName: "Ingestion Settings" */ 'pages/Settings'),
 );
 
-export const APIKeys = Loadable(
-	() => import(/* webpackChunkName: "All Settings" */ 'pages/Settings'),
-);
-
 export const MySettings = Loadable(
 	() => import(/* webpackChunkName: "All MySettings" */ 'pages/Settings'),
 );

frontend/src/AppRoutes/routes.ts

@@ -513,6 +513,7 @@ export const oldRoutes = [
 	'/logs-save-views',
 	'/traces-save-views',
 	'/settings/access-tokens',
+	'/settings/api-keys',
 	'/messaging-queues',
 	'/alerts/edit',
 ];
@@ -523,7 +524,8 @@ export const oldNewRoutesMapping: Record<string, string> = {
 	'/logs-explorer/live': '/logs/logs-explorer/live',
 	'/logs-save-views': '/logs/saved-views',
 	'/traces-save-views': '/traces/saved-views',
-	'/settings/access-tokens': '/settings/api-keys',
+	'/settings/access-tokens': '/settings/service-accounts',
+	'/settings/api-keys': '/settings/service-accounts',
 	'/messaging-queues': '/messaging-queues/overview',
 	'/alerts/edit': '/alerts/overview',
 };

frontend/src/api/generated/services/serviceaccount/index.ts

@@ -23,9 +23,15 @@ import type {
 	CreateServiceAccount201,
 	CreateServiceAccountKey201,
 	CreateServiceAccountKeyPathParameters,
+	CreateServiceAccountRole201,
+	CreateServiceAccountRolePathParameters,
 	DeleteServiceAccountPathParameters,
+	DeleteServiceAccountRolePathParameters,
+	GetMyServiceAccount200,
 	GetServiceAccount200,
 	GetServiceAccountPathParameters,
+	GetServiceAccountRoles200,
+	GetServiceAccountRolesPathParameters,
 	ListServiceAccountKeys200,
 	ListServiceAccountKeysPathParameters,
 	ListServiceAccounts200,
@@ -33,12 +39,10 @@ import type {
 	RevokeServiceAccountKeyPathParameters,
 	ServiceaccounttypesPostableFactorAPIKeyDTO,
 	ServiceaccounttypesPostableServiceAccountDTO,
+	ServiceaccounttypesPostableServiceAccountRoleDTO,
 	ServiceaccounttypesUpdatableFactorAPIKeyDTO,
-	ServiceaccounttypesUpdatableServiceAccountDTO,
-	ServiceaccounttypesUpdatableServiceAccountStatusDTO,
 	UpdateServiceAccountKeyPathParameters,
 	UpdateServiceAccountPathParameters,
-	UpdateServiceAccountStatusPathParameters,
 } from '../sigNoz.schemas';
 
 /**
@@ -399,13 +403,13 @@ export const invalidateGetServiceAccount = async (
  */
 export const updateServiceAccount = (
 	{ id }: UpdateServiceAccountPathParameters,
-	serviceaccounttypesUpdatableServiceAccountDTO: BodyType<ServiceaccounttypesUpdatableServiceAccountDTO>,
+	serviceaccounttypesPostableServiceAccountDTO: BodyType<ServiceaccounttypesPostableServiceAccountDTO>,
 ) => {
 	return GeneratedAPIInstance<string>({
 		url: `/api/v1/service_accounts/${id}`,
 		method: 'PUT',
 		headers: { 'Content-Type': 'application/json' },
-		data: serviceaccounttypesUpdatableServiceAccountDTO,
+		data: serviceaccounttypesPostableServiceAccountDTO,
 	});
 };
 
@@ -418,7 +422,7 @@ export const getUpdateServiceAccountMutationOptions = <
 		TError,
 		{
 			pathParams: UpdateServiceAccountPathParameters;
-			data: BodyType<ServiceaccounttypesUpdatableServiceAccountDTO>;
+			data: BodyType<ServiceaccounttypesPostableServiceAccountDTO>;
 		},
 		TContext
 	>;
@@ -427,7 +431,7 @@ export const getUpdateServiceAccountMutationOptions = <
 	TError,
 	{
 		pathParams: UpdateServiceAccountPathParameters;
-		data: BodyType<ServiceaccounttypesUpdatableServiceAccountDTO>;
+		data: BodyType<ServiceaccounttypesPostableServiceAccountDTO>;
 	},
 	TContext
 > => {
@@ -444,7 +448,7 @@ export const getUpdateServiceAccountMutationOptions = <
 		Awaited<ReturnType<typeof updateServiceAccount>>,
 		{
 			pathParams: UpdateServiceAccountPathParameters;
-			data: BodyType<ServiceaccounttypesUpdatableServiceAccountDTO>;
+			data: BodyType<ServiceaccounttypesPostableServiceAccountDTO>;
 		}
 	> = (props) => {
 		const { pathParams, data } = props ?? {};
@@ -458,7 +462,7 @@ export const getUpdateServiceAccountMutationOptions = <
 export type UpdateServiceAccountMutationResult = NonNullable<
 	Awaited<ReturnType<typeof updateServiceAccount>>
 >;
-export type UpdateServiceAccountMutationBody = BodyType<ServiceaccounttypesUpdatableServiceAccountDTO>;
+export type UpdateServiceAccountMutationBody = BodyType<ServiceaccounttypesPostableServiceAccountDTO>;
 export type UpdateServiceAccountMutationError = ErrorType<RenderErrorResponseDTO>;
 
 /**
@@ -473,7 +477,7 @@ export const useUpdateServiceAccount = <
 		TError,
 		{
 			pathParams: UpdateServiceAccountPathParameters;
-			data: BodyType<ServiceaccounttypesUpdatableServiceAccountDTO>;
+			data: BodyType<ServiceaccounttypesPostableServiceAccountDTO>;
 		},
 		TContext
 	>;
@@ -482,7 +486,7 @@ export const useUpdateServiceAccount = <
 	TError,
 	{
 		pathParams: UpdateServiceAccountPathParameters;
-		data: BodyType<ServiceaccounttypesUpdatableServiceAccountDTO>;
+		data: BodyType<ServiceaccounttypesPostableServiceAccountDTO>;
 	},
 	TContext
 > => {
@@ -871,44 +875,150 @@ export const useUpdateServiceAccountKey = <
 	return useMutation(mutationOptions);
 };
 /**
- * This endpoint updates an existing service account status
- * @summary Updates a service account status
+ * This endpoint gets all the roles for the existing service account
+ * @summary Gets service account roles
  */
-export const updateServiceAccountStatus = (
-	{ id }: UpdateServiceAccountStatusPathParameters,
-	serviceaccounttypesUpdatableServiceAccountStatusDTO: BodyType<ServiceaccounttypesUpdatableServiceAccountStatusDTO>,
+export const getServiceAccountRoles = (
+	{ id }: GetServiceAccountRolesPathParameters,
+	signal?: AbortSignal,
 ) => {
-	return GeneratedAPIInstance<string>({
-		url: `/api/v1/service_accounts/${id}/status`,
-		method: 'PUT',
-		headers: { 'Content-Type': 'application/json' },
-		data: serviceaccounttypesUpdatableServiceAccountStatusDTO,
+	return GeneratedAPIInstance<GetServiceAccountRoles200>({
+		url: `/api/v1/service_accounts/${id}/roles`,
+		method: 'GET',
+		signal,
 	});
 };
 
-export const getUpdateServiceAccountStatusMutationOptions = <
+export const getGetServiceAccountRolesQueryKey = ({
+	id,
+}: GetServiceAccountRolesPathParameters) => {
+	return [`/api/v1/service_accounts/${id}/roles`] as const;
+};
+
+export const getGetServiceAccountRolesQueryOptions = <
+	TData = Awaited<ReturnType<typeof getServiceAccountRoles>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(
+	{ id }: GetServiceAccountRolesPathParameters,
+	options?: {
+		query?: UseQueryOptions<
+			Awaited<ReturnType<typeof getServiceAccountRoles>>,
+			TError,
+			TData
+		>;
+	},
+) => {
+	const { query: queryOptions } = options ?? {};
+
+	const queryKey =
+		queryOptions?.queryKey ?? getGetServiceAccountRolesQueryKey({ id });
+
+	const queryFn: QueryFunction<
+		Awaited<ReturnType<typeof getServiceAccountRoles>>
+	> = ({ signal }) => getServiceAccountRoles({ id }, signal);
+
+	return {
+		queryKey,
+		queryFn,
+		enabled: !!id,
+		...queryOptions,
+	} as UseQueryOptions<
+		Awaited<ReturnType<typeof getServiceAccountRoles>>,
+		TError,
+		TData
+	> & { queryKey: QueryKey };
+};
+
+export type GetServiceAccountRolesQueryResult = NonNullable<
+	Awaited<ReturnType<typeof getServiceAccountRoles>>
+>;
+export type GetServiceAccountRolesQueryError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Gets service account roles
+ */
+
+export function useGetServiceAccountRoles<
+	TData = Awaited<ReturnType<typeof getServiceAccountRoles>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(
+	{ id }: GetServiceAccountRolesPathParameters,
+	options?: {
+		query?: UseQueryOptions<
+			Awaited<ReturnType<typeof getServiceAccountRoles>>,
+			TError,
+			TData
+		>;
+	},
+): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
+	const queryOptions = getGetServiceAccountRolesQueryOptions({ id }, options);
+
+	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
+		queryKey: QueryKey;
+	};
+
+	query.queryKey = queryOptions.queryKey;
+
+	return query;
+}
+
+/**
+ * @summary Gets service account roles
+ */
+export const invalidateGetServiceAccountRoles = async (
+	queryClient: QueryClient,
+	{ id }: GetServiceAccountRolesPathParameters,
+	options?: InvalidateOptions,
+): Promise<QueryClient> => {
+	await queryClient.invalidateQueries(
+		{ queryKey: getGetServiceAccountRolesQueryKey({ id }) },
+		options,
+	);
+
+	return queryClient;
+};
+
+/**
+ * This endpoint assigns a role to a service account
+ * @summary Create service account role
+ */
+export const createServiceAccountRole = (
+	{ id }: CreateServiceAccountRolePathParameters,
+	serviceaccounttypesPostableServiceAccountRoleDTO: BodyType<ServiceaccounttypesPostableServiceAccountRoleDTO>,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<CreateServiceAccountRole201>({
+		url: `/api/v1/service_accounts/${id}/roles`,
+		method: 'POST',
+		headers: { 'Content-Type': 'application/json' },
+		data: serviceaccounttypesPostableServiceAccountRoleDTO,
+		signal,
+	});
+};
+
+export const getCreateServiceAccountRoleMutationOptions = <
 	TError = ErrorType<RenderErrorResponseDTO>,
 	TContext = unknown
 >(options?: {
 	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof updateServiceAccountStatus>>,
+		Awaited<ReturnType<typeof createServiceAccountRole>>,
 		TError,
 		{
-			pathParams: UpdateServiceAccountStatusPathParameters;
-			data: BodyType<ServiceaccounttypesUpdatableServiceAccountStatusDTO>;
+			pathParams: CreateServiceAccountRolePathParameters;
+			data: BodyType<ServiceaccounttypesPostableServiceAccountRoleDTO>;
 		},
 		TContext
 	>;
 }): UseMutationOptions<
-	Awaited<ReturnType<typeof updateServiceAccountStatus>>,
+	Awaited<ReturnType<typeof createServiceAccountRole>>,
 	TError,
 	{
-		pathParams: UpdateServiceAccountStatusPathParameters;
-		data: BodyType<ServiceaccounttypesUpdatableServiceAccountStatusDTO>;
+		pathParams: CreateServiceAccountRolePathParameters;
+		data: BodyType<ServiceaccounttypesPostableServiceAccountRoleDTO>;
 	},
 	TContext
 > => {
-	const mutationKey = ['updateServiceAccountStatus'];
+	const mutationKey = ['createServiceAccountRole'];
 	const { mutation: mutationOptions } = options
 		? options.mutation &&
 		  'mutationKey' in options.mutation &&
@@ -918,52 +1028,299 @@ export const getUpdateServiceAccountStatusMutationOptions = <
 		: { mutation: { mutationKey } };
 
 	const mutationFn: MutationFunction<
-		Awaited<ReturnType<typeof updateServiceAccountStatus>>,
+		Awaited<ReturnType<typeof createServiceAccountRole>>,
 		{
-			pathParams: UpdateServiceAccountStatusPathParameters;
-			data: BodyType<ServiceaccounttypesUpdatableServiceAccountStatusDTO>;
+			pathParams: CreateServiceAccountRolePathParameters;
+			data: BodyType<ServiceaccounttypesPostableServiceAccountRoleDTO>;
 		}
 	> = (props) => {
 		const { pathParams, data } = props ?? {};
 
-		return updateServiceAccountStatus(pathParams, data);
+		return createServiceAccountRole(pathParams, data);
 	};
 
 	return { mutationFn, ...mutationOptions };
 };
 
-export type UpdateServiceAccountStatusMutationResult = NonNullable<
-	Awaited<ReturnType<typeof updateServiceAccountStatus>>
+export type CreateServiceAccountRoleMutationResult = NonNullable<
+	Awaited<ReturnType<typeof createServiceAccountRole>>
 >;
-export type UpdateServiceAccountStatusMutationBody = BodyType<ServiceaccounttypesUpdatableServiceAccountStatusDTO>;
-export type UpdateServiceAccountStatusMutationError = ErrorType<RenderErrorResponseDTO>;
+export type CreateServiceAccountRoleMutationBody = BodyType<ServiceaccounttypesPostableServiceAccountRoleDTO>;
+export type CreateServiceAccountRoleMutationError = ErrorType<RenderErrorResponseDTO>;
 
 /**
- * @summary Updates a service account status
+ * @summary Create service account role
  */
-export const useUpdateServiceAccountStatus = <
+export const useCreateServiceAccountRole = <
 	TError = ErrorType<RenderErrorResponseDTO>,
 	TContext = unknown
 >(options?: {
 	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof updateServiceAccountStatus>>,
+		Awaited<ReturnType<typeof createServiceAccountRole>>,
 		TError,
 		{
-			pathParams: UpdateServiceAccountStatusPathParameters;
-			data: BodyType<ServiceaccounttypesUpdatableServiceAccountStatusDTO>;
+			pathParams: CreateServiceAccountRolePathParameters;
+			data: BodyType<ServiceaccounttypesPostableServiceAccountRoleDTO>;
 		},
 		TContext
 	>;
 }): UseMutationResult<
-	Awaited<ReturnType<typeof updateServiceAccountStatus>>,
+	Awaited<ReturnType<typeof createServiceAccountRole>>,
 	TError,
 	{
-		pathParams: UpdateServiceAccountStatusPathParameters;
-		data: BodyType<ServiceaccounttypesUpdatableServiceAccountStatusDTO>;
+		pathParams: CreateServiceAccountRolePathParameters;
+		data: BodyType<ServiceaccounttypesPostableServiceAccountRoleDTO>;
 	},
 	TContext
 > => {
-	const mutationOptions = getUpdateServiceAccountStatusMutationOptions(options);
+	const mutationOptions = getCreateServiceAccountRoleMutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
+/**
+ * This endpoint revokes a role from service account
+ * @summary Delete service account role
+ */
+export const deleteServiceAccountRole = ({
+	id,
+	rid,
+}: DeleteServiceAccountRolePathParameters) => {
+	return GeneratedAPIInstance<string>({
+		url: `/api/v1/service_accounts/${id}/roles/${rid}`,
+		method: 'DELETE',
+	});
+};
+
+export const getDeleteServiceAccountRoleMutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof deleteServiceAccountRole>>,
+		TError,
+		{ pathParams: DeleteServiceAccountRolePathParameters },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof deleteServiceAccountRole>>,
+	TError,
+	{ pathParams: DeleteServiceAccountRolePathParameters },
+	TContext
+> => {
+	const mutationKey = ['deleteServiceAccountRole'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+		  'mutationKey' in options.mutation &&
+		  options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof deleteServiceAccountRole>>,
+		{ pathParams: DeleteServiceAccountRolePathParameters }
+	> = (props) => {
+		const { pathParams } = props ?? {};
+
+		return deleteServiceAccountRole(pathParams);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type DeleteServiceAccountRoleMutationResult = NonNullable<
+	Awaited<ReturnType<typeof deleteServiceAccountRole>>
+>;
+
+export type DeleteServiceAccountRoleMutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Delete service account role
+ */
+export const useDeleteServiceAccountRole = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof deleteServiceAccountRole>>,
+		TError,
+		{ pathParams: DeleteServiceAccountRolePathParameters },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof deleteServiceAccountRole>>,
+	TError,
+	{ pathParams: DeleteServiceAccountRolePathParameters },
+	TContext
+> => {
+	const mutationOptions = getDeleteServiceAccountRoleMutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
+/**
+ * This endpoint gets my service account
+ * @summary Gets my service account
+ */
+export const getMyServiceAccount = (signal?: AbortSignal) => {
+	return GeneratedAPIInstance<GetMyServiceAccount200>({
+		url: `/api/v1/service_accounts/me`,
+		method: 'GET',
+		signal,
+	});
+};
+
+export const getGetMyServiceAccountQueryKey = () => {
+	return [`/api/v1/service_accounts/me`] as const;
+};
+
+export const getGetMyServiceAccountQueryOptions = <
+	TData = Awaited<ReturnType<typeof getMyServiceAccount>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(options?: {
+	query?: UseQueryOptions<
+		Awaited<ReturnType<typeof getMyServiceAccount>>,
+		TError,
+		TData
+	>;
+}) => {
+	const { query: queryOptions } = options ?? {};
+
+	const queryKey = queryOptions?.queryKey ?? getGetMyServiceAccountQueryKey();
+
+	const queryFn: QueryFunction<
+		Awaited<ReturnType<typeof getMyServiceAccount>>
+	> = ({ signal }) => getMyServiceAccount(signal);
+
+	return { queryKey, queryFn, ...queryOptions } as UseQueryOptions<
+		Awaited<ReturnType<typeof getMyServiceAccount>>,
+		TError,
+		TData
+	> & { queryKey: QueryKey };
+};
+
+export type GetMyServiceAccountQueryResult = NonNullable<
+	Awaited<ReturnType<typeof getMyServiceAccount>>
+>;
+export type GetMyServiceAccountQueryError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Gets my service account
+ */
+
+export function useGetMyServiceAccount<
+	TData = Awaited<ReturnType<typeof getMyServiceAccount>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(options?: {
+	query?: UseQueryOptions<
+		Awaited<ReturnType<typeof getMyServiceAccount>>,
+		TError,
+		TData
+	>;
+}): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
+	const queryOptions = getGetMyServiceAccountQueryOptions(options);
+
+	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
+		queryKey: QueryKey;
+	};
+
+	query.queryKey = queryOptions.queryKey;
+
+	return query;
+}
+
+/**
+ * @summary Gets my service account
+ */
+export const invalidateGetMyServiceAccount = async (
+	queryClient: QueryClient,
+	options?: InvalidateOptions,
+): Promise<QueryClient> => {
+	await queryClient.invalidateQueries(
+		{ queryKey: getGetMyServiceAccountQueryKey() },
+		options,
+	);
+
+	return queryClient;
+};
+
+/**
+ * This endpoint gets my service account
+ * @summary Updates my service account
+ */
+export const updateMyServiceAccount = (
+	serviceaccounttypesPostableServiceAccountDTO: BodyType<ServiceaccounttypesPostableServiceAccountDTO>,
+) => {
+	return GeneratedAPIInstance<string>({
+		url: `/api/v1/service_accounts/me`,
+		method: 'PUT',
+		headers: { 'Content-Type': 'application/json' },
+		data: serviceaccounttypesPostableServiceAccountDTO,
+	});
+};
+
+export const getUpdateMyServiceAccountMutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof updateMyServiceAccount>>,
+		TError,
+		{ data: BodyType<ServiceaccounttypesPostableServiceAccountDTO> },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof updateMyServiceAccount>>,
+	TError,
+	{ data: BodyType<ServiceaccounttypesPostableServiceAccountDTO> },
+	TContext
+> => {
+	const mutationKey = ['updateMyServiceAccount'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+		  'mutationKey' in options.mutation &&
+		  options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof updateMyServiceAccount>>,
+		{ data: BodyType<ServiceaccounttypesPostableServiceAccountDTO> }
+	> = (props) => {
+		const { data } = props ?? {};
+
+		return updateMyServiceAccount(data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type UpdateMyServiceAccountMutationResult = NonNullable<
+	Awaited<ReturnType<typeof updateMyServiceAccount>>
+>;
+export type UpdateMyServiceAccountMutationBody = BodyType<ServiceaccounttypesPostableServiceAccountDTO>;
+export type UpdateMyServiceAccountMutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Updates my service account
+ */
+export const useUpdateMyServiceAccount = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof updateMyServiceAccount>>,
+		TError,
+		{ data: BodyType<ServiceaccounttypesPostableServiceAccountDTO> },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof updateMyServiceAccount>>,
+	TError,
+	{ data: BodyType<ServiceaccounttypesPostableServiceAccountDTO> },
+	TContext
+> => {
+	const mutationOptions = getUpdateMyServiceAccountMutationOptions(options);
 
 	return useMutation(mutationOptions);
 };

frontend/src/api/generated/services/sigNoz.schemas.ts

@@ -2843,7 +2843,7 @@ export interface RulestatehistorytypesGettableRuleStateWindowDTO {
 	state: RulestatehistorytypesAlertStateDTO;
 }
 
-export interface ServiceaccounttypesFactorAPIKeyDTO {
+export interface ServiceaccounttypesGettableFactorAPIKeyDTO {
 	/**
 	 * @type string
 	 * @format date-time
@@ -2858,10 +2858,6 @@ export interface ServiceaccounttypesFactorAPIKeyDTO {
 	 * @type string
 	 */
 	id: string;
-	/**
-	 * @type string
-	 */
-	key: string;
 	/**
 	 * @type string
 	 * @format date-time
@@ -2909,15 +2905,14 @@ export interface ServiceaccounttypesPostableServiceAccountDTO {
 	/**
 	 * @type string
 	 */
-	email: string;
+	name: string;
+}
+
+export interface ServiceaccounttypesPostableServiceAccountRoleDTO {
 	/**
 	 * @type string
 	 */
-	name: string;
-	/**
-	 * @type array
-	 */
-	roles: string[];
+	id: string;
 }
 
 export interface ServiceaccounttypesServiceAccountDTO {
@@ -2926,11 +2921,65 @@ export interface ServiceaccounttypesServiceAccountDTO {
 	 * @format date-time
 	 */
 	createdAt?: Date;
+	/**
+	 * @type string
+	 */
+	email: string;
+	/**
+	 * @type string
+	 */
+	id: string;
+	/**
+	 * @type string
+	 */
+	name: string;
+	/**
+	 * @type string
+	 */
+	orgId: string;
+	/**
+	 * @type string
+	 */
+	status: string;
 	/**
 	 * @type string
 	 * @format date-time
 	 */
-	deletedAt: Date;
+	updatedAt?: Date;
+}
+
+export interface ServiceaccounttypesServiceAccountRoleDTO {
+	/**
+	 * @type string
+	 * @format date-time
+	 */
+	createdAt?: Date;
+	/**
+	 * @type string
+	 */
+	id: string;
+	role: AuthtypesRoleDTO;
+	/**
+	 * @type string
+	 */
+	roleId: string;
+	/**
+	 * @type string
+	 */
+	serviceAccountId: string;
+	/**
+	 * @type string
+	 * @format date-time
+	 */
+	updatedAt?: Date;
+}
+
+export interface ServiceaccounttypesServiceAccountWithRolesDTO {
+	/**
+	 * @type string
+	 * @format date-time
+	 */
+	createdAt?: Date;
 	/**
 	 * @type string
 	 */
@@ -2949,8 +2998,9 @@ export interface ServiceaccounttypesServiceAccountDTO {
 	orgId: string;
 	/**
 	 * @type array
+	 * @nullable true
 	 */
-	roles: string[];
+	serviceAccountRoles: ServiceaccounttypesServiceAccountRoleDTO[] | null;
 	/**
 	 * @type string
 	 */
@@ -2974,28 +3024,6 @@ export interface ServiceaccounttypesUpdatableFactorAPIKeyDTO {
 	name: string;
 }
 
-export interface ServiceaccounttypesUpdatableServiceAccountDTO {
-	/**
-	 * @type string
-	 */
-	email: string;
-	/**
-	 * @type string
-	 */
-	name: string;
-	/**
-	 * @type array
-	 */
-	roles: string[];
-}
-
-export interface ServiceaccounttypesUpdatableServiceAccountStatusDTO {
-	/**
-	 * @type string
-	 */
-	status: string;
-}
-
 export enum TelemetrytypesFieldContextDTO {
 	metric = 'metric',
 	log = 'log',
@@ -3139,63 +3167,6 @@ export interface TypesDeprecatedUserDTO {
 	updatedAt?: Date;
 }
 
-export interface TypesGettableAPIKeyDTO {
-	/**
-	 * @type string
-	 * @format date-time
-	 */
-	createdAt?: Date;
-	/**
-	 * @type string
-	 */
-	createdBy?: string;
-	createdByUser?: TypesUserDTO;
-	/**
-	 * @type integer
-	 * @format int64
-	 */
-	expiresAt?: number;
-	/**
-	 * @type string
-	 */
-	id: string;
-	/**
-	 * @type integer
-	 * @format int64
-	 */
-	lastUsed?: number;
-	/**
-	 * @type string
-	 */
-	name?: string;
-	/**
-	 * @type boolean
-	 */
-	revoked?: boolean;
-	/**
-	 * @type string
-	 */
-	role?: string;
-	/**
-	 * @type string
-	 */
-	token?: string;
-	/**
-	 * @type string
-	 * @format date-time
-	 */
-	updatedAt?: Date;
-	/**
-	 * @type string
-	 */
-	updatedBy?: string;
-	updatedByUser?: TypesUserDTO;
-	/**
-	 * @type string
-	 */
-	userId?: string;
-}
-
 export interface TypesIdentifiableDTO {
 	/**
 	 * @type string
@@ -3278,22 +3249,6 @@ export interface TypesOrganizationDTO {
 	updatedAt?: Date;
 }
 
-export interface TypesPostableAPIKeyDTO {
-	/**
-	 * @type integer
-	 * @format int64
-	 */
-	expiresInDays?: number;
-	/**
-	 * @type string
-	 */
-	name?: string;
-	/**
-	 * @type string
-	 */
-	role?: string;
-}
-
 export interface TypesPostableBulkInviteRequestDTO {
 	/**
 	 * @type array
@@ -3373,51 +3328,6 @@ export interface TypesResetPasswordTokenDTO {
 	token?: string;
 }
 
-export interface TypesStorableAPIKeyDTO {
-	/**
-	 * @type string
-	 * @format date-time
-	 */
-	createdAt?: Date;
-	/**
-	 * @type string
-	 */
-	createdBy?: string;
-	/**
-	 * @type string
-	 */
-	id: string;
-	/**
-	 * @type string
-	 */
-	name?: string;
-	/**
-	 * @type boolean
-	 */
-	revoked?: boolean;
-	/**
-	 * @type string
-	 */
-	role?: string;
-	/**
-	 * @type string
-	 */
-	token?: string;
-	/**
-	 * @type string
-	 * @format date-time
-	 */
-	updatedAt?: Date;
-	/**
-	 * @type string
-	 */
-	updatedBy?: string;
-	/**
-	 * @type string
-	 */
-	userId?: string;
-}
-
 export interface TypesUpdatableUserDTO {
 	/**
 	 * @type string
@@ -3956,31 +3866,6 @@ export type GetOrgPreference200 = {
 export type UpdateOrgPreferencePathParameters = {
 	name: string;
 };
-export type ListAPIKeys200 = {
-	/**
-	 * @type array
-	 */
-	data: TypesGettableAPIKeyDTO[];
-	/**
-	 * @type string
-	 */
-	status: string;
-};
-
-export type CreateAPIKey201 = {
-	data: TypesGettableAPIKeyDTO;
-	/**
-	 * @type string
-	 */
-	status: string;
-};
-
-export type RevokeAPIKeyPathParameters = {
-	id: string;
-};
-export type UpdateAPIKeyPathParameters = {
-	id: string;
-};
 export type GetPublicDashboardDataPathParameters = {
 	id: string;
 };
@@ -4085,7 +3970,7 @@ export type GetServiceAccountPathParameters = {
 	id: string;
 };
 export type GetServiceAccount200 = {
-	data: ServiceaccounttypesServiceAccountDTO;
+	data: ServiceaccounttypesServiceAccountWithRolesDTO;
 	/**
 	 * @type string
 	 */
@@ -4102,7 +3987,7 @@ export type ListServiceAccountKeys200 = {
 	/**
 	 * @type array
 	 */
-	data: ServiceaccounttypesFactorAPIKeyDTO[];
+	data: ServiceaccounttypesGettableFactorAPIKeyDTO[];
 	/**
 	 * @type string
 	 */
@@ -4128,9 +4013,44 @@ export type UpdateServiceAccountKeyPathParameters = {
 	id: string;
 	fid: string;
 };
-export type UpdateServiceAccountStatusPathParameters = {
+export type GetServiceAccountRolesPathParameters = {
 	id: string;
 };
+export type GetServiceAccountRoles200 = {
+	/**
+	 * @type array
+	 * @nullable true
+	 */
+	data: AuthtypesRoleDTO[] | null;
+	/**
+	 * @type string
+	 */
+	status: string;
+};
+
+export type CreateServiceAccountRolePathParameters = {
+	id: string;
+};
+export type CreateServiceAccountRole201 = {
+	data: TypesIdentifiableDTO;
+	/**
+	 * @type string
+	 */
+	status: string;
+};
+
+export type DeleteServiceAccountRolePathParameters = {
+	id: string;
+	rid: string;
+};
+export type GetMyServiceAccount200 = {
+	data: ServiceaccounttypesServiceAccountWithRolesDTO;
+	/**
+	 * @type string
+	 */
+	status: string;
+};
+
 export type ListUsersDeprecated200 = {
 	/**
 	 * @type array

frontend/src/api/generated/services/users/index.ts

@@ -21,7 +21,6 @@ import type { BodyType, ErrorType } from '../../../generatedAPIInstance';
 import { GeneratedAPIInstance } from '../../../generatedAPIInstance';
 import type {
 	ChangePasswordPathParameters,
-	CreateAPIKey201,
 	CreateInvite201,
 	DeleteUserPathParameters,
 	GetMyUser200,
@@ -36,24 +35,19 @@ import type {
 	GetUserPathParameters,
 	GetUsersByRoleID200,
 	GetUsersByRoleIDPathParameters,
-	ListAPIKeys200,
 	ListUsers200,
 	ListUsersDeprecated200,
 	RemoveUserRoleByUserIDAndRoleIDPathParameters,
 	RenderErrorResponseDTO,
-	RevokeAPIKeyPathParameters,
 	SetRoleByUserIDPathParameters,
 	TypesChangePasswordRequestDTO,
 	TypesDeprecatedUserDTO,
-	TypesPostableAPIKeyDTO,
 	TypesPostableBulkInviteRequestDTO,
 	TypesPostableForgotPasswordDTO,
 	TypesPostableInviteDTO,
 	TypesPostableResetPasswordDTO,
 	TypesPostableRoleDTO,
-	TypesStorableAPIKeyDTO,
 	TypesUpdatableUserDTO,
-	UpdateAPIKeyPathParameters,
 	UpdateUserDeprecated200,
 	UpdateUserDeprecatedPathParameters,
 	UpdateUserPathParameters,
@@ -428,349 +422,6 @@ export const useCreateBulkInvite = <
 
 	return useMutation(mutationOptions);
 };
-/**
- * This endpoint lists all api keys
- * @summary List api keys
- */
-export const listAPIKeys = (signal?: AbortSignal) => {
-	return GeneratedAPIInstance<ListAPIKeys200>({
-		url: `/api/v1/pats`,
-		method: 'GET',
-		signal,
-	});
-};
-
-export const getListAPIKeysQueryKey = () => {
-	return [`/api/v1/pats`] as const;
-};
-
-export const getListAPIKeysQueryOptions = <
-	TData = Awaited<ReturnType<typeof listAPIKeys>>,
-	TError = ErrorType<RenderErrorResponseDTO>
->(options?: {
-	query?: UseQueryOptions<
-		Awaited<ReturnType<typeof listAPIKeys>>,
-		TError,
-		TData
-	>;
-}) => {
-	const { query: queryOptions } = options ?? {};
-
-	const queryKey = queryOptions?.queryKey ?? getListAPIKeysQueryKey();
-
-	const queryFn: QueryFunction<Awaited<ReturnType<typeof listAPIKeys>>> = ({
-		signal,
-	}) => listAPIKeys(signal);
-
-	return { queryKey, queryFn, ...queryOptions } as UseQueryOptions<
-		Awaited<ReturnType<typeof listAPIKeys>>,
-		TError,
-		TData
-	> & { queryKey: QueryKey };
-};
-
-export type ListAPIKeysQueryResult = NonNullable<
-	Awaited<ReturnType<typeof listAPIKeys>>
->;
-export type ListAPIKeysQueryError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary List api keys
- */
-
-export function useListAPIKeys<
-	TData = Awaited<ReturnType<typeof listAPIKeys>>,
-	TError = ErrorType<RenderErrorResponseDTO>
->(options?: {
-	query?: UseQueryOptions<
-		Awaited<ReturnType<typeof listAPIKeys>>,
-		TError,
-		TData
-	>;
-}): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
-	const queryOptions = getListAPIKeysQueryOptions(options);
-
-	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
-		queryKey: QueryKey;
-	};
-
-	query.queryKey = queryOptions.queryKey;
-
-	return query;
-}
-
-/**
- * @summary List api keys
- */
-export const invalidateListAPIKeys = async (
-	queryClient: QueryClient,
-	options?: InvalidateOptions,
-): Promise<QueryClient> => {
-	await queryClient.invalidateQueries(
-		{ queryKey: getListAPIKeysQueryKey() },
-		options,
-	);
-
-	return queryClient;
-};
-
-/**
- * This endpoint creates an api key
- * @summary Create api key
- */
-export const createAPIKey = (
-	typesPostableAPIKeyDTO: BodyType<TypesPostableAPIKeyDTO>,
-	signal?: AbortSignal,
-) => {
-	return GeneratedAPIInstance<CreateAPIKey201>({
-		url: `/api/v1/pats`,
-		method: 'POST',
-		headers: { 'Content-Type': 'application/json' },
-		data: typesPostableAPIKeyDTO,
-		signal,
-	});
-};
-
-export const getCreateAPIKeyMutationOptions = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof createAPIKey>>,
-		TError,
-		{ data: BodyType<TypesPostableAPIKeyDTO> },
-		TContext
-	>;
-}): UseMutationOptions<
-	Awaited<ReturnType<typeof createAPIKey>>,
-	TError,
-	{ data: BodyType<TypesPostableAPIKeyDTO> },
-	TContext
-> => {
-	const mutationKey = ['createAPIKey'];
-	const { mutation: mutationOptions } = options
-		? options.mutation &&
-		  'mutationKey' in options.mutation &&
-		  options.mutation.mutationKey
-			? options
-			: { ...options, mutation: { ...options.mutation, mutationKey } }
-		: { mutation: { mutationKey } };
-
-	const mutationFn: MutationFunction<
-		Awaited<ReturnType<typeof createAPIKey>>,
-		{ data: BodyType<TypesPostableAPIKeyDTO> }
-	> = (props) => {
-		const { data } = props ?? {};
-
-		return createAPIKey(data);
-	};
-
-	return { mutationFn, ...mutationOptions };
-};
-
-export type CreateAPIKeyMutationResult = NonNullable<
-	Awaited<ReturnType<typeof createAPIKey>>
->;
-export type CreateAPIKeyMutationBody = BodyType<TypesPostableAPIKeyDTO>;
-export type CreateAPIKeyMutationError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary Create api key
- */
-export const useCreateAPIKey = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof createAPIKey>>,
-		TError,
-		{ data: BodyType<TypesPostableAPIKeyDTO> },
-		TContext
-	>;
-}): UseMutationResult<
-	Awaited<ReturnType<typeof createAPIKey>>,
-	TError,
-	{ data: BodyType<TypesPostableAPIKeyDTO> },
-	TContext
-> => {
-	const mutationOptions = getCreateAPIKeyMutationOptions(options);
-
-	return useMutation(mutationOptions);
-};
-/**
- * This endpoint revokes an api key
- * @summary Revoke api key
- */
-export const revokeAPIKey = ({ id }: RevokeAPIKeyPathParameters) => {
-	return GeneratedAPIInstance<void>({
-		url: `/api/v1/pats/${id}`,
-		method: 'DELETE',
-	});
-};
-
-export const getRevokeAPIKeyMutationOptions = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof revokeAPIKey>>,
-		TError,
-		{ pathParams: RevokeAPIKeyPathParameters },
-		TContext
-	>;
-}): UseMutationOptions<
-	Awaited<ReturnType<typeof revokeAPIKey>>,
-	TError,
-	{ pathParams: RevokeAPIKeyPathParameters },
-	TContext
-> => {
-	const mutationKey = ['revokeAPIKey'];
-	const { mutation: mutationOptions } = options
-		? options.mutation &&
-		  'mutationKey' in options.mutation &&
-		  options.mutation.mutationKey
-			? options
-			: { ...options, mutation: { ...options.mutation, mutationKey } }
-		: { mutation: { mutationKey } };
-
-	const mutationFn: MutationFunction<
-		Awaited<ReturnType<typeof revokeAPIKey>>,
-		{ pathParams: RevokeAPIKeyPathParameters }
-	> = (props) => {
-		const { pathParams } = props ?? {};
-
-		return revokeAPIKey(pathParams);
-	};
-
-	return { mutationFn, ...mutationOptions };
-};
-
-export type RevokeAPIKeyMutationResult = NonNullable<
-	Awaited<ReturnType<typeof revokeAPIKey>>
->;
-
-export type RevokeAPIKeyMutationError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary Revoke api key
- */
-export const useRevokeAPIKey = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof revokeAPIKey>>,
-		TError,
-		{ pathParams: RevokeAPIKeyPathParameters },
-		TContext
-	>;
-}): UseMutationResult<
-	Awaited<ReturnType<typeof revokeAPIKey>>,
-	TError,
-	{ pathParams: RevokeAPIKeyPathParameters },
-	TContext
-> => {
-	const mutationOptions = getRevokeAPIKeyMutationOptions(options);
-
-	return useMutation(mutationOptions);
-};
-/**
- * This endpoint updates an api key
- * @summary Update api key
- */
-export const updateAPIKey = (
-	{ id }: UpdateAPIKeyPathParameters,
-	typesStorableAPIKeyDTO: BodyType<TypesStorableAPIKeyDTO>,
-) => {
-	return GeneratedAPIInstance<string>({
-		url: `/api/v1/pats/${id}`,
-		method: 'PUT',
-		headers: { 'Content-Type': 'application/json' },
-		data: typesStorableAPIKeyDTO,
-	});
-};
-
-export const getUpdateAPIKeyMutationOptions = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof updateAPIKey>>,
-		TError,
-		{
-			pathParams: UpdateAPIKeyPathParameters;
-			data: BodyType<TypesStorableAPIKeyDTO>;
-		},
-		TContext
-	>;
-}): UseMutationOptions<
-	Awaited<ReturnType<typeof updateAPIKey>>,
-	TError,
-	{
-		pathParams: UpdateAPIKeyPathParameters;
-		data: BodyType<TypesStorableAPIKeyDTO>;
-	},
-	TContext
-> => {
-	const mutationKey = ['updateAPIKey'];
-	const { mutation: mutationOptions } = options
-		? options.mutation &&
-		  'mutationKey' in options.mutation &&
-		  options.mutation.mutationKey
-			? options
-			: { ...options, mutation: { ...options.mutation, mutationKey } }
-		: { mutation: { mutationKey } };
-
-	const mutationFn: MutationFunction<
-		Awaited<ReturnType<typeof updateAPIKey>>,
-		{
-			pathParams: UpdateAPIKeyPathParameters;
-			data: BodyType<TypesStorableAPIKeyDTO>;
-		}
-	> = (props) => {
-		const { pathParams, data } = props ?? {};
-
-		return updateAPIKey(pathParams, data);
-	};
-
-	return { mutationFn, ...mutationOptions };
-};
-
-export type UpdateAPIKeyMutationResult = NonNullable<
-	Awaited<ReturnType<typeof updateAPIKey>>
->;
-export type UpdateAPIKeyMutationBody = BodyType<TypesStorableAPIKeyDTO>;
-export type UpdateAPIKeyMutationError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary Update api key
- */
-export const useUpdateAPIKey = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof updateAPIKey>>,
-		TError,
-		{
-			pathParams: UpdateAPIKeyPathParameters;
-			data: BodyType<TypesStorableAPIKeyDTO>;
-		},
-		TContext
-	>;
-}): UseMutationResult<
-	Awaited<ReturnType<typeof updateAPIKey>>,
-	TError,
-	{
-		pathParams: UpdateAPIKeyPathParameters;
-		data: BodyType<TypesStorableAPIKeyDTO>;
-	},
-	TContext
-> => {
-	const mutationOptions = getUpdateAPIKeyMutationOptions(options);
-
-	return useMutation(mutationOptions);
-};
 /**
  * This endpoint resets the password by token
  * @summary Reset password

frontend/src/api/organization/editOrg.ts

@@ -1,26 +0,0 @@
-import { ApiV2Instance as axios } from 'api';
-import { ErrorResponseHandler } from 'api/ErrorResponseHandler';
-import { AxiosError } from 'axios';
-import { ErrorResponse, SuccessResponse } from 'types/api';
-import { PayloadProps, Props } from 'types/api/user/editOrg';
-
-const editOrg = async (
-	props: Props,
-): Promise<SuccessResponse<PayloadProps> | ErrorResponse> => {
-	try {
-		const response = await axios.put(`/orgs/me`, {
-			displayName: props.displayName,
-		});
-
-		return {
-			statusCode: 204,
-			error: null,
-			message: response.data.status,
-			payload: response.data,
-		};
-	} catch (error) {
-		return ErrorResponseHandler(error as AxiosError);
-	}
-};
-
-export default editOrg;

frontend/src/api/organization/getOrganization.ts

@@ -1,28 +0,0 @@
-import axios from 'api';
-import { ErrorResponseHandler } from 'api/ErrorResponseHandler';
-import { AxiosError } from 'axios';
-import { ErrorResponse, SuccessResponse } from 'types/api';
-import { PayloadProps } from 'types/api/user/getOrganization';
-
-const getOrganization = async (
-	token?: string,
-): Promise<SuccessResponse<PayloadProps> | ErrorResponse> => {
-	try {
-		const response = await axios.get(`/org`, {
-			headers: {
-				Authorization: `bearer ${token}`,
-			},
-		});
-
-		return {
-			statusCode: 200,
-			error: null,
-			message: response.data.status,
-			payload: response.data,
-		};
-	} catch (error) {
-		return ErrorResponseHandler(error as AxiosError);
-	}
-};
-
-export default getOrganization;

frontend/src/api/v1/pats/create.ts

@@ -1,28 +0,0 @@
-import axios from 'api';
-import { ErrorResponseHandlerV2 } from 'api/ErrorResponseHandlerV2';
-import { AxiosError } from 'axios';
-import { ErrorV2Resp, SuccessResponseV2 } from 'types/api';
-import {
-	APIKeyProps,
-	CreateAPIKeyProps,
-	CreatePayloadProps,
-} from 'types/api/pat/types';
-
-const create = async (
-	props: CreateAPIKeyProps,
-): Promise<SuccessResponseV2<APIKeyProps>> => {
-	try {
-		const response = await axios.post<CreatePayloadProps>('/pats', {
-			...props,
-		});
-
-		return {
-			httpStatusCode: response.status,
-			data: response.data.data,
-		};
-	} catch (error) {
-		ErrorResponseHandlerV2(error as AxiosError<ErrorV2Resp>);
-	}
-};
-
-export default create;

frontend/src/api/v1/pats/delete.ts

@@ -1,19 +0,0 @@
-import axios from 'api';
-import { ErrorResponseHandlerV2 } from 'api/ErrorResponseHandlerV2';
-import { AxiosError } from 'axios';
-import { ErrorV2Resp, SuccessResponseV2 } from 'types/api';
-
-const deleteAPIKey = async (id: string): Promise<SuccessResponseV2<null>> => {
-	try {
-		const response = await axios.delete(`/pats/${id}`);
-
-		return {
-			httpStatusCode: response.status,
-			data: null,
-		};
-	} catch (error) {
-		ErrorResponseHandlerV2(error as AxiosError<ErrorV2Resp>);
-	}
-};
-
-export default deleteAPIKey;

frontend/src/api/v1/pats/list.ts

@@ -1,20 +0,0 @@
-import axios from 'api';
-import { ErrorResponseHandlerV2 } from 'api/ErrorResponseHandlerV2';
-import { AxiosError } from 'axios';
-import { ErrorV2Resp, SuccessResponseV2 } from 'types/api';
-import { AllAPIKeyProps, APIKeyProps } from 'types/api/pat/types';
-
-const list = async (): Promise<SuccessResponseV2<APIKeyProps[]>> => {
-	try {
-		const response = await axios.get<AllAPIKeyProps>('/pats');
-
-		return {
-			httpStatusCode: response.status,
-			data: response.data.data,
-		};
-	} catch (error) {
-		ErrorResponseHandlerV2(error as AxiosError<ErrorV2Resp>);
-	}
-};
-
-export default list;

frontend/src/api/v1/pats/update.ts

@@ -1,24 +0,0 @@
-import axios from 'api';
-import { ErrorResponseHandlerV2 } from 'api/ErrorResponseHandlerV2';
-import { AxiosError } from 'axios';
-import { ErrorV2Resp, SuccessResponseV2 } from 'types/api';
-import { UpdateAPIKeyProps } from 'types/api/pat/types';
-
-const updateAPIKey = async (
-	props: UpdateAPIKeyProps,
-): Promise<SuccessResponseV2<null>> => {
-	try {
-		const response = await axios.put(`/pats/${props.id}`, {
-			...props.data,
-		});
-
-		return {
-			httpStatusCode: response.status,
-			data: null,
-		};
-	} catch (error) {
-		ErrorResponseHandlerV2(error as AxiosError<ErrorV2Resp>);
-	}
-};
-
-export default updateAPIKey;

frontend/src/api/v1/user/get.ts

@@ -1,21 +0,0 @@
-import axios from 'api';
-import { ErrorResponseHandlerV2 } from 'api/ErrorResponseHandlerV2';
-import { AxiosError } from 'axios';
-import { ErrorV2Resp, SuccessResponseV2 } from 'types/api';
-import { UserResponse } from 'types/api/user/getUser';
-import { PayloadProps } from 'types/api/user/getUsers';
-
-const getAll = async (): Promise<SuccessResponseV2<UserResponse[]>> => {
-	try {
-		const response = await axios.get<PayloadProps>(`/user`);
-
-		return {
-			httpStatusCode: response.status,
-			data: response.data.data,
-		};
-	} catch (error) {
-		ErrorResponseHandlerV2(error as AxiosError<ErrorV2Resp>);
-	}
-};
-
-export default getAll;

frontend/src/api/v1/user/id/get.ts

@@ -1,22 +0,0 @@
-import axios from 'api';
-import { ErrorResponseHandlerV2 } from 'api/ErrorResponseHandlerV2';
-import { AxiosError } from 'axios';
-import { ErrorV2Resp, SuccessResponseV2 } from 'types/api';
-import { PayloadProps, Props, UserResponse } from 'types/api/user/getUser';
-
-const getUser = async (
-	props: Props,
-): Promise<SuccessResponseV2<UserResponse>> => {
-	try {
-		const response = await axios.get<PayloadProps>(`/user/${props.userId}`);
-
-		return {
-			httpStatusCode: response.status,
-			data: response.data.data,
-		};
-	} catch (error) {
-		ErrorResponseHandlerV2(error as AxiosError<ErrorV2Resp>);
-	}
-};
-
-export default getUser;

frontend/src/api/v1/user/id/update.ts

@@ -1,23 +0,0 @@
-import axios from 'api';
-import { ErrorResponseHandlerV2 } from 'api/ErrorResponseHandlerV2';
-import { AxiosError } from 'axios';
-import { ErrorV2Resp, SuccessResponseV2 } from 'types/api';
-import { Props } from 'types/api/user/editUser';
-
-const update = async (props: Props): Promise<SuccessResponseV2<null>> => {
-	try {
-		const response = await axios.put(`/user/${props.userId}`, {
-			displayName: props.displayName,
-			role: props.role,
-		});
-
-		return {
-			httpStatusCode: response.status,
-			data: null,
-		};
-	} catch (error) {
-		ErrorResponseHandlerV2(error as AxiosError<ErrorV2Resp>);
-	}
-};
-
-export default update;

frontend/src/api/v1/user/me/get.ts

@@ -1,20 +0,0 @@
-import axios from 'api';
-import { ErrorResponseHandlerV2 } from 'api/ErrorResponseHandlerV2';
-import { AxiosError } from 'axios';
-import { ErrorV2Resp, SuccessResponseV2 } from 'types/api';
-import { PayloadProps, UserResponse } from 'types/api/user/getUser';
-
-const get = async (): Promise<SuccessResponseV2<UserResponse>> => {
-	try {
-		const response = await axios.get<PayloadProps>(`/user/me`);
-
-		return {
-			httpStatusCode: response.status,
-			data: response.data.data,
-		};
-	} catch (error) {
-		ErrorResponseHandlerV2(error as AxiosError<ErrorV2Resp>);
-	}
-};
-
-export default get;

frontend/src/components/CreateServiceAccountModal/CreateServiceAccountModal.tsx

@@ -12,17 +12,13 @@ import {
 } from 'api/generated/services/serviceaccount';
 import type { RenderErrorResponseDTO } from 'api/generated/services/sigNoz.schemas';
 import { AxiosError } from 'axios';
-import RolesSelect, { useRoles } from 'components/RolesSelect';
 import { SA_QUERY_PARAMS } from 'container/ServiceAccountsSettings/constants';
 import { parseAsBoolean, useQueryState } from 'nuqs';
-import { EMAIL_REGEX } from 'utils/app';
 
 import './CreateServiceAccountModal.styles.scss';
 
 interface FormValues {
 	name: string;
-	email: string;
-	roles: string[];
 }
 
 function CreateServiceAccountModal(): JSX.Element {
@@ -41,8 +37,6 @@ function CreateServiceAccountModal(): JSX.Element {
 		mode: 'onChange',
 		defaultValues: {
 			name: '',
-			email: '',
-			roles: [],
 		},
 	});
 
@@ -70,13 +64,6 @@ function CreateServiceAccountModal(): JSX.Element {
 			},
 		},
 	});
-	const {
-		roles,
-		isLoading: rolesLoading,
-		isError: rolesError,
-		error: rolesErrorObj,
-		refetch: refetchRoles,
-	} = useRoles();
 
 	function handleClose(): void {
 		reset();
@@ -87,8 +74,6 @@ function CreateServiceAccountModal(): JSX.Element {
 		createServiceAccount({
 			data: {
 				name: values.name.trim(),
-				email: values.email.trim(),
-				roles: values.roles,
 			},
 		});
 	}
@@ -134,68 +119,6 @@ function CreateServiceAccountModal(): JSX.Element {
 							<p className="create-sa-form__error">{errors.name.message}</p>
 						)}
 					</div>
-
-					<div className="create-sa-form__item">
-						<label htmlFor="sa-email">Email Address</label>
-						<Controller
-							name="email"
-							control={control}
-							rules={{
-								required: 'Email Address is required',
-								pattern: {
-									value: EMAIL_REGEX,
-									message: 'Please enter a valid email address',
-								},
-							}}
-							render={({ field }): JSX.Element => (
-								<Input
-									id="sa-email"
-									type="email"
-									placeholder="email@example.com"
-									className="create-sa-form__input"
-									value={field.value}
-									onChange={field.onChange}
-									onBlur={field.onBlur}
-								/>
-							)}
-						/>
-						{errors.email && (
-							<p className="create-sa-form__error">{errors.email.message}</p>
-						)}
-					</div>
-					<p className="create-sa-form__helper">
-						Used only for notifications about this service account. It is not used for
-						authentication.
-					</p>
-
-					<div className="create-sa-form__item">
-						<label htmlFor="sa-roles">Roles</label>
-						<Controller
-							name="roles"
-							control={control}
-							rules={{
-								validate: (value): string | true =>
-									value.length > 0 || 'At least one role is required',
-							}}
-							render={({ field }): JSX.Element => (
-								<RolesSelect
-									id="sa-roles"
-									mode="multiple"
-									roles={roles}
-									loading={rolesLoading}
-									isError={rolesError}
-									error={rolesErrorObj}
-									onRefetch={refetchRoles}
-									placeholder="Select roles"
-									value={field.value}
-									onChange={field.onChange}
-								/>
-							)}
-						/>
-						{errors.roles && (
-							<p className="create-sa-form__error">{errors.roles.message}</p>
-						)}
-					</div>
 				</form>
 			</div>
 

frontend/src/components/CreateServiceAccountModal/__tests__/CreateServiceAccountModal.test.tsx

@@ -1,5 +1,4 @@
 import { toast } from '@signozhq/sonner';
-import { listRolesSuccessResponse } from 'mocks-server/__mockdata__/roles';
 import { rest, server } from 'mocks-server/server';
 import { NuqsTestingAdapter } from 'nuqs/adapters/testing';
 import { render, screen, userEvent, waitFor } from 'tests/test-utils';
@@ -12,7 +11,6 @@ jest.mock('@signozhq/sonner', () => ({
 
 const mockToast = jest.mocked(toast);
 
-const ROLES_ENDPOINT = '*/api/v1/roles';
 const SERVICE_ACCOUNTS_ENDPOINT = '*/api/v1/service_accounts';
 
 function renderModal(): ReturnType<typeof render> {
@@ -27,9 +25,6 @@ describe('CreateServiceAccountModal', () => {
 	beforeEach(() => {
 		jest.clearAllMocks();
 		server.use(
-			rest.get(ROLES_ENDPOINT, (_, res, ctx) =>
-				res(ctx.status(200), ctx.json(listRolesSuccessResponse)),
-			),
 			rest.post(SERVICE_ACCOUNTS_ENDPOINT, (_, res, ctx) =>
 				res(ctx.status(201), ctx.json({ status: 'success', data: {} })),
 			),
@@ -48,38 +43,11 @@ describe('CreateServiceAccountModal', () => {
 		).toBeDisabled();
 	});
 
-	it('submit button remains disabled when email is invalid', async () => {
-		const user = userEvent.setup({ pointerEventsCheck: 0 });
-		renderModal();
-
-		await user.type(screen.getByPlaceholderText('Enter a name'), 'My Bot');
-		await user.type(
-			screen.getByPlaceholderText('email@example.com'),
-			'not-an-email',
-		);
-
-		await user.click(screen.getByText('Select roles'));
-		await user.click(await screen.findByTitle('signoz-admin'));
-
-		await waitFor(() =>
-			expect(
-				screen.getByRole('button', { name: /Create Service Account/i }),
-			).toBeDisabled(),
-		);
-	});
-
 	it('successful submit shows toast.success and closes modal', async () => {
 		const user = userEvent.setup({ pointerEventsCheck: 0 });
 		renderModal();
 
 		await user.type(screen.getByPlaceholderText('Enter a name'), 'Deploy Bot');
-		await user.type(
-			screen.getByPlaceholderText('email@example.com'),
-			'deploy@acme.io',
-		);
-
-		await user.click(screen.getByText('Select roles'));
-		await user.click(await screen.findByTitle('signoz-admin'));
 
 		const submitBtn = screen.getByRole('button', {
 			name: /Create Service Account/i,
@@ -116,13 +84,6 @@ describe('CreateServiceAccountModal', () => {
 		renderModal();
 
 		await user.type(screen.getByPlaceholderText('Enter a name'), 'Dupe Bot');
-		await user.type(
-			screen.getByPlaceholderText('email@example.com'),
-			'dupe@acme.io',
-		);
-
-		await user.click(screen.getByText('Select roles'));
-		await user.click(await screen.findByTitle('signoz-admin'));
 
 		const submitBtn = screen.getByRole('button', {
 			name: /Create Service Account/i,
@@ -164,16 +125,4 @@ describe('CreateServiceAccountModal', () => {
 
 		await screen.findByText('Name is required');
 	});
-
-	it('shows "Please enter a valid email address" for a malformed email', async () => {
-		const user = userEvent.setup({ pointerEventsCheck: 0 });
-		renderModal();
-
-		await user.type(
-			screen.getByPlaceholderText('email@example.com'),
-			'not-an-email',
-		);
-
-		await screen.findByText('Please enter a valid email address');
-	});
 });

frontend/src/components/EditMemberDrawer/DeleteMemberDialog.tsx

@@ -0,0 +1,75 @@
+import { Button } from '@signozhq/button';
+import { DialogFooter, DialogWrapper } from '@signozhq/dialog';
+import { Trash2, X } from '@signozhq/icons';
+import { MemberRow } from 'components/MembersTable/MembersTable';
+
+interface DeleteMemberDialogProps {
+	open: boolean;
+	isInvited: boolean;
+	member: MemberRow | null;
+	isDeleting: boolean;
+	onClose: () => void;
+	onConfirm: () => void;
+}
+
+function DeleteMemberDialog({
+	open,
+	isInvited,
+	member,
+	isDeleting,
+	onClose,
+	onConfirm,
+}: DeleteMemberDialogProps): JSX.Element {
+	const title = isInvited ? 'Revoke Invite' : 'Delete Member';
+
+	const body = isInvited ? (
+		<>
+			Are you sure you want to revoke the invite for{' '}
+			<strong>{member?.email}</strong>? They will no longer be able to join the
+			workspace using this invite.
+		</>
+	) : (
+		<>
+			Are you sure you want to delete{' '}
+			<strong>{member?.name || member?.email}</strong>? This will remove their
+			access to the workspace.
+		</>
+	);
+
+	return (
+		<DialogWrapper
+			open={open}
+			onOpenChange={(isOpen): void => {
+				if (!isOpen) {
+					onClose();
+				}
+			}}
+			title={title}
+			width="narrow"
+			className="alert-dialog delete-dialog"
+			showCloseButton={false}
+			disableOutsideClick={false}
+		>
+			<p className="delete-dialog__body">{body}</p>
+
+			<DialogFooter className="delete-dialog__footer">
+				<Button variant="solid" color="secondary" size="sm" onClick={onClose}>
+					<X size={12} />
+					Cancel
+				</Button>
+				<Button
+					variant="solid"
+					color="destructive"
+					size="sm"
+					disabled={isDeleting}
+					onClick={onConfirm}
+				>
+					<Trash2 size={12} />
+					{isDeleting ? 'Processing...' : title}
+				</Button>
+			</DialogFooter>
+		</DialogWrapper>
+	);
+}
+
+export default DeleteMemberDialog;

frontend/src/components/EditMemberDrawer/EditMemberDrawer.styles.scss

@@ -45,8 +45,8 @@
 		display: flex;
 		align-items: center;
 		justify-content: space-between;
-		height: 32px;
-		padding: 0 var(--padding-2);
+		min-height: 32px;
+		padding: var(--padding-1) var(--padding-2);
 		border-radius: 2px;
 		background: var(--l2-background);
 		border: 1px solid var(--border);
@@ -57,6 +57,13 @@
 		}
 	}
 
+	&__disabled-roles {
+		display: flex;
+		flex-wrap: wrap;
+		gap: var(--spacing-2);
+		flex: 1;
+	}
+
 	&__email-text {
 		font-size: var(--font-size-sm);
 		font-weight: var(--font-weight-normal);
@@ -78,21 +85,23 @@
 
 	&__role-select {
 		width: 100%;
-		height: 32px;
 
 		.ant-select-selector {
 			background-color: var(--l2-background) !important;
 			border-color: var(--border) !important;
 			border-radius: 2px;
-			padding: 0 var(--padding-2) !important;
+			padding: var(--padding-1) var(--padding-2) !important;
 			display: flex;
 			align-items: center;
+			flex-wrap: wrap;
+			min-height: 32px;
+			height: auto !important;
 		}
 
 		.ant-select-selection-item {
 			font-size: var(--font-size-sm);
 			color: var(--l1-foreground);
-			line-height: 32px;
+			line-height: 22px;
 			letter-spacing: -0.07px;
 		}
 

frontend/src/components/EditMemberDrawer/EditMemberDrawer.tsx

@@ -2,38 +2,52 @@ import { useCallback, useEffect, useState } from 'react';
 import { useCopyToClipboard } from 'react-use';
 import { Badge } from '@signozhq/badge';
 import { Button } from '@signozhq/button';
-import { DialogFooter, DialogWrapper } from '@signozhq/dialog';
 import { DrawerWrapper } from '@signozhq/drawer';
-import {
-	Check,
-	ChevronDown,
-	Copy,
-	LockKeyhole,
-	RefreshCw,
-	Trash2,
-	X,
-} from '@signozhq/icons';
+import { LockKeyhole, RefreshCw, Trash2, X } from '@signozhq/icons';
 import { Input } from '@signozhq/input';
 import { toast } from '@signozhq/sonner';
-import { Select } from 'antd';
+import { Skeleton } from 'antd';
 import { convertToApiError } from 'api/ErrorResponseHandlerForGeneratedAPIs';
-import { RenderErrorResponseDTO } from 'api/generated/services/sigNoz.schemas';
+import type { RenderErrorResponseDTO } from 'api/generated/services/sigNoz.schemas';
 import {
 	getResetPasswordToken,
 	useDeleteUser,
-	useUpdateUserDeprecated,
+	useGetUser,
+	useUpdateMyUserV2,
+	useUpdateUser,
 } from 'api/generated/services/users';
 import { AxiosError } from 'axios';
 import { MemberRow } from 'components/MembersTable/MembersTable';
+import RolesSelect, { useRoles } from 'components/RolesSelect';
+import SaveErrorItem from 'components/ServiceAccountDrawer/SaveErrorItem';
+import type { SaveError } from 'components/ServiceAccountDrawer/utils';
 import { DATE_TIME_FORMATS } from 'constants/dateTimeFormats';
 import { MemberStatus } from 'container/MembersSettings/utils';
-import { capitalize } from 'lodash-es';
+import {
+	MemberRoleUpdateFailure,
+	useMemberRoleManager,
+} from 'hooks/member/useMemberRoleManager';
+import { useAppContext } from 'providers/App/App';
 import { useTimezone } from 'providers/Timezone';
-import { ROLES } from 'types/roles';
-import { popupContainer } from 'utils/selectPopupContainer';
+import APIError from 'types/api/error';
+import { toAPIError } from 'utils/errorUtils';
+
+import DeleteMemberDialog from './DeleteMemberDialog';
+import ResetLinkDialog from './ResetLinkDialog';
 
 import './EditMemberDrawer.styles.scss';
 
+function toSaveApiError(err: unknown): APIError {
+	return (
+		convertToApiError(err as AxiosError<RenderErrorResponseDTO>) ??
+		toAPIError(err as AxiosError<RenderErrorResponseDTO>)
+	);
+}
+
+function areSortedArraysEqual(a: string[], b: string[]): boolean {
+	return JSON.stringify([...a].sort()) === JSON.stringify([...b].sort());
+}
+
 export interface EditMemberDrawerProps {
 	member: MemberRow | null;
 	open: boolean;
@@ -49,9 +63,12 @@ function EditMemberDrawer({
 	onComplete,
 }: EditMemberDrawerProps): JSX.Element {
 	const { formatTimezoneAdjustedTimestamp } = useTimezone();
+	const { user: currentUser } = useAppContext();
 
-	const [displayName, setDisplayName] = useState('');
-	const [selectedRole, setSelectedRole] = useState<ROLES>('VIEWER');
+	const [localDisplayName, setLocalDisplayName] = useState('');
+	const [localRoles, setLocalRoles] = useState<string[]>([]);
+	const [isSaving, setIsSaving] = useState(false);
+	const [saveErrors, setSaveErrors] = useState<SaveError[]>([]);
 	const [isGeneratingLink, setIsGeneratingLink] = useState(false);
 	const [showDeleteConfirm, setShowDeleteConfirm] = useState(false);
 	const [resetLink, setResetLink] = useState<string | null>(null);
@@ -60,25 +77,54 @@ function EditMemberDrawer({
 	const [linkType, setLinkType] = useState<'invite' | 'reset' | null>(null);
 
 	const isInvited = member?.status === MemberStatus.Invited;
+	const isSelf = !!member?.id && member.id === currentUser?.id;
 
-	const { mutate: updateUser, isLoading: isSaving } = useUpdateUserDeprecated({
-		mutation: {
-			onSuccess: (): void => {
-				toast.success('Member details updated successfully', { richColors: true });
-				onComplete();
-				onClose();
-			},
-			onError: (err): void => {
-				const errMessage =
-					convertToApiError(
-						err as AxiosError<RenderErrorResponseDTO, unknown> | null,
-					)?.getErrorMessage() || 'An error occurred';
-				toast.error(`Failed to update member details: ${errMessage}`, {
-					richColors: true,
-				});
-			},
-		},
-	});
+	const {
+		data: fetchedUser,
+		isLoading: isFetchingUser,
+		refetch: refetchUser,
+	} = useGetUser(
+		{ id: member?.id ?? '' },
+		{ query: { enabled: open && !!member?.id } },
+	);
+
+	const {
+		roles: availableRoles,
+		isLoading: rolesLoading,
+		isError: rolesError,
+		error: rolesErrorObj,
+		refetch: refetchRoles,
+	} = useRoles();
+
+	const { fetchedRoleIds, applyDiff } = useMemberRoleManager(
+		member?.id ?? '',
+		open && !!member?.id,
+	);
+
+	const fetchedDisplayName =
+		fetchedUser?.data?.displayName ?? member?.name ?? '';
+	const fetchedUserId = fetchedUser?.data?.id;
+	const fetchedUserDisplayName = fetchedUser?.data?.displayName;
+
+	useEffect(() => {
+		if (fetchedUserId) {
+			setLocalDisplayName(fetchedUserDisplayName ?? member?.name ?? '');
+		}
+		setSaveErrors([]);
+	}, [fetchedUserId, fetchedUserDisplayName, member?.name]);
+
+	useEffect(() => {
+		setLocalRoles(fetchedRoleIds);
+	}, [fetchedRoleIds]);
+
+	const isDirty =
+		member !== null &&
+		fetchedUser != null &&
+		(localDisplayName !== fetchedDisplayName ||
+			!areSortedArraysEqual(localRoles, fetchedRoleIds));
+
+	const { mutateAsync: updateMyUser } = useUpdateMyUserV2();
+	const { mutateAsync: updateUser } = useUpdateUser();
 
 	const { mutate: deleteUser, isLoading: isDeleting } = useDeleteUser({
 		mutation: {
@@ -104,48 +150,152 @@ function EditMemberDrawer({
 		},
 	});
 
-	useEffect(() => {
-		if (member) {
-			setDisplayName(member.name ?? '');
-			setSelectedRole(member.role);
-		}
-	}, [member]);
-
-	const isDirty =
-		member !== null &&
-		(displayName !== (member.name ?? '') || selectedRole !== member.role);
-
-	const formatTimestamp = useCallback(
-		(ts: string | null | undefined): string => {
-			if (!ts) {
-				return '—';
+	const makeRoleRetry = useCallback(
+		(
+			context: string,
+			rawRetry: () => Promise<void>,
+		) => async (): Promise<void> => {
+			try {
+				await rawRetry();
+				setSaveErrors((prev) => prev.filter((e) => e.context !== context));
+				refetchUser();
+			} catch (err) {
+				setSaveErrors((prev) =>
+					prev.map((e) =>
+						e.context === context ? { ...e, apiError: toSaveApiError(err) } : e,
+					),
+				);
 			}
-			const d = new Date(ts);
-			if (Number.isNaN(d.getTime())) {
-				return '—';
-			}
-			return formatTimezoneAdjustedTimestamp(ts, DATE_TIME_FORMATS.DASH_DATETIME);
 		},
-		[formatTimezoneAdjustedTimestamp],
+		[refetchUser],
 	);
 
-	const handleSave = useCallback((): void => {
+	const retryNameUpdate = useCallback(async (): Promise<void> => {
+		if (!member) {
+			return;
+		}
+		try {
+			if (isSelf) {
+				await updateMyUser({ data: { displayName: localDisplayName } });
+			} else {
+				await updateUser({
+					pathParams: { id: member.id },
+					data: { displayName: localDisplayName },
+				});
+			}
+			setSaveErrors((prev) => prev.filter((e) => e.context !== 'Name update'));
+			refetchUser();
+		} catch (err) {
+			setSaveErrors((prev) =>
+				prev.map((e) =>
+					e.context === 'Name update' ? { ...e, apiError: toSaveApiError(err) } : e,
+				),
+			);
+		}
+	}, [member, isSelf, localDisplayName, updateMyUser, updateUser, refetchUser]);
+
+	const handleSave = useCallback(async (): Promise<void> => {
 		if (!member || !isDirty) {
 			return;
 		}
-		updateUser({
-			pathParams: { id: member.id },
-			data: { id: member.id, displayName, role: selectedRole },
-		});
-	}, [member, isDirty, displayName, selectedRole, updateUser]);
+		setSaveErrors([]);
+		setIsSaving(true);
+		try {
+			const nameChanged = localDisplayName !== fetchedDisplayName;
+			const rolesChanged = !areSortedArraysEqual(localRoles, fetchedRoleIds);
+
+			const namePromise = nameChanged
+				? isSelf
+					? updateMyUser({ data: { displayName: localDisplayName } })
+					: updateUser({
+							pathParams: { id: member.id },
+							data: { displayName: localDisplayName },
+					  })
+				: Promise.resolve();
+
+			const [nameResult, rolesResult] = await Promise.allSettled([
+				namePromise,
+				rolesChanged ? applyDiff(localRoles, availableRoles) : Promise.resolve([]),
+			]);
+
+			const errors: SaveError[] = [];
+
+			if (nameResult.status === 'rejected') {
+				errors.push({
+					context: 'Name update',
+					apiError: toSaveApiError(nameResult.reason),
+					onRetry: retryNameUpdate,
+				});
+			}
+
+			if (rolesResult.status === 'rejected') {
+				errors.push({
+					context: 'Roles update',
+					apiError: toSaveApiError(rolesResult.reason),
+					onRetry: async (): Promise<void> => {
+						const failures = await applyDiff(localRoles, availableRoles);
+						setSaveErrors((prev) => {
+							const rest = prev.filter((e) => e.context !== 'Roles update');
+							return [
+								...rest,
+								...failures.map((f: MemberRoleUpdateFailure) => {
+									const ctx = `Role '${f.roleName}'`;
+									return {
+										context: ctx,
+										apiError: toSaveApiError(f.error),
+										onRetry: makeRoleRetry(ctx, f.onRetry),
+									};
+								}),
+							];
+						});
+						refetchUser();
+					},
+				});
+			} else {
+				for (const failure of rolesResult.value ?? []) {
+					const context = `Role '${failure.roleName}'`;
+					errors.push({
+						context,
+						apiError: toSaveApiError(failure.error),
+						onRetry: makeRoleRetry(context, failure.onRetry),
+					});
+				}
+			}
+
+			if (errors.length > 0) {
+				setSaveErrors(errors);
+			} else {
+				toast.success('Member details updated successfully', { richColors: true });
+				onComplete();
+			}
+
+			refetchUser();
+		} finally {
+			setIsSaving(false);
+		}
+	}, [
+		member,
+		isDirty,
+		isSelf,
+		localDisplayName,
+		localRoles,
+		fetchedDisplayName,
+		fetchedRoleIds,
+		updateMyUser,
+		updateUser,
+		applyDiff,
+		availableRoles,
+		refetchUser,
+		retryNameUpdate,
+		makeRoleRetry,
+		onComplete,
+	]);
 
 	const handleDelete = useCallback((): void => {
 		if (!member) {
 			return;
 		}
-		deleteUser({
-			pathParams: { id: member.id },
-		});
+		deleteUser({ pathParams: { id: member.id } });
 	}, [member, deleteUser]);
 
 	const handleGenerateResetLink = useCallback(async (): Promise<void> => {
@@ -176,30 +326,26 @@ function EditMemberDrawer({
 		} finally {
 			setIsGeneratingLink(false);
 		}
-	}, [member, isInvited, setLinkType, onClose]);
+	}, [member, isInvited, onClose]);
 
 	const [copyState, copyToClipboard] = useCopyToClipboard();
-	const handleCopyResetLink = useCallback(async (): Promise<void> => {
+	const handleCopyResetLink = useCallback((): void => {
 		if (!resetLink) {
 			return;
 		}
 		copyToClipboard(resetLink);
-
 		setHasCopiedResetLink(true);
 		setTimeout(() => setHasCopiedResetLink(false), 2000);
-		toast.success(
+		const message =
 			linkType === 'invite'
 				? 'Invite link copied to clipboard'
-				: 'Reset link copied to clipboard',
-			{ richColors: true },
-		);
+				: 'Reset link copied to clipboard';
+		toast.success(message, { richColors: true });
 	}, [resetLink, copyToClipboard, linkType]);
 
 	useEffect(() => {
 		if (copyState.error) {
-			toast.error('Failed to copy link', {
-				richColors: true,
-			});
+			toast.error('Failed to copy link', { richColors: true });
 		}
 	}, [copyState.error]);
 
@@ -210,79 +356,146 @@ function EditMemberDrawer({
 
 	const joinedOnLabel = isInvited ? 'Invited On' : 'Joined On';
 
-	const drawerContent = (
-		<div className="edit-member-drawer__layout">
-			<div className="edit-member-drawer__body">
-				<div className="edit-member-drawer__field">
-					<label className="edit-member-drawer__label" htmlFor="member-name">
-						Name
-					</label>
-					<Input
-						id="member-name"
-						value={displayName}
-						onChange={(e): void => setDisplayName(e.target.value)}
-						className="edit-member-drawer__input"
-						placeholder="Enter name"
-					/>
-				</div>
+	const formatTimestamp = useCallback(
+		(ts: string | null | undefined): string => {
+			if (!ts) {
+				return '—';
+			}
+			const d = new Date(ts);
+			if (Number.isNaN(d.getTime())) {
+				return '—';
+			}
+			return formatTimezoneAdjustedTimestamp(ts, DATE_TIME_FORMATS.DASH_DATETIME);
+		},
+		[formatTimezoneAdjustedTimestamp],
+	);
 
-				<div className="edit-member-drawer__field">
-					<label className="edit-member-drawer__label" htmlFor="member-email">
-						Email Address
-					</label>
-					<div className="edit-member-drawer__input-wrapper edit-member-drawer__input-wrapper--disabled">
-						<span className="edit-member-drawer__email-text">
-							{member?.email || '—'}
-						</span>
-						<LockKeyhole size={16} className="edit-member-drawer__lock-icon" />
-					</div>
-				</div>
+	const drawerBody = isFetchingUser ? (
+		<Skeleton active paragraph={{ rows: 6 }} />
+	) : (
+		<>
+			<div className="edit-member-drawer__field">
+				<label className="edit-member-drawer__label" htmlFor="member-name">
+					Name
+				</label>
+				<Input
+					id="member-name"
+					value={localDisplayName}
+					onChange={(e): void => {
+						setLocalDisplayName(e.target.value);
+						setSaveErrors((prev) =>
+							prev.filter((err) => err.context !== 'Name update'),
+						);
+					}}
+					className="edit-member-drawer__input"
+					placeholder="Enter name"
+				/>
+			</div>
 
-				<div className="edit-member-drawer__field">
-					<label className="edit-member-drawer__label" htmlFor="member-role">
-						Roles
-					</label>
-					<Select
-						id="member-role"
-						value={selectedRole}
-						onChange={(role): void => setSelectedRole(role as ROLES)}
-						className="edit-member-drawer__role-select"
-						suffixIcon={<ChevronDown size={14} />}
-						getPopupContainer={popupContainer}
-					>
-						<Select.Option value="ADMIN">{capitalize('ADMIN')}</Select.Option>
-						<Select.Option value="EDITOR">{capitalize('EDITOR')}</Select.Option>
-						<Select.Option value="VIEWER">{capitalize('VIEWER')}</Select.Option>
-					</Select>
-				</div>
-
-				<div className="edit-member-drawer__meta">
-					<div className="edit-member-drawer__meta-item">
-						<span className="edit-member-drawer__meta-label">Status</span>
-						{member?.status === MemberStatus.Active ? (
-							<Badge color="forest" variant="outline">
-								ACTIVE
-							</Badge>
-						) : (
-							<Badge color="amber" variant="outline">
-								INVITED
-							</Badge>
-						)}
-					</div>
-
-					<div className="edit-member-drawer__meta-item">
-						<span className="edit-member-drawer__meta-label">{joinedOnLabel}</span>
-						<Badge color="vanilla">{formatTimestamp(member?.joinedOn)}</Badge>
-					</div>
-					{!isInvited && (
-						<div className="edit-member-drawer__meta-item">
-							<span className="edit-member-drawer__meta-label">Last Modified</span>
-							<Badge color="vanilla">{formatTimestamp(member?.updatedAt)}</Badge>
-						</div>
-					)}
+			<div className="edit-member-drawer__field">
+				<label className="edit-member-drawer__label" htmlFor="member-email">
+					Email Address
+				</label>
+				<div className="edit-member-drawer__input-wrapper edit-member-drawer__input-wrapper--disabled">
+					<span className="edit-member-drawer__email-text">
+						{member?.email || '—'}
+					</span>
+					<LockKeyhole size={16} className="edit-member-drawer__lock-icon" />
 				</div>
 			</div>
 
+			<div className="edit-member-drawer__field">
+				<label className="edit-member-drawer__label" htmlFor="member-role">
+					Roles
+				</label>
+				{isSelf ? (
+					<div className="edit-member-drawer__input-wrapper edit-member-drawer__input-wrapper--disabled">
+						<div className="edit-member-drawer__disabled-roles">
+							{localRoles.length > 0 ? (
+								localRoles.map((roleId) => {
+									const role = availableRoles.find((r) => r.id === roleId);
+									return (
+										<Badge key={roleId} color="vanilla">
+											{role?.name ?? roleId}
+										</Badge>
+									);
+								})
+							) : (
+								<span className="edit-member-drawer__email-text">—</span>
+							)}
+						</div>
+						<LockKeyhole size={16} className="edit-member-drawer__lock-icon" />
+					</div>
+				) : (
+					<RolesSelect
+						id="member-role"
+						mode="multiple"
+						roles={availableRoles}
+						loading={rolesLoading}
+						isError={rolesError}
+						error={rolesErrorObj}
+						onRefetch={refetchRoles}
+						value={localRoles}
+						onChange={(roles): void => {
+							setLocalRoles(roles);
+							setSaveErrors((prev) =>
+								prev.filter(
+									(err) =>
+										err.context !== 'Roles update' && !err.context.startsWith("Role '"),
+								),
+							);
+						}}
+						className="edit-member-drawer__role-select"
+						placeholder="Select roles"
+					/>
+				)}
+			</div>
+
+			<div className="edit-member-drawer__meta">
+				<div className="edit-member-drawer__meta-item">
+					<span className="edit-member-drawer__meta-label">Status</span>
+					{member?.status === MemberStatus.Active ? (
+						<Badge color="forest" variant="outline">
+							ACTIVE
+						</Badge>
+					) : (
+						<Badge color="amber" variant="outline">
+							INVITED
+						</Badge>
+					)}
+				</div>
+
+				<div className="edit-member-drawer__meta-item">
+					<span className="edit-member-drawer__meta-label">{joinedOnLabel}</span>
+					<Badge color="vanilla">{formatTimestamp(member?.joinedOn)}</Badge>
+				</div>
+				{!isInvited && (
+					<div className="edit-member-drawer__meta-item">
+						<span className="edit-member-drawer__meta-label">Last Modified</span>
+						<Badge color="vanilla">{formatTimestamp(member?.updatedAt)}</Badge>
+					</div>
+				)}
+			</div>
+
+			{saveErrors.length > 0 && (
+				<div className="edit-member-drawer__save-errors">
+					{saveErrors.map((e) => (
+						<SaveErrorItem
+							key={e.context}
+							context={e.context}
+							apiError={e.apiError}
+							onRetry={e.onRetry}
+						/>
+					))}
+				</div>
+			)}
+		</>
+	);
+
+	const drawerContent = (
+		<div className="edit-member-drawer__layout">
+			<div className="edit-member-drawer__body">{drawerBody}</div>
+
 			<div className="edit-member-drawer__footer">
 				<div className="edit-member-drawer__footer-left">
 					<Button
@@ -300,11 +513,9 @@ function EditMemberDrawer({
 						disabled={isGeneratingLink}
 					>
 						<RefreshCw size={12} />
-						{isGeneratingLink
-							? 'Generating...'
-							: isInvited
-							? 'Copy Invite Link'
-							: 'Generate Password Reset Link'}
+						{isGeneratingLink && 'Generating...'}
+						{!isGeneratingLink && isInvited && 'Copy Invite Link'}
+						{!isGeneratingLink && !isInvited && 'Generate Password Reset Link'}
 					</Button>
 				</div>
 
@@ -328,22 +539,6 @@ function EditMemberDrawer({
 		</div>
 	);
 
-	const deleteDialogTitle = isInvited ? 'Revoke Invite' : 'Delete Member';
-	const deleteDialogBody = isInvited ? (
-		<>
-			Are you sure you want to revoke the invite for{' '}
-			<strong>{member?.email}</strong>? They will no longer be able to join the
-			workspace using this invite.
-		</>
-	) : (
-		<>
-			Are you sure you want to delete{' '}
-			<strong>{member?.name || member?.email}</strong>? This will remove their
-			access to the workspace.
-		</>
-	);
-	const deleteConfirmLabel = isInvited ? 'Revoke Invite' : 'Delete Member';
-
 	return (
 		<>
 			<DrawerWrapper
@@ -363,82 +558,26 @@ function EditMemberDrawer({
 				className="edit-member-drawer"
 			/>
 
-			<DialogWrapper
+			<ResetLinkDialog
 				open={showResetLinkDialog}
-				onOpenChange={(isOpen): void => {
-					if (!isOpen) {
-						setShowResetLinkDialog(false);
-						setLinkType(null);
-					}
+				linkType={linkType}
+				resetLink={resetLink}
+				hasCopied={hasCopiedResetLink}
+				onClose={(): void => {
+					setShowResetLinkDialog(false);
+					setLinkType(null);
 				}}
-				title={linkType === 'invite' ? 'Invite Link' : 'Password Reset Link'}
-				showCloseButton
-				width="base"
-				className="reset-link-dialog"
-			>
-				<div className="reset-link-dialog__content">
-					<p className="reset-link-dialog__description">
-						{linkType === 'invite'
-							? 'Share this one-time link with the team member to complete their account setup.'
-							: 'This creates a one-time link the team member can use to set a new password for their SigNoz account.'}
-					</p>
-					<div className="reset-link-dialog__link-row">
-						<div className="reset-link-dialog__link-text-wrap">
-							<span className="reset-link-dialog__link-text">{resetLink}</span>
-						</div>
-						<Button
-							variant="outlined"
-							color="secondary"
-							size="sm"
-							onClick={handleCopyResetLink}
-							prefixIcon={
-								hasCopiedResetLink ? <Check size={12} /> : <Copy size={12} />
-							}
-							className="reset-link-dialog__copy-btn"
-						>
-							{hasCopiedResetLink ? 'Copied!' : 'Copy'}
-						</Button>
-					</div>
-				</div>
-			</DialogWrapper>
+				onCopy={handleCopyResetLink}
+			/>
 
-			<DialogWrapper
+			<DeleteMemberDialog
 				open={showDeleteConfirm}
-				onOpenChange={(isOpen): void => {
-					if (!isOpen) {
-						setShowDeleteConfirm(false);
-					}
-				}}
-				title={deleteDialogTitle}
-				width="narrow"
-				className="alert-dialog delete-dialog"
-				showCloseButton={false}
-				disableOutsideClick={false}
-			>
-				<p className="delete-dialog__body">{deleteDialogBody}</p>
-
-				<DialogFooter className="delete-dialog__footer">
-					<Button
-						variant="solid"
-						color="secondary"
-						size="sm"
-						onClick={(): void => setShowDeleteConfirm(false)}
-					>
-						<X size={12} />
-						Cancel
-					</Button>
-					<Button
-						variant="solid"
-						color="destructive"
-						size="sm"
-						disabled={isDeleting}
-						onClick={handleDelete}
-					>
-						<Trash2 size={12} />
-						{isDeleting ? 'Processing...' : deleteConfirmLabel}
-					</Button>
-				</DialogFooter>
-			</DialogWrapper>
+				isInvited={isInvited}
+				member={member}
+				isDeleting={isDeleting}
+				onClose={(): void => setShowDeleteConfirm(false)}
+				onConfirm={handleDelete}
+			/>
 		</>
 	);
 }

frontend/src/components/EditMemberDrawer/ResetLinkDialog.tsx

@@ -0,0 +1,61 @@
+import { Button } from '@signozhq/button';
+import { DialogWrapper } from '@signozhq/dialog';
+import { Check, Copy } from '@signozhq/icons';
+
+interface ResetLinkDialogProps {
+	open: boolean;
+	linkType: 'invite' | 'reset' | null;
+	resetLink: string | null;
+	hasCopied: boolean;
+	onClose: () => void;
+	onCopy: () => void;
+}
+
+function ResetLinkDialog({
+	open,
+	linkType,
+	resetLink,
+	hasCopied,
+	onClose,
+	onCopy,
+}: ResetLinkDialogProps): JSX.Element {
+	return (
+		<DialogWrapper
+			open={open}
+			onOpenChange={(isOpen): void => {
+				if (!isOpen) {
+					onClose();
+				}
+			}}
+			title={linkType === 'invite' ? 'Invite Link' : 'Password Reset Link'}
+			showCloseButton
+			width="base"
+			className="reset-link-dialog"
+		>
+			<div className="reset-link-dialog__content">
+				<p className="reset-link-dialog__description">
+					{linkType === 'invite'
+						? 'Share this one-time link with the team member to complete their account setup.'
+						: 'This creates a one-time link the team member can use to set a new password for their SigNoz account.'}
+				</p>
+				<div className="reset-link-dialog__link-row">
+					<div className="reset-link-dialog__link-text-wrap">
+						<span className="reset-link-dialog__link-text">{resetLink}</span>
+					</div>
+					<Button
+						variant="outlined"
+						color="secondary"
+						size="sm"
+						onClick={onCopy}
+						prefixIcon={hasCopied ? <Check size={12} /> : <Copy size={12} />}
+						className="reset-link-dialog__copy-btn"
+					>
+						{hasCopied ? 'Copied!' : 'Copy'}
+					</Button>
+				</div>
+			</div>
+		</DialogWrapper>
+	);
+}
+
+export default ResetLinkDialog;

frontend/src/components/EditMemberDrawer/__tests__/EditMemberDrawer.test.tsx

@@ -4,11 +4,19 @@ import { convertToApiError } from 'api/ErrorResponseHandlerForGeneratedAPIs';
 import {
 	getResetPasswordToken,
 	useDeleteUser,
-	useUpdateUserDeprecated,
+	useGetUser,
+	useRemoveUserRoleByUserIDAndRoleID,
+	useSetRoleByUserID,
+	useUpdateMyUserV2,
+	useUpdateUser,
 } from 'api/generated/services/users';
 import { MemberStatus } from 'container/MembersSettings/utils';
+import {
+	listRolesSuccessResponse,
+	managedRoles,
+} from 'mocks-server/__mockdata__/roles';
+import { rest, server } from 'mocks-server/server';
 import { render, screen, userEvent, waitFor } from 'tests/test-utils';
-import { ROLES } from 'types/roles';
 
 import EditMemberDrawer, { EditMemberDrawerProps } from '../EditMemberDrawer';
 
@@ -44,7 +52,11 @@ jest.mock('@signozhq/dialog', () => ({
 
 jest.mock('api/generated/services/users', () => ({
 	useDeleteUser: jest.fn(),
-	useUpdateUserDeprecated: jest.fn(),
+	useGetUser: jest.fn(),
+	useUpdateUser: jest.fn(),
+	useUpdateMyUserV2: jest.fn(),
+	useSetRoleByUserID: jest.fn(),
+	useRemoveUserRoleByUserIDAndRoleID: jest.fn(),
 	getResetPasswordToken: jest.fn(),
 }));
 
@@ -69,15 +81,31 @@ jest.mock('react-use', () => ({
 	],
 }));
 
-const mockUpdateMutate = jest.fn();
+const ROLES_ENDPOINT = '*/api/v1/roles';
+
 const mockDeleteMutate = jest.fn();
 const mockGetResetPasswordToken = jest.mocked(getResetPasswordToken);
 
+const mockFetchedUser = {
+	data: {
+		id: 'user-1',
+		displayName: 'Alice Smith',
+		email: 'alice@signoz.io',
+		status: 'active',
+		userRoles: [
+			{
+				id: 'ur-1',
+				roleId: managedRoles[0].id,
+				role: managedRoles[0], // signoz-admin
+			},
+		],
+	},
+};
+
 const activeMember = {
 	id: 'user-1',
 	name: 'Alice Smith',
 	email: 'alice@signoz.io',
-	role: 'ADMIN' as ROLES,
 	status: MemberStatus.Active,
 	joinedOn: '1700000000000',
 	updatedAt: '1710000000000',
@@ -87,7 +115,6 @@ const invitedMember = {
 	id: 'abc123',
 	name: '',
 	email: 'bob@signoz.io',
-	role: 'VIEWER' as ROLES,
 	status: MemberStatus.Invited,
 	joinedOn: '1700000000000',
 };
@@ -109,8 +136,30 @@ function renderDrawer(
 describe('EditMemberDrawer', () => {
 	beforeEach(() => {
 		jest.clearAllMocks();
-		(useUpdateUserDeprecated as jest.Mock).mockReturnValue({
-			mutate: mockUpdateMutate,
+		server.use(
+			rest.get(ROLES_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json(listRolesSuccessResponse)),
+			),
+		);
+		(useGetUser as jest.Mock).mockReturnValue({
+			data: mockFetchedUser,
+			isLoading: false,
+			refetch: jest.fn(),
+		});
+		(useUpdateUser as jest.Mock).mockReturnValue({
+			mutateAsync: jest.fn().mockResolvedValue({}),
+			isLoading: false,
+		});
+		(useUpdateMyUserV2 as jest.Mock).mockReturnValue({
+			mutateAsync: jest.fn().mockResolvedValue({}),
+			isLoading: false,
+		});
+		(useSetRoleByUserID as jest.Mock).mockReturnValue({
+			mutateAsync: jest.fn().mockResolvedValue({}),
+			isLoading: false,
+		});
+		(useRemoveUserRoleByUserIDAndRoleID as jest.Mock).mockReturnValue({
+			mutateAsync: jest.fn().mockResolvedValue({}),
 			isLoading: false,
 		});
 		(useDeleteUser as jest.Mock).mockReturnValue({
@@ -119,6 +168,10 @@ describe('EditMemberDrawer', () => {
 		});
 	});
 
+	afterEach(() => {
+		server.resetHandlers();
+	});
+
 	it('renders active member details and disables Save when form is not dirty', () => {
 		renderDrawer();
 
@@ -130,16 +183,15 @@ describe('EditMemberDrawer', () => {
 		).toBeDisabled();
 	});
 
-	it('enables Save after editing name and calls update API on confirm', async () => {
+	it('enables Save after editing name and calls updateUser on confirm', async () => {
 		const onComplete = jest.fn();
 		const user = userEvent.setup({ pointerEventsCheck: 0 });
+		const mockMutateAsync = jest.fn().mockResolvedValue({});
 
-		(useUpdateUserDeprecated as jest.Mock).mockImplementation((options) => ({
-			mutate: mockUpdateMutate.mockImplementation(() => {
-				options?.mutation?.onSuccess?.();
-			}),
+		(useUpdateUser as jest.Mock).mockReturnValue({
+			mutateAsync: mockMutateAsync,
 			isLoading: false,
-		}));
+		});
 
 		renderDrawer({ onComplete });
 
@@ -153,12 +205,92 @@ describe('EditMemberDrawer', () => {
 		await user.click(saveBtn);
 
 		await waitFor(() => {
-			expect(mockUpdateMutate).toHaveBeenCalledWith(
-				expect.objectContaining({
-					pathParams: { id: 'user-1' },
-					data: expect.objectContaining({ displayName: 'Alice Updated' }),
-				}),
-			);
+			expect(mockMutateAsync).toHaveBeenCalledWith({
+				pathParams: { id: 'user-1' },
+				data: { displayName: 'Alice Updated' },
+			});
+			expect(onComplete).toHaveBeenCalled();
+		});
+	});
+
+	it('does not close the drawer after a successful save', async () => {
+		const onClose = jest.fn();
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
+		renderDrawer({ onClose });
+
+		const nameInput = screen.getByDisplayValue('Alice Smith');
+		await user.clear(nameInput);
+		await user.type(nameInput, 'Alice Updated');
+
+		const saveBtn = screen.getByRole('button', { name: /save member details/i });
+		await waitFor(() => expect(saveBtn).not.toBeDisabled());
+		await user.click(saveBtn);
+
+		await waitFor(() => {
+			expect(
+				screen.getByRole('button', { name: /save member details/i }),
+			).toBeInTheDocument();
+		});
+		expect(onClose).not.toHaveBeenCalled();
+	});
+
+	it('calls setRole when a new role is added', async () => {
+		const onComplete = jest.fn();
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+		const mockSet = jest.fn().mockResolvedValue({});
+
+		(useSetRoleByUserID as jest.Mock).mockReturnValue({
+			mutateAsync: mockSet,
+			isLoading: false,
+		});
+
+		renderDrawer({ onComplete });
+
+		// Open the roles dropdown and select signoz-editor
+		await user.click(screen.getByLabelText('Roles'));
+		await user.click(await screen.findByTitle('signoz-editor'));
+
+		const saveBtn = screen.getByRole('button', { name: /save member details/i });
+		await waitFor(() => expect(saveBtn).not.toBeDisabled());
+		await user.click(saveBtn);
+
+		await waitFor(() => {
+			expect(mockSet).toHaveBeenCalledWith({
+				pathParams: { id: 'user-1' },
+				data: { name: 'signoz-editor' },
+			});
+			expect(onComplete).toHaveBeenCalled();
+		});
+	});
+
+	it('calls removeRole when an existing role is removed', async () => {
+		const onComplete = jest.fn();
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+		const mockRemove = jest.fn().mockResolvedValue({});
+
+		(useRemoveUserRoleByUserIDAndRoleID as jest.Mock).mockReturnValue({
+			mutateAsync: mockRemove,
+			isLoading: false,
+		});
+
+		renderDrawer({ onComplete });
+
+		// Wait for the signoz-admin tag to appear, then click its remove button
+		const adminTag = await screen.findByTitle('signoz-admin');
+		const removeBtn = adminTag.querySelector(
+			'.ant-select-selection-item-remove',
+		) as Element;
+		await user.click(removeBtn);
+
+		const saveBtn = screen.getByRole('button', { name: /save member details/i });
+		await waitFor(() => expect(saveBtn).not.toBeDisabled());
+		await user.click(saveBtn);
+
+		await waitFor(() => {
+			expect(mockRemove).toHaveBeenCalledWith({
+				pathParams: { id: 'user-1', roleId: managedRoles[0].id },
+			});
 			expect(onComplete).toHaveBeenCalled();
 		});
 	});
@@ -239,16 +371,33 @@ describe('EditMemberDrawer', () => {
 		});
 	});
 
-	it('calls update API when saving changes for an invited member', async () => {
+	it('calls updateUser when saving name change for an invited member', async () => {
 		const onComplete = jest.fn();
 		const user = userEvent.setup({ pointerEventsCheck: 0 });
+		const mockMutateAsync = jest.fn().mockResolvedValue({});
 
-		(useUpdateUserDeprecated as jest.Mock).mockImplementation((options) => ({
-			mutate: mockUpdateMutate.mockImplementation(() => {
-				options?.mutation?.onSuccess?.();
-			}),
+		(useGetUser as jest.Mock).mockReturnValue({
+			data: {
+				data: {
+					...mockFetchedUser.data,
+					id: 'abc123',
+					displayName: 'Bob',
+					userRoles: [
+						{
+							id: 'ur-2',
+							roleId: managedRoles[2].id,
+							role: managedRoles[2], // signoz-viewer
+						},
+					],
+				},
+			},
 			isLoading: false,
-		}));
+			refetch: jest.fn(),
+		});
+		(useUpdateUser as jest.Mock).mockReturnValue({
+			mutateAsync: mockMutateAsync,
+			isLoading: false,
+		});
 
 		renderDrawer({ member: { ...invitedMember, name: 'Bob' }, onComplete });
 
@@ -261,12 +410,10 @@ describe('EditMemberDrawer', () => {
 		await user.click(saveBtn);
 
 		await waitFor(() => {
-			expect(mockUpdateMutate).toHaveBeenCalledWith(
-				expect.objectContaining({
-					pathParams: { id: 'abc123' },
-					data: expect.objectContaining({ displayName: 'Bob Updated' }),
-				}),
-			);
+			expect(mockMutateAsync).toHaveBeenCalledWith({
+				pathParams: { id: 'abc123' },
+				data: { displayName: 'Bob Updated' },
+			});
 			expect(onComplete).toHaveBeenCalled();
 		});
 	});
@@ -280,16 +427,13 @@ describe('EditMemberDrawer', () => {
 			} as ReturnType<typeof convertToApiError>);
 		});
 
-		it('shows API error message when updateUser fails', async () => {
+		it('shows SaveErrorItem when updateUser fails for name change', async () => {
 			const user = userEvent.setup({ pointerEventsCheck: 0 });
-			const mockToast = jest.mocked(toast);
 
-			(useUpdateUserDeprecated as jest.Mock).mockImplementation((options) => ({
-				mutate: mockUpdateMutate.mockImplementation(() => {
-					options?.mutation?.onError?.({});
-				}),
+			(useUpdateUser as jest.Mock).mockReturnValue({
+				mutateAsync: jest.fn().mockRejectedValue(new Error('server error')),
 				isLoading: false,
-			}));
+			});
 
 			renderDrawer();
 
@@ -302,10 +446,9 @@ describe('EditMemberDrawer', () => {
 			await user.click(saveBtn);
 
 			await waitFor(() => {
-				expect(mockToast.error).toHaveBeenCalledWith(
-					'Failed to update member details: Something went wrong on server',
-					expect.anything(),
-				);
+				expect(
+					screen.getByText('Name update: Something went wrong on server'),
+				).toBeInTheDocument();
 			});
 		});
 

frontend/src/components/MembersTable/MembersTable.tsx

@@ -4,9 +4,7 @@ import { Table, Tooltip } from 'antd';
 import type { ColumnsType, SorterResult } from 'antd/es/table/interface';
 import { DATE_TIME_FORMATS } from 'constants/dateTimeFormats';
 import { MemberStatus } from 'container/MembersSettings/utils';
-import { capitalize } from 'lodash-es';
 import { useTimezone } from 'providers/Timezone';
-import { ROLES } from 'types/roles';
 
 import './MembersTable.styles.scss';
 
@@ -14,7 +12,6 @@ export interface MemberRow {
 	id: string;
 	name?: string;
 	email: string;
-	role: ROLES;
 	status: MemberStatus;
 	joinedOn: string | null;
 	updatedAt?: string | null;
@@ -141,17 +138,6 @@ function MembersTable({
 				<NameEmailCell name={record.name} email={record.email} />
 			),
 		},
-		{
-			title: 'Roles',
-			dataIndex: 'role',
-			key: 'role',
-			width: 180,
-			sorter: (a, b): number => a.role.localeCompare(b.role),
-			render: (role: ROLES): JSX.Element => (
-				<Badge color="vanilla">{capitalize(role)}</Badge>
-			),
-		},
-
 		{
 			title: 'Status',
 			dataIndex: 'status',

frontend/src/components/MembersTable/__tests__/MembersTable.test.tsx

@@ -1,6 +1,5 @@
 import { MemberStatus } from 'container/MembersSettings/utils';
 import { render, screen, userEvent } from 'tests/test-utils';
-import { ROLES } from 'types/roles';
 
 import MembersTable, { MemberRow } from '../MembersTable';
 
@@ -9,7 +8,6 @@ const mockActiveMembers: MemberRow[] = [
 		id: 'user-1',
 		name: 'Alice Smith',
 		email: 'alice@signoz.io',
-		role: 'ADMIN' as ROLES,
 		status: MemberStatus.Active,
 		joinedOn: '1700000000000',
 	},
@@ -17,7 +15,6 @@ const mockActiveMembers: MemberRow[] = [
 		id: 'user-2',
 		name: 'Bob Jones',
 		email: 'bob@signoz.io',
-		role: 'VIEWER' as ROLES,
 		status: MemberStatus.Active,
 		joinedOn: null,
 	},
@@ -27,7 +24,6 @@ const mockInvitedMember: MemberRow = {
 	id: 'inv-abc',
 	name: '',
 	email: 'charlie@signoz.io',
-	role: 'EDITOR' as ROLES,
 	status: MemberStatus.Invited,
 	joinedOn: null,
 };
@@ -47,12 +43,11 @@ describe('MembersTable', () => {
 		jest.clearAllMocks();
 	});
 
-	it('renders member rows with name, email, role badge, and ACTIVE status', () => {
+	it('renders member rows with name, email, and ACTIVE status', () => {
 		render(<MembersTable {...defaultProps} data={mockActiveMembers} />);
 
 		expect(screen.getByText('Alice Smith')).toBeInTheDocument();
 		expect(screen.getByText('alice@signoz.io')).toBeInTheDocument();
-		expect(screen.getByText('Admin')).toBeInTheDocument();
 		expect(screen.getAllByText('ACTIVE')).toHaveLength(2);
 	});
 
@@ -67,7 +62,6 @@ describe('MembersTable', () => {
 
 		expect(screen.getByText('INVITED')).toBeInTheDocument();
 		expect(screen.getByText('charlie@signoz.io')).toBeInTheDocument();
-		expect(screen.getByText('Editor')).toBeInTheDocument();
 	});
 
 	it('calls onRowClick with the member data when a row is clicked', async () => {
@@ -99,7 +93,6 @@ describe('MembersTable', () => {
 			id: 'user-del',
 			name: 'Dave Deleted',
 			email: 'dave@signoz.io',
-			role: 'VIEWER' as ROLES,
 			status: MemberStatus.Deleted,
 			joinedOn: null,
 		};

frontend/src/components/RolesSelect/RolesSelect.tsx

@@ -34,7 +34,7 @@ export function useRoles(): {
 export function getRoleOptions(roles: AuthtypesRoleDTO[]): RoleOption[] {
 	return roles.map((role) => ({
 		label: role.name ?? '',
-		value: role.name ?? '',
+		value: role.id ?? '',
 	}));
 }
 

frontend/src/components/ServiceAccountDrawer/DeleteAccountModal.tsx

@@ -1,13 +1,13 @@
 import { useQueryClient } from 'react-query';
 import { Button } from '@signozhq/button';
 import { DialogFooter, DialogWrapper } from '@signozhq/dialog';
-import { PowerOff, X } from '@signozhq/icons';
+import { Trash2, X } from '@signozhq/icons';
 import { toast } from '@signozhq/sonner';
 import { convertToApiError } from 'api/ErrorResponseHandlerForGeneratedAPIs';
 import {
 	getGetServiceAccountQueryKey,
 	invalidateListServiceAccounts,
-	useUpdateServiceAccountStatus,
+	useDeleteServiceAccount,
 } from 'api/generated/services/serviceaccount';
 import type {
 	RenderErrorResponseDTO,
@@ -17,14 +17,14 @@ import { AxiosError } from 'axios';
 import { SA_QUERY_PARAMS } from 'container/ServiceAccountsSettings/constants';
 import { parseAsBoolean, useQueryState } from 'nuqs';
 
-function DisableAccountModal(): JSX.Element {
+function DeleteAccountModal(): JSX.Element {
 	const queryClient = useQueryClient();
 	const [accountId, setAccountId] = useQueryState(SA_QUERY_PARAMS.ACCOUNT);
-	const [isDisableOpen, setIsDisableOpen] = useQueryState(
-		SA_QUERY_PARAMS.DISABLE_SA,
+	const [isDeleteOpen, setIsDeleteOpen] = useQueryState(
+		SA_QUERY_PARAMS.DELETE_SA,
 		parseAsBoolean.withDefault(false),
 	);
-	const open = !!isDisableOpen && !!accountId;
+	const open = !!isDeleteOpen && !!accountId;
 
 	const cachedAccount = accountId
 		? queryClient.getQueryData<{
@@ -34,13 +34,13 @@ function DisableAccountModal(): JSX.Element {
 	const accountName = cachedAccount?.data?.name;
 
 	const {
-		mutate: updateStatus,
-		isLoading: isDisabling,
-	} = useUpdateServiceAccountStatus({
+		mutate: deleteAccount,
+		isLoading: isDeleting,
+	} = useDeleteServiceAccount({
 		mutation: {
 			onSuccess: async () => {
-				toast.success('Service account disabled', { richColors: true });
-				await setIsDisableOpen(null);
+				toast.success('Service account deleted', { richColors: true });
+				await setIsDeleteOpen(null);
 				await setAccountId(null);
 				await invalidateListServiceAccounts(queryClient);
 			},
@@ -48,7 +48,7 @@ function DisableAccountModal(): JSX.Element {
 				const errMessage =
 					convertToApiError(
 						error as AxiosError<RenderErrorResponseDTO, unknown> | null,
-					)?.getErrorMessage() || 'Failed to disable service account';
+					)?.getErrorMessage() || 'Failed to delete service account';
 				toast.error(errMessage, { richColors: true });
 			},
 		},
@@ -58,14 +58,13 @@ function DisableAccountModal(): JSX.Element {
 		if (!accountId) {
 			return;
 		}
-		updateStatus({
+		deleteAccount({
 			pathParams: { id: accountId },
-			data: { status: 'DISABLED' },
 		});
 	}
 
 	function handleCancel(): void {
-		setIsDisableOpen(null);
+		setIsDeleteOpen(null);
 	}
 
 	return (
@@ -76,17 +75,18 @@ function DisableAccountModal(): JSX.Element {
 					handleCancel();
 				}
 			}}
-			title={`Disable service account ${accountName ?? ''}?`}
+			title={`Delete service account ${accountName ?? ''}?`}
 			width="narrow"
-			className="alert-dialog sa-disable-dialog"
+			className="alert-dialog sa-delete-dialog"
 			showCloseButton={false}
 			disableOutsideClick={false}
 		>
-			<p className="sa-disable-dialog__body">
-				Disabling this service account will revoke access for all its keys. Any
-				systems using this account will lose access immediately.
+			<p className="sa-delete-dialog__body">
+				Are you sure you want to delete <strong>{accountName}</strong>? This action
+				cannot be undone. All keys associated with this service account will be
+				permanently removed.
 			</p>
-			<DialogFooter className="sa-disable-dialog__footer">
+			<DialogFooter className="sa-delete-dialog__footer">
 				<Button variant="solid" color="secondary" size="sm" onClick={handleCancel}>
 					<X size={12} />
 					Cancel
@@ -95,15 +95,15 @@ function DisableAccountModal(): JSX.Element {
 					variant="solid"
 					color="destructive"
 					size="sm"
-					loading={isDisabling}
+					loading={isDeleting}
 					onClick={handleConfirm}
 				>
-					<PowerOff size={12} />
-					Disable
+					<Trash2 size={12} />
+					Delete
 				</Button>
 			</DialogFooter>
 		</DialogWrapper>
 	);
 }
 
-export default DisableAccountModal;
+export default DeleteAccountModal;

frontend/src/components/ServiceAccountDrawer/EditKeyModal/EditKeyForm.tsx

@@ -6,7 +6,7 @@ import { LockKeyhole, Trash2, X } from '@signozhq/icons';
 import { Input } from '@signozhq/input';
 import { ToggleGroup, ToggleGroupItem } from '@signozhq/toggle-group';
 import { DatePicker } from 'antd';
-import type { ServiceaccounttypesFactorAPIKeyDTO } from 'api/generated/services/sigNoz.schemas';
+import type { ServiceaccounttypesGettableFactorAPIKeyDTO } from 'api/generated/services/sigNoz.schemas';
 import { popupContainer } from 'utils/selectPopupContainer';
 
 import { disabledDate, formatLastObservedAt } from '../utils';
@@ -17,7 +17,7 @@ export interface EditKeyFormProps {
 	register: UseFormRegister<FormValues>;
 	control: Control<FormValues>;
 	expiryMode: ExpiryMode;
-	keyItem: ServiceaccounttypesFactorAPIKeyDTO | null;
+	keyItem: ServiceaccounttypesGettableFactorAPIKeyDTO | null;
 	isSaving: boolean;
 	isDirty: boolean;
 	onSubmit: () => void;

frontend/src/components/ServiceAccountDrawer/EditKeyModal/index.tsx

@@ -11,7 +11,7 @@ import {
 } from 'api/generated/services/serviceaccount';
 import type {
 	RenderErrorResponseDTO,
-	ServiceaccounttypesFactorAPIKeyDTO,
+	ServiceaccounttypesGettableFactorAPIKeyDTO,
 } from 'api/generated/services/sigNoz.schemas';
 import { AxiosError } from 'axios';
 import { SA_QUERY_PARAMS } from 'container/ServiceAccountsSettings/constants';
@@ -27,7 +27,7 @@ import { DEFAULT_FORM_VALUES, ExpiryMode } from './types';
 import './EditKeyModal.styles.scss';
 
 export interface EditKeyModalProps {
-	keyItem: ServiceaccounttypesFactorAPIKeyDTO | null;
+	keyItem: ServiceaccounttypesGettableFactorAPIKeyDTO | null;
 }
 
 function EditKeyModal({ keyItem }: EditKeyModalProps): JSX.Element {

frontend/src/components/ServiceAccountDrawer/KeysTab.tsx

@@ -3,7 +3,7 @@ import { Button } from '@signozhq/button';
 import { KeyRound, X } from '@signozhq/icons';
 import { Skeleton, Table, Tooltip } from 'antd';
 import type { ColumnsType } from 'antd/es/table/interface';
-import type { ServiceaccounttypesFactorAPIKeyDTO } from 'api/generated/services/sigNoz.schemas';
+import type { ServiceaccounttypesGettableFactorAPIKeyDTO } from 'api/generated/services/sigNoz.schemas';
 import { DATE_TIME_FORMATS } from 'constants/dateTimeFormats';
 import dayjs from 'dayjs';
 import { parseAsBoolean, parseAsString, useQueryState } from 'nuqs';
@@ -14,7 +14,7 @@ import RevokeKeyModal from './RevokeKeyModal';
 import { formatLastObservedAt } from './utils';
 
 interface KeysTabProps {
-	keys: ServiceaccounttypesFactorAPIKeyDTO[];
+	keys: ServiceaccounttypesGettableFactorAPIKeyDTO[];
 	isLoading: boolean;
 	isDisabled?: boolean;
 	currentPage: number;
@@ -44,7 +44,7 @@ function buildColumns({
 	isDisabled,
 	onRevokeClick,
 	handleformatLastObservedAt,
-}: BuildColumnsParams): ColumnsType<ServiceaccounttypesFactorAPIKeyDTO> {
+}: BuildColumnsParams): ColumnsType<ServiceaccounttypesGettableFactorAPIKeyDTO> {
 	return [
 		{
 			title: 'Name',
@@ -183,7 +183,7 @@ function KeysTab({
 	return (
 		<>
 			{/* Todo: use new table component from periscope when ready */}
-			<Table<ServiceaccounttypesFactorAPIKeyDTO>
+			<Table<ServiceaccounttypesGettableFactorAPIKeyDTO>
 				columns={columns}
 				dataSource={keys}
 				rowKey="id"

frontend/src/components/ServiceAccountDrawer/OverviewTab.tsx

@@ -9,6 +9,9 @@ import { ServiceAccountRow } from 'container/ServiceAccountsSettings/utils';
 import { useTimezone } from 'providers/Timezone';
 import APIError from 'types/api/error';
 
+import SaveErrorItem from './SaveErrorItem';
+import type { SaveError } from './utils';
+
 interface OverviewTabProps {
 	account: ServiceAccountRow;
 	localName: string;
@@ -21,6 +24,7 @@ interface OverviewTabProps {
 	rolesError?: boolean;
 	rolesErrorObj?: APIError | undefined;
 	onRefetchRoles?: () => void;
+	saveErrors?: SaveError[];
 }
 
 function OverviewTab({
@@ -35,6 +39,7 @@ function OverviewTab({
 	rolesError,
 	rolesErrorObj,
 	onRefetchRoles,
+	saveErrors = [],
 }: OverviewTabProps): JSX.Element {
 	const { formatTimezoneAdjustedTimestamp } = useTimezone();
 
@@ -92,11 +97,14 @@ function OverviewTab({
 					<div className="sa-drawer__input-wrapper sa-drawer__input-wrapper--disabled">
 						<div className="sa-drawer__disabled-roles">
 							{localRoles.length > 0 ? (
-								localRoles.map((r) => (
-									<Badge key={r} color="vanilla">
-										{r}
-									</Badge>
-								))
+								localRoles.map((roleId) => {
+									const role = availableRoles.find((r) => r.id === roleId);
+									return (
+										<Badge key={roleId} color="vanilla">
+											{role?.name ?? roleId}
+										</Badge>
+									);
+								})
 							) : (
 								<span className="sa-drawer__input-text">—</span>
 							)}
@@ -126,9 +134,13 @@ function OverviewTab({
 						<Badge color="forest" variant="outline">
 							ACTIVE
 						</Badge>
+					) : account.status?.toUpperCase() === 'DELETED' ? (
+						<Badge color="cherry" variant="outline">
+							DELETED
+						</Badge>
 					) : (
 						<Badge color="vanilla" variant="outline" className="sa-status-badge">
-							DISABLED
+							{account.status ? account.status.toUpperCase() : 'UNKNOWN'}
 						</Badge>
 					)}
 				</div>
@@ -143,6 +155,19 @@ function OverviewTab({
 					<Badge color="vanilla">{formatTimestamp(account.updatedAt)}</Badge>
 				</div>
 			</div>
+
+			{saveErrors.length > 0 && (
+				<div className="sa-drawer__save-errors">
+					{saveErrors.map(({ context, apiError, onRetry }) => (
+						<SaveErrorItem
+							key={context}
+							context={context}
+							apiError={apiError}
+							onRetry={onRetry}
+						/>
+					))}
+				</div>
+			)}
 		</>
 	);
 }

frontend/src/components/ServiceAccountDrawer/RevokeKeyModal.tsx

@@ -11,7 +11,7 @@ import {
 } from 'api/generated/services/serviceaccount';
 import type {
 	RenderErrorResponseDTO,
-	ServiceaccounttypesFactorAPIKeyDTO,
+	ServiceaccounttypesGettableFactorAPIKeyDTO,
 } from 'api/generated/services/sigNoz.schemas';
 import { AxiosError } from 'axios';
 import { SA_QUERY_PARAMS } from 'container/ServiceAccountsSettings/constants';
@@ -64,9 +64,9 @@ function RevokeKeyModal(): JSX.Element {
 	const open = !!revokeKeyId && !!accountId;
 
 	const cachedKeys = accountId
-		? queryClient.getQueryData<{ data: ServiceaccounttypesFactorAPIKeyDTO[] }>(
-				getListServiceAccountKeysQueryKey({ id: accountId }),
-		  )
+		? queryClient.getQueryData<{
+				data: ServiceaccounttypesGettableFactorAPIKeyDTO[];
+		  }>(getListServiceAccountKeysQueryKey({ id: accountId }))
 		: null;
 	const keyName = cachedKeys?.data?.find((k) => k.id === revokeKeyId)?.name;
 

frontend/src/components/ServiceAccountDrawer/SaveErrorItem.tsx

@@ -0,0 +1,74 @@
+import { useState } from 'react';
+import { Button } from '@signozhq/button';
+import { Color } from '@signozhq/design-tokens';
+import { ChevronDown, ChevronUp, CircleAlert, RotateCw } from '@signozhq/icons';
+import ErrorContent from 'components/ErrorModal/components/ErrorContent';
+import APIError from 'types/api/error';
+
+interface SaveErrorItemProps {
+	context: string;
+	apiError: APIError;
+	onRetry?: () => void | Promise<void>;
+}
+
+function SaveErrorItem({
+	context,
+	apiError,
+	onRetry,
+}: SaveErrorItemProps): JSX.Element {
+	const [expanded, setExpanded] = useState(false);
+	const [isRetrying, setIsRetrying] = useState(false);
+
+	const ChevronIcon = expanded ? ChevronUp : ChevronDown;
+
+	return (
+		<div className="sa-error-item">
+			<div
+				role="button"
+				tabIndex={0}
+				className="sa-error-item__header"
+				aria-disabled={isRetrying}
+				onClick={(): void => {
+					if (!isRetrying) {
+						setExpanded((prev) => !prev);
+					}
+				}}
+			>
+				<CircleAlert size={12} className="sa-error-item__icon" />
+				<span className="sa-error-item__title">
+					{isRetrying ? 'Retrying...' : `${context}: ${apiError.getErrorMessage()}`}
+				</span>
+				{onRetry && !isRetrying && (
+					<Button
+						type="button"
+						aria-label="Retry"
+						size="xs"
+						onClick={async (e): Promise<void> => {
+							e.stopPropagation();
+							setIsRetrying(true);
+							setExpanded(false);
+							try {
+								await onRetry();
+							} finally {
+								setIsRetrying(false);
+							}
+						}}
+					>
+						<RotateCw size={12} color={Color.BG_CHERRY_400} />
+					</Button>
+				)}
+				{!isRetrying && (
+					<ChevronIcon size={14} className="sa-error-item__chevron" />
+				)}
+			</div>
+
+			{expanded && !isRetrying && (
+				<div className="sa-error-item__body">
+					<ErrorContent error={apiError} />
+				</div>
+			)}
+		</div>
+	);
+}
+
+export default SaveErrorItem;

frontend/src/components/ServiceAccountDrawer/ServiceAccountDrawer.styles.scss

@@ -92,6 +92,23 @@
 		display: flex;
 		flex-direction: column;
 		gap: var(--spacing-8);
+
+		&::-webkit-scrollbar {
+			width: 0.25rem;
+		}
+
+		&::-webkit-scrollbar-thumb {
+			background: rgba(136, 136, 136, 0.4);
+			border-radius: 0.125rem;
+
+			&:hover {
+				background: rgba(136, 136, 136, 0.7);
+			}
+		}
+
+		&::-webkit-scrollbar-track {
+			background: transparent;
+		}
 	}
 
 	&__footer {
@@ -239,6 +256,113 @@
 		letter-spacing: 0.48px;
 		text-transform: uppercase;
 	}
+
+	&__save-errors {
+		display: flex;
+		flex-direction: column;
+		gap: var(--spacing-2);
+	}
+}
+
+.sa-error-item {
+	border: 1px solid var(--l1-border);
+	border-radius: 4px;
+	overflow: hidden;
+
+	&__header {
+		display: flex;
+		align-items: center;
+		gap: var(--spacing-3);
+		width: 100%;
+		padding: var(--padding-2) var(--padding-4);
+		background: transparent;
+		border: none;
+		cursor: pointer;
+		text-align: left;
+		outline: none;
+
+		&:hover {
+			background: rgba(229, 72, 77, 0.08);
+		}
+
+		&:focus-visible {
+			outline: 2px solid var(--primary);
+			outline-offset: -2px;
+		}
+
+		&[aria-disabled='true'] {
+			cursor: default;
+			pointer-events: none;
+		}
+	}
+
+	&:hover {
+		border-color: var(--callout-error-border);
+	}
+
+	&__icon {
+		flex-shrink: 0;
+		color: var(--bg-cherry-500);
+	}
+
+	&__title {
+		flex: 1;
+		min-width: 0;
+		font-size: var(--font-size-xs);
+		font-weight: var(--font-weight-medium);
+		color: var(--bg-cherry-500);
+		line-height: var(--line-height-18);
+		letter-spacing: -0.06px;
+		text-align: left;
+		white-space: nowrap;
+		overflow: hidden;
+		text-overflow: ellipsis;
+	}
+
+	&__chevron {
+		flex-shrink: 0;
+		color: var(--l2-foreground);
+	}
+
+	&__body {
+		border-top: 1px solid var(--l1-border);
+
+		.error-content {
+			&__summary {
+				padding: 10px 12px;
+			}
+
+			&__summary-left {
+				gap: 6px;
+			}
+
+			&__error-code {
+				font-size: 12px;
+				line-height: 18px;
+			}
+
+			&__error-message {
+				font-size: 11px;
+				line-height: 16px;
+			}
+
+			&__docs-button {
+				font-size: 11px;
+				padding: 5px 8px;
+			}
+
+			&__message-badge {
+				padding: 0 12px 10px;
+				gap: 8px;
+			}
+
+			&__message-item {
+				font-size: 11px;
+				padding: 2px 12px 2px 22px;
+				margin-bottom: 2px;
+			}
+		}
+	}
 }
 
 .keys-tab {
@@ -429,7 +553,7 @@
 	}
 }
 
-.sa-disable-dialog {
+.sa-delete-dialog {
 	background: var(--l2-background);
 	border: 1px solid var(--l2-border);
 

frontend/src/components/ServiceAccountDrawer/ServiceAccountDrawer.tsx

@@ -1,25 +1,29 @@
 import { useCallback, useEffect, useMemo, useState } from 'react';
+import { useQueryClient } from 'react-query';
 import { Button } from '@signozhq/button';
 import { DrawerWrapper } from '@signozhq/drawer';
-import { Key, LayoutGrid, Plus, PowerOff, X } from '@signozhq/icons';
+import { Key, LayoutGrid, Plus, Trash2, X } from '@signozhq/icons';
 import { toast } from '@signozhq/sonner';
 import { ToggleGroup, ToggleGroupItem } from '@signozhq/toggle-group';
 import { Pagination, Skeleton } from 'antd';
 import { convertToApiError } from 'api/ErrorResponseHandlerForGeneratedAPIs';
 import {
+	getListServiceAccountsQueryKey,
 	useGetServiceAccount,
 	useListServiceAccountKeys,
 	useUpdateServiceAccount,
 } from 'api/generated/services/serviceaccount';
-import { RenderErrorResponseDTO } from 'api/generated/services/sigNoz.schemas';
+import type { RenderErrorResponseDTO } from 'api/generated/services/sigNoz.schemas';
 import { AxiosError } from 'axios';
 import ErrorInPlace from 'components/ErrorInPlace/ErrorInPlace';
 import { useRoles } from 'components/RolesSelect';
 import { SA_QUERY_PARAMS } from 'container/ServiceAccountsSettings/constants';
 import {
 	ServiceAccountRow,
+	ServiceAccountStatus,
 	toServiceAccountRow,
 } from 'container/ServiceAccountsSettings/utils';
+import { useServiceAccountRoleManager } from 'hooks/serviceAccount/useServiceAccountRoleManager';
 import {
 	parseAsBoolean,
 	parseAsInteger,
@@ -27,12 +31,14 @@ import {
 	parseAsStringEnum,
 	useQueryState,
 } from 'nuqs';
+import APIError from 'types/api/error';
 import { toAPIError } from 'utils/errorUtils';
 
 import AddKeyModal from './AddKeyModal';
-import DisableAccountModal from './DisableAccountModal';
+import DeleteAccountModal from './DeleteAccountModal';
 import KeysTab from './KeysTab';
 import OverviewTab from './OverviewTab';
+import type { SaveError } from './utils';
 import { ServiceAccountDrawerTab } from './utils';
 
 import './ServiceAccountDrawer.styles.scss';
@@ -69,12 +75,16 @@ function ServiceAccountDrawer({
 		SA_QUERY_PARAMS.ADD_KEY,
 		parseAsBoolean.withDefault(false),
 	);
-	const [, setIsDisableOpen] = useQueryState(
-		SA_QUERY_PARAMS.DISABLE_SA,
+	const [, setIsDeleteOpen] = useQueryState(
+		SA_QUERY_PARAMS.DELETE_SA,
 		parseAsBoolean.withDefault(false),
 	);
 	const [localName, setLocalName] = useState('');
 	const [localRoles, setLocalRoles] = useState<string[]>([]);
+	const [isSaving, setIsSaving] = useState(false);
+	const [saveErrors, setSaveErrors] = useState<SaveError[]>([]);
+
+	const queryClient = useQueryClient();
 
 	const {
 		data: accountData,
@@ -93,21 +103,30 @@ function ServiceAccountDrawer({
 		[accountData],
 	);
 
+	const { currentRoles, applyDiff } = useServiceAccountRoleManager(
+		selectedAccountId ?? '',
+	);
+
 	useEffect(() => {
-		if (account) {
-			setLocalName(account.name ?? '');
-			setLocalRoles(account.roles ?? []);
+		if (account?.id) {
+			setLocalName(account?.name ?? '');
 			setKeysPage(1);
 		}
-		// eslint-disable-next-line react-hooks/exhaustive-deps
-	}, [account?.id]);
+		setSaveErrors([]);
+	}, [account?.id, account?.name, setKeysPage]);
 
-	const isDisabled = account?.status?.toUpperCase() !== 'ACTIVE';
+	useEffect(() => {
+		setLocalRoles(currentRoles.map((r) => r.id).filter(Boolean) as string[]);
+	}, [currentRoles]);
+
+	const isDeleted =
+		account?.status?.toUpperCase() === ServiceAccountStatus.Deleted;
 
 	const isDirty =
 		account !== null &&
 		(localName !== (account.name ?? '') ||
-			JSON.stringify(localRoles) !== JSON.stringify(account.roles ?? []));
+			JSON.stringify([...localRoles].sort()) !==
+				JSON.stringify([...currentRoles.map((r) => r.id).filter(Boolean)].sort()));
 
 	const {
 		roles: availableRoles,
@@ -133,51 +152,189 @@ function ServiceAccountDrawer({
 		}
 	}, [keysLoading, keys.length, keysPage, setKeysPage]);
 
-	const { mutate: updateAccount, isLoading: isSaving } = useUpdateServiceAccount(
-		{
-			mutation: {
-				onSuccess: () => {
-					toast.success('Service account updated successfully', {
-						richColors: true,
-					});
-					refetchAccount();
-					onSuccess({ closeDrawer: false });
-				},
-				onError: (error) => {
-					const errMessage =
-						convertToApiError(
-							error as AxiosError<RenderErrorResponseDTO, unknown> | null,
-						)?.getErrorMessage() || 'Failed to update service account';
-					toast.error(errMessage, { richColors: true });
-				},
-			},
-		},
+	// the retry for this mutation is safe due to the api being idempotent on backend
+	const { mutateAsync: updateMutateAsync } = useUpdateServiceAccount();
+
+	const toSaveApiError = useCallback(
+		(err: unknown): APIError =>
+			convertToApiError(err as AxiosError<RenderErrorResponseDTO>) ??
+			toAPIError(err as AxiosError<RenderErrorResponseDTO>),
+		[],
 	);
 
-	function handleSave(): void {
+	const retryNameUpdate = useCallback(async (): Promise<void> => {
+		if (!account) {
+			return;
+		}
+		try {
+			await updateMutateAsync({
+				pathParams: { id: account.id },
+				data: { name: localName },
+			});
+			setSaveErrors((prev) => prev.filter((e) => e.context !== 'Name update'));
+			refetchAccount();
+			queryClient.invalidateQueries(getListServiceAccountsQueryKey());
+		} catch (err) {
+			setSaveErrors((prev) =>
+				prev.map((e) =>
+					e.context === 'Name update' ? { ...e, apiError: toSaveApiError(err) } : e,
+				),
+			);
+		}
+	}, [
+		account,
+		localName,
+		updateMutateAsync,
+		refetchAccount,
+		queryClient,
+		toSaveApiError,
+	]);
+
+	const handleNameChange = useCallback((name: string): void => {
+		setLocalName(name);
+		setSaveErrors((prev) => prev.filter((e) => e.context !== 'Name update'));
+	}, []);
+
+	const makeRoleRetry = useCallback(
+		(
+			context: string,
+			rawRetry: () => Promise<void>,
+		) => async (): Promise<void> => {
+			try {
+				await rawRetry();
+				setSaveErrors((prev) => prev.filter((e) => e.context !== context));
+			} catch (err) {
+				setSaveErrors((prev) =>
+					prev.map((e) =>
+						e.context === context ? { ...e, apiError: toSaveApiError(err) } : e,
+					),
+				);
+			}
+		},
+		[toSaveApiError],
+	);
+
+	const retryRolesUpdate = useCallback(async (): Promise<void> => {
+		try {
+			const failures = await applyDiff(localRoles, availableRoles);
+			if (failures.length === 0) {
+				setSaveErrors((prev) => prev.filter((e) => e.context !== 'Roles update'));
+			} else {
+				setSaveErrors((prev) => {
+					const rest = prev.filter((e) => e.context !== 'Roles update');
+					const roleErrors = failures.map((f) => {
+						const ctx = `Role '${f.roleName}'`;
+						return {
+							context: ctx,
+							apiError: toSaveApiError(f.error),
+							onRetry: makeRoleRetry(ctx, f.onRetry),
+						};
+					});
+					return [...rest, ...roleErrors];
+				});
+			}
+		} catch (err) {
+			setSaveErrors((prev) =>
+				prev.map((e) =>
+					e.context === 'Roles update' ? { ...e, apiError: toSaveApiError(err) } : e,
+				),
+			);
+		}
+	}, [localRoles, availableRoles, applyDiff, toSaveApiError, makeRoleRetry]);
+
+	const handleSave = useCallback(async (): Promise<void> => {
 		if (!account || !isDirty) {
 			return;
 		}
-		updateAccount({
-			pathParams: { id: account.id },
-			data: { name: localName, email: account.email, roles: localRoles },
-		});
-	}
+		setSaveErrors([]);
+		setIsSaving(true);
+		try {
+			const namePromise =
+				localName !== (account.name ?? '')
+					? updateMutateAsync({
+							pathParams: { id: account.id },
+							data: { name: localName },
+					  })
+					: Promise.resolve();
+
+			const [nameResult, rolesResult] = await Promise.allSettled([
+				namePromise,
+				applyDiff(localRoles, availableRoles),
+			]);
+
+			const errors: SaveError[] = [];
+
+			if (nameResult.status === 'rejected') {
+				errors.push({
+					context: 'Name update',
+					apiError: toSaveApiError(nameResult.reason),
+					onRetry: retryNameUpdate,
+				});
+			}
+
+			if (rolesResult.status === 'rejected') {
+				errors.push({
+					context: 'Roles update',
+					apiError: toSaveApiError(rolesResult.reason),
+					onRetry: retryRolesUpdate,
+				});
+			} else {
+				for (const failure of rolesResult.value) {
+					const context = `Role '${failure.roleName}'`;
+					errors.push({
+						context,
+						apiError: toSaveApiError(failure.error),
+						onRetry: makeRoleRetry(context, failure.onRetry),
+					});
+				}
+			}
+
+			if (errors.length > 0) {
+				setSaveErrors(errors);
+			} else {
+				toast.success('Service account updated successfully', {
+					richColors: true,
+				});
+				onSuccess({ closeDrawer: false });
+			}
+
+			refetchAccount();
+			queryClient.invalidateQueries(getListServiceAccountsQueryKey());
+		} finally {
+			setIsSaving(false);
+		}
+	}, [
+		account,
+		isDirty,
+		localName,
+		localRoles,
+		availableRoles,
+		updateMutateAsync,
+		applyDiff,
+		refetchAccount,
+		onSuccess,
+		queryClient,
+		toSaveApiError,
+		retryNameUpdate,
+		makeRoleRetry,
+		retryRolesUpdate,
+	]);
 
 	const handleClose = useCallback((): void => {
-		setIsDisableOpen(null);
+		setIsDeleteOpen(null);
 		setIsAddKeyOpen(null);
 		setSelectedAccountId(null);
 		setActiveTab(null);
 		setKeysPage(null);
 		setEditKeyId(null);
+		setSaveErrors([]);
 	}, [
 		setSelectedAccountId,
 		setActiveTab,
 		setKeysPage,
 		setEditKeyId,
 		setIsAddKeyOpen,
-		setIsDisableOpen,
+		setIsDeleteOpen,
 	]);
 
 	const drawerContent = (
@@ -220,7 +377,7 @@ function ServiceAccountDrawer({
 						variant="outlined"
 						size="sm"
 						color="secondary"
-						disabled={isDisabled}
+						disabled={isDeleted}
 						onClick={(): void => {
 							setIsAddKeyOpen(true);
 						}}
@@ -251,22 +408,23 @@ function ServiceAccountDrawer({
 							<OverviewTab
 								account={account}
 								localName={localName}
-								onNameChange={setLocalName}
+								onNameChange={handleNameChange}
 								localRoles={localRoles}
 								onRolesChange={setLocalRoles}
-								isDisabled={isDisabled}
+								isDisabled={isDeleted}
 								availableRoles={availableRoles}
 								rolesLoading={rolesLoading}
 								rolesError={rolesError}
 								rolesErrorObj={rolesErrorObj}
 								onRefetchRoles={refetchRoles}
+								saveErrors={saveErrors}
 							/>
 						)}
 						{activeTab === ServiceAccountDrawerTab.Keys && (
 							<KeysTab
 								keys={keys}
 								isLoading={keysLoading}
-								isDisabled={isDisabled}
+								isDisabled={isDeleted}
 								currentPage={keysPage}
 								pageSize={PAGE_SIZE}
 							/>
@@ -298,20 +456,20 @@ function ServiceAccountDrawer({
 					/>
 				) : (
 					<>
-						{!isDisabled && (
+						{!isDeleted && (
 							<Button
 								variant="ghost"
 								color="destructive"
 								className="sa-drawer__footer-btn"
 								onClick={(): void => {
-									setIsDisableOpen(true);
+									setIsDeleteOpen(true);
 								}}
 							>
-								<PowerOff size={12} />
-								Disable Service Account
+								<Trash2 size={12} />
+								Delete Service Account
 							</Button>
 						)}
-						{!isDisabled && (
+						{!isDeleted && (
 							<div className="sa-drawer__footer-right">
 								<Button
 									variant="solid"
@@ -359,7 +517,7 @@ function ServiceAccountDrawer({
 				className="sa-drawer"
 			/>
 
-			<DisableAccountModal />
+			<DeleteAccountModal />
 
 			<AddKeyModal />
 		</>

frontend/src/components/ServiceAccountDrawer/__tests__/EditKeyModal.test.tsx

@@ -1,5 +1,5 @@
 import { toast } from '@signozhq/sonner';
-import type { ServiceaccounttypesFactorAPIKeyDTO } from 'api/generated/services/sigNoz.schemas';
+import type { ServiceaccounttypesGettableFactorAPIKeyDTO } from 'api/generated/services/sigNoz.schemas';
 import { rest, server } from 'mocks-server/server';
 import { NuqsTestingAdapter } from 'nuqs/adapters/testing';
 import { render, screen, userEvent, waitFor } from 'tests/test-utils';
@@ -14,17 +14,16 @@ const mockToast = jest.mocked(toast);
 
 const SA_KEY_ENDPOINT = '*/api/v1/service_accounts/sa-1/keys/key-1';
 
-const mockKey: ServiceaccounttypesFactorAPIKeyDTO = {
+const mockKey: ServiceaccounttypesGettableFactorAPIKeyDTO = {
 	id: 'key-1',
 	name: 'Original Key Name',
 	expiresAt: 0,
 	lastObservedAt: null as any,
-	key: 'snz_abc123',
 	serviceAccountId: 'sa-1',
 };
 
 function renderModal(
-	keyItem: ServiceaccounttypesFactorAPIKeyDTO | null = mockKey,
+	keyItem: ServiceaccounttypesGettableFactorAPIKeyDTO | null = mockKey,
 	searchParams: Record<string, string> = {
 		account: 'sa-1',
 		'edit-key': 'key-1',

frontend/src/components/ServiceAccountDrawer/__tests__/KeysTab.test.tsx

@@ -1,5 +1,5 @@
 import { toast } from '@signozhq/sonner';
-import { ServiceaccounttypesFactorAPIKeyDTO } from 'api/generated/services/sigNoz.schemas';
+import { ServiceaccounttypesGettableFactorAPIKeyDTO } from 'api/generated/services/sigNoz.schemas';
 import { rest, server } from 'mocks-server/server';
 import { NuqsTestingAdapter } from 'nuqs/adapters/testing';
 import { render, screen, userEvent, waitFor } from 'tests/test-utils';
@@ -14,13 +14,12 @@ const mockToast = jest.mocked(toast);
 
 const SA_KEY_ENDPOINT = '*/api/v1/service_accounts/sa-1/keys/:fid';
 
-const keys: ServiceaccounttypesFactorAPIKeyDTO[] = [
+const keys: ServiceaccounttypesGettableFactorAPIKeyDTO[] = [
 	{
 		id: 'key-1',
 		name: 'Production Key',
 		expiresAt: 0,
 		lastObservedAt: null as any,
-		key: 'snz_prod_123',
 		serviceAccountId: 'sa-1',
 	},
 	{
@@ -28,7 +27,6 @@ const keys: ServiceaccounttypesFactorAPIKeyDTO[] = [
 		name: 'Staging Key',
 		expiresAt: 1924905600, // 2030-12-31
 		lastObservedAt: new Date('2026-03-10T10:00:00Z'),
-		key: 'snz_stag_456',
 		serviceAccountId: 'sa-1',
 	},
 ];

frontend/src/components/ServiceAccountDrawer/__tests__/ServiceAccountDrawer.test.tsx

@@ -23,7 +23,9 @@ jest.mock('@signozhq/sonner', () => ({
 const ROLES_ENDPOINT = '*/api/v1/roles';
 const SA_KEYS_ENDPOINT = '*/api/v1/service_accounts/:id/keys';
 const SA_ENDPOINT = '*/api/v1/service_accounts/sa-1';
-const SA_STATUS_ENDPOINT = '*/api/v1/service_accounts/sa-1/status';
+const SA_DELETE_ENDPOINT = '*/api/v1/service_accounts/sa-1';
+const SA_ROLES_ENDPOINT = '*/api/v1/service_accounts/:id/roles';
+const SA_ROLE_DELETE_ENDPOINT = '*/api/v1/service_accounts/:id/roles/:rid';
 
 const activeAccountResponse = {
 	id: 'sa-1',
@@ -35,10 +37,10 @@ const activeAccountResponse = {
 	updatedAt: '2026-01-02T00:00:00Z',
 };
 
-const disabledAccountResponse = {
+const deletedAccountResponse = {
 	...activeAccountResponse,
 	id: 'sa-2',
-	status: 'DISABLED',
+	status: 'DELETED',
 };
 
 function renderDrawer(
@@ -67,7 +69,23 @@ describe('ServiceAccountDrawer', () => {
 			rest.put(SA_ENDPOINT, (_, res, ctx) =>
 				res(ctx.status(200), ctx.json({ status: 'success', data: {} })),
 			),
-			rest.put(SA_STATUS_ENDPOINT, (_, res, ctx) =>
+			rest.delete(SA_DELETE_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json({ status: 'success', data: {} })),
+			),
+			rest.get(SA_ROLES_ENDPOINT, (_, res, ctx) =>
+				res(
+					ctx.status(200),
+					ctx.json({
+						data: listRolesSuccessResponse.data.filter(
+							(r) => r.name === 'signoz-admin',
+						),
+					}),
+				),
+			),
+			rest.post(SA_ROLES_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json({ status: 'success', data: {} })),
+			),
+			rest.delete(SA_ROLE_DELETE_ENDPOINT, (_, res, ctx) =>
 				res(ctx.status(200), ctx.json({ status: 'success', data: {} })),
 			),
 		);
@@ -115,8 +133,6 @@ describe('ServiceAccountDrawer', () => {
 			expect(updateSpy).toHaveBeenCalledWith(
 				expect.objectContaining({
 					name: 'CI Bot Updated',
-					email: 'ci-bot@signoz.io',
-					roles: ['signoz-admin'],
 				}),
 			);
 			expect(onSuccess).toHaveBeenCalledWith({ closeDrawer: false });
@@ -125,6 +141,7 @@ describe('ServiceAccountDrawer', () => {
 
 	it('changing roles enables Save; clicking Save sends updated roles in payload', async () => {
 		const updateSpy = jest.fn();
+		const roleSpy = jest.fn();
 		const user = userEvent.setup({ pointerEventsCheck: 0 });
 
 		server.use(
@@ -132,6 +149,10 @@ describe('ServiceAccountDrawer', () => {
 				updateSpy(await req.json());
 				return res(ctx.status(200), ctx.json({ status: 'success', data: {} }));
 			}),
+			rest.post(SA_ROLES_ENDPOINT, async (req, res, ctx) => {
+				roleSpy(await req.json());
+				return res(ctx.status(200), ctx.json({ status: 'success', data: {} }));
+			}),
 		);
 
 		renderDrawer();
@@ -146,21 +167,22 @@ describe('ServiceAccountDrawer', () => {
 		await user.click(saveBtn);
 
 		await waitFor(() => {
-			expect(updateSpy).toHaveBeenCalledWith(
+			expect(updateSpy).not.toHaveBeenCalled();
+			expect(roleSpy).toHaveBeenCalledWith(
 				expect.objectContaining({
-					roles: expect.arrayContaining(['signoz-admin', 'signoz-viewer']),
+					id: '019c24aa-2248-7585-a129-4188b3473c27',
 				}),
 			);
 		});
 	});
 
-	it('"Disable Service Account" opens confirm dialog; confirming sends correct status payload', async () => {
-		const statusSpy = jest.fn();
+	it('"Delete Service Account" opens confirm dialog; confirming sends delete request', async () => {
+		const deleteSpy = jest.fn();
 		const user = userEvent.setup({ pointerEventsCheck: 0 });
 
 		server.use(
-			rest.put(SA_STATUS_ENDPOINT, async (req, res, ctx) => {
-				statusSpy(await req.json());
+			rest.delete(SA_DELETE_ENDPOINT, (_, res, ctx) => {
+				deleteSpy();
 				return res(ctx.status(200), ctx.json({ status: 'success', data: {} }));
 			}),
 		);
@@ -170,19 +192,19 @@ describe('ServiceAccountDrawer', () => {
 		await screen.findByDisplayValue('CI Bot');
 
 		await user.click(
-			screen.getByRole('button', { name: /Disable Service Account/i }),
+			screen.getByRole('button', { name: /Delete Service Account/i }),
 		);
 
 		const dialog = await screen.findByRole('dialog', {
-			name: /Disable service account CI Bot/i,
+			name: /Delete service account CI Bot/i,
 		});
 		expect(dialog).toBeInTheDocument();
 
-		const confirmBtns = screen.getAllByRole('button', { name: /^Disable$/i });
+		const confirmBtns = screen.getAllByRole('button', { name: /^Delete$/i });
 		await user.click(confirmBtns[confirmBtns.length - 1]);
 
 		await waitFor(() => {
-			expect(statusSpy).toHaveBeenCalledWith({ status: 'DISABLED' });
+			expect(deleteSpy).toHaveBeenCalled();
 		});
 
 		await waitFor(() => {
@@ -190,14 +212,17 @@ describe('ServiceAccountDrawer', () => {
 		});
 	});
 
-	it('disabled account shows read-only name, no Save button, no Disable button', async () => {
+	it('deleted account shows read-only name, no Save button, no Delete button', async () => {
 		server.use(
 			rest.get('*/api/v1/service_accounts/sa-2', (_, res, ctx) =>
-				res(ctx.status(200), ctx.json({ data: disabledAccountResponse })),
+				res(ctx.status(200), ctx.json({ data: deletedAccountResponse })),
 			),
 			rest.get('*/api/v1/service_accounts/sa-2/keys', (_, res, ctx) =>
 				res(ctx.status(200), ctx.json({ data: [] })),
 			),
+			rest.get('*/api/v1/service_accounts/sa-2/roles', (_, res, ctx) =>
+				res(ctx.status(200), ctx.json({ data: [] })),
+			),
 		);
 
 		renderDrawer({ account: 'sa-2' });
@@ -208,7 +233,7 @@ describe('ServiceAccountDrawer', () => {
 			screen.queryByRole('button', { name: /Save Changes/i }),
 		).not.toBeInTheDocument();
 		expect(
-			screen.queryByRole('button', { name: /Disable Service Account/i }),
+			screen.queryByRole('button', { name: /Delete Service Account/i }),
 		).not.toBeInTheDocument();
 		expect(screen.queryByDisplayValue('CI Bot')).not.toBeInTheDocument();
 	});
@@ -248,3 +273,169 @@ describe('ServiceAccountDrawer', () => {
 		).toBeInTheDocument();
 	});
 });
+
+describe('ServiceAccountDrawer – save-error UX', () => {
+	beforeEach(() => {
+		jest.clearAllMocks();
+		server.use(
+			rest.get(ROLES_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json(listRolesSuccessResponse)),
+			),
+			rest.get(SA_KEYS_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json({ data: [] })),
+			),
+			rest.get(SA_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json({ data: activeAccountResponse })),
+			),
+			rest.put(SA_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json({ status: 'success', data: {} })),
+			),
+			rest.delete(SA_DELETE_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json({ status: 'success', data: {} })),
+			),
+			rest.get(SA_ROLES_ENDPOINT, (_, res, ctx) =>
+				res(
+					ctx.status(200),
+					ctx.json({
+						data: listRolesSuccessResponse.data.filter(
+							(r) => r.name === 'signoz-admin',
+						),
+					}),
+				),
+			),
+			rest.post(SA_ROLES_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json({ status: 'success', data: {} })),
+			),
+			rest.delete(SA_ROLE_DELETE_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json({ status: 'success', data: {} })),
+			),
+		);
+	});
+
+	afterEach(() => {
+		server.resetHandlers();
+	});
+
+	it('name update failure shows SaveErrorItem with "Name update" context', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
+		server.use(
+			rest.put(SA_ENDPOINT, (_, res, ctx) =>
+				res(
+					ctx.status(500),
+					ctx.json({
+						error: {
+							code: 'INTERNAL_ERROR',
+							message: 'name update failed',
+						},
+					}),
+				),
+			),
+		);
+
+		renderDrawer();
+
+		const nameInput = await screen.findByDisplayValue('CI Bot');
+		await user.clear(nameInput);
+		await user.type(nameInput, 'New Name');
+
+		const saveBtn = screen.getByRole('button', { name: /Save Changes/i });
+		await waitFor(() => expect(saveBtn).not.toBeDisabled());
+		await user.click(saveBtn);
+
+		expect(
+			await screen.findByText(/Name update.*name update failed/i, undefined, {
+				timeout: 5000,
+			}),
+		).toBeInTheDocument();
+	});
+
+	it('role update failure shows SaveErrorItem with the role name context', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
+		server.use(
+			rest.post(SA_ROLES_ENDPOINT, (_, res, ctx) =>
+				res(
+					ctx.status(500),
+					ctx.json({
+						error: {
+							code: 'INTERNAL_ERROR',
+							message: 'role assign failed',
+						},
+					}),
+				),
+			),
+		);
+
+		renderDrawer();
+
+		await screen.findByDisplayValue('CI Bot');
+
+		// Add the signoz-viewer role (which is not currently assigned)
+		await user.click(screen.getByLabelText('Roles'));
+		await user.click(await screen.findByTitle('signoz-viewer'));
+
+		const saveBtn = screen.getByRole('button', { name: /Save Changes/i });
+		await waitFor(() => expect(saveBtn).not.toBeDisabled());
+		await user.click(saveBtn);
+
+		expect(
+			await screen.findByText(
+				/Role 'signoz-viewer'.*role assign failed/i,
+				undefined,
+				{
+					timeout: 5000,
+				},
+			),
+		).toBeInTheDocument();
+	});
+
+	it('clicking Retry on a name-update error re-triggers the request; on success the error item is removed', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
+		// First: PUT always fails so the error appears
+		server.use(
+			rest.put(SA_ENDPOINT, (_, res, ctx) =>
+				res(
+					ctx.status(500),
+					ctx.json({
+						error: {
+							code: 'INTERNAL_ERROR',
+							message: 'name update failed',
+						},
+					}),
+				),
+			),
+		);
+
+		renderDrawer();
+
+		const nameInput = await screen.findByDisplayValue('CI Bot');
+		await user.clear(nameInput);
+		await user.type(nameInput, 'Retry Test');
+
+		const saveBtn = screen.getByRole('button', { name: /Save Changes/i });
+		await waitFor(() => expect(saveBtn).not.toBeDisabled());
+		await user.click(saveBtn);
+
+		await screen.findByText(/Name update.*name update failed/i, undefined, {
+			timeout: 5000,
+		});
+
+		server.use(
+			rest.put(SA_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json({ status: 'success', data: {} })),
+			),
+		);
+
+		const retryBtn = screen.getByRole('button', { name: /Retry/i });
+		await user.click(retryBtn);
+
+		// Error item should be removed after successful retry
+		await waitFor(() => {
+			expect(
+				screen.queryByText(/Name update.*name update failed/i),
+			).not.toBeInTheDocument();
+		});
+	});
+});

frontend/src/components/ServiceAccountDrawer/utils.ts

@@ -1,6 +1,13 @@
 import { DATE_TIME_FORMATS } from 'constants/dateTimeFormats';
 import type { Dayjs } from 'dayjs';
 import dayjs from 'dayjs';
+import APIError from 'types/api/error';
+
+export interface SaveError {
+	context: string;
+	apiError: APIError;
+	onRetry: () => Promise<void>;
+}
 
 export enum ServiceAccountDrawerTab {
 	Overview = 'overview',

frontend/src/components/ServiceAccountsTable/__tests__/ServiceAccountsTable.test.tsx

@@ -8,7 +8,6 @@ const mockActiveAccount: ServiceAccountRow = {
 	id: 'sa-1',
 	name: 'CI Bot',
 	email: 'ci-bot@signoz.io',
-	roles: ['signoz-admin'],
 	status: 'ACTIVE',
 	createdAt: '2026-01-01T00:00:00Z',
 	updatedAt: '2026-01-02T00:00:00Z',
@@ -18,7 +17,6 @@ const mockDisabledAccount: ServiceAccountRow = {
 	id: 'sa-2',
 	name: 'Legacy Bot',
 	email: 'legacy@signoz.io',
-	roles: ['signoz-viewer', 'signoz-editor', 'billing-manager'],
 	status: 'DISABLED',
 	createdAt: '2025-06-01T00:00:00Z',
 	updatedAt: '2025-12-01T00:00:00Z',
@@ -39,7 +37,6 @@ describe('ServiceAccountsTable', () => {
 
 		expect(screen.getByText('CI Bot')).toBeInTheDocument();
 		expect(screen.getByText('ci-bot@signoz.io')).toBeInTheDocument();
-		expect(screen.getByText('signoz-admin')).toBeInTheDocument();
 		expect(screen.getByText('ACTIVE')).toBeInTheDocument();
 	});
 
@@ -49,8 +46,6 @@ describe('ServiceAccountsTable', () => {
 		);
 
 		expect(screen.getByText('DISABLED')).toBeInTheDocument();
-		expect(screen.getByText('signoz-viewer')).toBeInTheDocument();
-		expect(screen.getByText('+2')).toBeInTheDocument();
 	});
 
 	it('calls onRowClick with the correct account when a row is clicked', async () => {

frontend/src/components/ServiceAccountsTable/utils.tsx

@@ -25,32 +25,6 @@ export function NameEmailCell({
 	);
 }
 
-export function RolesCell({ roles }: { roles: string[] }): JSX.Element {
-	if (!roles || roles.length === 0) {
-		return <span className="sa-dash">—</span>;
-	}
-	const first = roles[0];
-	const overflow = roles.length - 1;
-	const tooltipContent = roles.slice(1).join(', ');
-
-	return (
-		<div className="sa-roles-cell">
-			<Badge color="vanilla">{first}</Badge>
-			{overflow > 0 && (
-				<Tooltip
-					title={tooltipContent}
-					overlayClassName="sa-tooltip"
-					overlayStyle={{ maxWidth: '600px' }}
-				>
-					<Badge color="vanilla" variant="outline" className="sa-status-badge">
-						+{overflow}
-					</Badge>
-				</Tooltip>
-			)}
-		</div>
-	);
-}
-
 export function StatusBadge({ status }: { status: string }): JSX.Element {
 	if (status?.toUpperCase() === 'ACTIVE') {
 		return (
@@ -59,9 +33,16 @@ export function StatusBadge({ status }: { status: string }): JSX.Element {
 			</Badge>
 		);
 	}
+	if (status?.toUpperCase() === 'DELETED') {
+		return (
+			<Badge color="cherry" variant="outline">
+				DELETED
+			</Badge>
+		);
+	}
 	return (
 		<Badge color="vanilla" variant="outline" className="sa-status-badge">
-			DISABLED
+			{status ? status.toUpperCase() : 'UNKNOWN'}
 		</Badge>
 	);
 }
@@ -98,13 +79,6 @@ export const columns: ColumnsType<ServiceAccountRow> = [
 			<NameEmailCell name={record.name} email={record.email} />
 		),
 	},
-	{
-		title: 'Roles',
-		dataIndex: 'roles',
-		key: 'roles',
-		width: 420,
-		render: (roles: string[]): JSX.Element => <RolesCell roles={roles} />,
-	},
 	{
 		title: 'Status',
 		dataIndex: 'status',

frontend/src/constants/routes.ts

@@ -38,7 +38,6 @@ const ROUTES = {
 	SETTINGS: '/settings',
 	MY_SETTINGS: '/settings/my-settings',
 	ORG_SETTINGS: '/settings/org-settings',
-	API_KEYS: '/settings/api-keys',
 	INGESTION_SETTINGS: '/settings/ingestion-settings',
 	SOMETHING_WENT_WRONG: '/something-went-wrong',
 	UN_AUTHORIZED: '/un-authorized',

frontend/src/constants/shortcutActions.tsx

@@ -248,15 +248,5 @@ export function createShortcutActions(deps: ActionDeps): CmdAction[] {
 			roles: ['ADMIN', 'EDITOR'],
 			perform: (): void => navigate(ROUTES.BILLING),
 		},
-		{
-			id: 'my-settings-api-keys',
-			name: 'Go to Account Settings API Keys',
-			shortcut: [GlobalShortcutsName.NavigateToSettingsAPIKeys],
-			keywords: 'account settings api keys',
-			section: 'Settings',
-			icon: <Settings size={14} />,
-			roles: ['ADMIN', 'EDITOR'],
-			perform: (): void => navigate(ROUTES.API_KEYS),
-		},
 	];
 }

frontend/src/constants/shortcuts/globalShortcuts.ts

@@ -26,7 +26,6 @@ export const GlobalShortcuts = {
 	NavigateToSettings: 'shift+g',
 	NavigateToSettingsIngestion: 'shift+g+i',
 	NavigateToSettingsBilling: 'shift+g+b',
-	NavigateToSettingsAPIKeys: 'shift+g+k',
 	NavigateToSettingsNotificationChannels: 'shift+g+n',
 };
 
@@ -47,7 +46,6 @@ export const GlobalShortcutsName = {
 	NavigateToSettings: 'shift+g',
 	NavigateToSettingsIngestion: 'shift+g+i',
 	NavigateToSettingsBilling: 'shift+g+b',
-	NavigateToSettingsAPIKeys: 'shift+g+k',
 	NavigateToSettingsNotificationChannels: 'shift+g+n',
 	NavigateToLogs: 'shift+l',
 	NavigateToLogsPipelines: 'shift+l+p',
@@ -72,7 +70,6 @@ export const GlobalShortcutsDescription = {
 	NavigateToSettings: 'Navigate to Settings',
 	NavigateToSettingsIngestion: 'Navigate to Ingestion Settings',
 	NavigateToSettingsBilling: 'Navigate to Billing Settings',
-	NavigateToSettingsAPIKeys: 'Navigate to API Keys Settings',
 	NavigateToSettingsNotificationChannels:
 		'Navigate to Notification Channels Settings',
 	NavigateToLogsPipelines: 'Navigate to Logs Pipelines',

frontend/src/container/APIKeys/APIKeys.styles.scss

@@ -1,685 +0,0 @@
-.api-key-container {
-	margin-top: 24px;
-	display: flex;
-	justify-content: center;
-	width: 100%;
-
-	.api-key-content {
-		width: calc(100% - 30px);
-		max-width: 736px;
-
-		.title {
-			color: var(--bg-vanilla-100);
-			font-size: var(--font-size-lg);
-			font-style: normal;
-			font-weight: var(--font-weight-normal);
-			line-height: 28px; /* 155.556% */
-			letter-spacing: -0.09px;
-		}
-
-		.subtitle {
-			color: var(--bg-vanilla-400);
-			font-size: var(--font-size-sm);
-			font-style: normal;
-			font-weight: var(--font-weight-normal);
-			line-height: 20px; /* 142.857% */
-			letter-spacing: -0.07px;
-		}
-
-		.api-keys-search-add-new {
-			display: flex;
-			align-items: center;
-			gap: 12px;
-
-			padding: 16px 0;
-
-			.add-new-api-key-btn {
-				display: flex;
-				align-items: center;
-				gap: 8px;
-			}
-		}
-
-		.ant-table-row {
-			.ant-table-cell {
-				padding: 0;
-				border: none;
-				background: var(--bg-ink-500);
-			}
-			.column-render {
-				margin: 8px 0 !important;
-				border-radius: 6px;
-				border: 1px solid var(--bg-slate-500);
-				background: var(--bg-ink-400);
-
-				.title-with-action {
-					display: flex;
-					justify-content: space-between;
-
-					align-items: center;
-					padding: 8px;
-
-					.api-key-data {
-						display: flex;
-						gap: 8px;
-						align-items: center;
-
-						.api-key-title {
-							display: flex;
-							align-items: center;
-							gap: 6px;
-
-							.ant-typography {
-								color: var(--bg-vanilla-400);
-								font-size: var(--font-size-sm);
-								font-style: normal;
-								font-weight: var(--font-weight-medium);
-								line-height: 20px;
-								letter-spacing: -0.07px;
-							}
-						}
-
-						.api-key-value {
-							display: flex;
-							align-items: center;
-							gap: 12px;
-
-							border-radius: 20px;
-							padding: 0px 12px;
-
-							background: var(--bg-ink-200);
-
-							.ant-typography {
-								color: var(--bg-vanilla-400);
-								font-size: var(--font-size-xs);
-								font-family: 'Space Mono', monospace;
-								font-style: normal;
-								font-weight: var(--font-weight-medium);
-								line-height: 20px;
-								letter-spacing: -0.07px;
-							}
-
-							.copy-key-btn {
-								cursor: pointer;
-							}
-						}
-					}
-
-					.action-btn {
-						display: flex;
-						align-items: center;
-						gap: 4px;
-						cursor: pointer;
-					}
-
-					.visibility-btn {
-						border: 1px solid rgba(113, 144, 249, 0.2);
-						background: rgba(113, 144, 249, 0.1);
-					}
-				}
-
-				.ant-collapse {
-					border: none;
-
-					.ant-collapse-header {
-						padding: 0px 8px;
-
-						display: flex;
-						align-items: center;
-						background-color: #121317;
-					}
-
-					.ant-collapse-content {
-						border-top: 1px solid var(--bg-slate-500);
-					}
-
-					.ant-collapse-item {
-						border-bottom: none;
-					}
-
-					.ant-collapse-expand-icon {
-						padding-inline-end: 0px;
-					}
-				}
-
-				.api-key-details {
-					display: flex;
-					align-items: center;
-					justify-content: space-between;
-					gap: 8px;
-					border-top: 1px solid var(--bg-slate-500);
-					padding: 8px;
-
-					.api-key-tag {
-						width: 14px;
-						height: 14px;
-						border-radius: 50px;
-						background: var(--bg-slate-300);
-						display: flex;
-						justify-content: center;
-						align-items: center;
-
-						.tag-text {
-							color: var(--bg-vanilla-400);
-							leading-trim: both;
-							text-edge: cap;
-							font-size: 10px;
-							font-style: normal;
-							font-weight: var(--font-weight-normal);
-							line-height: normal;
-							letter-spacing: -0.05px;
-						}
-					}
-
-					.api-key-created-by {
-						margin-left: 8px;
-					}
-
-					.api-key-last-used-at {
-						display: flex;
-						align-items: center;
-						gap: 8px;
-
-						.ant-typography {
-							color: var(--bg-vanilla-400);
-							font-size: var(--font-size-sm);
-							font-style: normal;
-							font-weight: var(--font-weight-normal);
-							line-height: 18px; /* 128.571% */
-							letter-spacing: -0.07px;
-							font-variant-numeric: lining-nums tabular-nums stacked-fractions
-								slashed-zero;
-							font-feature-settings: 'dlig' on, 'salt' on, 'cpsp' on, 'case' on;
-						}
-					}
-
-					.api-key-expires-in {
-						font-style: normal;
-						font-weight: 400;
-						line-height: 18px;
-
-						display: flex;
-						align-items: center;
-						gap: 8px;
-
-						.dot {
-							height: 6px;
-							width: 6px;
-							border-radius: 50%;
-						}
-
-						&.warning {
-							color: var(--bg-amber-400);
-
-							.dot {
-								background: var(--bg-amber-400);
-								box-shadow: 0px 0px 6px 0px var(--bg-amber-400);
-							}
-						}
-
-						&.danger {
-							color: var(--bg-cherry-400);
-
-							.dot {
-								background: var(--bg-cherry-400);
-								box-shadow: 0px 0px 6px 0px var(--bg-cherry-400);
-							}
-						}
-					}
-				}
-			}
-		}
-
-		.ant-pagination-item {
-			display: flex;
-			justify-content: center;
-			align-items: center;
-
-			> a {
-				color: var(--bg-vanilla-400);
-				font-variant-numeric: lining-nums tabular-nums slashed-zero;
-				font-feature-settings: 'dlig' on, 'salt' on, 'case' on, 'cpsp' on;
-				font-size: var(--font-size-sm);
-				font-style: normal;
-				font-weight: var(--font-weight-normal);
-				line-height: 20px; /* 142.857% */
-			}
-		}
-
-		.ant-pagination-item-active {
-			background-color: var(--bg-robin-500);
-			> a {
-				color: var(--bg-ink-500) !important;
-				font-size: var(--font-size-sm);
-				font-style: normal;
-				font-weight: var(--font-weight-medium);
-				line-height: 20px;
-			}
-		}
-	}
-}
-
-.api-key-info-container {
-	display: flex;
-	gap: 12px;
-	flex-direction: column;
-
-	.user-info {
-		display: flex;
-		gap: 8px;
-		align-items: center;
-		flex-wrap: wrap;
-
-		.user-avatar {
-			background-color: lightslategray;
-			vertical-align: middle;
-		}
-	}
-
-	.user-email {
-		display: inline-flex;
-		align-items: center;
-		gap: 12px;
-		border-radius: 20px;
-		padding: 0px 12px;
-		background: var(--bg-ink-200);
-
-		font-family: 'Space Mono', monospace;
-	}
-
-	.role {
-		display: flex;
-		align-items: center;
-		gap: 12px;
-	}
-}
-
-.api-key-modal {
-	.ant-modal-content {
-		border-radius: 4px;
-		border: 1px solid var(--bg-slate-500);
-		background: var(--bg-ink-400);
-		box-shadow: 0px -4px 16px 2px rgba(0, 0, 0, 0.2);
-		padding: 0;
-
-		.ant-modal-header {
-			background: none;
-			border-bottom: 1px solid var(--bg-slate-500);
-			padding: 16px;
-		}
-
-		.ant-modal-close-x {
-			font-size: 12px;
-		}
-
-		.ant-modal-body {
-			padding: 12px 16px;
-		}
-
-		.ant-modal-footer {
-			padding: 16px;
-			margin-top: 0;
-
-			display: flex;
-			justify-content: flex-end;
-		}
-	}
-}
-
-.api-key-access-role {
-	display: flex;
-
-	.ant-radio-button-wrapper {
-		font-size: 12px;
-		text-transform: capitalize;
-
-		&.ant-radio-button-wrapper-checked {
-			color: #fff;
-			background: var(--bg-slate-400, #1d212d);
-			border-color: var(--bg-slate-400, #1d212d);
-
-			&:hover {
-				color: #fff;
-				background: var(--bg-slate-400, #1d212d);
-				border-color: var(--bg-slate-400, #1d212d);
-
-				&::before {
-					background-color: var(--bg-slate-400, #1d212d);
-				}
-			}
-
-			&:focus {
-				color: #fff;
-				background: var(--bg-slate-400, #1d212d);
-				border-color: var(--bg-slate-400, #1d212d);
-			}
-		}
-	}
-
-	.tab {
-		border: 1px solid var(--bg-slate-400);
-
-		flex: 1;
-
-		display: flex;
-		justify-content: center;
-
-		&::before {
-			background: var(--bg-slate-400);
-		}
-
-		&.selected {
-			background: var(--bg-slate-400, #1d212d);
-		}
-	}
-
-	.role {
-		display: flex;
-		align-items: center;
-		gap: 8px;
-	}
-}
-
-.delete-api-key-modal {
-	width: calc(100% - 30px) !important; /* Adjust the 20px as needed */
-	max-width: 384px;
-	.ant-modal-content {
-		padding: 0;
-		border-radius: 4px;
-		border: 1px solid var(--bg-slate-500);
-		background: var(--bg-ink-400);
-		box-shadow: 0px -4px 16px 2px rgba(0, 0, 0, 0.2);
-
-		.ant-modal-header {
-			padding: 16px;
-			background: var(--bg-ink-400);
-		}
-
-		.ant-modal-body {
-			padding: 0px 16px 28px 16px;
-
-			.ant-typography {
-				color: var(--bg-vanilla-400);
-				font-size: var(--font-size-sm);
-				font-style: normal;
-				font-weight: var(--font-weight-normal);
-				line-height: 20px;
-				letter-spacing: -0.07px;
-			}
-
-			.api-key-input {
-				margin-top: 8px;
-				display: flex;
-				gap: 8px;
-			}
-
-			.ant-color-picker-trigger {
-				padding: 6px;
-				border-radius: 2px;
-				border: 1px solid var(--bg-slate-400);
-				background: var(--bg-ink-300);
-				width: 32px;
-				height: 32px;
-
-				.ant-color-picker-color-block {
-					border-radius: 50px;
-					width: 16px;
-					height: 16px;
-					flex-shrink: 0;
-
-					.ant-color-picker-color-block-inner {
-						display: flex;
-						justify-content: center;
-						align-items: center;
-					}
-				}
-			}
-		}
-
-		.ant-modal-footer {
-			display: flex;
-			justify-content: flex-end;
-			padding: 16px 16px;
-			margin: 0;
-
-			.cancel-btn {
-				display: flex;
-				align-items: center;
-				border: none;
-				border-radius: 2px;
-				background: var(--bg-slate-500);
-			}
-
-			.delete-btn {
-				display: flex;
-				align-items: center;
-				border: none;
-				border-radius: 2px;
-				background: var(--bg-cherry-500);
-				margin-left: 12px;
-			}
-
-			.delete-btn:hover {
-				color: var(--bg-vanilla-100);
-				background: var(--bg-cherry-600);
-			}
-		}
-	}
-
-	.title {
-		color: var(--bg-vanilla-100);
-		font-size: var(--font-size-sm);
-		font-style: normal;
-		font-weight: var(--font-weight-medium);
-		line-height: 20px; /* 142.857% */
-	}
-}
-
-.expiration-selector {
-	.ant-select-selector {
-		border: 1px solid var(--bg-slate-400) !important;
-	}
-}
-
-.newAPIKeyDetails {
-	display: flex;
-	flex-direction: column;
-	gap: 8px;
-}
-
-.copyable-text {
-	display: inline-flex;
-	align-items: center;
-	gap: 12px;
-	border-radius: 20px;
-	padding: 0px 12px;
-	background: var(--bg-ink-200, #23262e);
-
-	.copy-key-btn {
-		cursor: pointer;
-	}
-}
-
-.lightMode {
-	.api-key-container {
-		.api-key-content {
-			.title {
-				color: var(--bg-ink-500);
-			}
-
-			.ant-table-row {
-				.ant-table-cell {
-					background: var(--bg-vanilla-200);
-				}
-
-				&:hover {
-					.ant-table-cell {
-						background: var(--bg-vanilla-200) !important;
-					}
-				}
-
-				.column-render {
-					border: 1px solid var(--bg-vanilla-200);
-					background: var(--bg-vanilla-100);
-
-					.ant-collapse {
-						border: none;
-
-						.ant-collapse-header {
-							background: var(--bg-vanilla-100);
-						}
-
-						.ant-collapse-content {
-							border-top: 1px solid var(--bg-vanilla-300);
-						}
-					}
-
-					.title-with-action {
-						.api-key-title {
-							.ant-typography {
-								color: var(--bg-ink-500);
-							}
-						}
-
-						.api-key-value {
-							background: var(--bg-vanilla-200);
-
-							.ant-typography {
-								color: var(--bg-slate-400);
-							}
-
-							.copy-key-btn {
-								cursor: pointer;
-							}
-						}
-
-						.action-btn {
-							.ant-typography {
-								color: var(--bg-ink-500);
-							}
-						}
-					}
-
-					.api-key-details {
-						border-top: 1px solid var(--bg-vanilla-200);
-						.api-key-tag {
-							background: var(--bg-vanilla-200);
-							.tag-text {
-								color: var(--bg-ink-500);
-							}
-						}
-
-						.api-key-created-by {
-							color: var(--bg-ink-500);
-						}
-
-						.api-key-last-used-at {
-							.ant-typography {
-								color: var(--bg-ink-500);
-							}
-						}
-					}
-				}
-			}
-		}
-	}
-
-	.delete-api-key-modal {
-		.ant-modal-content {
-			border: 1px solid var(--bg-vanilla-200);
-			background: var(--bg-vanilla-100);
-
-			.ant-modal-header {
-				background: var(--bg-vanilla-100);
-
-				.title {
-					color: var(--bg-ink-500);
-				}
-			}
-
-			.ant-modal-body {
-				.ant-typography {
-					color: var(--bg-ink-500);
-				}
-
-				.api-key-input {
-					.ant-input {
-						background: var(--bg-vanilla-200);
-						color: var(--bg-ink-500);
-					}
-				}
-			}
-
-			.ant-modal-footer {
-				.cancel-btn {
-					background: var(--bg-vanilla-300);
-					color: var(--bg-ink-400);
-				}
-			}
-		}
-	}
-
-	.api-key-info-container {
-		.user-email {
-			background: var(--bg-vanilla-200);
-		}
-	}
-
-	.api-key-modal {
-		.ant-modal-content {
-			border-radius: 4px;
-			border: 1px solid var(--bg-vanilla-200);
-			background: var(--bg-vanilla-100);
-			box-shadow: 0px -4px 16px 2px rgba(0, 0, 0, 0.2);
-			padding: 0;
-
-			.ant-modal-header {
-				background: none;
-				border-bottom: 1px solid var(--bg-vanilla-200);
-				padding: 16px;
-			}
-		}
-	}
-
-	.api-key-access-role {
-		.ant-radio-button-wrapper {
-			&.ant-radio-button-wrapper-checked {
-				color: var(--bg-ink-400);
-				background: var(--bg-vanilla-300);
-				border-color: var(--bg-vanilla-300);
-
-				&:hover {
-					color: var(--bg-ink-400);
-					background: var(--bg-vanilla-300);
-					border-color: var(--bg-vanilla-300);
-
-					&::before {
-						background-color: var(--bg-vanilla-300);
-					}
-				}
-
-				&:focus {
-					color: var(--bg-ink-400);
-					background: var(--bg-vanilla-300);
-					border-color: var(--bg-vanilla-300);
-				}
-			}
-		}
-
-		.tab {
-			border: 1px solid var(--bg-vanilla-300);
-
-			&::before {
-				background: var(--bg-vanilla-300);
-			}
-
-			&.selected {
-				background: var(--bg-vanilla-300);
-			}
-		}
-	}
-
-	.copyable-text {
-		background: var(--bg-vanilla-200);
-	}
-}

frontend/src/container/APIKeys/APIKeys.test.tsx

@@ -1,99 +0,0 @@
-import {
-	createAPIKeyResponse,
-	getAPIKeysResponse,
-} from 'mocks-server/__mockdata__/apiKeys';
-import { server } from 'mocks-server/server';
-import { rest } from 'msw';
-import { act, fireEvent, render, screen, waitFor } from 'tests/test-utils';
-
-import APIKeys from './APIKeys';
-
-const apiKeysURL = 'http://localhost/api/v1/pats';
-
-describe('APIKeys component', () => {
-	beforeEach(() => {
-		server.use(
-			rest.get(apiKeysURL, (req, res, ctx) =>
-				res(ctx.status(200), ctx.json(getAPIKeysResponse)),
-			),
-		);
-
-		render(<APIKeys />);
-	});
-
-	afterEach(() => {
-		jest.clearAllMocks();
-	});
-
-	it('renders APIKeys component without crashing', () => {
-		expect(screen.getByText('API Keys')).toBeInTheDocument();
-		expect(
-			screen.getByText('Create and manage API keys for the SigNoz API'),
-		).toBeInTheDocument();
-	});
-
-	it('render list of Access Tokens', async () => {
-		server.use(
-			rest.get(apiKeysURL, (req, res, ctx) =>
-				res(ctx.status(200), ctx.json(getAPIKeysResponse)),
-			),
-		);
-
-		await waitFor(() => {
-			expect(screen.getByText('No Expiry Key')).toBeInTheDocument();
-			expect(screen.getByText('1-5 of 18 keys')).toBeInTheDocument();
-		});
-	});
-
-	it('opens add new key modal on button click', async () => {
-		fireEvent.click(screen.getByText('New Key'));
-		await waitFor(() => {
-			const createNewKeyBtn = screen.getByRole('button', {
-				name: /Create new key/i,
-			});
-
-			expect(createNewKeyBtn).toBeInTheDocument();
-		});
-	});
-
-	it('closes add new key modal on cancel button click', async () => {
-		fireEvent.click(screen.getByText('New Key'));
-
-		const createNewKeyBtn = screen.getByRole('button', {
-			name: /Create new key/i,
-		});
-
-		await waitFor(() => {
-			expect(createNewKeyBtn).toBeInTheDocument();
-		});
-		fireEvent.click(screen.getByText('Cancel'));
-		await waitFor(() => {
-			expect(createNewKeyBtn).not.toBeInTheDocument();
-		});
-	});
-
-	it('creates a new key on form submission', async () => {
-		server.use(
-			rest.post(apiKeysURL, (req, res, ctx) =>
-				res(ctx.status(200), ctx.json(createAPIKeyResponse)),
-			),
-		);
-
-		fireEvent.click(screen.getByText('New Key'));
-
-		const createNewKeyBtn = screen.getByRole('button', {
-			name: /Create new key/i,
-		});
-
-		await waitFor(() => {
-			expect(createNewKeyBtn).toBeInTheDocument();
-		});
-
-		act(() => {
-			const inputElement = screen.getByPlaceholderText('Enter Key Name');
-			fireEvent.change(inputElement, { target: { value: 'Top Secret' } });
-			fireEvent.click(screen.getByTestId('create-form-admin-role-btn'));
-			fireEvent.click(createNewKeyBtn);
-		});
-	});
-});

frontend/src/container/APIKeys/APIKeys.tsx

@@ -1,874 +0,0 @@
-import { ChangeEvent, useEffect, useState } from 'react';
-import { useTranslation } from 'react-i18next';
-import { useMutation } from 'react-query';
-import { useCopyToClipboard } from 'react-use';
-import { Color } from '@signozhq/design-tokens';
-import {
-	Avatar,
-	Button,
-	Col,
-	Collapse,
-	CollapseProps,
-	Flex,
-	Form,
-	Input,
-	Modal,
-	Radio,
-	Row,
-	Select,
-	Table,
-	TableProps,
-	Tooltip,
-	Typography,
-} from 'antd';
-import type { NotificationInstance } from 'antd/es/notification/interface';
-import createAPIKeyApi from 'api/v1/pats/create';
-import deleteAPIKeyApi from 'api/v1/pats/delete';
-import updateAPIKeyApi from 'api/v1/pats/update';
-import cx from 'classnames';
-import dayjs from 'dayjs';
-import relativeTime from 'dayjs/plugin/relativeTime';
-import { useGetAllAPIKeys } from 'hooks/APIKeys/useGetAllAPIKeys';
-import { useNotifications } from 'hooks/useNotifications';
-import {
-	CalendarClock,
-	Check,
-	ClipboardEdit,
-	Contact2,
-	Copy,
-	Eye,
-	Minus,
-	PenLine,
-	Plus,
-	Search,
-	Trash2,
-	View,
-	X,
-} from 'lucide-react';
-import { useAppContext } from 'providers/App/App';
-import APIError from 'types/api/error';
-import { APIKeyProps } from 'types/api/pat/types';
-import { USER_ROLES } from 'types/roles';
-
-import './APIKeys.styles.scss';
-
-dayjs.extend(relativeTime);
-
-export const showErrorNotification = (
-	notifications: NotificationInstance,
-	err: APIError,
-): void => {
-	notifications.error({
-		message: err.getErrorCode(),
-		description: err.getErrorMessage(),
-	});
-};
-
-type ExpiryOption = {
-	value: string;
-	label: string;
-};
-
-export const EXPIRATION_WITHIN_SEVEN_DAYS = 7;
-
-const API_KEY_EXPIRY_OPTIONS: ExpiryOption[] = [
-	{ value: '1', label: '1 day' },
-	{ value: '7', label: '1 week' },
-	{ value: '30', label: '1 month' },
-	{ value: '90', label: '3 months' },
-	{ value: '365', label: '1 year' },
-	{ value: '0', label: 'No Expiry' },
-];
-
-export const isExpiredToken = (expiryTimestamp: number): boolean => {
-	if (expiryTimestamp === 0) {
-		return false;
-	}
-	const currentTime = dayjs();
-	const tokenExpiresAt = dayjs.unix(expiryTimestamp);
-	return tokenExpiresAt.isBefore(currentTime);
-};
-
-export const getDateDifference = (
-	createdTimestamp: number,
-	expiryTimestamp: number,
-): number => {
-	const differenceInSeconds = Math.abs(expiryTimestamp - createdTimestamp);
-
-	// Convert seconds to days
-	return differenceInSeconds / (60 * 60 * 24);
-};
-
-function APIKeys(): JSX.Element {
-	const { user } = useAppContext();
-	const { notifications } = useNotifications();
-	const [isDeleteModalOpen, setIsDeleteModalOpen] = useState(false);
-	const [isAddModalOpen, setIsAddModalOpen] = useState(false);
-	const [showNewAPIKeyDetails, setShowNewAPIKeyDetails] = useState(false);
-	const [, handleCopyToClipboard] = useCopyToClipboard();
-
-	const [isEditModalOpen, setIsEditModalOpen] = useState(false);
-	const [activeAPIKey, setActiveAPIKey] = useState<APIKeyProps | null>();
-
-	const [searchValue, setSearchValue] = useState<string>('');
-	const [dataSource, setDataSource] = useState<APIKeyProps[]>([]);
-	const { t } = useTranslation(['apiKeys']);
-
-	const [editForm] = Form.useForm();
-	const [createForm] = Form.useForm();
-
-	const handleFormReset = (): void => {
-		editForm.resetFields();
-		createForm.resetFields();
-	};
-
-	const hideDeleteViewModal = (): void => {
-		handleFormReset();
-		setActiveAPIKey(null);
-		setIsDeleteModalOpen(false);
-	};
-
-	const showDeleteModal = (apiKey: APIKeyProps): void => {
-		setActiveAPIKey(apiKey);
-		setIsDeleteModalOpen(true);
-	};
-
-	const hideEditViewModal = (): void => {
-		handleFormReset();
-		setActiveAPIKey(null);
-		setIsEditModalOpen(false);
-	};
-
-	const hideAddViewModal = (): void => {
-		handleFormReset();
-		setShowNewAPIKeyDetails(false);
-		setActiveAPIKey(null);
-		setIsAddModalOpen(false);
-	};
-
-	const showEditModal = (apiKey: APIKeyProps): void => {
-		handleFormReset();
-		setActiveAPIKey(apiKey);
-
-		editForm.setFieldsValue({
-			name: apiKey.name,
-			role: apiKey.role || USER_ROLES.VIEWER,
-		});
-
-		setIsEditModalOpen(true);
-	};
-
-	const showAddModal = (): void => {
-		setActiveAPIKey(null);
-		setIsAddModalOpen(true);
-	};
-
-	const handleModalClose = (): void => {
-		setActiveAPIKey(null);
-	};
-
-	const {
-		data: APIKeys,
-		isLoading,
-		isRefetching,
-		refetch: refetchAPIKeys,
-		error,
-		isError,
-	} = useGetAllAPIKeys();
-
-	useEffect(() => {
-		setActiveAPIKey(APIKeys?.data?.[0]);
-	}, [APIKeys]);
-
-	useEffect(() => {
-		setDataSource(APIKeys?.data || []);
-	}, [APIKeys?.data]);
-
-	useEffect(() => {
-		if (isError) {
-			showErrorNotification(notifications, error as APIError);
-		}
-	}, [error, isError, notifications]);
-
-	const handleSearch = (e: ChangeEvent<HTMLInputElement>): void => {
-		setSearchValue(e.target.value);
-		const filteredData = APIKeys?.data?.filter(
-			(key: APIKeyProps) =>
-				key &&
-				key.name &&
-				key.name.toLowerCase().includes(e.target.value.toLowerCase()),
-		);
-		setDataSource(filteredData || []);
-	};
-
-	const clearSearch = (): void => {
-		setSearchValue('');
-	};
-
-	const { mutate: createAPIKey, isLoading: isLoadingCreateAPIKey } = useMutation(
-		createAPIKeyApi,
-		{
-			onSuccess: (data) => {
-				setShowNewAPIKeyDetails(true);
-				setActiveAPIKey(data.data);
-
-				refetchAPIKeys();
-			},
-			onError: (error) => {
-				showErrorNotification(notifications, error as APIError);
-			},
-		},
-	);
-
-	const { mutate: updateAPIKey, isLoading: isLoadingUpdateAPIKey } = useMutation(
-		updateAPIKeyApi,
-		{
-			onSuccess: () => {
-				refetchAPIKeys();
-				setIsEditModalOpen(false);
-			},
-			onError: (error) => {
-				showErrorNotification(notifications, error as APIError);
-			},
-		},
-	);
-
-	const { mutate: deleteAPIKey, isLoading: isDeleteingAPIKey } = useMutation(
-		deleteAPIKeyApi,
-		{
-			onSuccess: () => {
-				refetchAPIKeys();
-				setIsDeleteModalOpen(false);
-			},
-			onError: (error) => {
-				showErrorNotification(notifications, error as APIError);
-			},
-		},
-	);
-
-	const onDeleteHandler = (): void => {
-		clearSearch();
-
-		if (activeAPIKey) {
-			deleteAPIKey(activeAPIKey.id);
-		}
-	};
-
-	const onUpdateApiKey = (): void => {
-		editForm
-			.validateFields()
-			.then((values) => {
-				if (activeAPIKey) {
-					updateAPIKey({
-						id: activeAPIKey.id,
-						data: {
-							name: values.name,
-							role: values.role,
-						},
-					});
-				}
-			})
-			.catch((errorInfo) => {
-				console.error('error info', errorInfo);
-			});
-	};
-
-	const onCreateAPIKey = (): void => {
-		createForm
-			.validateFields()
-			.then((values) => {
-				if (user) {
-					createAPIKey({
-						name: values.name,
-						expiresInDays: parseInt(values.expiration, 10),
-						role: values.role,
-					});
-				}
-			})
-			.catch((errorInfo) => {
-				console.error('error info', errorInfo);
-			});
-	};
-
-	const handleCopyKey = (text: string): void => {
-		handleCopyToClipboard(text);
-		notifications.success({
-			message: 'Copied to clipboard',
-		});
-	};
-
-	const getFormattedTime = (epochTime: number): string => {
-		const timeOptions: Intl.DateTimeFormatOptions = {
-			hour: '2-digit',
-			minute: '2-digit',
-			second: '2-digit',
-			hour12: false,
-		};
-		const formattedTime = new Date(epochTime * 1000).toLocaleTimeString(
-			'en-US',
-			timeOptions,
-		);
-
-		const dateOptions: Intl.DateTimeFormatOptions = {
-			month: 'short',
-			day: 'numeric',
-			year: 'numeric',
-		};
-
-		const formattedDate = new Date(epochTime * 1000).toLocaleDateString(
-			'en-US',
-			dateOptions,
-		);
-
-		return `${formattedDate} ${formattedTime}`;
-	};
-
-	const handleCopyClose = (): void => {
-		if (activeAPIKey) {
-			handleCopyKey(activeAPIKey?.token);
-		}
-
-		hideAddViewModal();
-	};
-
-	const columns: TableProps<APIKeyProps>['columns'] = [
-		{
-			title: 'API Key',
-			key: 'api-key',
-			// eslint-disable-next-line sonarjs/cognitive-complexity
-			render: (APIKey: APIKeyProps): JSX.Element => {
-				const formattedDateAndTime =
-					APIKey && APIKey?.lastUsed && APIKey?.lastUsed !== 0
-						? getFormattedTime(APIKey?.lastUsed)
-						: 'Never';
-
-				const createdOn = new Date(APIKey.createdAt).toLocaleString();
-
-				const expiresIn =
-					APIKey.expiresAt === 0
-						? Number.POSITIVE_INFINITY
-						: getDateDifference(
-								new Date(APIKey?.createdAt).getTime() / 1000,
-								APIKey?.expiresAt,
-						  );
-
-				const isExpired = isExpiredToken(APIKey.expiresAt);
-
-				const expiresOn =
-					!APIKey.expiresAt || APIKey.expiresAt === 0
-						? 'No Expiry'
-						: getFormattedTime(APIKey.expiresAt);
-
-				const updatedOn =
-					!APIKey.updatedAt || APIKey.updatedAt === ''
-						? null
-						: new Date(APIKey.updatedAt).toLocaleString();
-
-				const items: CollapseProps['items'] = [
-					{
-						key: '1',
-						label: (
-							<div className="title-with-action">
-								<div className="api-key-data">
-									<div className="api-key-title">
-										<Typography.Text>{APIKey?.name}</Typography.Text>
-									</div>
-
-									<div className="api-key-value">
-										<Typography.Text>
-											{APIKey?.token.substring(0, 2)}********
-											{APIKey?.token.substring(APIKey.token.length - 2).trim()}
-										</Typography.Text>
-
-										<Copy
-											className="copy-key-btn"
-											size={12}
-											onClick={(e): void => {
-												e.stopPropagation();
-												e.preventDefault();
-												handleCopyKey(APIKey.token);
-											}}
-										/>
-									</div>
-
-									{APIKey.role === USER_ROLES.ADMIN && (
-										<Tooltip title={USER_ROLES.ADMIN}>
-											<Contact2 size={14} color={Color.BG_ROBIN_400} />
-										</Tooltip>
-									)}
-
-									{APIKey.role === USER_ROLES.EDITOR && (
-										<Tooltip title={USER_ROLES.EDITOR}>
-											<ClipboardEdit size={14} color={Color.BG_ROBIN_400} />
-										</Tooltip>
-									)}
-
-									{APIKey.role === USER_ROLES.VIEWER && (
-										<Tooltip title={USER_ROLES.VIEWER}>
-											<View size={14} color={Color.BG_ROBIN_400} />
-										</Tooltip>
-									)}
-
-									{!APIKey.role && (
-										<Tooltip title={USER_ROLES.ADMIN}>
-											<Contact2 size={14} color={Color.BG_ROBIN_400} />
-										</Tooltip>
-									)}
-								</div>
-								<div className="action-btn">
-									<Button
-										className="periscope-btn ghost"
-										icon={<PenLine size={14} />}
-										onClick={(e): void => {
-											e.stopPropagation();
-											e.preventDefault();
-											showEditModal(APIKey);
-										}}
-									/>
-
-									<Button
-										className="periscope-btn ghost"
-										icon={<Trash2 color={Color.BG_CHERRY_500} size={14} />}
-										onClick={(e): void => {
-											e.stopPropagation();
-											e.preventDefault();
-											showDeleteModal(APIKey);
-										}}
-									/>
-								</div>
-							</div>
-						),
-						children: (
-							<div className="api-key-info-container">
-								{APIKey?.createdByUser && (
-									<Row>
-										<Col span={6}> Creator </Col>
-										<Col span={12} className="user-info">
-											<Avatar className="user-avatar" size="small">
-												{APIKey?.createdByUser?.displayName?.substring(0, 1)}
-											</Avatar>
-
-											<Typography.Text>
-												{APIKey.createdByUser?.displayName}
-											</Typography.Text>
-
-											<div className="user-email">{APIKey.createdByUser?.email}</div>
-										</Col>
-									</Row>
-								)}
-								<Row>
-									<Col span={6}> Created on </Col>
-									<Col span={12}>
-										<Typography.Text>{createdOn}</Typography.Text>
-									</Col>
-								</Row>
-								{updatedOn && (
-									<Row>
-										<Col span={6}> Updated on </Col>
-										<Col span={12}>
-											<Typography.Text>{updatedOn}</Typography.Text>
-										</Col>
-									</Row>
-								)}
-
-								<Row>
-									<Col span={6}> Expires on </Col>
-									<Col span={12}>
-										<Typography.Text>{expiresOn}</Typography.Text>
-									</Col>
-								</Row>
-							</div>
-						),
-					},
-				];
-
-				return (
-					<div className="column-render">
-						<Collapse items={items} />
-
-						<div className="api-key-details">
-							<div className="api-key-last-used-at">
-								<CalendarClock size={14} />
-								Last used <Minus size={12} />
-								<Typography.Text>{formattedDateAndTime}</Typography.Text>
-							</div>
-
-							{!isExpired && expiresIn <= EXPIRATION_WITHIN_SEVEN_DAYS && (
-								<div
-									className={cx(
-										'api-key-expires-in',
-										expiresIn <= 3 ? 'danger' : 'warning',
-									)}
-								>
-									<span className="dot" /> Expires {dayjs().to(expiresOn)}
-								</div>
-							)}
-
-							{isExpired && (
-								<div className={cx('api-key-expires-in danger')}>
-									<span className="dot" /> Expired
-								</div>
-							)}
-						</div>
-					</div>
-				);
-			},
-		},
-	];
-
-	return (
-		<div className="api-key-container">
-			<div className="api-key-content">
-				<header>
-					<Typography.Title className="title">API Keys</Typography.Title>
-					<Typography.Text className="subtitle">
-						Create and manage API keys for the SigNoz API
-					</Typography.Text>
-				</header>
-
-				<div className="api-keys-search-add-new">
-					<Input
-						placeholder="Search for keys..."
-						prefix={<Search size={12} color={Color.BG_VANILLA_400} />}
-						value={searchValue}
-						onChange={handleSearch}
-					/>
-
-					<Button
-						className="add-new-api-key-btn"
-						type="primary"
-						onClick={showAddModal}
-					>
-						<Plus size={14} /> New Key
-					</Button>
-				</div>
-
-				<Table
-					columns={columns}
-					dataSource={dataSource}
-					loading={isLoading || isRefetching}
-					showHeader={false}
-					pagination={{
-						pageSize: 5,
-						hideOnSinglePage: true,
-						showTotal: (total: number, range: number[]): string =>
-							`${range[0]}-${range[1]} of ${total} keys`,
-					}}
-				/>
-			</div>
-
-			{/* Delete Key Modal */}
-			<Modal
-				className="delete-api-key-modal"
-				title={<span className="title">Delete Key</span>}
-				open={isDeleteModalOpen}
-				closable
-				afterClose={handleModalClose}
-				onCancel={hideDeleteViewModal}
-				destroyOnClose
-				footer={[
-					<Button
-						key="cancel"
-						onClick={hideDeleteViewModal}
-						className="cancel-btn"
-						icon={<X size={16} />}
-					>
-						Cancel
-					</Button>,
-					<Button
-						key="submit"
-						icon={<Trash2 size={16} />}
-						loading={isDeleteingAPIKey}
-						onClick={onDeleteHandler}
-						className="delete-btn"
-					>
-						Delete key
-					</Button>,
-				]}
-			>
-				<Typography.Text className="delete-text">
-					{t('delete_confirm_message', {
-						keyName: activeAPIKey?.name,
-					})}
-				</Typography.Text>
-			</Modal>
-
-			{/* Edit Key Modal */}
-			<Modal
-				className="api-key-modal"
-				title="Edit key"
-				open={isEditModalOpen}
-				key="edit-api-key-modal"
-				afterClose={handleModalClose}
-				// closable
-				onCancel={hideEditViewModal}
-				destroyOnClose
-				footer={[
-					<Button
-						key="cancel"
-						onClick={hideEditViewModal}
-						className="periscope-btn cancel-btn"
-						icon={<X size={16} />}
-					>
-						Cancel
-					</Button>,
-					<Button
-						className="periscope-btn primary"
-						key="submit"
-						type="primary"
-						loading={isLoadingUpdateAPIKey}
-						icon={<Check size={14} />}
-						onClick={onUpdateApiKey}
-					>
-						Update key
-					</Button>,
-				]}
-			>
-				<Form
-					name="edit-api-key-form"
-					key={activeAPIKey?.id}
-					form={editForm}
-					layout="vertical"
-					autoComplete="off"
-					initialValues={{
-						name: activeAPIKey?.name,
-						role: activeAPIKey?.role,
-					}}
-				>
-					<Form.Item
-						name="name"
-						label="Name"
-						rules={[{ required: true }, { type: 'string', min: 6 }]}
-					>
-						<Input placeholder="Enter Key Name" autoFocus />
-					</Form.Item>
-
-					<Form.Item name="role" label="Role">
-						<Flex vertical gap="middle">
-							<Radio.Group
-								buttonStyle="solid"
-								className="api-key-access-role"
-								defaultValue={activeAPIKey?.role}
-							>
-								<Radio.Button value={USER_ROLES.ADMIN} className={cx('tab')}>
-									<div className="role">
-										<Contact2 size={14} /> Admin
-									</div>
-								</Radio.Button>
-								<Radio.Button value={USER_ROLES.EDITOR} className={cx('tab')}>
-									<div className="role">
-										<ClipboardEdit size={14} /> Editor
-									</div>
-								</Radio.Button>
-								<Radio.Button value={USER_ROLES.VIEWER} className={cx('tab')}>
-									<div className="role">
-										<Eye size={14} /> Viewer
-									</div>
-								</Radio.Button>
-							</Radio.Group>
-						</Flex>
-					</Form.Item>
-				</Form>
-			</Modal>
-
-			{/* Create New Key Modal */}
-			<Modal
-				className="api-key-modal"
-				title="Create new key"
-				open={isAddModalOpen}
-				key="create-api-key-modal"
-				closable
-				onCancel={hideAddViewModal}
-				destroyOnClose
-				footer={
-					showNewAPIKeyDetails
-						? [
-								<Button
-									key="copy-key-close"
-									className="periscope-btn primary"
-									data-testid="copy-key-close-btn"
-									type="primary"
-									onClick={handleCopyClose}
-									icon={<Check size={12} />}
-								>
-									Copy key and close
-								</Button>,
-						  ]
-						: [
-								<Button
-									key="cancel"
-									onClick={hideAddViewModal}
-									className="periscope-btn cancel-btn"
-									icon={<X size={16} />}
-								>
-									Cancel
-								</Button>,
-								<Button
-									className="periscope-btn primary"
-									test-id="create-new-key"
-									key="submit"
-									type="primary"
-									icon={<Check size={14} />}
-									loading={isLoadingCreateAPIKey}
-									onClick={onCreateAPIKey}
-								>
-									Create new key
-								</Button>,
-						  ]
-				}
-			>
-				{!showNewAPIKeyDetails && (
-					<Form
-						key="createForm"
-						name="create-api-key-form"
-						form={createForm}
-						initialValues={{
-							role: USER_ROLES.ADMIN,
-							expiration: '1',
-							name: '',
-						}}
-						layout="vertical"
-						autoComplete="off"
-					>
-						<Form.Item
-							name="name"
-							label="Name"
-							rules={[{ required: true }, { type: 'string', min: 6 }]}
-							validateTrigger="onFinish"
-						>
-							<Input placeholder="Enter Key Name" autoFocus />
-						</Form.Item>
-
-						<Form.Item name="role" label="Role">
-							<Flex vertical gap="middle">
-								<Radio.Group
-									buttonStyle="solid"
-									className="api-key-access-role"
-									defaultValue={USER_ROLES.ADMIN}
-								>
-									<Radio.Button value={USER_ROLES.ADMIN} className={cx('tab')}>
-										<div className="role" data-testid="create-form-admin-role-btn">
-											<Contact2 size={14} /> Admin
-										</div>
-									</Radio.Button>
-									<Radio.Button value={USER_ROLES.EDITOR} className="tab">
-										<div className="role" data-testid="create-form-editor-role-btn">
-											<ClipboardEdit size={14} /> Editor
-										</div>
-									</Radio.Button>
-									<Radio.Button value={USER_ROLES.VIEWER} className="tab">
-										<div className="role" data-testid="create-form-viewer-role-btn">
-											<Eye size={14} /> Viewer
-										</div>
-									</Radio.Button>
-								</Radio.Group>
-							</Flex>
-						</Form.Item>
-						<Form.Item name="expiration" label="Expiration">
-							<Select
-								className="expiration-selector"
-								placeholder="Expiration"
-								options={API_KEY_EXPIRY_OPTIONS}
-							/>
-						</Form.Item>
-					</Form>
-				)}
-
-				{showNewAPIKeyDetails && (
-					<div className="api-key-info-container">
-						<Row>
-							<Col span={8}>Key</Col>
-							<Col span={16}>
-								<span className="copyable-text">
-									<Typography.Text>
-										{activeAPIKey?.token.substring(0, 2)}****************
-										{activeAPIKey?.token.substring(activeAPIKey.token.length - 2).trim()}
-									</Typography.Text>
-
-									<Copy
-										className="copy-key-btn"
-										size={12}
-										onClick={(): void => {
-											if (activeAPIKey) {
-												handleCopyKey(activeAPIKey.token);
-											}
-										}}
-									/>
-								</span>
-							</Col>
-						</Row>
-
-						<Row>
-							<Col span={8}>Name</Col>
-							<Col span={16}>{activeAPIKey?.name}</Col>
-						</Row>
-
-						<Row>
-							<Col span={8}>Role</Col>
-							<Col span={16}>
-								{activeAPIKey?.role === USER_ROLES.ADMIN && (
-									<div className="role">
-										<Contact2 size={14} /> Admin
-									</div>
-								)}
-								{activeAPIKey?.role === USER_ROLES.EDITOR && (
-									<div className="role">
-										{' '}
-										<ClipboardEdit size={14} /> Editor
-									</div>
-								)}
-								{activeAPIKey?.role === USER_ROLES.VIEWER && (
-									<div className="role">
-										{' '}
-										<View size={14} /> Viewer
-									</div>
-								)}
-							</Col>
-						</Row>
-
-						<Row>
-							<Col span={8}>Creator</Col>
-
-							<Col span={16} className="user-info">
-								<Avatar className="user-avatar" size="small">
-									{activeAPIKey?.createdByUser?.displayName?.substring(0, 1)}
-								</Avatar>
-
-								<Typography.Text>
-									{activeAPIKey?.createdByUser?.displayName}
-								</Typography.Text>
-
-								<div className="user-email">{activeAPIKey?.createdByUser?.email}</div>
-							</Col>
-						</Row>
-
-						{activeAPIKey?.createdAt && (
-							<Row>
-								<Col span={8}>Created on</Col>
-								<Col span={16}>
-									{new Date(activeAPIKey?.createdAt).toLocaleString()}
-								</Col>
-							</Row>
-						)}
-
-						{activeAPIKey?.expiresAt !== 0 && activeAPIKey?.expiresAt && (
-							<Row>
-								<Col span={8}>Expires on</Col>
-								<Col span={16}>{getFormattedTime(activeAPIKey?.expiresAt)}</Col>
-							</Row>
-						)}
-
-						{activeAPIKey?.expiresAt === 0 && (
-							<Row>
-								<Col span={8}>Expires on</Col>
-								<Col span={16}> No Expiry </Col>
-							</Row>
-						)}
-					</div>
-				)}
-			</Modal>
-		</div>
-	);
-}
-
-export default APIKeys;

frontend/src/container/Home/Home.tsx

@@ -16,7 +16,6 @@ import { ORG_PREFERENCES } from 'constants/orgPreferences';
 import { initialQueriesMap, PANEL_TYPES } from 'constants/queryBuilder';
 import { REACT_QUERY_KEY } from 'constants/reactQueryKeys';
 import ROUTES from 'constants/routes';
-import { IS_SERVICE_ACCOUNTS_ENABLED } from 'container/ServiceAccountsSettings/config';
 import { DEFAULT_TIME_RANGE } from 'container/TopNav/DateTimeSelectionV2/constants';
 import { useGetQueryRange } from 'hooks/queryBuilder/useGetQueryRange';
 import { useIsDarkMode } from 'hooks/useDarkMode';
@@ -265,23 +264,21 @@ export default function Home(): JSX.Element {
 
 	return (
 		<div className="home-container">
-			{IS_SERVICE_ACCOUNTS_ENABLED && (
-				<PersistedAnnouncementBanner
-					type="warning"
-					storageKey={LOCALSTORAGE.DISMISSED_API_KEYS_DEPRECATION_BANNER}
-					message={
-						<>
-							<strong>API Keys</strong> have been deprecated and replaced by{' '}
-							<strong>Service Accounts</strong>. Please migrate to Service Accounts for
-							programmatic API access.
-						</>
-					}
-					action={{
-						label: 'Go to Service Accounts',
-						onClick: (): void => history.push(ROUTES.SERVICE_ACCOUNTS_SETTINGS),
-					}}
-				/>
-			)}
+			<PersistedAnnouncementBanner
+				type="warning"
+				storageKey={LOCALSTORAGE.DISMISSED_API_KEYS_DEPRECATION_BANNER}
+				message={
+					<>
+						<strong>API Keys</strong> have been deprecated and replaced by{' '}
+						<strong>Service Accounts</strong>. Please migrate to Service Accounts for
+						programmatic API access.
+					</>
+				}
+				action={{
+					label: 'Go to Service Accounts',
+					onClick: (): void => history.push(ROUTES.SERVICE_ACCOUNTS_SETTINGS),
+				}}
+			/>
 
 			<div className="sticky-header">
 				<Header

frontend/src/container/LogDetailedView/TableView/TableViewActions.tsx

@@ -284,6 +284,15 @@ export default function TableViewActions(
 				error,
 			);
 		}
+		// If the value is valid JSON (object or array), pretty-print it for copying
+		try {
+			const parsed = JSON.parse(text);
+			if (typeof parsed === 'object' && parsed !== null) {
+				return JSON.stringify(parsed, null, 2);
+			}
+		} catch {
+			// not JSON, return as-is
+		}
 		return text;
 	}, [fieldData.value]);
 

frontend/src/container/MembersSettings/MembersSettings.tsx

@@ -1,17 +1,15 @@
 import { useCallback, useEffect, useMemo, useState } from 'react';
-import { useQuery } from 'react-query';
 import { useHistory } from 'react-router-dom';
 import { Button } from '@signozhq/button';
 import { Check, ChevronDown, Plus } from '@signozhq/icons';
 import { Input } from '@signozhq/input';
 import type { MenuProps } from 'antd';
 import { Dropdown } from 'antd';
-import getAll from 'api/v1/user/get';
+import { useListUsers } from 'api/generated/services/users';
 import EditMemberDrawer from 'components/EditMemberDrawer/EditMemberDrawer';
 import InviteMembersModal from 'components/InviteMembersModal/InviteMembersModal';
 import MembersTable, { MemberRow } from 'components/MembersTable/MembersTable';
 import useUrlQuery from 'hooks/useUrlQuery';
-import { useAppContext } from 'providers/App/App';
 import { toISOString } from 'utils/app';
 
 import { FilterMode, MemberStatus, toMemberStatus } from './utils';
@@ -21,7 +19,6 @@ import './MembersSettings.styles.scss';
 const PAGE_SIZE = 20;
 
 function MembersSettings(): JSX.Element {
-	const { org } = useAppContext();
 	const history = useHistory();
 	const urlQuery = useUrlQuery();
 
@@ -34,18 +31,14 @@ function MembersSettings(): JSX.Element {
 	const [isInviteModalOpen, setIsInviteModalOpen] = useState(false);
 	const [selectedMember, setSelectedMember] = useState<MemberRow | null>(null);
 
-	const { data: usersData, isLoading, refetch: refetchUsers } = useQuery({
-		queryFn: getAll,
-		queryKey: ['getOrgUser', org?.[0]?.id],
-	});
+	const { data: usersData, isLoading, refetch: refetchUsers } = useListUsers();
 
 	const allMembers = useMemo(
 		(): MemberRow[] =>
 			(usersData?.data ?? []).map((user) => ({
 				id: user.id,
 				name: user.displayName,
-				email: user.email,
-				role: user.role,
+				email: user.email ?? '',
 				status: toMemberStatus(user.status ?? ''),
 				joinedOn: toISOString(user.createdAt),
 				updatedAt: toISOString(user?.updatedAt),
@@ -64,9 +57,7 @@ function MembersSettings(): JSX.Element {
 			const q = searchQuery.toLowerCase();
 			result = result.filter(
 				(m) =>
-					m?.name?.toLowerCase().includes(q) ||
-					m.email.toLowerCase().includes(q) ||
-					m.role.toLowerCase().includes(q),
+					m?.name?.toLowerCase().includes(q) || m.email.toLowerCase().includes(q),
 			);
 		}
 
@@ -148,7 +139,6 @@ function MembersSettings(): JSX.Element {
 
 	const handleMemberEditComplete = useCallback((): void => {
 		refetchUsers();
-		setSelectedMember(null);
 	}, [refetchUsers]);
 
 	return (
@@ -181,7 +171,7 @@ function MembersSettings(): JSX.Element {
 					<div className="members-settings__search">
 						<Input
 							type="search"
-							placeholder="Search by name, email, or role..."
+							placeholder="Search by name or email..."
 							value={searchQuery}
 							onChange={(e): void => {
 								setSearchQuery(e.target.value);

frontend/src/container/MembersSettings/__tests__/MembersSettings.integration.test.tsx

@@ -1,6 +1,6 @@
+import type { TypesUserDTO } from 'api/generated/services/sigNoz.schemas';
 import { rest, server } from 'mocks-server/server';
 import { render, screen, userEvent } from 'tests/test-utils';
-import { UserResponse } from 'types/api/user/getUser';
 
 import MembersSettings from '../MembersSettings';
 
@@ -11,47 +11,39 @@ jest.mock('@signozhq/sonner', () => ({
 	},
 }));
 
-const USERS_ENDPOINT = '*/api/v1/user';
+const USERS_ENDPOINT = '*/api/v2/users';
 
-const mockUsers: UserResponse[] = [
+const mockUsers: TypesUserDTO[] = [
 	{
 		id: 'user-1',
 		displayName: 'Alice Smith',
 		email: 'alice@signoz.io',
-		role: 'ADMIN',
 		status: 'active',
-		createdAt: '2024-01-01T00:00:00.000Z',
-		organization: 'TestOrg',
+		createdAt: new Date('2024-01-01T00:00:00.000Z'),
 		orgId: 'org-1',
 	},
 	{
 		id: 'user-2',
 		displayName: 'Bob Jones',
 		email: 'bob@signoz.io',
-		role: 'VIEWER',
 		status: 'active',
-		createdAt: '2024-01-02T00:00:00.000Z',
-		organization: 'TestOrg',
+		createdAt: new Date('2024-01-02T00:00:00.000Z'),
 		orgId: 'org-1',
 	},
 	{
 		id: 'inv-1',
 		displayName: '',
 		email: 'charlie@signoz.io',
-		role: 'EDITOR',
 		status: 'pending_invite',
-		createdAt: '2024-01-03T00:00:00.000Z',
-		organization: 'TestOrg',
+		createdAt: new Date('2024-01-03T00:00:00.000Z'),
 		orgId: 'org-1',
 	},
 	{
 		id: 'user-3',
 		displayName: 'Dave Deleted',
 		email: 'dave@signoz.io',
-		role: 'VIEWER',
 		status: 'deleted',
-		createdAt: '2024-01-04T00:00:00.000Z',
-		organization: 'TestOrg',
+		createdAt: new Date('2024-01-04T00:00:00.000Z'),
 		orgId: 'org-1',
 	},
 ];
@@ -106,7 +98,7 @@ describe('MembersSettings (integration)', () => {
 		await screen.findByText('Alice Smith');
 
 		await user.type(
-			screen.getByPlaceholderText(/Search by name, email, or role/i),
+			screen.getByPlaceholderText(/Search by name or email/i),
 			'bob',
 		);
 

frontend/src/container/MySettings/UserInfo/index.tsx

@@ -2,8 +2,8 @@ import { useState } from 'react';
 import { useTranslation } from 'react-i18next';
 import { Button, Input, Modal, Typography } from 'antd';
 import logEvent from 'api/common/logEvent';
+import { useUpdateMyUserV2 } from 'api/generated/services/users';
 import changeMyPassword from 'api/v1/factor_password/changeMyPassword';
-import editUser from 'api/v1/user/id/update';
 import { useNotifications } from 'hooks/useNotifications';
 import { Check, FileTerminal, MailIcon, UserIcon } from 'lucide-react';
 import { useAppContext } from 'providers/App/App';
@@ -17,6 +17,7 @@ function UserInfo(): JSX.Element {
 	const { t } = useTranslation(['routes', 'settings', 'common']);
 
 	const { notifications } = useNotifications();
+	const { mutateAsync: updateMyUser } = useUpdateMyUserV2();
 
 	const [currentPassword, setCurrentPassword] = useState<string>('');
 	const [updatePassword, setUpdatePassword] = useState<string>('');
@@ -92,10 +93,7 @@ function UserInfo(): JSX.Element {
 		);
 		try {
 			setIsLoading(true);
-			await editUser({
-				displayName: changedName,
-				userId: user.id,
-			});
+			await updateMyUser({ data: { displayName: changedName } });
 
 			notifications.success({
 				message: t('success', {

frontend/src/container/MySettings/__tests__/MySettings.test.tsx

@@ -22,9 +22,12 @@ jest.mock('react-use', () => ({
 	],
 }));
 
-jest.mock('api/v1/user/id/update', () => ({
-	__esModule: true,
-	default: (...args: unknown[]): Promise<unknown> => editUserFn(...args),
+jest.mock('api/generated/services/users', () => ({
+	...jest.requireActual('api/generated/services/users'),
+	useUpdateMyUserV2: jest.fn(() => ({
+		mutateAsync: (...args: unknown[]): Promise<unknown> => editUserFn(...args),
+		isLoading: false,
+	})),
 }));
 
 jest.mock('hooks/useDarkMode', () => ({

frontend/src/container/OrganizationSettings/DisplayName/index.tsx

@@ -1,8 +1,10 @@
-import { useState } from 'react';
 import { useTranslation } from 'react-i18next';
+import { toast } from '@signozhq/sonner';
 import { Button, Form, Input } from 'antd';
-import editOrg from 'api/organization/editOrg';
-import { useNotifications } from 'hooks/useNotifications';
+import { convertToApiError } from 'api/ErrorResponseHandlerForGeneratedAPIs';
+import { useUpdateMyOrganization } from 'api/generated/services/orgs';
+import type { RenderErrorResponseDTO } from 'api/generated/services/sigNoz.schemas';
+import { AxiosError } from 'axios';
 import { useAppContext } from 'providers/App/App';
 import { IUser } from 'providers/App/types';
 import { requireErrorMessage } from 'utils/form/requireErrorMessage';
@@ -14,42 +16,34 @@ function DisplayName({ index, id: orgId }: DisplayNameProps): JSX.Element {
 	const { t } = useTranslation(['organizationsettings', 'common']);
 	const { org, updateOrg } = useAppContext();
 	const { displayName } = (org || [])[index];
-	const [isLoading, setIsLoading] = useState<boolean>(false);
-	const { notifications } = useNotifications();
+
+	const {
+		mutateAsync: updateMyOrganization,
+		isLoading,
+	} = useUpdateMyOrganization({
+		mutation: {
+			onSuccess: (_, { data }) => {
+				toast.success(t('success', { ns: 'common' }), {
+					richColors: true,
+					position: 'top-right',
+				});
+				updateOrg(orgId, data.displayName ?? '');
+			},
+			onError: (error) => {
+				const apiError = convertToApiError(
+					error as AxiosError<RenderErrorResponseDTO>,
+				);
+				toast.error(
+					apiError?.getErrorMessage() ?? t('something_went_wrong', { ns: 'common' }),
+					{ richColors: true, position: 'top-right' },
+				);
+			},
+		},
+	});
 
 	const onSubmit = async (values: FormValues): Promise<void> => {
-		try {
-			setIsLoading(true);
-			const { displayName } = values;
-			const { statusCode, error } = await editOrg({
-				displayName,
-				orgId,
-			});
-			if (statusCode === 204) {
-				notifications.success({
-					message: t('success', {
-						ns: 'common',
-					}),
-				});
-				updateOrg(orgId, displayName);
-			} else {
-				notifications.error({
-					message:
-						error ||
-						t('something_went_wrong', {
-							ns: 'common',
-						}),
-				});
-			}
-			setIsLoading(false);
-		} catch (error) {
-			setIsLoading(false);
-			notifications.error({
-				message: t('something_went_wrong', {
-					ns: 'common',
-				}),
-			});
-		}
+		const { displayName } = values;
+		await updateMyOrganization({ data: { id: orgId, displayName } });
 	};
 
 	if (!org) {

frontend/src/container/ServiceAccountsSettings/ServiceAccountsSettings.tsx

@@ -1,18 +1,10 @@
 import { useCallback, useEffect, useMemo } from 'react';
-import { useQueryClient } from 'react-query';
 import { Button } from '@signozhq/button';
 import { Check, ChevronDown, Plus } from '@signozhq/icons';
 import { Input } from '@signozhq/input';
 import type { MenuProps } from 'antd';
 import { Dropdown } from 'antd';
-import {
-	getGetServiceAccountQueryKey,
-	useListServiceAccounts,
-} from 'api/generated/services/serviceaccount';
-import type {
-	GetServiceAccount200,
-	ListServiceAccounts200,
-} from 'api/generated/services/sigNoz.schemas';
+import { useListServiceAccounts } from 'api/generated/services/serviceaccount';
 import CreateServiceAccountModal from 'components/CreateServiceAccountModal/CreateServiceAccountModal';
 import ErrorInPlace from 'components/ErrorInPlace/ErrorInPlace';
 import ServiceAccountDrawer from 'components/ServiceAccountDrawer/ServiceAccountDrawer';
@@ -59,29 +51,13 @@ function ServiceAccountsSettings(): JSX.Element {
 		parseAsBoolean.withDefault(false),
 	);
 
-	const queryClient = useQueryClient();
-
-	const seedAccountCache = useCallback(
-		(data: ListServiceAccounts200) => {
-			data.data.forEach((account) => {
-				queryClient.setQueryData<GetServiceAccount200>(
-					getGetServiceAccountQueryKey({ id: account.id }),
-					(old) => old ?? { data: account, status: data.status },
-				);
-			});
-		},
-		[queryClient],
-	);
-
 	const {
 		data: serviceAccountsData,
 		isLoading,
 		isError,
 		error,
 		refetch: handleCreateSuccess,
-	} = useListServiceAccounts({
-		query: { onSuccess: seedAccountCache },
-	});
+	} = useListServiceAccounts();
 
 	const allAccounts = useMemo(
 		(): ServiceAccountRow[] =>
@@ -97,10 +73,10 @@ function ServiceAccountsSettings(): JSX.Element {
 		[allAccounts],
 	);
 
-	const disabledCount = useMemo(
+	const deletedCount = useMemo(
 		() =>
 			allAccounts.filter(
-				(a) => a.status?.toUpperCase() !== ServiceAccountStatus.Active,
+				(a) => a.status?.toUpperCase() === ServiceAccountStatus.Deleted,
 			).length,
 		[allAccounts],
 	);
@@ -112,9 +88,9 @@ function ServiceAccountsSettings(): JSX.Element {
 			result = result.filter(
 				(a) => a.status?.toUpperCase() === ServiceAccountStatus.Active,
 			);
-		} else if (filterMode === FilterMode.Disabled) {
+		} else if (filterMode === FilterMode.Deleted) {
 			result = result.filter(
-				(a) => a.status?.toUpperCase() !== ServiceAccountStatus.Active,
+				(a) => a.status?.toUpperCase() === ServiceAccountStatus.Deleted,
 			);
 		}
 
@@ -122,9 +98,7 @@ function ServiceAccountsSettings(): JSX.Element {
 			const q = searchQuery.trim().toLowerCase();
 			result = result.filter(
 				(a) =>
-					a.name?.toLowerCase().includes(q) ||
-					a.email?.toLowerCase().includes(q) ||
-					a.roles?.some((role: string) => role.toLowerCase().includes(q)),
+					a.name?.toLowerCase().includes(q) || a.email?.toLowerCase().includes(q),
 			);
 		}
 
@@ -174,15 +148,15 @@ function ServiceAccountsSettings(): JSX.Element {
 			},
 		},
 		{
-			key: FilterMode.Disabled,
+			key: FilterMode.Deleted,
 			label: (
 				<div className="sa-settings-filter-option">
-					<span>Disabled ⎯ {disabledCount}</span>
-					{filterMode === FilterMode.Disabled && <Check size={14} />}
+					<span>Deleted ⎯ {deletedCount}</span>
+					{filterMode === FilterMode.Deleted && <Check size={14} />}
 				</div>
 			),
 			onClick: (): void => {
-				setFilterMode(FilterMode.Disabled);
+				setFilterMode(FilterMode.Deleted);
 				setPage(1);
 			},
 		},
@@ -192,8 +166,8 @@ function ServiceAccountsSettings(): JSX.Element {
 		switch (filterMode) {
 			case FilterMode.Active:
 				return `Active ⎯ ${activeCount}`;
-			case FilterMode.Disabled:
-				return `Disabled ⎯ ${disabledCount}`;
+			case FilterMode.Deleted:
+				return `Deleted ⎯ ${deletedCount}`;
 			default:
 				return `All accounts ⎯ ${totalCount}`;
 		}

frontend/src/container/ServiceAccountsSettings/__tests__/ServiceAccountsSettings.integration.test.tsx

@@ -2,7 +2,7 @@ import type { ReactNode } from 'react';
 import { listRolesSuccessResponse } from 'mocks-server/__mockdata__/roles';
 import { rest, server } from 'mocks-server/server';
 import { NuqsTestingAdapter } from 'nuqs/adapters/testing';
-import { render, screen, userEvent } from 'tests/test-utils';
+import { render, screen, userEvent, waitFor } from 'tests/test-utils';
 
 import ServiceAccountsSettings from '../ServiceAccountsSettings';
 
@@ -149,7 +149,7 @@ describe('ServiceAccountsSettings (integration)', () => {
 		);
 
 		expect(
-			await screen.findByRole('button', { name: /Disable Service Account/i }),
+			await screen.findByRole('button', { name: /Delete Service Account/i }),
 		).toBeInTheDocument();
 	});
 
@@ -187,14 +187,16 @@ describe('ServiceAccountsSettings (integration)', () => {
 		await user.click(screen.getByRole('button', { name: /Save Changes/i }));
 
 		await screen.findByDisplayValue('CI Bot Updated');
-		expect(listRefetchSpy).toHaveBeenCalled();
+		await waitFor(() => {
+			expect(listRefetchSpy).toHaveBeenCalled();
+		});
 	});
 
 	it('"New Service Account" button opens the Create Service Account modal', async () => {
 		const user = userEvent.setup({ pointerEventsCheck: 0 });
 
 		render(
-			<NuqsTestingAdapter>
+			<NuqsTestingAdapter hasMemory>
 				<ServiceAccountsSettings />
 			</NuqsTestingAdapter>,
 		);

frontend/src/container/ServiceAccountsSettings/config.ts

@@ -1 +0,0 @@
-export const IS_SERVICE_ACCOUNTS_ENABLED = false;

frontend/src/container/ServiceAccountsSettings/constants.ts

@@ -9,5 +9,5 @@ export const SA_QUERY_PARAMS = {
 	ADD_KEY: 'add-key',
 	EDIT_KEY: 'edit-key',
 	REVOKE_KEY: 'revoke-key',
-	DISABLE_SA: 'disable-sa',
+	DELETE_SA: 'delete-sa',
 } as const;

frontend/src/container/ServiceAccountsSettings/utils.ts

@@ -8,7 +8,6 @@ export function toServiceAccountRow(
 		id: sa.id,
 		name: sa.name,
 		email: sa.email,
-		roles: sa.roles,
 		status: sa.status,
 		createdAt: toISOString(sa.createdAt),
 		updatedAt: toISOString(sa.updatedAt),
@@ -18,19 +17,18 @@ export function toServiceAccountRow(
 export enum FilterMode {
 	All = 'all',
 	Active = 'active',
-	Disabled = 'disabled',
+	Deleted = 'deleted',
 }
 
 export enum ServiceAccountStatus {
 	Active = 'ACTIVE',
-	Disabled = 'DISABLED',
+	Deleted = 'DELETED',
 }
 
 export interface ServiceAccountRow {
 	id: string;
 	name: string;
 	email: string;
-	roles: string[];
 	status: string;
 	createdAt: string | null;
 	updatedAt: string | null;

frontend/src/container/SideNav/SideNav.tsx

@@ -692,9 +692,6 @@ function SideNav({ isPinned }: { isPinned: boolean }): JSX.Element {
 		registerShortcut(GlobalShortcuts.NavigateToSettingsBilling, () =>
 			onClickHandler(ROUTES.BILLING, null),
 		);
-		registerShortcut(GlobalShortcuts.NavigateToSettingsAPIKeys, () =>
-			onClickHandler(ROUTES.API_KEYS, null),
-		);
 		registerShortcut(GlobalShortcuts.NavigateToSettingsNotificationChannels, () =>
 			onClickHandler(ROUTES.ALL_CHANNELS, null),
 		);
@@ -720,7 +717,6 @@ function SideNav({ isPinned }: { isPinned: boolean }): JSX.Element {
 			deregisterShortcut(GlobalShortcuts.NavigateToSettings);
 			deregisterShortcut(GlobalShortcuts.NavigateToSettingsIngestion);
 			deregisterShortcut(GlobalShortcuts.NavigateToSettingsBilling);
-			deregisterShortcut(GlobalShortcuts.NavigateToSettingsAPIKeys);
 			deregisterShortcut(GlobalShortcuts.NavigateToSettingsNotificationChannels);
 			deregisterShortcut(GlobalShortcuts.NavigateToLogsPipelines);
 			deregisterShortcut(GlobalShortcuts.NavigateToLogsViews);

frontend/src/container/SideNav/menuItems.tsx

@@ -19,7 +19,6 @@ import {
 	Github,
 	HardDrive,
 	Home,
-	Key,
 	Keyboard,
 	Layers2,
 	LayoutGrid,
@@ -366,13 +365,6 @@ export const settingsNavSections: SettingsNavSection[] = [
 				isEnabled: false,
 				itemKey: 'service-accounts',
 			},
-			{
-				key: ROUTES.API_KEYS,
-				label: 'API Keys',
-				icon: <Key size={16} />,
-				isEnabled: false,
-				itemKey: 'api-keys',
-			},
 			{
 				key: ROUTES.INGESTION_SETTINGS,
 				label: 'Ingestion',

frontend/src/container/TopNav/DateTimeSelectionV2/constants.ts

@@ -158,7 +158,6 @@ export const routesToSkip = [
 	ROUTES.MEMBERS_SETTINGS,
 	ROUTES.SERVICE_ACCOUNTS_SETTINGS,
 	ROUTES.INGESTION_SETTINGS,
-	ROUTES.API_KEYS,
 	ROUTES.ERROR_DETAIL,
 	ROUTES.LOGS_PIPELINES,
 	ROUTES.BILLING,

frontend/src/hooks/APIKeys/useGetAllAPIKeys.ts

@@ -1,14 +0,0 @@
-import { useQuery, UseQueryResult } from 'react-query';
-import list from 'api/v1/pats/list';
-import { SuccessResponseV2 } from 'types/api';
-import APIError from 'types/api/error';
-import { APIKeyProps } from 'types/api/pat/types';
-
-export const useGetAllAPIKeys = (): UseQueryResult<
-	SuccessResponseV2<APIKeyProps[]>,
-	APIError
-> =>
-	useQuery<SuccessResponseV2<APIKeyProps[]>, APIError>({
-		queryKey: ['APIKeys'],
-		queryFn: () => list(),
-	});

frontend/src/hooks/member/useMemberRoleManager.ts

@@ -0,0 +1,101 @@
+import { useCallback, useMemo } from 'react';
+import type { AuthtypesRoleDTO } from 'api/generated/services/sigNoz.schemas';
+import {
+	useGetUser,
+	useRemoveUserRoleByUserIDAndRoleID,
+	useSetRoleByUserID,
+} from 'api/generated/services/users';
+
+export interface MemberRoleUpdateFailure {
+	roleName: string;
+	error: unknown;
+	onRetry: () => Promise<void>;
+}
+
+interface UseMemberRoleManagerResult {
+	fetchedRoleIds: string[];
+	isLoading: boolean;
+	applyDiff: (
+		localRoleIds: string[],
+		availableRoles: AuthtypesRoleDTO[],
+	) => Promise<MemberRoleUpdateFailure[]>;
+}
+
+export function useMemberRoleManager(
+	userId: string,
+	enabled: boolean,
+): UseMemberRoleManagerResult {
+	const { data: fetchedUser, isLoading } = useGetUser(
+		{ id: userId },
+		{ query: { enabled: !!userId && enabled } },
+	);
+
+	const currentUserRoles = useMemo(() => fetchedUser?.data?.userRoles ?? [], [
+		fetchedUser,
+	]);
+
+	const fetchedRoleIds = useMemo(
+		() =>
+			currentUserRoles
+				.map((ur) => ur.role?.id ?? ur.roleId)
+				.filter((id): id is string => Boolean(id)),
+		[currentUserRoles],
+	);
+
+	const { mutateAsync: setRole } = useSetRoleByUserID();
+	const { mutateAsync: removeRole } = useRemoveUserRoleByUserIDAndRoleID();
+
+	const applyDiff = useCallback(
+		async (
+			localRoleIds: string[],
+			availableRoles: AuthtypesRoleDTO[],
+		): Promise<MemberRoleUpdateFailure[]> => {
+			const currentRoleIdSet = new Set(fetchedRoleIds);
+			const desiredRoleIdSet = new Set(localRoleIds.filter(Boolean));
+
+			const toRemove = currentUserRoles.filter((ur) => {
+				const id = ur.role?.id ?? ur.roleId;
+				return id && !desiredRoleIdSet.has(id);
+			});
+			const toAdd = availableRoles.filter(
+				(r) => r.id && desiredRoleIdSet.has(r.id) && !currentRoleIdSet.has(r.id),
+			);
+
+			const allOps = [
+				...toRemove.map((ur) => ({
+					roleName: ur.role?.name ?? 'unknown',
+					run: (): ReturnType<typeof removeRole> =>
+						removeRole({
+							pathParams: {
+								id: userId,
+								roleId: ur.role?.id ?? ur.roleId ?? '',
+							},
+						}),
+				})),
+				...toAdd.map((role) => ({
+					roleName: role.name ?? 'unknown',
+					run: (): ReturnType<typeof setRole> =>
+						setRole({
+							pathParams: { id: userId },
+							data: { name: role.name ?? '' },
+						}),
+				})),
+			];
+
+			const results = await Promise.allSettled(allOps.map((op) => op.run()));
+
+			const failures: MemberRoleUpdateFailure[] = [];
+			results.forEach((result, i) => {
+				if (result.status === 'rejected') {
+					const { roleName, run } = allOps[i];
+					failures.push({ roleName, error: result.reason, onRetry: run });
+				}
+			});
+
+			return failures;
+		},
+		[userId, fetchedRoleIds, currentUserRoles, setRole, removeRole],
+	);
+
+	return { fetchedRoleIds, isLoading, applyDiff };
+}

frontend/src/hooks/serviceAccount/useServiceAccountRoleManager.ts

@@ -0,0 +1,113 @@
+import { useCallback, useMemo } from 'react';
+import { useQueryClient } from 'react-query';
+import {
+	getGetServiceAccountRolesQueryKey,
+	useCreateServiceAccountRole,
+	useDeleteServiceAccountRole,
+	useGetServiceAccountRoles,
+} from 'api/generated/services/serviceaccount';
+import type { AuthtypesRoleDTO } from 'api/generated/services/sigNoz.schemas';
+
+export interface RoleUpdateFailure {
+	roleName: string;
+	error: unknown;
+	onRetry: () => Promise<void>;
+}
+
+interface UseServiceAccountRoleManagerResult {
+	currentRoles: AuthtypesRoleDTO[];
+	isLoading: boolean;
+	applyDiff: (
+		localRoleIds: string[],
+		availableRoles: AuthtypesRoleDTO[],
+	) => Promise<RoleUpdateFailure[]>;
+}
+
+export function useServiceAccountRoleManager(
+	accountId: string,
+): UseServiceAccountRoleManagerResult {
+	const queryClient = useQueryClient();
+
+	const { data, isLoading } = useGetServiceAccountRoles({ id: accountId });
+
+	const currentRoles = useMemo<AuthtypesRoleDTO[]>(() => data?.data ?? [], [
+		data?.data,
+	]);
+
+	// the retry for these mutations is safe due to being idempotent on backend
+	const { mutateAsync: createRole } = useCreateServiceAccountRole();
+	const { mutateAsync: deleteRole } = useDeleteServiceAccountRole();
+
+	const invalidateRoles = useCallback(
+		() =>
+			queryClient.invalidateQueries(
+				getGetServiceAccountRolesQueryKey({ id: accountId }),
+			),
+		[accountId, queryClient],
+	);
+
+	const applyDiff = useCallback(
+		async (
+			localRoleIds: string[],
+			availableRoles: AuthtypesRoleDTO[],
+		): Promise<RoleUpdateFailure[]> => {
+			const currentRoleIds = new Set(
+				currentRoles.map((r) => r.id).filter(Boolean),
+			);
+			const desiredRoleIds = new Set(
+				localRoleIds.filter((id) => id != null && id !== ''),
+			);
+
+			const addedRoles = availableRoles.filter(
+				(r) => r.id && desiredRoleIds.has(r.id) && !currentRoleIds.has(r.id),
+			);
+
+			const removedRoles = currentRoles.filter(
+				(r) => r.id && !desiredRoleIds.has(r.id),
+			);
+
+			const allOperations = [
+				...addedRoles.map((role) => ({
+					role,
+					run: (): ReturnType<typeof createRole> =>
+						createRole({ pathParams: { id: accountId }, data: { id: role.id } }),
+				})),
+				...removedRoles.map((role) => ({
+					role,
+					run: (): ReturnType<typeof deleteRole> =>
+						deleteRole({ pathParams: { id: accountId, rid: role.id } }),
+				})),
+			];
+
+			const results = await Promise.allSettled(
+				allOperations.map((op) => op.run()),
+			);
+
+			await invalidateRoles();
+
+			const failures: RoleUpdateFailure[] = [];
+			results.forEach((result, index) => {
+				if (result.status === 'rejected') {
+					const { role, run } = allOperations[index];
+					failures.push({
+						roleName: role.name ?? 'unknown',
+						error: result.reason,
+						onRetry: async (): Promise<void> => {
+							await run();
+							await invalidateRoles();
+						},
+					});
+				}
+			});
+
+			return failures;
+		},
+		[accountId, currentRoles, createRole, deleteRole, invalidateRoles],
+	);
+
+	return {
+		currentRoles,
+		isLoading,
+		applyDiff,
+	};
+}

frontend/src/hooks/user/useGetUser.ts

@@ -1,15 +0,0 @@
-import { useQuery, UseQueryResult } from 'react-query';
-import getUser from 'api/v1/user/id/get';
-import { SuccessResponseV2 } from 'types/api';
-import { UserResponse } from 'types/api/user/getUser';
-
-const useGetUser = (userId: string, isLoggedIn: boolean): UseGetUser =>
-	useQuery({
-		queryFn: () => getUser({ userId }),
-		queryKey: [userId],
-		enabled: !!userId && !!isLoggedIn,
-	});
-
-type UseGetUser = UseQueryResult<SuccessResponseV2<UserResponse>, unknown>;
-
-export default useGetUser;

frontend/src/mocks-server/__mockdata__/apiKeys.ts

@@ -1,541 +0,0 @@
-const createdByEmail = 'mando@signoz.io';
-
-export const getAPIKeysResponse = {
-	status: 'success',
-	data: [
-		{
-			id: '26',
-			userId: 'mandalorian',
-			createdByUser: {
-				id: '001',
-				name: 'Mando',
-				email: createdByEmail,
-				createdAt: 1707974098,
-				profilePictureURL: '',
-				notFound: false,
-			},
-			updatedByUser: {
-				id: '',
-				name: '',
-				email: '',
-				createdAt: 0,
-				profilePictureURL: '',
-				notFound: true,
-			},
-			token: 'T2DuASwpuUx3wlYraFl5r7N9G1ikBhzGuy2ihcIKDMs=',
-			role: 'ADMIN',
-			name: '1 Day Old',
-			createdAt: 1708010258,
-			expiresAt: 1708096658,
-			updatedAt: 1708010258,
-			lastUsed: 0,
-			revoked: false,
-			updatedByUserId: '',
-		},
-		{
-			id: '24',
-			userId: 'mandalorian',
-			createdByUser: {
-				id: '001',
-				name: 'Mando',
-				email: createdByEmail,
-				createdAt: 1707974098,
-				profilePictureURL: '',
-				notFound: false,
-			},
-			updatedByUser: {
-				id: '001',
-				name: 'Mando',
-				email: createdByEmail,
-				createdAt: 1707974098,
-				profilePictureURL: '',
-				notFound: false,
-			},
-			token: 'EteVs77BA4FFLJD/TsFE9c+CLX4kXVmlx+0GGK7dpXY=',
-			role: 'ADMIN',
-			name: '1 year expiry - updated',
-			createdAt: 1708008146,
-			expiresAt: 1739544146,
-			updatedAt: 1708008239,
-			lastUsed: 0,
-			revoked: false,
-			updatedByUserId: 'mandalorian',
-		},
-		{
-			id: '25',
-			userId: 'mandalorian',
-			createdByUser: {
-				id: '001',
-				name: 'Mando',
-				email: createdByEmail,
-				createdAt: 1707974098,
-				profilePictureURL: '',
-				notFound: false,
-			},
-			updatedByUser: {
-				id: '001',
-				name: 'Mando',
-				email: createdByEmail,
-				createdAt: 1707974098,
-				profilePictureURL: '',
-				notFound: false,
-			},
-			token: '1udrUFmRI6gdb8r/hLabS7zRlgfMQlUw/tz9sac82pE=',
-			role: 'ADMIN',
-			name: 'No Expiry Key',
-			createdAt: 1708008178,
-			expiresAt: 0,
-			updatedAt: 1708008190,
-			lastUsed: 0,
-			revoked: false,
-			updatedByUserId: 'mandalorian',
-		},
-		{
-			id: '22',
-			userId: 'mandalorian',
-			createdByUser: {
-				id: '001',
-				name: 'Mando',
-				email: createdByEmail,
-				createdAt: 1707974098,
-				profilePictureURL: '',
-				notFound: false,
-			},
-			updatedByUser: {
-				id: '001',
-				name: 'Mando',
-				email: createdByEmail,
-				createdAt: 1707974098,
-				profilePictureURL: '',
-				notFound: false,
-			},
-			token: 'gtqKF7g7avoe+Yu2+WhyDDLQSr6IsVaR5xpby2XhLAY=',
-			role: 'VIEWER',
-			name: 'No Expiry',
-			createdAt: 1708007395,
-			expiresAt: 0,
-			updatedAt: 1708007936,
-			lastUsed: 0,
-			revoked: false,
-			updatedByUserId: 'mandalorian',
-		},
-		{
-			id: '23',
-			userId: 'mandalorian',
-			createdByUser: {
-				id: '001',
-				name: 'Mando',
-				email: createdByEmail,
-				createdAt: 1707974098,
-				profilePictureURL: '',
-				notFound: false,
-			},
-			updatedByUser: {
-				id: '001',
-				name: 'Mando',
-				email: createdByEmail,
-				createdAt: 1707974098,
-				profilePictureURL: '',
-				notFound: false,
-			},
-			token: 'GM/TqEID8N4ynlvQHK38ITEvRAcn5XkJZpmd11xT3OQ=',
-			role: 'VIEWER',
-			name: 'No Expiry - 2',
-			createdAt: 1708007685,
-			expiresAt: 0,
-			updatedAt: 1708007786,
-			lastUsed: 0,
-			revoked: false,
-			updatedByUserId: 'mandalorian',
-		},
-		{
-			id: '19',
-			userId: 'mandalorian',
-			createdByUser: {
-				id: '001',
-				name: 'Mando',
-				email: createdByEmail,
-				createdAt: 1707974098,
-				profilePictureURL: '',
-				notFound: false,
-			},
-			updatedByUser: {
-				id: '001',
-				name: 'Mando',
-				email: createdByEmail,
-				createdAt: 1707974098,
-				profilePictureURL: '',
-				notFound: false,
-			},
-			token: 'Oj75e6Zr7JmjFcWIo0UK/Nl06RdC2BKOr/QVHoBA0gM=',
-			role: 'ADMIN',
-			name: '7 Days',
-			createdAt: 1708003326,
-			expiresAt: 1708608126,
-			updatedAt: 1708007380,
-			lastUsed: 0,
-			revoked: false,
-			updatedByUserId: 'mandalorian',
-		},
-		{
-			id: '20',
-			userId: 'mandalorian',
-			createdByUser: {
-				id: '001',
-				name: 'Mando',
-				email: createdByEmail,
-				createdAt: 1707974098,
-				profilePictureURL: '',
-				notFound: false,
-			},
-			updatedByUser: {
-				id: '001',
-				name: 'Mando',
-				email: createdByEmail,
-				createdAt: 1707974098,
-				profilePictureURL: '',
-				notFound: false,
-			},
-			token: 'T+sNdYe6I74ya/9mEKqB3UTrFm8+jwI0DiirqEx3bsM=',
-			role: 'EDITOR',
-			name: '1 month',
-			createdAt: 1708004012,
-			expiresAt: 1710596012,
-			updatedAt: 1708005206,
-			lastUsed: 0,
-			revoked: false,
-			updatedByUserId: 'mandalorian',
-		},
-		{
-			id: '21',
-			userId: 'mandalorian',
-			createdByUser: {
-				id: '001',
-				name: 'Mando',
-				email: createdByEmail,
-				createdAt: 1707974098,
-				profilePictureURL: '',
-				notFound: false,
-			},
-			updatedByUser: {
-				id: '001',
-				name: 'Mando',
-				email: createdByEmail,
-				createdAt: 1707974098,
-				profilePictureURL: '',
-				notFound: false,
-			},
-			token: 'JWw26FuymeHq+fsfFcb+2+Ls/MdokmeXxXdZisuaVeI=',
-			role: 'ADMIN',
-			name: '3 Months',
-			createdAt: 1708004755,
-			expiresAt: 1715780755,
-			updatedAt: 1708005197,
-			lastUsed: 0,
-			revoked: false,
-			updatedByUserId: 'mandalorian',
-		},
-		{
-			id: '17',
-			userId: 'mandalorian',
-			createdByUser: {
-				id: '001',
-				name: 'Mando',
-				email: createdByEmail,
-				createdAt: 1707974098,
-				profilePictureURL: '',
-				notFound: false,
-			},
-			updatedByUser: {
-				id: '',
-				name: '',
-				email: '',
-				createdAt: 0,
-				profilePictureURL: '',
-				notFound: true,
-			},
-			token: '2zDrYNr+IWXUyA14+afVvO6GI9dcHfEsOYxjA9mrprg=',
-			role: 'ADMIN',
-			name: 'New No Expiry',
-			createdAt: 1708000444,
-			expiresAt: 0,
-			updatedAt: 1708000444,
-			lastUsed: 0,
-			revoked: false,
-			updatedByUserId: '',
-		},
-		{
-			id: '14',
-			userId: 'mandalorian',
-			createdByUser: {
-				id: '001',
-				name: 'Mando',
-				email: createdByEmail,
-				createdAt: 1707974098,
-				profilePictureURL: '',
-				notFound: false,
-			},
-			updatedByUser: {
-				id: '',
-				name: '',
-				email: '',
-				createdAt: 0,
-				profilePictureURL: '',
-				notFound: true,
-			},
-			token: 'Q+/+UB2OrDPcS9b0+5A1dDXYmWHz0abbVVidF48QCso=',
-			role: 'EDITOR',
-			name: 'Editor Token for user 1',
-			createdAt: 1707997720,
-			expiresAt: 1708170520,
-			updatedAt: 1707997720,
-			lastUsed: 0,
-			revoked: false,
-			updatedByUserId: '',
-		},
-		{
-			id: '13',
-			userId: 'mandalorian',
-			createdByUser: {
-				id: '001',
-				name: 'Mando',
-				email: createdByEmail,
-				createdAt: 1707974098,
-				profilePictureURL: '',
-				notFound: false,
-			},
-			updatedByUser: {
-				id: '',
-				name: '',
-				email: '',
-				createdAt: 0,
-				profilePictureURL: '',
-				notFound: true,
-			},
-			token: '/X3OEaSOLrrJImvzIB3g5WGg+5831X89fZZQT1JaxvQ=',
-			role: 'EDITOR',
-			name: 'Editor Token for user 2',
-			createdAt: 1707997603,
-			expiresAt: 1708170403,
-			updatedAt: 1707997603,
-			lastUsed: 0,
-			revoked: false,
-			updatedByUserId: '',
-		},
-		{
-			id: '12',
-			userId: 'mandalorian',
-			createdByUser: {
-				id: '001',
-				name: 'Mando',
-				email: createdByEmail,
-				createdAt: 1707974098,
-				profilePictureURL: '',
-				notFound: false,
-			},
-			updatedByUser: {
-				id: '',
-				name: '',
-				email: '',
-				createdAt: 0,
-				profilePictureURL: '',
-				notFound: true,
-			},
-			token: 'bTs+Q6waIiP4KJ8L5N58EQonuapWMXsfEra/cmMwmbE=',
-			role: 'EDITOR',
-			name: 'Editor Token for user 3',
-			createdAt: 1707997539,
-			expiresAt: 1708170339,
-			updatedAt: 1707997539,
-			lastUsed: 0,
-			revoked: false,
-			updatedByUserId: '',
-		},
-		{
-			id: '11',
-			userId: 'mandalorian',
-			createdByUser: {
-				id: '001',
-				name: 'Mando',
-				email: createdByEmail,
-				createdAt: 1707974098,
-				profilePictureURL: '',
-				notFound: false,
-			},
-			updatedByUser: {
-				id: '',
-				name: '',
-				email: '',
-				createdAt: 0,
-				profilePictureURL: '',
-				notFound: true,
-			},
-			token: 'YaEqQHrH8KOnYFllor/8Tq653TgxPU1Z7ZDzY3+ETmI=',
-			role: 'EDITOR',
-			name: 'Editor Token for user',
-			createdAt: 1707997537,
-			expiresAt: 1708170337,
-			updatedAt: 1707997537,
-			lastUsed: 0,
-			revoked: false,
-			updatedByUserId: '',
-		},
-		{
-			id: '10',
-			userId: 'mandalorian',
-			createdByUser: {
-				id: '001',
-				name: 'Mando',
-				email: createdByEmail,
-				createdAt: 1707974098,
-				profilePictureURL: '',
-				notFound: false,
-			},
-			updatedByUser: {
-				id: '',
-				name: '',
-				email: '',
-				createdAt: 0,
-				profilePictureURL: '',
-				notFound: true,
-			},
-			token: 'Hg/QpMU9VQyqIuzSh9ND2454IN5uOHzVkv7owEtBcPo=',
-			role: 'EDITOR',
-			name: 'test123',
-			createdAt: 1707997288,
-			expiresAt: 1708083688,
-			updatedAt: 1707997288,
-			lastUsed: 0,
-			revoked: false,
-			updatedByUserId: '',
-		},
-		{
-			id: '9',
-			userId: 'mandalorian',
-			createdByUser: {
-				id: '001',
-				name: 'Mando',
-				email: createdByEmail,
-				createdAt: 1707974098,
-				profilePictureURL: '',
-				notFound: false,
-			},
-			updatedByUser: {
-				id: '',
-				name: '',
-				email: '',
-				createdAt: 0,
-				profilePictureURL: '',
-				notFound: true,
-			},
-			token: 'M5gMsccDthPTibquB7kR7ZSEI76y4endOxZPESZ9/po=',
-			role: 'VIEWER',
-			name: 'Viewer Token for user',
-			createdAt: 1707996747,
-			expiresAt: 1708255947,
-			updatedAt: 1707996747,
-			lastUsed: 0,
-			revoked: false,
-			updatedByUserId: '',
-		},
-		{
-			id: '8',
-			userId: 'mandalorian',
-			createdByUser: {
-				id: '001',
-				name: 'Mando',
-				email: createdByEmail,
-				createdAt: 1707974098,
-				profilePictureURL: '',
-				notFound: false,
-			},
-			updatedByUser: {
-				id: '',
-				name: '',
-				email: '',
-				createdAt: 0,
-				profilePictureURL: '',
-				notFound: true,
-			},
-			token: 'H8NVlOD09IcMgQ/rzfVucb+4+jEcqZ4ZRx6n7QztMSc=',
-			role: 'EDITOR',
-			name: 'Editor Token for user',
-			createdAt: 1707996736,
-			expiresAt: 1708169536,
-			updatedAt: 1707996736,
-			lastUsed: 0,
-			revoked: false,
-			updatedByUserId: '',
-		},
-		{
-			id: '7',
-			userId: 'mandalorian',
-			createdByUser: {
-				id: '001',
-				name: 'Mando',
-				email: createdByEmail,
-				createdAt: 1707974098,
-				profilePictureURL: '',
-				notFound: false,
-			},
-			updatedByUser: {
-				id: '',
-				name: '',
-				email: '',
-				createdAt: 0,
-				profilePictureURL: '',
-				notFound: true,
-			},
-			token: 'z24SswLmNlPVUgb1j6rfc2u4Kb4xSUolwb11cI8kbrs=',
-			role: 'ADMIN',
-			name: 'Admin Token for user',
-			createdAt: 1707996719,
-			expiresAt: 0,
-			updatedAt: 1707996719,
-			lastUsed: 0,
-			revoked: false,
-			updatedByUserId: '',
-		},
-		{
-			id: '5',
-			userId: 'mandalorian',
-			createdByUser: {
-				id: '001',
-				name: 'Mando',
-				email: createdByEmail,
-				createdAt: 1707974098,
-				profilePictureURL: '',
-				notFound: false,
-			},
-			updatedByUser: {
-				id: '001',
-				name: 'Mando',
-				email: createdByEmail,
-				createdAt: 1707974098,
-				profilePictureURL: '',
-				notFound: false,
-			},
-			token: 'SWuNSF08EB6+VN05312QaAsPum2wkqIm+ujiWZKnm2Q=',
-			role: 'EDITOR',
-			name: 'Editor Token',
-			createdAt: 1707992270,
-			expiresAt: 1708165070,
-			updatedAt: 1707995424,
-			lastUsed: 1707992517,
-			revoked: false,
-			updatedByUserId: 'mandalorian',
-		},
-	],
-};
-
-export const createAPIKeyResponse = {
-	status: 'success',
-	data: {
-		id: '57',
-		userId: 'mandalorian',
-		token: 'pQ5kiHjcbQ2FbKlS14LQjA2RzXEBi/KvBfM7BRSwltI=',
-		name: 'test1233',
-		createdAt: 1707818550,
-		expiresAt: 0,
-	},
-};

frontend/src/pages/Settings/Settings.tsx

@@ -5,7 +5,6 @@ import logEvent from 'api/common/logEvent';
 import RouteTab from 'components/RouteTab';
 import { FeatureKeys } from 'constants/features';
 import ROUTES from 'constants/routes';
-import { IS_SERVICE_ACCOUNTS_ENABLED } from 'container/ServiceAccountsSettings/config';
 import { routeConfig } from 'container/SideNav/config';
 import { getQueryString } from 'container/SideNav/helper';
 import { settingsNavSections } from 'container/SideNav/menuItems';
@@ -84,12 +83,10 @@ function SettingsPage(): JSX.Element {
 							item.key === ROUTES.ROLES_SETTINGS ||
 							item.key === ROUTES.ROLE_DETAILS ||
 							item.key === ROUTES.INTEGRATIONS ||
-							item.key === ROUTES.API_KEYS ||
 							item.key === ROUTES.INGESTION_SETTINGS ||
 							item.key === ROUTES.ORG_SETTINGS ||
 							item.key === ROUTES.MEMBERS_SETTINGS ||
-							(IS_SERVICE_ACCOUNTS_ENABLED &&
-								item.key === ROUTES.SERVICE_ACCOUNTS_SETTINGS) ||
+							item.key === ROUTES.SERVICE_ACCOUNTS_SETTINGS ||
 							item.key === ROUTES.SHORTCUTS
 								? true
 								: item.isEnabled,
@@ -118,11 +115,9 @@ function SettingsPage(): JSX.Element {
 							item.key === ROUTES.ROLES_SETTINGS ||
 							item.key === ROUTES.ROLE_DETAILS ||
 							item.key === ROUTES.INTEGRATIONS ||
-							item.key === ROUTES.API_KEYS ||
 							item.key === ROUTES.ORG_SETTINGS ||
 							item.key === ROUTES.MEMBERS_SETTINGS ||
-							(IS_SERVICE_ACCOUNTS_ENABLED &&
-								item.key === ROUTES.SERVICE_ACCOUNTS_SETTINGS) ||
+							item.key === ROUTES.SERVICE_ACCOUNTS_SETTINGS ||
 							item.key === ROUTES.INGESTION_SETTINGS
 								? true
 								: item.isEnabled,
@@ -146,11 +141,9 @@ function SettingsPage(): JSX.Element {
 					updatedItems = updatedItems.map((item) => ({
 						...item,
 						isEnabled:
-							item.key === ROUTES.API_KEYS ||
 							item.key === ROUTES.ORG_SETTINGS ||
 							item.key === ROUTES.MEMBERS_SETTINGS ||
-							(IS_SERVICE_ACCOUNTS_ENABLED &&
-								item.key === ROUTES.SERVICE_ACCOUNTS_SETTINGS)
+							item.key === ROUTES.SERVICE_ACCOUNTS_SETTINGS
 								? true
 								: item.isEnabled,
 					}));

frontend/src/pages/Settings/__tests__/Settings.test.tsx

@@ -53,7 +53,6 @@ describe('SettingsPage nav sections', () => {
 			'billing',
 			'roles',
 			'members',
-			'api-keys',
 			'sso',
 			'integrations',
 			'ingestion',
@@ -82,12 +81,9 @@ describe('SettingsPage nav sections', () => {
 			expect(screen.getByTestId(id)).toBeInTheDocument();
 		});
 
-		it.each(['billing', 'roles', 'api-keys'])(
-			'does not render "%s" element',
-			(id) => {
-				expect(screen.queryByTestId(id)).not.toBeInTheDocument();
-			},
-		);
+		it.each(['billing', 'roles'])('does not render "%s" element', (id) => {
+			expect(screen.queryByTestId(id)).not.toBeInTheDocument();
+		});
 	});
 
 	describe('Self-hosted Admin', () => {
@@ -99,7 +95,7 @@ describe('SettingsPage nav sections', () => {
 			});
 		});
 
-		it.each(['roles', 'members', 'api-keys', 'integrations', 'sso', 'ingestion'])(
+		it.each(['roles', 'members', 'integrations', 'sso', 'ingestion'])(
 			'renders "%s" element',
 			(id) => {
 				expect(screen.getByTestId(id)).toBeInTheDocument();

frontend/src/pages/Settings/config.tsx

@@ -1,7 +1,6 @@
 import { RouteTabProps } from 'components/RouteTab/types';
 import ROUTES from 'constants/routes';
 import AlertChannels from 'container/AllAlertChannels';
-import APIKeys from 'container/APIKeys/APIKeys';
 import BillingContainer from 'container/BillingContainer/BillingContainer';
 import CreateAlertChannels from 'container/CreateAlertChannels';
 import { ChannelType } from 'container/CreateAlertChannels/config';
@@ -22,7 +21,6 @@ import {
 	Cpu,
 	CreditCard,
 	Keyboard,
-	KeySquare,
 	Pencil,
 	Plus,
 	Shield,
@@ -114,19 +112,6 @@ export const generalSettingsCloud = (t: TFunction): RouteTabProps['routes'] => [
 	},
 ];
 
-export const apiKeys = (t: TFunction): RouteTabProps['routes'] => [
-	{
-		Component: APIKeys,
-		name: (
-			<div className="periscope-tab">
-				<KeySquare size={16} /> {t('routes:api_keys').toString()}
-			</div>
-		),
-		route: ROUTES.API_KEYS,
-		key: ROUTES.API_KEYS,
-	},
-];
-
 export const billingSettings = (t: TFunction): RouteTabProps['routes'] => [
 	{
 		Component: BillingContainer,

frontend/src/pages/Settings/utils.ts

@@ -1,11 +1,9 @@
 import { RouteTabProps } from 'components/RouteTab/types';
-import { IS_SERVICE_ACCOUNTS_ENABLED } from 'container/ServiceAccountsSettings/config';
 import { TFunction } from 'i18next';
 import { ROLES, USER_ROLES } from 'types/roles';
 
 import {
 	alertChannels,
-	apiKeys,
 	billingSettings,
 	createAlertChannels,
 	editAlertChannels,
@@ -64,11 +62,7 @@ export const getRoutes = (
 	settings.push(...alertChannels(t));
 
 	if (isAdmin) {
-		settings.push(...apiKeys(t), ...membersSettings(t));
-
-		if (IS_SERVICE_ACCOUNTS_ENABLED) {
-			settings.push(...serviceAccountsSettings(t));
-		}
+		settings.push(...membersSettings(t), ...serviceAccountsSettings(t));
 	}
 
 	// todo: Sagar - check the condition for role list and details page, to whom we want to serve

frontend/src/providers/App/App.tsx

@@ -12,8 +12,9 @@ import {
 import { useQuery } from 'react-query';
 import getLocalStorageApi from 'api/browser/localstorage/get';
 import setLocalStorageApi from 'api/browser/localstorage/set';
+import { useGetMyOrganization } from 'api/generated/services/orgs';
+import { useGetMyUser } from 'api/generated/services/users';
 import listOrgPreferences from 'api/v1/org/preferences/list';
-import get from 'api/v1/user/me/get';
 import listUserPreferences from 'api/v1/user/preferences/list';
 import getUserVersion from 'api/v1/version/get';
 import { LOCALSTORAGE } from 'constants/localStorage';
@@ -40,7 +41,9 @@ import {
 	UserPreference,
 } from 'types/api/preferences/preference';
 import { Organization } from 'types/api/user/getOrganization';
+import { UserResponse } from 'types/api/user/getUser';
 import { ROLES, USER_ROLES } from 'types/roles';
+import { toISOString } from 'utils/app';
 
 import { IAppContext, IUser } from './types';
 import { getUserDefaults } from './utils';
@@ -71,17 +74,23 @@ export function AppProvider({ children }: PropsWithChildren): JSX.Element {
 
 	const [showChangelogModal, setShowChangelogModal] = useState<boolean>(false);
 
-	// fetcher for user
+	// fetcher for current user
 	// user will only be fetched if the user id and token is present
 	// if logged out and trying to hit any route none of these calls will trigger
 	const {
 		data: userData,
 		isFetching: isFetchingUserData,
 		error: userFetchDataError,
-	} = useQuery({
-		queryFn: get,
-		queryKey: ['/api/v1/user/me'],
-		enabled: isLoggedIn,
+	} = useGetMyUser({
+		query: { enabled: isLoggedIn },
+	});
+
+	const {
+		data: orgData,
+		isFetching: isFetchingOrgData,
+		error: orgFetchDataError,
+	} = useGetMyOrganization({
+		query: { enabled: isLoggedIn },
 	});
 
 	const {
@@ -93,8 +102,10 @@ export function AppProvider({ children }: PropsWithChildren): JSX.Element {
 		enabled: isLoggedIn,
 	});
 
-	const isFetchingUser = isFetchingUserData || isFetchingPermissions;
-	const userFetchError = userFetchDataError || errorOnPermissions;
+	const isFetchingUser =
+		isFetchingUserData || isFetchingOrgData || isFetchingPermissions;
+	const userFetchError =
+		userFetchDataError || orgFetchDataError || errorOnPermissions;
 
 	const userRole = useMemo(() => {
 		if (permissionsResult?.[IsAdminPermission]?.isGranted) {
@@ -118,38 +129,55 @@ export function AppProvider({ children }: PropsWithChildren): JSX.Element {
 	}, [defaultUser, userRole]);
 
 	useEffect(() => {
-		if (!isFetchingUser && userData && userData.data) {
-			setLocalStorageApi(LOCALSTORAGE.LOGGED_IN_USER_EMAIL, userData.data.email);
+		if (!isFetchingUserData && userData?.data) {
+			setLocalStorageApi(
+				LOCALSTORAGE.LOGGED_IN_USER_EMAIL,
+				userData.data.email ?? '',
+			);
 			setDefaultUser((prev) => ({
 				...prev,
-				...userData.data,
+				id: userData.data.id,
+				displayName: userData.data.displayName ?? prev.displayName,
+				email: userData.data.email ?? prev.email,
+				orgId: userData.data.orgId ?? prev.orgId,
+				isRoot: userData.data.isRoot,
+				status: userData.data.status as UserResponse['status'],
+				createdAt: toISOString(userData.data.createdAt) ?? prev.createdAt,
+				updatedAt: toISOString(userData.data.updatedAt) ?? prev.updatedAt,
 			}));
+		}
+	}, [userData, isFetchingUserData]);
+
+	useEffect(() => {
+		if (!isFetchingOrgData && orgData?.data) {
+			const { id: orgId, displayName: orgDisplayName } = orgData.data;
 			setOrg((prev) => {
 				if (!prev) {
-					// if no org is present enter a new entry
+					return [{ createdAt: 0, id: orgId, displayName: orgDisplayName ?? '' }];
+				}
+				const orgIndex = prev.findIndex((e) => e.id === orgId);
+
+				if (orgIndex === -1) {
 					return [
-						{
-							createdAt: 0,
-							id: userData.data.orgId,
-							displayName: userData.data.organization,
-						},
+						...prev,
+						{ createdAt: 0, id: orgId, displayName: orgDisplayName ?? '' },
 					];
 				}
-				// else mutate the existing entry
-				const orgIndex = prev.findIndex((e) => e.id === userData.data.orgId);
+
 				const updatedOrg: Organization[] = [
 					...prev.slice(0, orgIndex),
-					{
-						createdAt: 0,
-						id: userData.data.orgId,
-						displayName: userData.data.organization,
-					},
-					...prev.slice(orgIndex + 1, prev.length),
+					{ createdAt: 0, id: orgId, displayName: orgDisplayName ?? '' },
+					...prev.slice(orgIndex + 1),
 				];
 				return updatedOrg;
 			});
+
+			setDefaultUser((prev) => ({
+				...prev,
+				organization: orgDisplayName ?? prev.organization,
+			}));
 		}
-	}, [userData, isFetchingUser]);
+	}, [orgData, isFetchingOrgData]);
 
 	// fetcher for licenses v3
 	const {
@@ -273,6 +301,9 @@ export function AppProvider({ children }: PropsWithChildren): JSX.Element {
 		(orgId: string, updatedOrgName: string): void => {
 			if (org && org.length > 0) {
 				const orgIndex = org.findIndex((e) => e.id === orgId);
+				if (orgIndex === -1) {
+					return;
+				}
 				const updatedOrg: Organization[] = [
 					...org.slice(0, orgIndex),
 					{
@@ -280,7 +311,7 @@ export function AppProvider({ children }: PropsWithChildren): JSX.Element {
 						id: orgId,
 						displayName: updatedOrgName,
 					},
-					...org.slice(orgIndex + 1, org.length),
+					...org.slice(orgIndex + 1),
 				];
 				setOrg(updatedOrg);
 				setDefaultUser((prev) => {

frontend/src/providers/App/__tests__/App.test.tsx

@@ -2,7 +2,7 @@ import { ReactElement } from 'react';
 import { QueryClient, QueryClientProvider } from 'react-query';
 import { renderHook, waitFor } from '@testing-library/react';
 import setLocalStorageApi from 'api/browser/localstorage/set';
-import {
+import type {
 	AuthtypesGettableTransactionDTO,
 	AuthtypesTransactionDTO,
 } from 'api/generated/services/sigNoz.schemas';
@@ -15,6 +15,8 @@ import { USER_ROLES } from 'types/roles';
 import { AppProvider, useAppContext } from '../App';
 
 const AUTHZ_CHECK_URL = 'http://localhost/api/v1/authz/check';
+const MY_USER_URL = 'http://localhost/api/v2/users/me';
+const MY_ORG_URL = 'http://localhost/api/v2/orgs/me';
 
 jest.mock('constants/env', () => ({
 	ENVIRONMENT: { baseURL: 'http://localhost', wsURL: '' },
@@ -227,6 +229,132 @@ describe('AppProvider user.role from permissions', () => {
 	});
 });
 
+describe('AppProvider user and org data from v2 APIs', () => {
+	beforeEach(() => {
+		queryClient.clear();
+		setLocalStorageApi(LOCALSTORAGE.IS_LOGGED_IN, 'true');
+	});
+
+	it('populates user fields from GET /api/v2/users/me', async () => {
+		server.use(
+			rest.get(MY_USER_URL, (_, res, ctx) =>
+				res(
+					ctx.status(200),
+					ctx.json({
+						data: {
+							id: 'u-123',
+							displayName: 'Test User',
+							email: 'test@signoz.io',
+							orgId: 'org-abc',
+							isRoot: false,
+							status: 'active',
+						},
+					}),
+				),
+			),
+			rest.get(MY_ORG_URL, (_, res, ctx) =>
+				res(
+					ctx.status(200),
+					ctx.json({ data: { id: 'org-abc', displayName: 'My Org' } }),
+				),
+			),
+			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
+				const payload = await req.json();
+				return res(
+					ctx.status(200),
+					ctx.json(authzMockResponse(payload, [false, false, false])),
+				);
+			}),
+		);
+
+		const wrapper = createWrapper();
+		const { result } = renderHook(() => useAppContext(), { wrapper });
+
+		await waitFor(
+			() => {
+				expect(result.current.user.id).toBe('u-123');
+				expect(result.current.user.displayName).toBe('Test User');
+				expect(result.current.user.email).toBe('test@signoz.io');
+				expect(result.current.user.orgId).toBe('org-abc');
+			},
+			{ timeout: 2000 },
+		);
+	});
+
+	it('populates org state from GET /api/v2/orgs/me', async () => {
+		server.use(
+			rest.get(MY_ORG_URL, (_, res, ctx) =>
+				res(
+					ctx.status(200),
+					ctx.json({
+						data: {
+							id: 'org-abc',
+							displayName: 'My Org',
+						},
+					}),
+				),
+			),
+			rest.get(MY_USER_URL, (_, res, ctx) =>
+				res(
+					ctx.status(200),
+					ctx.json({ data: { id: 'u-default', email: 'default@signoz.io' } }),
+				),
+			),
+			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
+				const payload = await req.json();
+				return res(
+					ctx.status(200),
+					ctx.json(authzMockResponse(payload, [false, false, false])),
+				);
+			}),
+		);
+
+		const wrapper = createWrapper();
+		const { result } = renderHook(() => useAppContext(), { wrapper });
+
+		await waitFor(
+			() => {
+				expect(result.current.org).not.toBeNull();
+				const org = result.current.org?.[0];
+				expect(org?.id).toBe('org-abc');
+				expect(org?.displayName).toBe('My Org');
+			},
+			{ timeout: 2000 },
+		);
+	});
+
+	it('sets isFetchingUser false once both user and org calls complete', async () => {
+		server.use(
+			rest.get(MY_USER_URL, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json({ data: { id: 'u-1', email: 'a@b.com' } })),
+			),
+			rest.get(MY_ORG_URL, (_, res, ctx) =>
+				res(
+					ctx.status(200),
+					ctx.json({ data: { id: 'org-1', displayName: 'Org' } }),
+				),
+			),
+			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
+				const payload = await req.json();
+				return res(
+					ctx.status(200),
+					ctx.json(authzMockResponse(payload, [false, false, false])),
+				);
+			}),
+		);
+
+		const wrapper = createWrapper();
+		const { result } = renderHook(() => useAppContext(), { wrapper });
+
+		await waitFor(
+			() => {
+				expect(result.current.isFetchingUser).toBe(false);
+			},
+			{ timeout: 2000 },
+		);
+	});
+});
+
 describe('AppProvider when authz/check fails', () => {
 	beforeEach(() => {
 		queryClient.clear();

frontend/src/tests/test-utils.tsx

@@ -47,6 +47,9 @@ const queryClient = new QueryClient({
 			refetchOnWindowFocus: false,
 			retry: false,
 		},
+		mutations: {
+			retry: false,
+		},
 	},
 });
 

frontend/src/types/api/pat/types.ts

@@ -1,56 +0,0 @@
-export interface User {
-	createdAt?: number;
-	email?: string;
-	id: string;
-	displayName?: string;
-}
-
-export interface APIKeyProps {
-	name: string;
-	expiresAt: number;
-	role: string;
-	token: string;
-	id: string;
-	createdAt: string;
-	createdByUser?: User;
-	updatedAt?: string;
-	updatedByUser?: User;
-	lastUsed?: number;
-}
-
-export interface CreatePayloadProps {
-	data: APIKeyProps;
-	status: string;
-}
-
-export interface CreateAPIKeyProps {
-	name: string;
-	expiresInDays: number;
-	role: string;
-}
-
-export interface AllAPIKeyProps {
-	status: string;
-	data: APIKeyProps[];
-}
-
-export interface CreateAPIKeyProp {
-	data: APIKeyProps;
-}
-
-export interface DeleteAPIKeyPayloadProps {
-	status: string;
-}
-
-export interface UpdateAPIKeyProps {
-	id: string;
-	data: {
-		name: string;
-		role: string;
-	};
-}
-
-export type PayloadProps = {
-	status: string;
-	data: string;
-};

frontend/src/utils/permission/index.ts

@@ -108,7 +108,6 @@ export const routePermission: Record<keyof typeof ROUTES, ROLES[]> = {
 	TRACES_SAVE_VIEWS: ['ADMIN', 'EDITOR', 'VIEWER'],
 	TRACES_FUNNELS: ['ADMIN', 'EDITOR', 'VIEWER'],
 	TRACES_FUNNELS_DETAIL: ['ADMIN', 'EDITOR', 'VIEWER'],
-	API_KEYS: ['ADMIN'],
 	LOGS_BASE: ['ADMIN', 'EDITOR', 'VIEWER'],
 	OLD_LOGS_EXPLORER: ['ADMIN', 'EDITOR', 'VIEWER'],
 	SHORTCUTS: ['ADMIN', 'EDITOR', 'VIEWER'],

pkg/apiserver/signozapiserver/registry.go

@@ -50,6 +50,11 @@ func (handler *healthOpenAPIHandler) ServeOpenAPI(opCtx openapi.OperationContext
 	)
 }
 
+func (handler *healthOpenAPIHandler) AuditDef() *pkghandler.AuditDef {
+	// Health endpoints are not audited since they don't represent user actions and are called frequently by monitoring systems, which would create noise in the audit logs.
+	return nil
+}
+
 func (provider *provider) addRegistryRoutes(router *mux.Router) error {
 	if err := router.Handle("/api/v2/healthz", newHealthOpenAPIHandler(
 		provider.authZ.OpenAccess(provider.factoryHandler.Healthz),

pkg/apiserver/signozapiserver/serviceaccount.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/SigNoz/signoz/pkg/http/handler"
 	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/types/serviceaccounttypes"
 	"github.com/gorilla/mux"
 )
@@ -44,6 +45,23 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		return err
 	}
 
+	if err := router.Handle("/api/v1/service_accounts/me", handler.New(provider.authZ.OpenAccess(provider.serviceAccountHandler.GetMe), handler.OpenAPIDef{
+		ID:                  "GetMyServiceAccount",
+		Tags:                []string{"serviceaccount"},
+		Summary:             "Gets my service account",
+		Description:         "This endpoint gets my service account",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            new(serviceaccounttypes.ServiceAccountWithRoles),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusOK,
+		ErrorStatusCodes:    []int{http.StatusNotFound},
+		Deprecated:          false,
+		SecuritySchemes:     nil,
+	})).Methods(http.MethodGet).GetError(); err != nil {
+		return err
+	}
+
 	if err := router.Handle("/api/v1/service_accounts/{id}", handler.New(provider.authZ.AdminAccess(provider.serviceAccountHandler.Get), handler.OpenAPIDef{
 		ID:                  "GetServiceAccount",
 		Tags:                []string{"serviceaccount"},
@@ -51,7 +69,7 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		Description:         "This endpoint gets an existing service account",
 		Request:             nil,
 		RequestContentType:  "",
-		Response:            new(serviceaccounttypes.ServiceAccount),
+		Response:            new(serviceaccounttypes.ServiceAccountWithRoles),
 		ResponseContentType: "application/json",
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{http.StatusNotFound},
@@ -61,6 +79,74 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		return err
 	}
 
+	if err := router.Handle("/api/v1/service_accounts/{id}/roles", handler.New(provider.authZ.AdminAccess(provider.serviceAccountHandler.GetRoles), handler.OpenAPIDef{
+		ID:                  "GetServiceAccountRoles",
+		Tags:                []string{"serviceaccount"},
+		Summary:             "Gets service account roles",
+		Description:         "This endpoint gets all the roles for the existing service account",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            new([]*authtypes.Role),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusOK,
+		ErrorStatusCodes:    []int{http.StatusNotFound},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+	})).Methods(http.MethodGet).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v1/service_accounts/{id}/roles", handler.New(provider.authZ.AdminAccess(provider.serviceAccountHandler.SetRole), handler.OpenAPIDef{
+		ID:                  "CreateServiceAccountRole",
+		Tags:                []string{"serviceaccount"},
+		Summary:             "Create service account role",
+		Description:         "This endpoint assigns a role to a service account",
+		Request:             new(serviceaccounttypes.PostableServiceAccountRole),
+		RequestContentType:  "",
+		Response:            new(types.Identifiable),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusCreated,
+		ErrorStatusCodes:    []int{http.StatusBadRequest},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+	})).Methods(http.MethodPost).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v1/service_accounts/{id}/roles/{rid}", handler.New(provider.authZ.AdminAccess(provider.serviceAccountHandler.DeleteRole), handler.OpenAPIDef{
+		ID:                  "DeleteServiceAccountRole",
+		Tags:                []string{"serviceaccount"},
+		Summary:             "Delete service account role",
+		Description:         "This endpoint revokes a role from service account",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            nil,
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusNoContent,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+	})).Methods(http.MethodDelete).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v1/service_accounts/me", handler.New(provider.authZ.OpenAccess(provider.serviceAccountHandler.UpdateMe), handler.OpenAPIDef{
+		ID:                  "UpdateMyServiceAccount",
+		Tags:                []string{"serviceaccount"},
+		Summary:             "Updates my service account",
+		Description:         "This endpoint gets my service account",
+		Request:             new(serviceaccounttypes.UpdatableServiceAccount),
+		RequestContentType:  "",
+		Response:            nil,
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusNoContent,
+		ErrorStatusCodes:    []int{http.StatusNotFound},
+		Deprecated:          false,
+		SecuritySchemes:     nil,
+	})).Methods(http.MethodPut).GetError(); err != nil {
+		return err
+	}
+
 	if err := router.Handle("/api/v1/service_accounts/{id}", handler.New(provider.authZ.AdminAccess(provider.serviceAccountHandler.Update), handler.OpenAPIDef{
 		ID:                  "UpdateServiceAccount",
 		Tags:                []string{"serviceaccount"},
@@ -78,23 +164,6 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		return err
 	}
 
-	if err := router.Handle("/api/v1/service_accounts/{id}/status", handler.New(provider.authZ.AdminAccess(provider.serviceAccountHandler.UpdateStatus), handler.OpenAPIDef{
-		ID:                  "UpdateServiceAccountStatus",
-		Tags:                []string{"serviceaccount"},
-		Summary:             "Updates a service account status",
-		Description:         "This endpoint updates an existing service account status",
-		Request:             new(serviceaccounttypes.UpdatableServiceAccountStatus),
-		RequestContentType:  "",
-		Response:            nil,
-		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusNoContent,
-		ErrorStatusCodes:    []int{http.StatusNotFound, http.StatusBadRequest},
-		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
-	})).Methods(http.MethodPut).GetError(); err != nil {
-		return err
-	}
-
 	if err := router.Handle("/api/v1/service_accounts/{id}", handler.New(provider.authZ.AdminAccess(provider.serviceAccountHandler.Delete), handler.OpenAPIDef{
 		ID:                  "DeleteServiceAccount",
 		Tags:                []string{"serviceaccount"},
@@ -136,7 +205,7 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		Description:         "This endpoint lists the service account keys",
 		Request:             nil,
 		RequestContentType:  "",
-		Response:            make([]*serviceaccounttypes.FactorAPIKey, 0),
+		Response:            make([]*serviceaccounttypes.GettableFactorAPIKey, 0),
 		ResponseContentType: "application/json",
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},

pkg/apiserver/signozapiserver/user.go

@@ -43,74 +43,6 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		return err
 	}
 
-	if err := router.Handle("/api/v1/pats", handler.New(provider.authZ.AdminAccess(provider.userHandler.CreateAPIKey), handler.OpenAPIDef{
-		ID:                  "CreateAPIKey",
-		Tags:                []string{"users"},
-		Summary:             "Create api key",
-		Description:         "This endpoint creates an api key",
-		Request:             new(types.PostableAPIKey),
-		RequestContentType:  "application/json",
-		Response:            new(types.GettableAPIKey),
-		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusCreated,
-		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusConflict},
-		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
-	})).Methods(http.MethodPost).GetError(); err != nil {
-		return err
-	}
-
-	if err := router.Handle("/api/v1/pats", handler.New(provider.authZ.AdminAccess(provider.userHandler.ListAPIKeys), handler.OpenAPIDef{
-		ID:                  "ListAPIKeys",
-		Tags:                []string{"users"},
-		Summary:             "List api keys",
-		Description:         "This endpoint lists all api keys",
-		Request:             nil,
-		RequestContentType:  "",
-		Response:            make([]*types.GettableAPIKey, 0),
-		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusOK,
-		ErrorStatusCodes:    []int{},
-		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
-	})).Methods(http.MethodGet).GetError(); err != nil {
-		return err
-	}
-
-	if err := router.Handle("/api/v1/pats/{id}", handler.New(provider.authZ.AdminAccess(provider.userHandler.UpdateAPIKey), handler.OpenAPIDef{
-		ID:                  "UpdateAPIKey",
-		Tags:                []string{"users"},
-		Summary:             "Update api key",
-		Description:         "This endpoint updates an api key",
-		Request:             new(types.StorableAPIKey),
-		RequestContentType:  "application/json",
-		Response:            nil,
-		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusNoContent,
-		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
-		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
-	})).Methods(http.MethodPut).GetError(); err != nil {
-		return err
-	}
-
-	if err := router.Handle("/api/v1/pats/{id}", handler.New(provider.authZ.AdminAccess(provider.userHandler.RevokeAPIKey), handler.OpenAPIDef{
-		ID:                  "RevokeAPIKey",
-		Tags:                []string{"users"},
-		Summary:             "Revoke api key",
-		Description:         "This endpoint revokes an api key",
-		Request:             nil,
-		RequestContentType:  "",
-		Response:            nil,
-		ResponseContentType: "",
-		SuccessStatusCode:   http.StatusNoContent,
-		ErrorStatusCodes:    []int{http.StatusNotFound},
-		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
-	})).Methods(http.MethodDelete).GetError(); err != nil {
-		return err
-	}
-
 	if err := router.Handle("/api/v1/user", handler.New(provider.authZ.AdminAccess(provider.userHandler.ListUsersDeprecated), handler.OpenAPIDef{
 		ID:                  "ListUsersDeprecated",
 		Tags:                []string{"users"},

pkg/auditor/auditorserver/server_test.go

@@ -21,11 +21,15 @@ func newTestSettings() factory.ScopedProviderSettings {
 
 func newTestEvent(resource string, action audittypes.Action) audittypes.AuditEvent {
 	return audittypes.AuditEvent{
-		Timestamp:    time.Now(),
-		EventName:    audittypes.NewEventName(resource, action),
-		ResourceName: resource,
-		Action:       action,
-		Outcome:      audittypes.OutcomeSuccess,
+		Timestamp: time.Now(),
+		EventName: audittypes.NewEventName(resource, action),
+		AuditAttributes: audittypes.AuditAttributes{
+			Action:  action,
+			Outcome: audittypes.OutcomeSuccess,
+		},
+		ResourceAttributes: audittypes.ResourceAttributes{
+			ResourceName: resource,
+		},
 	}
 }
 

pkg/authn/passwordauthn/emailpasswordauthn/authn.go

@@ -21,7 +21,7 @@ func New(store authtypes.AuthNStore) *AuthN {
 }
 
 func (a *AuthN) Authenticate(ctx context.Context, email string, password string, orgID valuer.UUID) (*authtypes.Identity, error) {
-	user, factorPassword, userRoles, err := a.store.GetActiveUserAndFactorPasswordByEmailAndOrgID(ctx, email, orgID)
+	user, factorPassword, _, err := a.store.GetActiveUserAndFactorPasswordByEmailAndOrgID(ctx, email, orgID)
 	if err != nil {
 		return nil, err
 	}
@@ -30,11 +30,5 @@ func (a *AuthN) Authenticate(ctx context.Context, email string, password string,
 		return nil, errors.New(errors.TypeUnauthenticated, types.ErrCodeIncorrectPassword, "invalid email or password")
 	}
 
-	if len(userRoles) == 0 {
-		return nil, errors.New(errors.TypeUnexpected, authtypes.ErrCodeUserRolesNotFound, "no user roles entries found")
-	}
-
-	role := authtypes.SigNozManagedRoleToExistingLegacyRole[userRoles[0].Role.Name]
-
-	return authtypes.NewIdentity(user.ID, orgID, user.Email, role, authtypes.IdentNProviderTokenizer), nil
+	return authtypes.NewPrincipalUserIdentity(user.ID, orgID, user.Email, authtypes.IdentNProviderTokenizer), nil
 }

pkg/authz/authzstore/sqlauthzstore/store.go

@@ -97,11 +97,7 @@ func (store *store) ListByOrgIDAndNames(ctx context.Context, orgID valuer.UUID,
 	}
 
 	if len(roles) != len(names) {
-		return nil, store.sqlstore.WrapNotFoundErrf(
-			nil,
-			authtypes.ErrCodeRoleNotFound,
-			"not all roles found for the provided names: %v", names,
-		)
+		return nil, errors.Newf(errors.TypeInvalidInput, authtypes.ErrCodeRoleNotFound, "not all roles found for the provided names: %v", names)
 	}
 
 	return roles, nil
@@ -122,11 +118,7 @@ func (store *store) ListByOrgIDAndIDs(ctx context.Context, orgID valuer.UUID, id
 	}
 
 	if len(roles) != len(ids) {
-		return nil, store.sqlstore.WrapNotFoundErrf(
-			nil,
-			authtypes.ErrCodeRoleNotFound,
-			"not all roles found for the provided ids: %v", ids,
-		)
+		return nil, errors.Newf(errors.TypeInvalidInput, authtypes.ErrCodeRoleNotFound, "not all roles found for the provided names: %v", ids)
 	}
 
 	return roles, nil

pkg/authz/openfgaauthz/provider.go

@@ -148,7 +148,12 @@ func (provider *provider) Grant(ctx context.Context, orgID valuer.UUID, names []
 		return err
 	}
 
-	return provider.Write(ctx, tuples, nil)
+	err = provider.Write(ctx, tuples, nil)
+	if err != nil {
+		return errors.WrapInternalf(err, errors.CodeInternal, "failed to grant roles: %v to subject: %s", names, subject)
+	}
+
+	return nil
 }
 
 func (provider *provider) ModifyGrant(ctx context.Context, orgID valuer.UUID, existingRoleNames []string, updatedRoleNames []string, subject string) error {
@@ -180,7 +185,13 @@ func (provider *provider) Revoke(ctx context.Context, orgID valuer.UUID, names [
 	if err != nil {
 		return err
 	}
-	return provider.Write(ctx, nil, tuples)
+
+	err = provider.Write(ctx, nil, tuples)
+	if err != nil {
+		return errors.WrapInternalf(err, errors.CodeInternal, "failed to revoke roles: %v to subject: %s", names, subject)
+	}
+
+	return nil
 }
 
 func (provider *provider) CreateManagedRoles(ctx context.Context, _ valuer.UUID, managedRoles []*authtypes.Role) error {

pkg/authz/openfgaserver/server.go

@@ -140,9 +140,22 @@ func (server *Server) BatchCheck(ctx context.Context, tupleReq map[string]*openf
 }
 
 func (server *Server) CheckWithTupleCreation(ctx context.Context, claims authtypes.Claims, orgID valuer.UUID, _ authtypes.Relation, _ authtypes.Typeable, _ []authtypes.Selector, roleSelectors []authtypes.Selector) error {
-	subject, err := authtypes.NewSubject(authtypes.TypeableUser, claims.UserID, orgID, nil)
-	if err != nil {
-		return err
+	subject := ""
+	switch claims.Principal {
+	case authtypes.PrincipalUser:
+		user, err := authtypes.NewSubject(authtypes.TypeableUser, claims.UserID, orgID, nil)
+		if err != nil {
+			return err
+		}
+
+		subject = user
+	case authtypes.PrincipalServiceAccount:
+		serviceAccount, err := authtypes.NewSubject(authtypes.TypeableServiceAccount, claims.ServiceAccountID, orgID, nil)
+		if err != nil {
+			return err
+		}
+
+		subject = serviceAccount
 	}
 
 	tupleSlice, err := authtypes.TypeableRole.Tuples(subject, authtypes.RelationAssignee, roleSelectors, orgID)

pkg/errors/code.go

@@ -20,6 +20,12 @@ var (
 	CodeLicenseUnavailable      = Code{"license_unavailable"}
 )
 
+var (
+	// Used when reverse engineering an error from a response that doesn't have a code.
+	// This should never be used in the codebase, and if it is, it's a bug that should be fixed by using proper error handling and including error codes in responses.
+	CodeUnset = Code{"unset"}
+)
+
 var (
 	codeRegex = regexp.MustCompile(`^[a-z_]+$`)
 )

pkg/http/handler/handler.go

@@ -15,14 +15,16 @@ type ServeOpenAPIFunc func(openapi.OperationContext)
 type Handler interface {
 	http.Handler
 	ServeOpenAPI(openapi.OperationContext)
+	AuditDef() *AuditDef
 }
 
 type handler struct {
 	handlerFunc http.HandlerFunc
 	openAPIDef  OpenAPIDef
+	auditDef    *AuditDef
 }
 
-func New(handlerFunc http.HandlerFunc, openAPIDef OpenAPIDef) Handler {
+func New(handlerFunc http.HandlerFunc, openAPIDef OpenAPIDef, opts ...Option) Handler {
 	// Remove duplicate error status codes
 	openAPIDef.ErrorStatusCodes = slices.DeleteFunc(openAPIDef.ErrorStatusCodes, func(statusCode int) bool {
 		return statusCode == http.StatusUnauthorized || statusCode == http.StatusForbidden || statusCode == http.StatusInternalServerError
@@ -36,10 +38,16 @@ func New(handlerFunc http.HandlerFunc, openAPIDef OpenAPIDef) Handler {
 		openAPIDef.ErrorStatusCodes = append(openAPIDef.ErrorStatusCodes, http.StatusUnauthorized, http.StatusForbidden)
 	}
 
-	return &handler{
+	handler := &handler{
 		handlerFunc: handlerFunc,
 		openAPIDef:  openAPIDef,
 	}
+
+	for _, opt := range opts {
+		opt(handler)
+	}
+
+	return handler
 }
 
 func (handler *handler) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
@@ -120,5 +128,8 @@ func (handler *handler) ServeOpenAPI(opCtx openapi.OperationContext) {
 			openapi.WithHTTPStatus(statusCode),
 		)
 	}
-
+}
+
+func (handler *handler) AuditDef() *AuditDef {
+	return handler.auditDef
 }

pkg/http/handler/option.go

@@ -0,0 +1,24 @@
+package handler
+
+import (
+	"github.com/SigNoz/signoz/pkg/types/audittypes"
+)
+
+// Option configures optional behaviour on a handler created by New.
+type Option func(*handler)
+
+type AuditDef struct {
+	ResourceName    string                    // AuthZ Typeable.Name() value, e.g. "dashboard", "user".
+	Action          audittypes.Action         // create, update, delete, login, etc.
+	Category        audittypes.ActionCategory // access_control, configuration_change, etc.
+	ResourceIDParam string                    // Gorilla mux path param name for the resource ID.
+}
+
+// WithAudit attaches an AuditDef to the handler. The actual audit event
+// emission is handled by the middleware layer, which reads the AuditDef
+// from the matched route's handler.
+func WithAuditDef(def AuditDef) Option {
+	return func(h *handler) {
+		h.auditDef = &def
+	}
+}

pkg/http/middleware/audit.go

@@ -0,0 +1,169 @@
+package middleware
+
+import (
+	"log/slog"
+	"net"
+	"net/http"
+	"time"
+
+	"github.com/gorilla/mux"
+	semconv "go.opentelemetry.io/otel/semconv/v1.26.0"
+	"go.opentelemetry.io/otel/trace"
+
+	"github.com/SigNoz/signoz/pkg/auditor"
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/http/handler"
+	"github.com/SigNoz/signoz/pkg/http/render"
+	"github.com/SigNoz/signoz/pkg/types/audittypes"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+)
+
+const (
+	logMessage = "::RECEIVED-REQUEST::"
+)
+
+type Audit struct {
+	logger         *slog.Logger
+	excludedRoutes map[string]struct{}
+	auditor        auditor.Auditor
+}
+
+func NewAudit(logger *slog.Logger, excludedRoutes []string, auditor auditor.Auditor) *Audit {
+	excludedRoutesMap := make(map[string]struct{})
+	for _, route := range excludedRoutes {
+		excludedRoutesMap[route] = struct{}{}
+	}
+
+	return &Audit{
+		logger:         logger.With(slog.String("pkg", pkgname)),
+		excludedRoutes: excludedRoutesMap,
+		auditor:        auditor,
+	}
+}
+
+func (middleware *Audit) Wrap(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+		start := time.Now()
+		host, port, _ := net.SplitHostPort(req.Host)
+		path, err := mux.CurrentRoute(req).GetPathTemplate()
+		if err != nil {
+			path = req.URL.Path
+		}
+
+		fields := []any{
+			string(semconv.ClientAddressKey), req.RemoteAddr,
+			string(semconv.UserAgentOriginalKey), req.UserAgent(),
+			string(semconv.ServerAddressKey), host,
+			string(semconv.ServerPortKey), port,
+			string(semconv.HTTPRequestSizeKey), req.ContentLength,
+			string(semconv.HTTPRouteKey), path,
+		}
+
+		responseBuffer := &byteBuffer{}
+		writer := newResponseCapture(rw, responseBuffer)
+		next.ServeHTTP(writer, req)
+
+		statusCode, writeErr := writer.StatusCode(), writer.WriteError()
+
+		// Logging or Audit: skip if the matched route is in the excluded list. This allows us to exclude noisy routes (e.g. health checks) from both logging and audit.
+		if _, ok := middleware.excludedRoutes[path]; ok {
+			return
+		}
+
+		middleware.emitAuditEvent(req, writer, path)
+
+		fields = append(fields,
+			string(semconv.HTTPResponseStatusCodeKey), statusCode,
+			string(semconv.HTTPServerRequestDurationName), time.Since(start),
+		)
+		if writeErr != nil {
+			fields = append(fields, errors.Attr(writeErr))
+			middleware.logger.ErrorContext(req.Context(), logMessage, fields...)
+		} else {
+			if responseBuffer.Len() != 0 {
+				fields = append(fields, "response.body", responseBuffer.String())
+			}
+
+			middleware.logger.InfoContext(req.Context(), logMessage, fields...)
+		}
+	})
+}
+
+func (middleware *Audit) emitAuditEvent(req *http.Request, writer responseCapture, routeTemplate string) {
+	if middleware.auditor == nil {
+		return
+	}
+
+	def := auditDefFromRequest(req)
+	if def == nil {
+		return
+	}
+
+	// extract claims
+	claims, _ := authtypes.ClaimsFromContext(req.Context())
+
+	// extract status code
+	statusCode := writer.StatusCode()
+
+	// extract traces.
+	span := trace.SpanFromContext(req.Context())
+
+	// extract error details.
+	var errorType, errorCode string
+	if statusCode >= 400 {
+		errorType = render.ErrorTypeFromStatusCode(statusCode)
+		errorCode = render.ErrorCodeFromBody(writer.BodyBytes())
+	}
+
+	event := audittypes.NewAuditEventFromHTTPRequest(
+		req,
+		routeTemplate,
+		statusCode,
+		span.SpanContext().TraceID(),
+		span.SpanContext().SpanID(),
+		def.Action,
+		def.Category,
+		claims,
+		resourceIDFromRequest(req, def.ResourceIDParam),
+		def.ResourceName,
+		errorType,
+		errorCode,
+	)
+
+	middleware.auditor.Audit(req.Context(), event)
+}
+
+func auditDefFromRequest(req *http.Request) *handler.AuditDef {
+	route := mux.CurrentRoute(req)
+	if route == nil {
+		return nil
+	}
+
+	actualHandler := route.GetHandler()
+	if actualHandler == nil {
+		return nil
+	}
+
+	// The type assertion is necessary because route.GetHandler() returns
+	// http.Handler, and not every http.Handler on the mux is a handler.Handler
+	// (e.g. middleware wrappers, raw http.HandlerFunc registrations).
+	provider, ok := actualHandler.(handler.Handler)
+	if !ok {
+		return nil
+	}
+
+	return provider.AuditDef()
+}
+
+func resourceIDFromRequest(req *http.Request, param string) string {
+	if param == "" {
+		return ""
+	}
+
+	vars := mux.Vars(req)
+	if vars == nil {
+		return ""
+	}
+
+	return vars[param]
+}

pkg/http/middleware/authz.go

@@ -40,17 +40,6 @@ func (middleware *AuthZ) ViewAccess(next http.HandlerFunc) http.HandlerFunc {
 			return
 		}
 
-		if claims.IdentNProvider == authtypes.IdentNProviderAPIKey.StringValue() {
-			if err := claims.IsViewer(); err != nil {
-				middleware.logger.WarnContext(ctx, authzDeniedMessage, slog.Any("claims", claims))
-				render.Error(rw, err)
-				return
-			}
-
-			next(rw, req)
-			return
-		}
-
 		selectors := []authtypes.Selector{
 			authtypes.MustNewSelector(authtypes.TypeRole, authtypes.SigNozAdminRoleName),
 			authtypes.MustNewSelector(authtypes.TypeRole, authtypes.SigNozEditorRoleName),
@@ -90,17 +79,6 @@ func (middleware *AuthZ) EditAccess(next http.HandlerFunc) http.HandlerFunc {
 			return
 		}
 
-		if claims.IdentNProvider == authtypes.IdentNProviderAPIKey.StringValue() {
-			if err := claims.IsEditor(); err != nil {
-				middleware.logger.WarnContext(ctx, authzDeniedMessage, slog.Any("claims", claims))
-				render.Error(rw, err)
-				return
-			}
-
-			next(rw, req)
-			return
-		}
-
 		selectors := []authtypes.Selector{
 			authtypes.MustNewSelector(authtypes.TypeRole, authtypes.SigNozAdminRoleName),
 			authtypes.MustNewSelector(authtypes.TypeRole, authtypes.SigNozEditorRoleName),
@@ -139,17 +117,6 @@ func (middleware *AuthZ) AdminAccess(next http.HandlerFunc) http.HandlerFunc {
 			return
 		}
 
-		if claims.IdentNProvider == authtypes.IdentNProviderAPIKey.StringValue() {
-			if err := claims.IsAdmin(); err != nil {
-				middleware.logger.WarnContext(ctx, authzDeniedMessage, slog.Any("claims", claims))
-				render.Error(rw, err)
-				return
-			}
-
-			next(rw, req)
-			return
-		}
-
 		selectors := []authtypes.Selector{
 			authtypes.MustNewSelector(authtypes.TypeRole, authtypes.SigNozAdminRoleName),
 		}
@@ -186,13 +153,28 @@ func (middleware *AuthZ) SelfAccess(next http.HandlerFunc) http.HandlerFunc {
 			return
 		}
 
-		id := mux.Vars(req)["id"]
-		if err := claims.IsSelfAccess(id); err != nil {
-			middleware.logger.WarnContext(req.Context(), authzDeniedMessage, slog.Any("claims", claims))
-			render.Error(rw, err)
-			return
+		selectors := []authtypes.Selector{
+			authtypes.MustNewSelector(authtypes.TypeRole, authtypes.SigNozAdminRoleName),
 		}
 
+		err = middleware.authzService.CheckWithTupleCreation(
+			req.Context(),
+			claims,
+			valuer.MustNewUUID(claims.OrgID),
+			authtypes.RelationAssignee,
+			authtypes.TypeableRole,
+			selectors,
+			selectors,
+		)
+
+		if err != nil {
+			id := mux.Vars(req)["id"]
+			if err := claims.IsSelfAccess(id); err != nil {
+				middleware.logger.WarnContext(req.Context(), authzDeniedMessage, slog.Any("claims", claims))
+				render.Error(rw, err)
+				return
+			}
+		}
 		next(rw, req)
 	})
 }

pkg/http/middleware/identn.go

@@ -61,8 +61,10 @@ func (m *IdentN) Wrap(next http.Handler) http.Handler {
 		ctx = authtypes.NewContextWithClaims(ctx, claims)
 
 		comment := ctxtypes.CommentFromContext(ctx)
-		comment.Set("identn_provider", claims.IdentNProvider)
+		comment.Set("identn_provider", claims.IdentNProvider.StringValue())
 		comment.Set("user_id", claims.UserID)
+		comment.Set("service_account_id", claims.ServiceAccountID)
+		comment.Set("principal", claims.Principal.StringValue())
 		comment.Set("org_id", claims.OrgID)
 		ctx = ctxtypes.NewContextWithComment(ctx, comment)
 

pkg/http/middleware/logging.go

@@ -1,81 +0,0 @@
-package middleware
-
-import (
-	"bytes"
-	"log/slog"
-	"net"
-	"net/http"
-	"time"
-
-	"github.com/gorilla/mux"
-	semconv "go.opentelemetry.io/otel/semconv/v1.26.0"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-)
-
-const (
-	logMessage string = "::RECEIVED-REQUEST::"
-)
-
-type Logging struct {
-	logger         *slog.Logger
-	excludedRoutes map[string]struct{}
-}
-
-func NewLogging(logger *slog.Logger, excludedRoutes []string) *Logging {
-	excludedRoutesMap := make(map[string]struct{})
-	for _, route := range excludedRoutes {
-		excludedRoutesMap[route] = struct{}{}
-	}
-
-	return &Logging{
-		logger:         logger.With(slog.String("pkg", pkgname)),
-		excludedRoutes: excludedRoutesMap,
-	}
-}
-
-func (middleware *Logging) Wrap(next http.Handler) http.Handler {
-	return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
-		start := time.Now()
-		host, port, _ := net.SplitHostPort(req.Host)
-		path, err := mux.CurrentRoute(req).GetPathTemplate()
-		if err != nil {
-			path = req.URL.Path
-		}
-
-		fields := []any{
-			string(semconv.ClientAddressKey), req.RemoteAddr,
-			string(semconv.UserAgentOriginalKey), req.UserAgent(),
-			string(semconv.ServerAddressKey), host,
-			string(semconv.ServerPortKey), port,
-			string(semconv.HTTPRequestSizeKey), req.ContentLength,
-			string(semconv.HTTPRouteKey), path,
-		}
-
-		badResponseBuffer := new(bytes.Buffer)
-		writer := newBadResponseLoggingWriter(rw, badResponseBuffer)
-		next.ServeHTTP(writer, req)
-
-		// if the path is in the excludedRoutes map, don't log
-		if _, ok := middleware.excludedRoutes[path]; ok {
-			return
-		}
-
-		statusCode, err := writer.StatusCode(), writer.WriteError()
-		fields = append(fields,
-			string(semconv.HTTPResponseStatusCodeKey), statusCode,
-			string(semconv.HTTPServerRequestDurationName), time.Since(start),
-		)
-		if err != nil {
-			fields = append(fields, errors.Attr(err))
-			middleware.logger.ErrorContext(req.Context(), logMessage, fields...)
-		} else {
-			// when the status code is 400 or >=500, and the response body is not empty.
-			if badResponseBuffer.Len() != 0 {
-				fields = append(fields, "response.body", badResponseBuffer.String())
-			}
-
-			middleware.logger.InfoContext(req.Context(), logMessage, fields...)
-		}
-	})
-}