chore: add last seen info in err message

revert: no need for special err handling in threshold rule
test: unit test add mock for metadata call (which is expected in the test's scenario)
2026-03-12 16:23:19 +00:00 · 2026-03-12 14:19:29 +05:30 · 2026-03-12 13:47:07 +05:30 · 2026-03-12 13:25:51 +05:30 · 2026-03-12 13:16:47 +05:30 · 2026-03-12 12:27:00 +05:30
44 changed files with 430 additions and 1876 deletions
--- a/docs/api/openapi.yml
+++ b/docs/api/openapi.yml
@@ -1768,19 +1768,19 @@ components:
        createdAt:
          format: date-time
          type: string
-        expiresAt:
+        expires_at:
          minimum: 0
          type: integer
        id:
          type: string
        key:
          type: string
-        lastObservedAt:
+        last_used:
          format: date-time
          type: string
        name:
          type: string
-        serviceAccountId:
+        service_account_id:
          type: string
        updatedAt:
          format: date-time
@@ -1788,9 +1788,9 @@ components:
      required:
      - id
      - key
-      - expiresAt
-      - lastObservedAt
-      - serviceAccountId
+      - expires_at
+      - last_used
+      - service_account_id
      type: object
    ServiceaccounttypesGettableFactorAPIKeyWithKey:
      properties:
@@ -1804,14 +1804,14 @@ components:
      type: object
    ServiceaccounttypesPostableFactorAPIKey:
      properties:
-        expiresAt:
+        expires_at:
          minimum: 0
          type: integer
        name:
          type: string
      required:
      - name
-      - expiresAt
+      - expires_at
      type: object
    ServiceaccounttypesPostableServiceAccount:
      properties:
@@ -1833,16 +1833,13 @@ components:
        createdAt:
          format: date-time
          type: string
-        deletedAt:
-          format: date-time
-          type: string
        email:
          type: string
        id:
          type: string
        name:
          type: string
-        orgId:
+        orgID:
          type: string
        roles:
          items:
@@ -1859,19 +1856,18 @@ components:
      - email
      - roles
      - status
-      - orgId
-      - deletedAt
+      - orgID
      type: object
    ServiceaccounttypesUpdatableFactorAPIKey:
      properties:
-        expiresAt:
+        expires_at:
          minimum: 0
          type: integer
        name:
          type: string
      required:
      - name
-      - expiresAt
+      - expires_at
      type: object
    ServiceaccounttypesUpdatableServiceAccount:
      properties:
--- a/ee/authz/openfgaschema/base.fga
+++ b/ee/authz/openfgaschema/base.fga
@@ -2,45 +2,39 @@ module base

 type organisation 
  relations
-    define read: [user, serviceaccount, role#assignee]
-    define update: [user, serviceaccount, role#assignee]
+    define read: [user, role#assignee]
+    define update: [user, role#assignee]

 type user
  relations
-    define read: [user, serviceaccount, role#assignee]
-    define update: [user, serviceaccount, role#assignee]
-    define delete: [user, serviceaccount, role#assignee]
-
-type serviceaccount 
-  relations
-    define read: [user, serviceaccount, role#assignee]
-    define update: [user, serviceaccount, role#assignee]
-    define delete: [user, serviceaccount, role#assignee]  
+    define read: [user, role#assignee]
+    define update: [user, role#assignee]
+    define delete: [user, role#assignee]

 type anonymous

 type role 
  relations
-    define assignee: [user, serviceaccount, anonymous]
+    define assignee: [user, anonymous]

-    define read: [user, serviceaccount, role#assignee]
-    define update: [user, serviceaccount, role#assignee]
-    define delete: [user, serviceaccount, role#assignee]
+    define read: [user, role#assignee]
+    define update: [user, role#assignee]
+    define delete: [user, role#assignee]

 type metaresources
  relations
-    define create: [user, serviceaccount, role#assignee]
-    define list: [user, serviceaccount, role#assignee]
+    define create: [user, role#assignee]
+    define list: [user, role#assignee]

 type metaresource
  relations
-      define read: [user, serviceaccount, anonymous, role#assignee]
-      define update: [user, serviceaccount, role#assignee]
-      define delete: [user, serviceaccount, role#assignee]
+      define read: [user, anonymous, role#assignee]
+      define update: [user, role#assignee]
+      define delete: [user, role#assignee]

-      define block: [user, serviceaccount, role#assignee]
+      define block: [user, role#assignee]


 type telemetryresource
  relations
-      define read: [user, serviceaccount, role#assignee]
+      define read: [user, role#assignee]
--- a/ee/query-service/rules/manager_test.go
+++ b/ee/query-service/rules/manager_test.go
@@ -80,6 +80,21 @@ func TestManager_TestNotification_SendUnmatched_ThresholdRule(t *testing.T) {
 					alertDataRows := cmock.NewRows(cols, tc.Values)

 					mock := telemetryStore.Mock()
+					// Mock metadata queries for FetchTemporalityAndTypeMulti
+					// First query: fetchMetricsTemporalityAndType (from signoz_metrics time series table)
+					metadataCols := []cmock.ColumnType{
+						{Name: "metric_name", Type: "String"},
+						{Name: "temporality", Type: "String"},
+						{Name: "type", Type: "String"},
+						{Name: "is_monotonic", Type: "Bool"},
+					}
+					metadataRows := cmock.NewRows(metadataCols, [][]any{
+						{"probe_success", metrictypes.Unspecified, metrictypes.GaugeType, false},
+					})
+					mock.ExpectQuery("*distributed_time_series_v4*").WithArgs(nil, nil, nil).WillReturnRows(metadataRows)
+					// Second query: fetchMeterSourceMetricsTemporalityAndType (from signoz_meter table)
+					emptyMetadataRows := cmock.NewRows(metadataCols, [][]any{})
+					mock.ExpectQuery("*meter*").WithArgs(nil).WillReturnRows(emptyMetadataRows)

 					// Generate query arguments for the metric query
 					evalTime := time.Now().UTC()
--- a/frontend/src/AppRoutes/Private.tsx
+++ b/frontend/src/AppRoutes/Private.tsx
@@ -128,7 +128,6 @@ function PrivateRoute({ children }: PrivateRouteProps): JSX.Element {
 			isAdmin &&
 			(path === ROUTES.SETTINGS ||
 				path === ROUTES.ORG_SETTINGS ||
-				path === ROUTES.MEMBERS_SETTINGS ||
 				path === ROUTES.BILLING ||
 				path === ROUTES.MY_SETTINGS);

--- a/frontend/src/AppRoutes/index.tsx
+++ b/frontend/src/AppRoutes/index.tsx
@@ -321,19 +321,6 @@ function App(): JSX.Element {
 					// Session Replay
 					replaysSessionSampleRate: 0.1, // This sets the sample rate at 10%. You may want to change it to 100% while in development and then sample at a lower rate in production.
 					replaysOnErrorSampleRate: 1.0, // If you're not already sampling the entire session, change the sample rate to 100% when sampling sessions where errors occur.
-					beforeSend(event) {
-						const sessionReplayUrl = posthog.get_session_replay_url?.({
-							withTimestamp: true,
-						});
-						if (sessionReplayUrl) {
-							// eslint-disable-next-line no-param-reassign
-							event.contexts = {
-								...event.contexts,
-								posthog: { session_replay_url: sessionReplayUrl },
-							};
-						}
-						return event;
-					},
 				});

 				setIsSentryInitialized(true);
--- a/frontend/src/api/generated/services/sigNoz.schemas.ts
+++ b/frontend/src/api/generated/services/sigNoz.schemas.ts
@@ -2100,7 +2100,7 @@ export interface ServiceaccounttypesFactorAPIKeyDTO {
 	 * @type integer
 	 * @minimum 0
 	 */
-	expiresAt: number;
+	expires_at: number;
 	/**
 	 * @type string
 	 */
@@ -2113,7 +2113,7 @@ export interface ServiceaccounttypesFactorAPIKeyDTO {
 	 * @type string
 	 * @format date-time
 	 */
-	lastObservedAt: Date;
+	last_used: Date;
 	/**
 	 * @type string
 	 */
@@ -2121,7 +2121,7 @@ export interface ServiceaccounttypesFactorAPIKeyDTO {
 	/**
 	 * @type string
 	 */
-	serviceAccountId: string;
+	service_account_id: string;
 	/**
 	 * @type string
 	 * @format date-time
@@ -2145,7 +2145,7 @@ export interface ServiceaccounttypesPostableFactorAPIKeyDTO {
 	 * @type integer
 	 * @minimum 0
 	 */
-	expiresAt: number;
+	expires_at: number;
 	/**
 	 * @type string
 	 */
@@ -2173,11 +2173,6 @@ export interface ServiceaccounttypesServiceAccountDTO {
 	 * @format date-time
 	 */
 	createdAt?: Date;
-	/**
-	 * @type string
-	 * @format date-time
-	 */
-	deletedAt: Date;
 	/**
 	 * @type string
 	 */
@@ -2193,7 +2188,7 @@ export interface ServiceaccounttypesServiceAccountDTO {
 	/**
 	 * @type string
 	 */
-	orgId: string;
+	orgID: string;
 	/**
 	 * @type array
 	 */
@@ -2214,7 +2209,7 @@ export interface ServiceaccounttypesUpdatableFactorAPIKeyDTO {
 	 * @type integer
 	 * @minimum 0
 	 */
-	expiresAt: number;
+	expires_at: number;
 	/**
 	 * @type string
 	 */
--- a/frontend/src/container/CustomDomainSettings/CustomDomainEditModal.tsx
+++ b/frontend/src/container/CustomDomainSettings/CustomDomainEditModal.tsx
@@ -30,15 +30,14 @@ export default function CustomDomainEditModal({
 	onClearError,
 	onSubmit,
 }: CustomDomainEditModalProps): JSX.Element {
-	const initialSubdomain = customDomainSubdomain ?? '';
-	const [value, setValue] = useState(initialSubdomain);
+	const [value, setValue] = useState(customDomainSubdomain ?? '');
 	const [validationError, setValidationError] = useState<string | null>(null);

 	useEffect(() => {
 		if (isOpen) {
-			setValue(initialSubdomain);
+			setValue(customDomainSubdomain ?? '');
 		}
-	}, [isOpen, initialSubdomain]);
+	}, [isOpen, customDomainSubdomain]);

 	const handleClose = (): void => {
 		setValidationError(null);
@@ -59,11 +58,6 @@ export default function CustomDomainEditModal({
 	};

 	const handleSubmit = (): void => {
-		if (value === initialSubdomain) {
-			setValidationError('Input is unchanged');
-			return;
-		}
-
 		if (!value) {
 			setValidationError('This field is required');
 			return;
@@ -90,7 +84,7 @@ export default function CustomDomainEditModal({

 	const hasError = Boolean(errorMessage);

-	const statusIcon = ((): JSX.Element | null => {
+	const statusIcon = ((): JSX.Element => {
 		if (isLoading) {
 			return (
 				<LoaderCircle size={16} className="animate-spin edit-modal-status-icon" />
@@ -101,9 +95,7 @@ export default function CustomDomainEditModal({
 			return <CircleAlert size={16} color={Color.BG_CHERRY_500} />;
 		}

-		return value && value.length >= 3 ? (
-			<CircleCheck size={16} color={Color.BG_FOREST_500} />
-		) : null;
+		return <CircleCheck size={16} color={Color.BG_FOREST_500} />;
 	})();

 	return (
@@ -197,7 +189,7 @@ export default function CustomDomainEditModal({
 							color="primary"
 							className="edit-modal-apply-btn"
 							onClick={handleSubmit}
-							disabled={isLoading || value === initialSubdomain}
+							disabled={isLoading}
 							loading={isLoading}
 						>
 							Apply Changes
--- a/frontend/src/container/CustomDomainSettings/CustomDomainSettings.styles.scss
+++ b/frontend/src/container/CustomDomainSettings/CustomDomainSettings.styles.scss
@@ -81,10 +81,6 @@
 		padding-left: 26px;
 	}

-	.custom-domain-card-meta-row.workspace-name-hidden {
-		padding-left: 0;
-	}
-
 	.custom-domain-card-meta-timezone {
 		display: inline-flex;
 		align-items: center;
@@ -121,6 +117,32 @@
 		background: var(--l2-border);
 		margin: 0;
 	}
+
+	.custom-domain-card-bottom {
+		display: flex;
+		align-items: center;
+		gap: var(--spacing-5);
+		padding: var(--padding-3);
+	}
+
+	.custom-domain-card-license {
+		color: var(--l1-foreground);
+		font-size: var(--paragraph-base-400-font-size);
+		line-height: var(--line-height-20);
+		letter-spacing: -0.07px;
+	}
+
+	.custom-domain-plan-badge {
+		display: inline-flex;
+		align-items: center;
+		padding: 0 2px;
+		border-radius: 2px;
+		background: var(--l2-background);
+		color: var(--l2-foreground);
+		font-family: 'SF Mono', 'Fira Code', monospace;
+		font-size: var(--paragraph-base-400-font-size);
+		line-height: var(--line-height-20);
+	}
 }

 .workspace-url-trigger {
--- a/frontend/src/container/CustomDomainSettings/CustomDomainSettings.tsx
+++ b/frontend/src/container/CustomDomainSettings/CustomDomainSettings.tsx
@@ -69,9 +69,8 @@ function DomainUpdateToast({
 }

 export default function CustomDomainSettings(): JSX.Element {
-	const { org } = useAppContext();
+	const { org, activeLicense } = useAppContext();
 	const { timezone } = useTimezone();
-
 	const [isEditModalOpen, setIsEditModalOpen] = useState(false);
 	const [isPollingEnabled, setIsPollingEnabled] = useState(false);
 	const [hosts, setHosts] = useState<ZeustypesHostDTO[] | null>(null);
@@ -176,8 +175,7 @@ export default function CustomDomainSettings(): JSX.Element {
 		[hosts, activeHost],
 	);

-	const workspaceName =
-		org?.[0]?.displayName || customDomainSubdomain || activeHost?.name;
+	const planName = activeLicense?.plan?.name;

 	if (isLoadingHosts) {
 		return (
@@ -193,97 +191,105 @@ export default function CustomDomainSettings(): JSX.Element {

 	return (
 		<>
-			<div className="custom-domain-card-top">
-				<div className="custom-domain-card-info">
-					{!!workspaceName && (
+			<div className="custom-domain-card">
+				<div className="custom-domain-card-top">
+					<div className="custom-domain-card-info">
 						<div className="custom-domain-card-name-row">
 							<span className="beacon" />
-							<span className="custom-domain-card-org-name">{workspaceName}</span>
+							<span className="custom-domain-card-org-name">
+								{org?.[0]?.displayName ? org?.[0]?.displayName : customDomainSubdomain}
+							</span>
 						</div>
-					)}

-					<div
-						className={`custom-domain-card-meta-row ${
-							!workspaceName ? 'workspace-name-hidden' : ''
-						}`}
-					>
-						<Dropdown
-							trigger={['click']}
-							dropdownRender={(): JSX.Element => (
-								<div className="workspace-url-dropdown">
-									<span className="workspace-url-dropdown-header">
-										All Workspace URLs
-									</span>
-									<div className="workspace-url-dropdown-divider" />
-									{sortedHosts.map((host) => {
-										const isActive = host.name === activeHost?.name;
-										return (
-											<a
-												key={host.name}
-												href={host.url}
-												target="_blank"
-												rel="noopener noreferrer"
-												className={`workspace-url-dropdown-item${
-													isActive ? ' workspace-url-dropdown-item--active' : ''
-												}`}
-											>
-												<span className="workspace-url-dropdown-item-label">
-													{stripProtocol(host.url ?? '')}
-												</span>
-												{isActive ? (
-													<Check size={14} className="workspace-url-dropdown-item-check" />
-												) : (
-													<ExternalLink
-														size={12}
-														className="workspace-url-dropdown-item-external"
-													/>
-												)}
-											</a>
-										);
-									})}
-								</div>
-							)}
-						>
-							<Button
-								type="button"
-								size="xs"
-								className="workspace-url-trigger"
-								disabled={isFetchingHosts}
+						<div className="custom-domain-card-meta-row">
+							<Dropdown
+								trigger={['click']}
+								dropdownRender={(): JSX.Element => (
+									<div className="workspace-url-dropdown">
+										<span className="workspace-url-dropdown-header">
+											All Workspace URLs
+										</span>
+										<div className="workspace-url-dropdown-divider" />
+										{sortedHosts.map((host) => {
+											const isActive = host.name === activeHost?.name;
+											return (
+												<a
+													key={host.name}
+													href={host.url}
+													target="_blank"
+													rel="noopener noreferrer"
+													className={`workspace-url-dropdown-item${
+														isActive ? ' workspace-url-dropdown-item--active' : ''
+													}`}
+												>
+													<span className="workspace-url-dropdown-item-label">
+														{stripProtocol(host.url ?? '')}
+													</span>
+													{isActive ? (
+														<Check size={14} className="workspace-url-dropdown-item-check" />
+													) : (
+														<ExternalLink
+															size={12}
+															className="workspace-url-dropdown-item-external"
+														/>
+													)}
+												</a>
+											);
+										})}
+									</div>
+								)}
 							>
-								<Link2 size={12} />
-								<span>{stripProtocol(activeHost?.url ?? '')}</span>
-								<ChevronDown size={12} />
-							</Button>
-						</Dropdown>
-						<span className="custom-domain-card-meta-timezone">
-							<Clock size={11} />
-							{timezone.offset}
-						</span>
+								<Button
+									type="button"
+									size="xs"
+									className="workspace-url-trigger"
+									disabled={isFetchingHosts}
+								>
+									<Link2 size={12} />
+									<span>{stripProtocol(activeHost?.url ?? '')}</span>
+									<ChevronDown size={12} />
+								</Button>
+							</Dropdown>
+							<span className="custom-domain-card-meta-timezone">
+								<Clock size={11} />
+								{timezone.offset}
+							</span>
+						</div>
 					</div>
+
+					<Button
+						variant="solid"
+						size="sm"
+						className="custom-domain-edit-button"
+						prefixIcon={<FilePenLine size={12} />}
+						disabled={isFetchingHosts || isPollingEnabled}
+						onClick={(): void => setIsEditModalOpen(true)}
+					>
+						Edit workspace link
+					</Button>
 				</div>

-				<Button
-					variant="solid"
-					size="sm"
-					className="custom-domain-edit-button"
-					prefixIcon={<FilePenLine size={12} />}
-					disabled={isFetchingHosts || isPollingEnabled}
-					onClick={(): void => setIsEditModalOpen(true)}
-				>
-					Edit workspace link
-				</Button>
-			</div>
+				{isPollingEnabled && (
+					<Callout
+						type="info"
+						showIcon
+						className="custom-domain-callout"
+						size="small"
+						icon={<SolidAlertCircle size={13} color="primary" />}
+						message={`Updating your URL to ⎯ ${customDomainSubdomain}.${dnsSuffix}. This may take a few mins.`}
+					/>
+				)}

-			{isPollingEnabled && (
-				<Callout
-					type="info"
-					showIcon
-					className="custom-domain-callout"
-					size="small"
-					icon={<SolidAlertCircle size={13} color="primary" />}
-					message={`Updating your URL to ⎯ ${customDomainSubdomain}.${dnsSuffix}. This may take a few mins.`}
-				/>
-			)}
+				<div className="custom-domain-card-divider" />
+
+				<div className="custom-domain-card-bottom">
+					<span className="beacon" />
+					<span className="custom-domain-card-license">
+						{planName && <code className="custom-domain-plan-badge">{planName}</code>}{' '}
+						license is currently active
+					</span>
+				</div>
+			</div>

 			<CustomDomainEditModal
 				isOpen={isEditModalOpen}
--- a/frontend/src/container/CustomDomainSettings/tests/CustomDomainSettings.test.tsx
+++ b/frontend/src/container/CustomDomainSettings/tests/CustomDomainSettings.test.tsx
@@ -239,87 +239,4 @@ describe('CustomDomainSettings', () => {
 		const { container } = render(toastRenderer('test-id'));
 		expect(container).toHaveTextContent(/myteam\.test\.cloud/i);
 	});
-
-	describe('Workspace Name rendering', () => {
-		it('renders org displayName when available from appContext', async () => {
-			server.use(
-				rest.get(ZEUS_HOSTS_ENDPOINT, (_, res, ctx) =>
-					res(ctx.status(200), ctx.json(mockHostsResponse)),
-				),
-			);
-
-			render(<CustomDomainSettings />, undefined, {
-				appContextOverrides: {
-					org: [{ id: 'xyz', displayName: 'My Org Name', createdAt: 0 }],
-				},
-			});
-
-			expect(await screen.findByText('My Org Name')).toBeInTheDocument();
-		});
-
-		it('falls back to customDomainSubdomain when org displayName is missing', async () => {
-			server.use(
-				rest.get(ZEUS_HOSTS_ENDPOINT, (_, res, ctx) =>
-					res(ctx.status(200), ctx.json(mockHostsResponse)),
-				),
-			);
-
-			render(<CustomDomainSettings />, undefined, {
-				appContextOverrides: { org: [] },
-			});
-
-			expect(await screen.findByText('custom-host')).toBeInTheDocument();
-		});
-
-		it('falls back to activeHost.name when neither org name nor custom domain exists', async () => {
-			const onlyDefaultHostResponse = {
-				...mockHostsResponse,
-				data: {
-					...mockHostsResponse.data,
-					hosts: mockHostsResponse.data.hosts
-						? [mockHostsResponse.data.hosts[0]]
-						: [],
-				},
-			};
-
-			server.use(
-				rest.get(ZEUS_HOSTS_ENDPOINT, (_, res, ctx) =>
-					res(ctx.status(200), ctx.json(onlyDefaultHostResponse)),
-				),
-			);
-
-			render(<CustomDomainSettings />, undefined, {
-				appContextOverrides: { org: [] },
-			});
-
-			// 'accepted-starfish' is the default host's name
-			expect(await screen.findByText('accepted-starfish')).toBeInTheDocument();
-		});
-
-		it('does not render the card name row if workspaceName is totally falsy', async () => {
-			const emptyHostsResponse = {
-				...mockHostsResponse,
-				data: {
-					...mockHostsResponse.data,
-					hosts: [],
-				},
-			};
-
-			server.use(
-				rest.get(ZEUS_HOSTS_ENDPOINT, (_, res, ctx) =>
-					res(ctx.status(200), ctx.json(emptyHostsResponse)),
-				),
-			);
-
-			const { container } = render(<CustomDomainSettings />, undefined, {
-				appContextOverrides: { org: [] },
-			});
-
-			await screen.findByRole('button', { name: /edit workspace link/i });
-
-			expect(
-				container.querySelector('.custom-domain-card-name-row'),
-			).not.toBeInTheDocument();
-		});
-	});
 });
--- a/frontend/src/container/GeneralSettings/GeneralSettings.tsx
+++ b/frontend/src/container/GeneralSettings/GeneralSettings.tsx
@@ -10,7 +10,6 @@ import setRetentionApi from 'api/settings/setRetention';
 import setRetentionApiV2 from 'api/settings/setRetentionV2';
 import TextToolTip from 'components/TextToolTip';
 import CustomDomainSettings from 'container/CustomDomainSettings';
-import LicenseKeyRow from 'container/GeneralSettings/LicenseKeyRow/LicenseKeyRow';
 import GeneralSettingsCloud from 'container/GeneralSettingsCloud';
 import useComponentPermission from 'hooks/useComponentPermission';
 import { useGetTenantLicense } from 'hooks/useGetTenantLicense';
@@ -82,7 +81,7 @@ function GeneralSettings({
 		logsTtlValuesPayload,
 	);

-	const { user, activeLicense } = useAppContext();
+	const { user } = useAppContext();

 	const [setRetentionPermission] = useComponentPermission(
 		['set_retention_period'],
@@ -681,15 +680,7 @@ function GeneralSettings({
 				</span>
 			</div>

-			{(showCustomDomainSettings || activeLicense?.key) && (
-				<div className="custom-domain-card">
-					{showCustomDomainSettings && <CustomDomainSettings />}
-					{showCustomDomainSettings && activeLicense?.key && (
-						<div className="custom-domain-card-divider" />
-					)}
-					{activeLicense?.key && <LicenseKeyRow />}
-				</div>
-			)}
+			{showCustomDomainSettings && <CustomDomainSettings />}

 			<div className="retention-controls-container">
 				<div className="retention-controls-header">
--- a/frontend/src/container/GeneralSettings/LicenseKeyRow/LicenseKeyRow.styles.scss
+++ b/frontend/src/container/GeneralSettings/LicenseKeyRow/LicenseKeyRow.styles.scss
@@ -1,65 +0,0 @@
-.license-key-row {
-	display: flex;
-	align-items: center;
-	justify-content: space-between;
-	padding: var(--padding-2) var(--padding-3);
-	gap: var(--spacing-5);
-
-	&__left {
-		display: inline-flex;
-		align-items: center;
-		gap: 12px;
-		color: var(--l2-foreground);
-
-		svg {
-			flex-shrink: 0;
-		}
-	}
-
-	&__label {
-		color: var(--l2-foreground);
-		font-size: var(--paragraph-base-400-font-size);
-		line-height: var(--line-height-20);
-		letter-spacing: -0.07px;
-		flex-shrink: 0;
-	}
-
-	&__value {
-		display: inline-flex;
-		align-items: stretch;
-	}
-
-	&__code {
-		display: inline-flex;
-		align-items: center;
-		padding: 1px 2px;
-		border-radius: 2px 0 0 2px;
-		background: var(--l3-background);
-		border: 1px solid var(--l2-border);
-		color: var(--l2-foreground);
-		font-family: 'SF Mono', 'Fira Code', 'Fira Mono', monospace;
-		font-size: var(--paragraph-base-400-font-size);
-		line-height: var(--line-height-20);
-		white-space: nowrap;
-		margin-right: -1px;
-	}
-
-	&__copy-btn {
-		display: inline-flex;
-		align-items: center;
-		justify-content: center;
-		width: 26px;
-		padding: 1px 2px;
-		border-radius: 0 2px 2px 0;
-		background: var(--l3-background);
-		border: 1px solid var(--l2-border);
-		color: var(--l2-foreground);
-		cursor: pointer;
-		flex-shrink: 0;
-		height: 24px;
-
-		&:hover {
-			background: var(--l3-background-hover);
-		}
-	}
-}
--- a/frontend/src/container/GeneralSettings/LicenseKeyRow/LicenseKeyRow.tsx
+++ b/frontend/src/container/GeneralSettings/LicenseKeyRow/LicenseKeyRow.tsx
@@ -1,48 +0,0 @@
-import { useCopyToClipboard } from 'react-use';
-import { Button } from '@signozhq/button';
-import { Copy, KeyRound } from '@signozhq/icons';
-import { toast } from '@signozhq/sonner';
-import { useAppContext } from 'providers/App/App';
-import { getMaskedKey } from 'utils/maskedKey';
-
-import './LicenseKeyRow.styles.scss';
-
-function LicenseKeyRow(): JSX.Element | null {
-	const { activeLicense } = useAppContext();
-	const [, copyToClipboard] = useCopyToClipboard();
-
-	if (!activeLicense?.key) {
-		return null;
-	}
-
-	const handleCopyLicenseKey = (text: string): void => {
-		copyToClipboard(text);
-		toast.success('License key copied to clipboard.', { richColors: true });
-	};
-
-	return (
-		<div className="license-key-row">
-			<span className="license-key-row__left">
-				<KeyRound size={14} />
-				<span className="license-key-row__label">SigNoz License Key</span>
-			</span>
-			<span className="license-key-row__value">
-				<code className="license-key-row__code">
-					{getMaskedKey(activeLicense.key)}
-				</code>
-				<Button
-					type="button"
-					size="xs"
-					aria-label="Copy license key"
-					data-testid="license-key-row-copy-btn"
-					className="license-key-row__copy-btn"
-					onClick={(): void => handleCopyLicenseKey(activeLicense.key)}
-				>
-					<Copy size={12} />
-				</Button>
-			</span>
-		</div>
-	);
-}
-
-export default LicenseKeyRow;
--- a/frontend/src/container/GeneralSettings/LicenseKeyRow/tests/LicenseKeyRow.test.tsx
+++ b/frontend/src/container/GeneralSettings/LicenseKeyRow/tests/LicenseKeyRow.test.tsx
@@ -1,61 +0,0 @@
-import { render, screen, userEvent, waitFor } from 'tests/test-utils';
-
-import LicenseKeyRow from '../LicenseKeyRow';
-
-const mockCopyToClipboard = jest.fn();
-
-jest.mock('react-use', () => ({
-	__esModule: true,
-	useCopyToClipboard: (): [unknown, jest.Mock] => [null, mockCopyToClipboard],
-}));
-
-const mockToastSuccess = jest.fn();
-
-jest.mock('@signozhq/sonner', () => ({
-	toast: {
-		success: (...args: unknown[]): unknown => mockToastSuccess(...args),
-	},
-}));
-
-describe('LicenseKeyRow', () => {
-	afterEach(() => {
-		jest.clearAllMocks();
-	});
-
-	it('renders nothing when activeLicense key is absent', () => {
-		const { container } = render(<LicenseKeyRow />, undefined, {
-			appContextOverrides: { activeLicense: null },
-		});
-
-		expect(container).toBeEmptyDOMElement();
-	});
-
-	it('renders label and masked key when activeLicense key exists', () => {
-		render(<LicenseKeyRow />, undefined, {
-			appContextOverrides: {
-				activeLicense: { key: 'abcdefghij' } as any,
-			},
-		});
-
-		expect(screen.getByText('SigNoz License Key')).toBeInTheDocument();
-		expect(screen.getByText('ab·······ij')).toBeInTheDocument();
-	});
-
-	it('calls copyToClipboard and shows success toast when clipboard is available', async () => {
-		const user = userEvent.setup({ pointerEventsCheck: 0 });
-
-		render(<LicenseKeyRow />);
-
-		await user.click(screen.getByRole('button', { name: /copy license key/i }));
-
-		await waitFor(() => {
-			expect(mockCopyToClipboard).toHaveBeenCalledWith('test-key');
-			expect(mockToastSuccess).toHaveBeenCalledWith(
-				'License key copied to clipboard.',
-				{
-					richColors: true,
-				},
-			);
-		});
-	});
-});
--- a/frontend/src/container/MySettings/LicenseSection/LicenseSection.tsx
+++ b/frontend/src/container/MySettings/LicenseSection/LicenseSection.tsx
@@ -4,7 +4,6 @@ import { Typography } from 'antd';
 import { useNotifications } from 'hooks/useNotifications';
 import { Copy } from 'lucide-react';
 import { useAppContext } from 'providers/App/App';
-import { getMaskedKey } from 'utils/maskedKey';

 import './LicenseSection.styles.scss';

@@ -13,6 +12,15 @@ function LicenseSection(): JSX.Element | null {
 	const { notifications } = useNotifications();
 	const [, handleCopyToClipboard] = useCopyToClipboard();

+	const getMaskedKey = (key: string): string => {
+		if (!key || key.length < 4) {
+			return key || 'N/A';
+		}
+		return `${key.substring(0, 2)}********${key
+			.substring(key.length - 2)
+			.trim()}`;
+	};
+
 	const handleCopyKey = (text: string): void => {
 		handleCopyToClipboard(text);
 		notifications.success({
--- a/frontend/src/container/MySettings/tests/MySettings.test.tsx
+++ b/frontend/src/container/MySettings/tests/MySettings.test.tsx
@@ -271,7 +271,7 @@ describe('MySettings Flows', () => {
 				},
 			});

-			expect(within(container).getByText('ab·······cd')).toBeInTheDocument();
+			expect(within(container).getByText('ab********cd')).toBeInTheDocument();
 		});

 		it('Should not mask license key if it is too short', () => {
--- a/frontend/src/container/SideNav/config.ts
+++ b/frontend/src/container/SideNav/config.ts
@@ -38,7 +38,6 @@ export const routeConfig: Record<string, QueryParams[]> = {
 	[ROUTES.MY_SETTINGS]: [QueryParams.resourceAttributes],
 	[ROUTES.NOT_FOUND]: [QueryParams.resourceAttributes],
 	[ROUTES.ORG_SETTINGS]: [QueryParams.resourceAttributes],
-	[ROUTES.MEMBERS_SETTINGS]: [QueryParams.resourceAttributes],
 	[ROUTES.PASSWORD_RESET]: [QueryParams.resourceAttributes],
 	[ROUTES.SETTINGS]: [QueryParams.resourceAttributes],
 	[ROUTES.SIGN_UP]: [QueryParams.resourceAttributes],
--- a/frontend/src/hooks/useAuthZ/permissions.type.ts
+++ b/frontend/src/hooks/useAuthZ/permissions.type.ts
@@ -23,10 +23,10 @@ export default {
 		relations: {
 			assignee: ['role'],
 			create: ['metaresources'],
-			delete: ['user', 'serviceaccount', 'role', 'organization', 'metaresource'],
+			delete: ['user', 'role', 'organization', 'metaresource'],
 			list: ['metaresources'],
-			read: ['user', 'serviceaccount', 'role', 'organization', 'metaresource'],
-			update: ['user', 'serviceaccount', 'role', 'organization', 'metaresource'],
+			read: ['user', 'role', 'organization', 'metaresource'],
+			update: ['user', 'role', 'organization', 'metaresource'],
 		},
 	},
 } as const;
--- a/frontend/src/pages/Settings/Settings.tsx
+++ b/frontend/src/pages/Settings/Settings.tsx
@@ -63,7 +63,6 @@ function SettingsPage(): JSX.Element {
 						isAdmin &&
 						(item.key === ROUTES.BILLING ||
 							item.key === ROUTES.ORG_SETTINGS ||
-							item.key === ROUTES.MEMBERS_SETTINGS ||
 							item.key === ROUTES.MY_SETTINGS ||
 							item.key === ROUTES.SHORTCUTS)
 					),
--- a/frontend/src/pages/Settings/utils.ts
+++ b/frontend/src/pages/Settings/utils.ts
@@ -36,7 +36,6 @@ export const getRoutes = (
 	if (isWorkspaceBlocked && isAdmin) {
 		settings.push(
 			...organizationSettings(t),
-			...membersSettings(t),
 			...mySettings(t),
 			...billingSettings(t),
 			...keyboardShortcuts(t),
--- a/frontend/src/utils/maskedKey.ts
+++ b/frontend/src/utils/maskedKey.ts
@@ -1,9 +0,0 @@
-/**
- * Masks a key string, showing only the first 2 and last 2 characters.
- */
-export function getMaskedKey(key: string): string {
-	if (!key || key.length < 4) {
-		return key || 'N/A';
-	}
-	return `${key.substring(0, 2)}·······${key.slice(-2).trim()}`;
-}
--- a/pkg/alertmanager/service.go
+++ b/pkg/alertmanager/service.go
@@ -72,7 +72,7 @@ func (service *Service) SyncServers(ctx context.Context) error {

 	service.serversMtx.Lock()
 	for _, org := range orgs {
-		config, _, err := service.getConfig(ctx, org.ID.StringValue())
+		config, err := service.getConfig(ctx, org.ID.StringValue())
 		if err != nil {
 			service.settings.Logger().ErrorContext(ctx, "failed to get alertmanager config for org", "org_id", org.ID.StringValue(), "error", err)
 			continue
@@ -171,7 +171,7 @@ func (service *Service) Stop(ctx context.Context) error {
 }

 func (service *Service) newServer(ctx context.Context, orgID string) (*alertmanagerserver.Server, error) {
-	config, storedHash, err := service.getConfig(ctx, orgID)
+	config, err := service.getConfig(ctx, orgID)
 	if err != nil {
 		return nil, err
 	}
@@ -181,16 +181,13 @@ func (service *Service) newServer(ctx context.Context, orgID string) (*alertmana
 		return nil, err
 	}

+	beforeCompareAndSelectHash := config.StoreableConfig().Hash
 	config, err = service.compareAndSelectConfig(ctx, config)
 	if err != nil {
 		return nil, err
 	}

-	// compare against the hash of the config stored in the DB (before overlays
-	// were applied by getConfig). This ensures that overlay changes (e.g. new
-	// defaults from an upstream upgrade or something similar) trigger a DB update
-	// so that other code paths reading directly from the store see the up-to-date config.
-	if storedHash == config.StoreableConfig().Hash {
+	if beforeCompareAndSelectHash == config.StoreableConfig().Hash {
 		service.settings.Logger().DebugContext(ctx, "skipping config store update for org", "org_id", orgID, "hash", config.StoreableConfig().Hash)
 		return server, nil
 	}
@@ -203,33 +200,27 @@ func (service *Service) newServer(ctx context.Context, orgID string) (*alertmana
 	return server, nil
 }

-// getConfig returns the config for the given orgID with overlays applied, along
-// with the hash that was stored in the DB before overlays. When no config exists
-// in the store yet the stored hash is empty.
-func (service *Service) getConfig(ctx context.Context, orgID string) (*alertmanagertypes.Config, string, error) {
+func (service *Service) getConfig(ctx context.Context, orgID string) (*alertmanagertypes.Config, error) {
 	config, err := service.configStore.Get(ctx, orgID)
-	var storedHash string
 	if err != nil {
 		if !errors.Ast(err, errors.TypeNotFound) {
-			return nil, "", err
+			return nil, err
 		}

 		config, err = alertmanagertypes.NewDefaultConfig(service.config.Global, service.config.Route, orgID)
 		if err != nil {
-			return nil, "", err
+			return nil, err
 		}
-	} else {
-		storedHash = config.StoreableConfig().Hash
 	}

 	if err := config.SetGlobalConfig(service.config.Global); err != nil {
-		return nil, "", err
+		return nil, err
 	}
 	if err := config.SetRouteConfig(service.config.Route); err != nil {
-		return nil, "", err
+		return nil, err
 	}

-	return config, storedHash, nil
+	return config, nil
 }

 func (service *Service) compareAndSelectConfig(ctx context.Context, incomingConfig *alertmanagertypes.Config) (*alertmanagertypes.Config, error) {
--- a/pkg/authz/openfgaschema/base.fga
+++ b/pkg/authz/openfgaschema/base.fga
@@ -2,11 +2,9 @@ module base

 type user

-type serviceaccount 
-
 type role 
  relations
-    define assignee: [user, serviceaccount]
+    define assignee: [user]

 type organisation 
  relations
--- a/pkg/modules/cloudintegration/cloudintegration.go
+++ b/pkg/modules/cloudintegration/cloudintegration.go
@@ -1,62 +0,0 @@
-package cloudintegration
-
-import (
-	"context"
-	"net/http"
-
-	"github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
-	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type Module interface {
-	GetName() cloudintegrationtypes.CloudProviderType
-
-	// AgentCheckIn is called by agent to heartbeat and get latest config in response.
-	AgentCheckIn(ctx context.Context, req *cloudintegrationtypes.PostableAgentCheckInPayload) (any, error)
-
-	GenerateConnectionParams(ctx context.Context) (*cloudintegrationtypes.GettableCloudIntegrationConnectionParams, error)
-	// GenerateConnectionArtifact generates cloud provider specific connection information, client side handles how this information is shown
-	GenerateConnectionArtifact(ctx context.Context, req *cloudintegrationtypes.PostableConnectionArtifact) (any, error)
-	// GetAccountStatus returns agent connection status for a cloud integration account
-	GetAccountStatus(ctx context.Context, orgID, accountID string) (*cloudintegrationtypes.GettableAccountStatus, error)
-	// ListConnectedAccounts lists accounts where agent is connected
-	ListConnectedAccounts(ctx context.Context, orgID string) (*cloudintegrationtypes.GettableConnectedAccountsList, error)
-
-	// LIstServices return list of services for a cloud provider attached with the accountID. This just returns a summary
-	ListServices(ctx context.Context, orgID string, accountID *string) (any, error) // returns either GettableAWSServices or GettableAzureServices
-	// GetServiceDetails returns service definition details for a serviceId. This returns config and other details required to show in service details page on client.
-	GetServiceDetails(ctx context.Context, req *cloudintegrationtypes.GetServiceDetailsReq) (any, error)
-
-	// GetDashboard returns dashboard json for a give cloud integration service dashboard.
-	// this only returns the dashboard when account is connected and service is enabled
-	GetDashboard(ctx context.Context, id string, orgID valuer.UUID) (*dashboardtypes.Dashboard, error)
-	// GetAvailableDashboards returns list of available dashboards across all connected cloud integration accounts in the org.
-	// this list gets added to dashboard list page
-	GetAvailableDashboards(ctx context.Context, orgID valuer.UUID) ([]*dashboardtypes.Dashboard, error)
-
-	// UpdateAccountConfig updates cloud integration account config
-	UpdateAccountConfig(ctx context.Context, orgId valuer.UUID, accountId string, config []byte) (any, error)
-	// UpdateServiceConfig updates cloud integration service config
-	UpdateServiceConfig(ctx context.Context, serviceId string, orgID valuer.UUID, config []byte) (any, error)
-
-	// DisconnectAccount soft deletes/removes a cloud integration account.
-	DisconnectAccount(ctx context.Context, orgID, accountID string) (*cloudintegrationtypes.CloudIntegration, error)
-}
-
-type Handler interface {
-	AgentCheckIn(http.ResponseWriter, *http.Request)
-
-	GenerateConnectionParams(http.ResponseWriter, *http.Request)
-	GenerateConnectionArtifact(http.ResponseWriter, *http.Request)
-
-	ListConnectedAccounts(http.ResponseWriter, *http.Request)
-	GetAccountStatus(http.ResponseWriter, *http.Request)
-	ListServices(http.ResponseWriter, *http.Request)
-	GetServiceDetails(http.ResponseWriter, *http.Request)
-
-	UpdateAccountConfig(http.ResponseWriter, *http.Request)
-	UpdateServiceConfig(http.ResponseWriter, *http.Request)
-
-	DisconnectAccount(http.ResponseWriter, *http.Request)
-}
--- a/pkg/modules/serviceaccount/implserviceaccount/handler.go
+++ b/pkg/modules/serviceaccount/implserviceaccount/handler.go
@@ -111,12 +111,7 @@ func (handler *handler) Update(rw http.ResponseWriter, r *http.Request) {
 		return
 	}

-	err = serviceAccount.Update(req.Name, req.Email, req.Roles)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
+	serviceAccount.Update(req.Name, req.Email, req.Roles)
 	err = handler.module.Update(ctx, valuer.MustNewUUID(claims.OrgID), serviceAccount)
 	if err != nil {
 		render.Error(rw, err)
@@ -152,12 +147,7 @@ func (handler *handler) UpdateStatus(rw http.ResponseWriter, r *http.Request) {
 		return
 	}

-	err = serviceAccount.UpdateStatus(req.Status)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
+	serviceAccount.UpdateStatus(req.Status)
 	err = handler.module.UpdateStatus(ctx, valuer.MustNewUUID(claims.OrgID), serviceAccount)
 	if err != nil {
 		render.Error(rw, err)
@@ -300,7 +290,7 @@ func (handler *handler) UpdateFactorAPIKey(rw http.ResponseWriter, r *http.Reque
 	}

 	factorAPIKey.Update(req.Name, req.ExpiresAt)
-	err = handler.module.UpdateFactorAPIKey(ctx, valuer.MustNewUUID(claims.OrgID), serviceAccount.ID, factorAPIKey)
+	err = handler.module.UpdateFactorAPIKey(ctx, serviceAccount.ID, factorAPIKey)
 	if err != nil {
 		render.Error(rw, err)
 		return
--- a/pkg/modules/serviceaccount/implserviceaccount/module.go
+++ b/pkg/modules/serviceaccount/implserviceaccount/module.go
@@ -5,7 +5,6 @@ import (

 	"github.com/SigNoz/signoz/pkg/authz"
 	"github.com/SigNoz/signoz/pkg/emailing"
-	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/modules/serviceaccount"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
@@ -34,7 +33,7 @@ func (module *module) Create(ctx context.Context, orgID valuer.UUID, serviceAcco
 	}

 	// authz actions cannot run in sql transactions
-	err = module.authz.Grant(ctx, orgID, serviceAccount.Roles, authtypes.MustNewSubject(authtypes.TypeableServiceAccount, serviceAccount.ID.String(), orgID, nil))
+	err = module.authz.Grant(ctx, orgID, serviceAccount.Roles, authtypes.MustNewSubject(authtypes.TypeableUser, serviceAccount.ID.String(), orgID, nil))
 	if err != nil {
 		return err
 	}
@@ -61,24 +60,6 @@ func (module *module) Create(ctx context.Context, orgID valuer.UUID, serviceAcco
 	return nil
 }

-func (module *module) GetOrCreate(ctx context.Context, serviceAccount *serviceaccounttypes.ServiceAccount) (*serviceaccounttypes.ServiceAccount, error) {
-	existingServiceAccount, err := module.store.GetActiveByOrgIDAndName(ctx, serviceAccount.OrgID, serviceAccount.Name)
-	if err != nil && !errors.Ast(err, errors.TypeNotFound) {
-		return nil, err
-	}
-
-	if existingServiceAccount != nil {
-		return serviceAccount, nil
-	}
-
-	err = module.Create(ctx, serviceAccount.OrgID, serviceAccount)
-	if err != nil {
-		return nil, err
-	}
-
-	return serviceAccount, nil
-}
-
 func (module *module) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*serviceaccounttypes.ServiceAccount, error) {
 	storableServiceAccount, err := module.store.Get(ctx, orgID, id)
 	if err != nil {
@@ -157,7 +138,7 @@ func (module *module) Update(ctx context.Context, orgID valuer.UUID, input *serv

 	// gets the role diff if any to modify grants.
 	grants, revokes := serviceAccount.PatchRoles(input)
-	err = module.authz.ModifyGrant(ctx, orgID, revokes, grants, authtypes.MustNewSubject(authtypes.TypeableServiceAccount, serviceAccount.ID.String(), orgID, nil))
+	err = module.authz.ModifyGrant(ctx, orgID, revokes, grants, authtypes.MustNewSubject(authtypes.TypeableUser, serviceAccount.ID.String(), orgID, nil))
 	if err != nil {
 		return err
 	}
@@ -190,28 +171,26 @@ func (module *module) Update(ctx context.Context, orgID valuer.UUID, input *serv
 }

 func (module *module) UpdateStatus(ctx context.Context, orgID valuer.UUID, input *serviceaccounttypes.ServiceAccount) error {
-	err := module.authz.Revoke(ctx, orgID, input.Roles, authtypes.MustNewSubject(authtypes.TypeableServiceAccount, input.ID.String(), orgID, nil))
+	serviceAccount, err := module.Get(ctx, orgID, input.ID)
 	if err != nil {
 		return err
 	}

-	err = module.store.RunInTx(ctx, func(ctx context.Context) error {
-		// revoke all the API keys on disable
-		err := module.store.RevokeAllFactorAPIKeys(ctx, input.ID)
-		if err != nil {
-			return err
-		}
-
-		// update the status but do not delete the role mappings as we will use them for audits
-		err = module.store.Update(ctx, orgID, serviceaccounttypes.NewStorableServiceAccount(input))
-		if err != nil {
-			return err
-		}
-
+	if input.Status == serviceAccount.Status {
 		return nil
-	})
-	if err != nil {
-		return err
+	}
+
+	switch input.Status {
+	case serviceaccounttypes.StatusActive:
+		err := module.activateServiceAccount(ctx, orgID, input)
+		if err != nil {
+			return err
+		}
+	case serviceaccounttypes.StatusDisabled:
+		err := module.disableServiceAccount(ctx, orgID, input)
+		if err != nil {
+			return err
+		}
 	}

 	return nil
@@ -224,7 +203,7 @@ func (module *module) Delete(ctx context.Context, orgID valuer.UUID, id valuer.U
 	}

 	// revoke from authz first as this cannot run in sql transaction
-	err = module.authz.Revoke(ctx, orgID, serviceAccount.Roles, authtypes.MustNewSubject(authtypes.TypeableServiceAccount, serviceAccount.ID.String(), orgID, nil))
+	err = module.authz.Revoke(ctx, orgID, serviceAccount.Roles, authtypes.MustNewSubject(authtypes.TypeableUser, serviceAccount.ID.String(), orgID, nil))
 	if err != nil {
 		return err
 	}
@@ -297,13 +276,8 @@ func (module *module) ListFactorAPIKey(ctx context.Context, serviceAccountID val
 	return serviceaccounttypes.NewFactorAPIKeyFromStorables(storables), nil
 }

-func (module *module) UpdateFactorAPIKey(ctx context.Context, _ valuer.UUID, serviceAccountID valuer.UUID, factorAPIKey *serviceaccounttypes.FactorAPIKey) error {
-	err := module.store.UpdateFactorAPIKey(ctx, serviceAccountID, serviceaccounttypes.NewStorableFactorAPIKey(factorAPIKey))
-	if err != nil {
-		return err
-	}
-
-	return nil
+func (module *module) UpdateFactorAPIKey(ctx context.Context, serviceAccountID valuer.UUID, factorAPIKey *serviceaccounttypes.FactorAPIKey) error {
+	return module.store.UpdateFactorAPIKey(ctx, serviceAccountID, serviceaccounttypes.NewStorableFactorAPIKey(factorAPIKey))
 }

 func (module *module) RevokeFactorAPIKey(ctx context.Context, serviceAccountID valuer.UUID, id valuer.UUID) error {
@@ -333,3 +307,45 @@ func (module *module) RevokeFactorAPIKey(ctx context.Context, serviceAccountID v

 	return nil
 }
+
+func (module *module) disableServiceAccount(ctx context.Context, orgID valuer.UUID, input *serviceaccounttypes.ServiceAccount) error {
+	err := module.authz.Revoke(ctx, orgID, input.Roles, authtypes.MustNewSubject(authtypes.TypeableUser, input.ID.String(), orgID, nil))
+	if err != nil {
+		return err
+	}
+
+	err = module.store.RunInTx(ctx, func(ctx context.Context) error {
+		// revoke all the API keys on disable
+		err := module.store.RevokeAllFactorAPIKeys(ctx, input.ID)
+		if err != nil {
+			return err
+		}
+
+		// update the status but do not delete the role mappings as we will reuse them on activation.
+		err = module.Update(ctx, orgID, input)
+		if err != nil {
+			return err
+		}
+
+		return nil
+	})
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (module *module) activateServiceAccount(ctx context.Context, orgID valuer.UUID, input *serviceaccounttypes.ServiceAccount) error {
+	err := module.authz.Grant(ctx, orgID, input.Roles, authtypes.MustNewSubject(authtypes.TypeableUser, input.ID.String(), orgID, nil))
+	if err != nil {
+		return err
+	}
+
+	err = module.Update(ctx, orgID, input)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
--- a/pkg/modules/serviceaccount/implserviceaccount/store.go
+++ b/pkg/modules/serviceaccount/implserviceaccount/store.go
@@ -48,25 +48,6 @@ func (store *store) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID)
 	return storable, nil
 }

-func (store *store) GetActiveByOrgIDAndName(ctx context.Context, orgID valuer.UUID, name string) (*serviceaccounttypes.StorableServiceAccount, error) {
-	storable := new(serviceaccounttypes.StorableServiceAccount)
-
-	err := store.
-		sqlstore.
-		BunDBCtx(ctx).
-		NewSelect().
-		Model(storable).
-		Where("org_id = ?", orgID).
-		Where("name = ?", name).
-		Where("status = ?", serviceaccounttypes.StatusActive).
-		Scan(ctx)
-	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, serviceaccounttypes.ErrCodeServiceAccountNotFound, "service account with name: %s doesn't exist in org: %s", name, orgID.String())
-	}
-
-	return storable, nil
-}
-
 func (store *store) GetByID(ctx context.Context, id valuer.UUID) (*serviceaccounttypes.StorableServiceAccount, error) {
 	storable := new(serviceaccounttypes.StorableServiceAccount)

@@ -207,7 +188,7 @@ func (store *store) CreateFactorAPIKey(ctx context.Context, storable *serviceacc
 		Model(storable).
 		Exec(ctx)
 	if err != nil {
-		return store.sqlstore.WrapAlreadyExistsErrf(err, serviceaccounttypes.ErrCodeAPIKeyAlreadyExists, "api key with name: %s already exists for service account: %s", storable.Name, storable.ServiceAccountID)
+		return store.sqlstore.WrapAlreadyExistsErrf(err, serviceaccounttypes.ErrCodeServiceAccountFactorAPIKeyAlreadyExists, "api key with name: %s already exists for service account: %s", storable.Name, storable.ServiceAccountID)
 	}

 	return nil
@@ -225,7 +206,7 @@ func (store *store) GetFactorAPIKey(ctx context.Context, serviceAccountID valuer
 		Where("service_account_id = ?", serviceAccountID).
 		Scan(ctx)
 	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, serviceaccounttypes.ErrCodeAPIKeytNotFound, "api key with id: %s doesn't exist for service account: %s", id, serviceAccountID)
+		return nil, store.sqlstore.WrapNotFoundErrf(err, serviceaccounttypes.ErrCodeServiceAccounFactorAPIKeytNotFound, "api key with id: %s doesn't exist for service account: %s", id, serviceAccountID)
 	}

 	return storable, nil
--- a/pkg/modules/serviceaccount/serviceaccount.go
+++ b/pkg/modules/serviceaccount/serviceaccount.go
@@ -15,9 +15,6 @@ type Module interface {
 	// Gets a service account by id.
 	Get(context.Context, valuer.UUID, valuer.UUID) (*serviceaccounttypes.ServiceAccount, error)

-	// Gets or creates a service account by name
-	GetOrCreate(context.Context, *serviceaccounttypes.ServiceAccount) (*serviceaccounttypes.ServiceAccount, error)
-
 	// Gets a service account by id without fetching roles.
 	GetWithoutRoles(context.Context, valuer.UUID, valuer.UUID) (*serviceaccounttypes.ServiceAccount, error)

@@ -43,7 +40,7 @@ type Module interface {
 	ListFactorAPIKey(context.Context, valuer.UUID) ([]*serviceaccounttypes.FactorAPIKey, error)

 	// Updates an existing API key for a service account
-	UpdateFactorAPIKey(context.Context, valuer.UUID, valuer.UUID, *serviceaccounttypes.FactorAPIKey) error
+	UpdateFactorAPIKey(context.Context, valuer.UUID, *serviceaccounttypes.FactorAPIKey) error

 	// Revokes an existing API key for a service account
 	RevokeFactorAPIKey(context.Context, valuer.UUID, valuer.UUID) error
--- a/pkg/querier/querier.go
+++ b/pkg/querier/querier.go
@@ -20,6 +20,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/types/instrumentationtypes"
 	"github.com/SigNoz/signoz/pkg/types/metrictypes"
 	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
+	"github.com/dustin/go-humanize"
 	"golang.org/x/exp/maps"

 	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
@@ -158,7 +159,8 @@ func (q *querier) QueryRange(ctx context.Context, orgID valuer.UUID, req *qbtype
 	metricNames := make([]string, 0)
 	for idx, query := range req.CompositeQuery.Queries {
 		event.QueryType = query.Type.StringValue()
-		if query.Type == qbtypes.QueryTypeBuilder {
+		switch query.Type {
+		case qbtypes.QueryTypeBuilder:
 			if spec, ok := query.Spec.(qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]); ok {
 				for _, agg := range spec.Aggregations {
 					if agg.MetricName != "" {
@@ -236,7 +238,7 @@ func (q *querier) QueryRange(ctx context.Context, orgID valuer.UUID, req *qbtype
 				}
 				req.CompositeQuery.Queries[idx].Spec = spec
 			}
-		} else if query.Type == qbtypes.QueryTypePromQL {
+		case qbtypes.QueryTypePromQL:
 			event.MetricsUsed = true
 			switch spec := query.Spec.(type) {
 			case qbtypes.PromQuery:
@@ -247,7 +249,7 @@ func (q *querier) QueryRange(ctx context.Context, orgID valuer.UUID, req *qbtype
 				}
 				req.CompositeQuery.Queries[idx].Spec = spec
 			}
-		} else if query.Type == qbtypes.QueryTypeClickHouseSQL {
+		case qbtypes.QueryTypeClickHouseSQL:
 			switch spec := query.Spec.(type) {
 			case qbtypes.ClickHouseQuery:
 				if strings.TrimSpace(spec.Query) != "" {
@@ -256,7 +258,7 @@ func (q *querier) QueryRange(ctx context.Context, orgID valuer.UUID, req *qbtype
 					event.TracesUsed = strings.Contains(spec.Query, "signoz_traces")
 				}
 			}
-		} else if query.Type == qbtypes.QueryTypeTraceOperator {
+		case qbtypes.QueryTypeTraceOperator:
 			if spec, ok := query.Spec.(qbtypes.QueryBuilderTraceOperator); ok {
 				if spec.StepInterval.Seconds() == 0 {
 					spec.StepInterval = qbtypes.Step{
@@ -276,23 +278,9 @@ func (q *querier) QueryRange(ctx context.Context, orgID valuer.UUID, req *qbtype
 		}
 	}

-	// Fetch temporality for all metrics at once
-	var metricTemporality map[string]metrictypes.Temporality
-	var metricTypes map[string]metrictypes.Type
-	if len(metricNames) > 0 {
-		var err error
-		metricTemporality, metricTypes, err = q.metadataStore.FetchTemporalityAndTypeMulti(ctx, req.Start, req.End, metricNames...)
-		if err != nil {
-			q.logger.WarnContext(ctx, "failed to fetch metric temporality", "error", err, "metrics", metricNames)
-			// Continue without temporality - statement builder will handle unspecified
-			metricTemporality = make(map[string]metrictypes.Temporality)
-			metricTypes = make(map[string]metrictypes.Type)
-		}
-		q.logger.DebugContext(ctx, "fetched metric temporalities and types", "metric_temporality", metricTemporality, "metric_types", metricTypes)
-	}
-
 	queries := make(map[string]qbtypes.Query)
 	steps := make(map[string]qbtypes.Step)
+	missingMetrics := []string{}

 	for _, query := range req.CompositeQuery.Queries {
 		var queryName string
@@ -374,15 +362,26 @@ func (q *querier) QueryRange(ctx context.Context, orgID valuer.UUID, req *qbtype
 				queries[spec.Name] = bq
 				steps[spec.Name] = spec.StepInterval
 			case qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]:
+				var metricTemporality map[string]metrictypes.Temporality
+				var metricTypes map[string]metrictypes.Type
+				if len(metricNames) > 0 {
+					var err error
+					metricTemporality, metricTypes, err = q.metadataStore.FetchTemporalityAndTypeMulti(ctx, req.Start, req.End, metricNames...)
+					if err != nil {
+						q.logger.WarnContext(ctx, "failed to fetch metric temporality", "error", err, "metrics", metricNames)
+						return nil, errors.NewInternalf(errors.CodeInternal, "failed to fetch metrics temporality")
+					}
+					q.logger.DebugContext(ctx, "fetched metric temporalities and types", "metric_temporality", metricTemporality, "metric_types", metricTypes)
+				}
 				for i := range spec.Aggregations {
 					if spec.Aggregations[i].MetricName != "" && spec.Aggregations[i].Temporality == metrictypes.Unknown {
 						if temp, ok := metricTemporality[spec.Aggregations[i].MetricName]; ok && temp != metrictypes.Unknown {
 							spec.Aggregations[i].Temporality = temp
 						}
 					}
-					// TODO(srikanthccv): warn when the metric is missing
 					if spec.Aggregations[i].Temporality == metrictypes.Unknown {
-						spec.Aggregations[i].Temporality = metrictypes.Unspecified
+						missingMetrics = append(missingMetrics, spec.Aggregations[i].MetricName)
+						continue
 					}

 					if spec.Aggregations[i].MetricName != "" && spec.Aggregations[i].Type == metrictypes.UnspecifiedType {
@@ -409,6 +408,24 @@ func (q *querier) QueryRange(ctx context.Context, orgID valuer.UUID, req *qbtype
 			}
 		}
 	}
+	if len(missingMetrics) > 0 {
+		lastSeenInfo, _ := q.metadataStore.FetchLastSeenInfoMulti(ctx, missingMetrics...)
+		lastSeenStr := func(name string) string {
+			if ts, ok := lastSeenInfo[name]; ok && ts > 0 {
+				ago := humanize.RelTime(time.UnixMilli(ts), time.Now(), "ago", "from now")
+				return fmt.Sprintf("%s (last seen %s)", name, ago)
+			}
+			return name
+		}
+		if len(missingMetrics) == 1 {
+			return nil, errors.NewNotFoundf(errors.CodeNotFound, "no data found for the metric %s in the query time range", lastSeenStr(missingMetrics[0]))
+		}
+		parts := make([]string, len(missingMetrics))
+		for i, m := range missingMetrics {
+			parts[i] = lastSeenStr(m)
+		}
+		return nil, errors.NewNotFoundf(errors.CodeNotFound, "no data found for the following metrics in the query time range: %s", strings.Join(parts, ", "))
+	}
 	qbResp, qbErr := q.run(ctx, orgID, queries, req, steps, event)
 	if qbResp != nil {
 		qbResp.QBEvent = event
@@ -663,7 +680,7 @@ func (q *querier) run(
 }

 // executeWithCache executes a query using the bucket cache
-func (q *querier) executeWithCache(ctx context.Context, orgID valuer.UUID, query qbtypes.Query, step qbtypes.Step, noCache bool) (*qbtypes.Result, error) {
+func (q *querier) executeWithCache(ctx context.Context, orgID valuer.UUID, query qbtypes.Query, step qbtypes.Step, _ bool) (*qbtypes.Result, error) {
 	// Get cached data and missing ranges
 	cachedResult, missingRanges := q.bucketCache.GetMissRanges(ctx, orgID, query, step)

--- a/pkg/query-service/rules/manager_test.go
+++ b/pkg/query-service/rules/manager_test.go
@@ -76,6 +76,21 @@ func TestManager_TestNotification_SendUnmatched_ThresholdRule(t *testing.T) {
 					alertDataRows := cmock.NewRows(cols, tc.Values)

 					mock := mockStore.Mock()
+					// Mock metadata queries for FetchTemporalityAndTypeMulti
+					// First query: fetchMetricsTemporalityAndType (from signoz_metrics time series table)
+					metadataCols := []cmock.ColumnType{
+						{Name: "metric_name", Type: "String"},
+						{Name: "temporality", Type: "String"},
+						{Name: "type", Type: "String"},
+						{Name: "is_monotonic", Type: "Bool"},
+					}
+					metadataRows := cmock.NewRows(metadataCols, [][]any{
+						{"probe_success", metrictypes.Unspecified, metrictypes.GaugeType, false},
+					})
+					mock.ExpectQuery("*distributed_time_series_v4*").WithArgs(nil, nil, nil).WillReturnRows(metadataRows)
+					// Second query: fetchMeterSourceMetricsTemporalityAndType (from signoz_meter table)
+					emptyMetadataRows := cmock.NewRows(metadataCols, [][]any{})
+					mock.ExpectQuery("*meter*").WithArgs(nil).WillReturnRows(emptyMetadataRows)

 					// Generate query arguments for the metric query
 					evalTime := time.Now().UTC()
--- a/pkg/telemetrymetadata/metadata.go
+++ b/pkg/telemetrymetadata/metadata.go
@@ -1928,3 +1928,37 @@ func (t *telemetryMetaStore) GetFirstSeenFromMetricMetadata(ctx context.Context,

 	return result, nil
 }
+
+func (t *telemetryMetaStore) FetchLastSeenInfoMulti(ctx context.Context, metricNames ...string) (map[string]int64, error) {
+	sb := sqlbuilder.Select(
+		"metric_name",
+		"max(unix_milli)",
+	).
+		From(t.metricsDBName + "." + telemetrymetrics.TimeseriesV4TableName)
+	sb.Where(sb.In("metric_name", metricNames))
+	sb.GroupBy("metric_name")
+
+	query, args := sb.BuildWithFlavor(sqlbuilder.ClickHouse)
+
+	t.logger.DebugContext(ctx, "fetching metric last seen timestamp", "query", query, "args", args)
+
+	rows, err := t.telemetrystore.ClickhouseDB().Query(ctx, query, args...)
+	if err != nil {
+		return nil, errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "failed to fetch metric last seen info")
+	}
+	defer rows.Close()
+
+	lastSeenInfo := make(map[string]int64)
+	for rows.Next() {
+		var metricName string
+		var unix_milli int64
+		if err := rows.Scan(&metricName, &unix_milli); err != nil {
+			return nil, errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "failed to scan last seen info result")
+		}
+		lastSeenInfo[metricName] = unix_milli
+	}
+	if err := rows.Err(); err != nil {
+		return nil, errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "error iterating over metrics temporality rows")
+	}
+	return lastSeenInfo, nil
+}
--- a/pkg/types/authtypes/relation.go
+++ b/pkg/types/authtypes/relation.go
@@ -20,20 +20,19 @@ var (
 )

 var TypeableRelations = map[Type][]Relation{
-	TypeUser:           {RelationRead, RelationUpdate, RelationDelete},
-	TypeServiceAccount: {RelationRead, RelationUpdate, RelationDelete},
-	TypeRole:           {RelationAssignee, RelationRead, RelationUpdate, RelationDelete},
-	TypeOrganization:   {RelationRead, RelationUpdate, RelationDelete},
-	TypeMetaResource:   {RelationRead, RelationUpdate, RelationDelete},
-	TypeMetaResources:  {RelationCreate, RelationList},
+	TypeUser:          {RelationRead, RelationUpdate, RelationDelete},
+	TypeRole:          {RelationAssignee, RelationRead, RelationUpdate, RelationDelete},
+	TypeOrganization:  {RelationRead, RelationUpdate, RelationDelete},
+	TypeMetaResource:  {RelationRead, RelationUpdate, RelationDelete},
+	TypeMetaResources: {RelationCreate, RelationList},
 }

 var RelationsTypeable = map[Relation][]Type{
 	RelationCreate:   {TypeMetaResources},
-	RelationRead:     {TypeUser, TypeServiceAccount, TypeRole, TypeOrganization, TypeMetaResource},
+	RelationRead:     {TypeUser, TypeRole, TypeOrganization, TypeMetaResource},
 	RelationList:     {TypeMetaResources},
-	RelationUpdate:   {TypeUser, TypeServiceAccount, TypeRole, TypeOrganization, TypeMetaResource},
-	RelationDelete:   {TypeUser, TypeServiceAccount, TypeRole, TypeOrganization, TypeMetaResource},
+	RelationUpdate:   {TypeUser, TypeRole, TypeOrganization, TypeMetaResource},
+	RelationDelete:   {TypeUser, TypeRole, TypeOrganization, TypeMetaResource},
 	RelationAssignee: {TypeRole},
 }

--- a/pkg/types/authtypes/selector.go
+++ b/pkg/types/authtypes/selector.go
@@ -23,12 +23,11 @@ var (
 )

 var (
-	typeUserSelectorRegex           = regexp.MustCompile(`^(^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$|\*)$`)
-	typeServiceAccountSelectorRegex = regexp.MustCompile(`^(^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$|\*)$`)
-	typeRoleSelectorRegex           = regexp.MustCompile(`^([a-z-]{1,50}|\*)$`)
-	typeAnonymousSelectorRegex      = regexp.MustCompile(`^\*$`)
-	typeOrganizationSelectorRegex   = regexp.MustCompile(`^(^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$|\*)$`)
-	typeMetaResourceSelectorRegex   = regexp.MustCompile(`^(^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$|\*)$`)
+	typeUserSelectorRegex         = regexp.MustCompile(`^(^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$|\*)$`)
+	typeRoleSelectorRegex         = regexp.MustCompile(`^([a-z-]{1,50}|\*)$`)
+	typeAnonymousSelectorRegex    = regexp.MustCompile(`^\*$`)
+	typeOrganizationSelectorRegex = regexp.MustCompile(`^(^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$|\*)$`)
+	typeMetaResourceSelectorRegex = regexp.MustCompile(`^(^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$|\*)$`)
 	// metaresources selectors are used to select either all or none until we introduce some hierarchy here.
 	typeMetaResourcesSelectorRegex = regexp.MustCompile(`^\*$`)
 )
@@ -99,11 +98,6 @@ func IsValidSelector(typed Type, selector string) error {
 			return errors.Newf(errors.TypeInvalidInput, ErrCodeAuthZInvalidSelector, "selector must conform to regex %s", typeUserSelectorRegex.String())
 		}
 		return nil
-	case TypeServiceAccount:
-		if !typeServiceAccountSelectorRegex.MatchString(selector) {
-			return errors.Newf(errors.TypeInvalidInput, ErrCodeAuthZInvalidSelector, "selector must conform to regex %s", typeServiceAccountSelectorRegex.String())
-		}
-		return nil
 	case TypeRole:
 		if !typeRoleSelectorRegex.MatchString(selector) {
 			return errors.Newf(errors.TypeInvalidInput, ErrCodeAuthZInvalidSelector, "selector must conform to regex %s", typeRoleSelectorRegex.String())
--- a/pkg/types/authtypes/typeable.go
+++ b/pkg/types/authtypes/typeable.go
@@ -15,21 +15,19 @@ var (
 )

 var (
-	TypeUser           = Type{valuer.NewString("user")}
-	TypeServiceAccount = Type{valuer.NewString("serviceaccount")}
-	TypeAnonymous      = Type{valuer.NewString("anonymous")}
-	TypeRole           = Type{valuer.NewString("role")}
-	TypeOrganization   = Type{valuer.NewString("organization")}
-	TypeMetaResource   = Type{valuer.NewString("metaresource")}
-	TypeMetaResources  = Type{valuer.NewString("metaresources")}
+	TypeUser          = Type{valuer.NewString("user")}
+	TypeAnonymous     = Type{valuer.NewString("anonymous")}
+	TypeRole          = Type{valuer.NewString("role")}
+	TypeOrganization  = Type{valuer.NewString("organization")}
+	TypeMetaResource  = Type{valuer.NewString("metaresource")}
+	TypeMetaResources = Type{valuer.NewString("metaresources")}
 )

 var (
-	TypeableUser           = &typeableUser{}
-	TypeableServiceAccount = &typeableServiceAccount{}
-	TypeableAnonymous      = &typeableAnonymous{}
-	TypeableRole           = &typeableRole{}
-	TypeableOrganization   = &typeableOrganization{}
+	TypeableUser         = &typeableUser{}
+	TypeableAnonymous    = &typeableAnonymous{}
+	TypeableRole         = &typeableRole{}
+	TypeableOrganization = &typeableOrganization{}
 )

 type Typeable interface {
@@ -55,8 +53,6 @@ func NewType(input string) (Type, error) {
 	switch input {
 	case "user":
 		return TypeUser, nil
-	case "serviceaccount":
-		return TypeServiceAccount, nil
 	case "role":
 		return TypeRole, nil
 	case "organization":
@@ -92,8 +88,6 @@ func NewTypeableFromType(typed Type, name Name) (Typeable, error) {
 		return TypeableRole, nil
 	case TypeUser:
 		return TypeableUser, nil
-	case TypeServiceAccount:
-		return TypeableServiceAccount, nil
 	case TypeOrganization:
 		return TypeableOrganization, nil
 	case TypeMetaResource:
--- a/pkg/types/authtypes/typeable_serviceaccount.go
+++ b/pkg/types/authtypes/typeable_serviceaccount.go
@@ -1,38 +0,0 @@
-package authtypes
-
-import (
-	"github.com/SigNoz/signoz/pkg/valuer"
-	openfgav1 "github.com/openfga/api/proto/openfga/v1"
-)
-
-var _ Typeable = new(typeableServiceAccount)
-
-type typeableServiceAccount struct{}
-
-func (typeableServiceAccount *typeableServiceAccount) Tuples(subject string, relation Relation, selectors []Selector, orgID valuer.UUID) ([]*openfgav1.TupleKey, error) {
-	tuples := make([]*openfgav1.TupleKey, 0)
-
-	for _, selector := range selectors {
-		object := typeableServiceAccount.Prefix(orgID) + "/" + selector.String()
-		tuples = append(tuples, &openfgav1.TupleKey{User: subject, Relation: relation.StringValue(), Object: object})
-	}
-
-	return tuples, nil
-}
-
-func (typeableServiceAccount *typeableServiceAccount) Type() Type {
-	return TypeServiceAccount
-}
-
-func (typeableServiceAccount *typeableServiceAccount) Name() Name {
-	return MustNewName("serviceaccount")
-}
-
-// example: serviceaccount:organization/0199c47d-f61b-7833-bc5f-c0730f12f046/serviceaccount
-func (typeableServiceAccount *typeableServiceAccount) Prefix(orgID valuer.UUID) string {
-	return typeableServiceAccount.Type().StringValue() + ":" + "organization" + "/" + orgID.StringValue() + "/" + typeableServiceAccount.Name().String()
-}
-
-func (typeableServiceAccount *typeableServiceAccount) Scope(relation Relation) string {
-	return typeableServiceAccount.Name().String() + ":" + relation.StringValue()
-}
--- a/pkg/types/cloudintegrationtypes/cloudintegration.go
+++ b/pkg/types/cloudintegrationtypes/cloudintegration.go
@@ -1,643 +0,0 @@
-// NOTE:
-//   - When Account keyword is used in struct names, it refers cloud integration account. CloudIntegration refers to DB schema.
-//   - When Account Config keyword is used in struct names, it refers to configuration for cloud integration accounts
-//   - When Service keyword is used in struct names, it refers to cloud integration service. CloudIntegrationService refers to DB schema.
-//     where `service` is services provided by each cloud provider like AWS S3, Azure BlobStorage etc.
-//   - When Service Config keyword is used in struct names, it refers to configuration for cloud integration services
-package cloudintegrationtypes
-
-import (
-	"database/sql/driver"
-	"encoding/json"
-	"strings"
-	"time"
-
-	"github.com/uptrace/bun"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-// CloudProviderType type alias
-type CloudProviderType struct{ valuer.String }
-
-var (
-	CloudProviderTypeAWS   = valuer.NewString("aws")
-	CloudProviderTypeAzure = valuer.NewString("azure")
-)
-
-var ErrCodeCloudProviderInvalidInput = errors.MustNewCode("invalid_cloud_provider")
-
-// NewCloudProvider returns a new CloudProviderType from a string. It validates the input and returns an error if the input is not valid.
-func NewCloudProvider(provider string) (CloudProviderType, error) {
-	switch provider {
-	case CloudProviderTypeAWS.String():
-		return CloudProviderType{CloudProviderTypeAWS}, nil
-	case CloudProviderTypeAzure.String():
-		return CloudProviderType{CloudProviderTypeAzure}, nil
-	default:
-		return CloudProviderType{}, errors.NewInvalidInputf(ErrCodeCloudProviderInvalidInput, "invalid cloud provider: %s", provider)
-	}
-}
-
-var (
-	AWSIntegrationUserEmail   = valuer.MustNewEmail("aws-integration@signoz.io")
-	AzureIntegrationUserEmail = valuer.MustNewEmail("azure-integration@signoz.io")
-)
-
-// CloudIntegrationUserEmails is the list of valid emails for Cloud One Click integrations.
-// This is used for validation and restrictions in different contexts, across codebase.
-var CloudIntegrationUserEmails = []valuer.Email{
-	AWSIntegrationUserEmail,
-	AzureIntegrationUserEmail,
-}
-
-func IsCloudIntegrationDashboardUuid(dashboardUuid string) bool {
-	parts := strings.SplitN(dashboardUuid, "--", 4)
-	if len(parts) != 4 {
-		return false
-	}
-
-	return parts[0] == "cloud-integration"
-}
-
-// GetCloudIntegrationDashboardID returns the cloud provider from dashboard id, if it's a cloud integration dashboard id.
-// throws an error if invalid format or invalid cloud provider is provided in the dashboard id.
-func GetCloudProviderFromDashboardID(dashboardUuid string) (CloudProviderType, error) {
-	parts := strings.SplitN(dashboardUuid, "--", 4)
-	if len(parts) != 4 {
-		return CloudProviderType{}, errors.NewInvalidInputf(ErrCodeCloudProviderInvalidInput, "invalid dashboard uuid: %s", dashboardUuid)
-	}
-
-	providerStr := parts[1]
-
-	cloudProvider, err := NewCloudProvider(providerStr)
-	if err != nil {
-		return CloudProviderType{}, err
-	}
-
-	return cloudProvider, nil
-}
-
-// Generic utility functions for JSON serialization/deserialization
-// this is helpful to return right errors from a common place and avoid repeating the same code in multiple places.
-// UnmarshalJSON is a generic function to unmarshal JSON data into any type
-func UnmarshalJSON[T any](src []byte, target *T) error {
-	err := json.Unmarshal(src, target)
-	if err != nil {
-		return errors.WrapInternalf(
-			err, errors.CodeInternal, "couldn't deserialize JSON",
-		)
-	}
-	return nil
-}
-
-// MarshalJSON is a generic function to marshal any type to JSON
-func MarshalJSON[T any](source *T) ([]byte, error) {
-	if source == nil {
-		return nil, errors.NewInternalf(errors.CodeInternal, "source is nil")
-	}
-
-	serialized, err := json.Marshal(source)
-	if err != nil {
-		return nil, errors.WrapInternalf(
-			err, errors.CodeInternal, "couldn't serialize to JSON",
-		)
-	}
-	return serialized, nil
-}
-
-// GettableConnectedAccountsList is the response for listing connected accounts for a cloud provider.
-type GettableConnectedAccountsList struct {
-	Accounts []*Account `json:"accounts"`
-}
-
-// SigNozAgentConfig represents parameters required for agent deployment in cloud provider accounts
-// these represent parameters passed during agent deployment, how they are passed might change for each cloud provider but the purpose is same.
-type SigNozAgentConfig struct {
-	Region string `json:"region,omitempty"` // AWS-specific: The region in which SigNoz agent should be installed
-
-	IngestionUrl string `json:"ingestion_url"`
-	IngestionKey string `json:"ingestion_key"`
-	SigNozAPIUrl string `json:"signoz_api_url"`
-	SigNozAPIKey string `json:"signoz_api_key"`
-
-	Version string `json:"version,omitempty"`
-}
-
-// PostableConnectionArtifact represent request body for generating connection artifact API.
-// Data is request body raw bytes since each cloud provider will have have different request body structure and generics hardly help in such cases.
-// Artifact is a generic name for different types of connection methods like connection URL for AWS, connection command for Azure etc.
-type PostableConnectionArtifact struct {
-	OrgID string
-	Data  []byte // either PostableAWSConnectionUrl or PostableAzureConnectionCommand
-}
-
-// PostableAWSConnectionUrl is request body for AWS connection artifact API
-type PostableAWSConnectionUrl struct {
-	AgentConfig   *SigNozAgentConfig `json:"agent_config"`
-	AccountConfig *AWSAccountConfig  `json:"account_config"`
-}
-
-// PostableAzureConnectionCommand is request body for Azure connection artifact API
-type PostableAzureConnectionCommand struct {
-	AgentConfig   *SigNozAgentConfig  `json:"agent_config"`
-	AccountConfig *AzureAccountConfig `json:"account_config"`
-}
-
-// GettableAzureConnectionArtifact is Azure specific connection artifact which contains connection commands for agent deployment
-type GettableAzureConnectionArtifact struct {
-	AzureShellConnectionCommand string `json:"az_shell_connection_command"`
-	AzureCliConnectionCommand   string `json:"az_cli_connection_command"`
-}
-
-// GettableAWSConnectionUrl is AWS specific connection artifact which contains connection url for agent deployment
-type GettableAWSConnectionUrl struct {
-	AccountId     string `json:"account_id"`
-	ConnectionUrl string `json:"connection_url"`
-}
-
-// GettableAzureConnectionCommand is Azure specific connection artifact which contains connection commands for agent deployment
-type GettableAzureConnectionCommand struct {
-	AccountId                   string `json:"account_id"`
-	AzureShellConnectionCommand string `json:"az_shell_connection_command"`
-	AzureCliConnectionCommand   string `json:"az_cli_connection_command"`
-}
-
-// GettableAccountStatus is cloud integration account status response
-type GettableAccountStatus struct {
-	Id             string        `json:"id"`
-	CloudAccountId *string       `json:"cloud_account_id,omitempty"`
-	Status         AccountStatus `json:"status"`
-}
-
-// PostableAgentCheckInPayload is request body for agent check-in API.
-// This is used by agent to send heartbeat.
-type PostableAgentCheckInPayload struct {
-	ID        string `json:"account_id"`
-	AccountID string `json:"cloud_account_id"`
-	// Arbitrary cloud specific Agent data
-	Data  map[string]any `json:"data,omitempty"`
-	OrgID string         `json:"-"`
-}
-
-// AWSAgentIntegrationConfig is used by agent for deploying infra to send telemetry to SigNoz
-type AWSAgentIntegrationConfig struct {
-	EnabledRegions              []string               `json:"enabled_regions"`
-	TelemetryCollectionStrategy *AWSCollectionStrategy `json:"telemetry,omitempty"`
-}
-
-// AzureAgentIntegrationConfig is used by agent for deploying infra to send telemetry to SigNoz
-type AzureAgentIntegrationConfig struct {
-	DeploymentRegion      string   `json:"deployment_region"` // will not be changed once set
-	EnabledResourceGroups []string `json:"resource_groups"`
-	// TelemetryCollectionStrategy is map of service to telemetry config
-	TelemetryCollectionStrategy map[string]*AzureCollectionStrategy `json:"telemetry,omitempty"`
-}
-
-// GettableAgentCheckInRes is generic response from agent check-in API.
-// AWSAgentIntegrationConfig and AzureAgentIntegrationConfig these configs are used by agent to deploy the infra and send telemetry to SigNoz
-type GettableAgentCheckInRes[AgentConfigT any] struct {
-	AccountId         string       `json:"account_id"`
-	CloudAccountId    string       `json:"cloud_account_id"`
-	RemovedAt         *time.Time   `json:"removed_at"`
-	IntegrationConfig AgentConfigT `json:"integration_config"`
-}
-
-// UpdatableServiceConfig is generic
-type UpdatableServiceConfig[ServiceConfigT any] struct {
-	CloudAccountId string         `json:"cloud_account_id"`
-	Config         ServiceConfigT `json:"config"`
-}
-
-// ServiceConfigTyped is a generic interface for cloud integration service's configuration
-// this is generic interface to define helper functions for CloudIntegrationService.Config field.
-type ServiceConfigTyped[definition Definition] interface {
-	Validate(def definition) error
-	IsMetricsEnabled() bool
-	IsLogsEnabled() bool
-}
-
-type AWSServiceConfig struct {
-	Logs    *AWSServiceLogsConfig    `json:"logs,omitempty"`
-	Metrics *AWSServiceMetricsConfig `json:"metrics,omitempty"`
-}
-
-type AWSServiceLogsConfig struct {
-	Enabled   bool                `json:"enabled"`
-	S3Buckets map[string][]string `json:"s3_buckets,omitempty"`
-}
-
-type AWSServiceMetricsConfig struct {
-	Enabled bool `json:"enabled"`
-}
-
-// IsMetricsEnabled returns true if metrics collection is configured and enabled
-func (a *AWSServiceConfig) IsMetricsEnabled() bool {
-	return a.Metrics != nil && a.Metrics.Enabled
-}
-
-// IsLogsEnabled returns true if logs collection is configured and enabled
-func (a *AWSServiceConfig) IsLogsEnabled() bool {
-	return a.Logs != nil && a.Logs.Enabled
-}
-
-type AzureServiceConfig struct {
-	Logs    []*AzureServiceLogsConfig    `json:"logs,omitempty"`
-	Metrics []*AzureServiceMetricsConfig `json:"metrics,omitempty"`
-}
-
-// AzureServiceLogsConfig is Azure specific service config for logs
-type AzureServiceLogsConfig struct {
-	Enabled bool   `json:"enabled"`
-	Name    string `json:"name"`
-}
-
-// AzureServiceMetricsConfig is Azure specific service config for metrics
-type AzureServiceMetricsConfig struct {
-	Enabled bool   `json:"enabled"`
-	Name    string `json:"name"`
-}
-
-// IsMetricsEnabled returns true if any metric is configured and enabled
-func (a *AzureServiceConfig) IsMetricsEnabled() bool {
-	if a.Metrics == nil {
-		return false
-	}
-	for _, m := range a.Metrics {
-		if m.Enabled {
-			return true
-		}
-	}
-	return false
-}
-
-// IsLogsEnabled returns true if any log is configured and enabled
-func (a *AzureServiceConfig) IsLogsEnabled() bool {
-	if a.Logs == nil {
-		return false
-	}
-	for _, l := range a.Logs {
-		if l.Enabled {
-			return true
-		}
-	}
-	return false
-}
-
-func (a *AWSServiceConfig) Validate(def *AWSDefinition) error {
-	if def.Id != S3Sync.String() && a.Logs != nil && a.Logs.S3Buckets != nil {
-		return errors.NewInvalidInputf(errors.CodeInvalidInput, "s3 buckets can only be added to service-type[%s]", S3Sync)
-	} else if def.Id == S3Sync.String() && a.Logs != nil && a.Logs.S3Buckets != nil {
-		for region := range a.Logs.S3Buckets {
-			if _, found := ValidAWSRegions[region]; !found {
-				return errors.NewInvalidInputf(CodeInvalidCloudRegion, "invalid cloud region: %s", region)
-			}
-		}
-	}
-
-	return nil
-}
-
-func (a *AzureServiceConfig) Validate(def *AzureDefinition) error {
-	logsMap := make(map[string]bool)
-	metricsMap := make(map[string]bool)
-
-	if def.Strategy != nil && def.Strategy.Logs != nil {
-		for _, log := range def.Strategy.Logs {
-			logsMap[log.Name] = true
-		}
-	}
-
-	if def.Strategy != nil && def.Strategy.Metrics != nil {
-		for _, metric := range def.Strategy.Metrics {
-			metricsMap[metric.Name] = true
-		}
-	}
-
-	for _, log := range a.Logs {
-		if _, found := logsMap[log.Name]; !found {
-			return errors.NewInvalidInputf(errors.CodeInvalidInput, "invalid log name: %s", log.Name)
-		}
-	}
-
-	for _, metric := range a.Metrics {
-		if _, found := metricsMap[metric.Name]; !found {
-			return errors.NewInvalidInputf(errors.CodeInvalidInput, "invalid metric name: %s", metric.Name)
-		}
-	}
-
-	return nil
-}
-
-// UpdatableServiceConfigRes is response for UpdateServiceConfig API
-// TODO: find a better way to name this
-type UpdatableServiceConfigRes struct {
-	ServiceId string `json:"id"`
-	Config    any    `json:"config"`
-}
-
-// UpdatableAccountConfigTyped is a generic struct for updating cloud integration account config used in UpdateAccountConfig API
-type UpdatableAccountConfigTyped[AccountConfigT any] struct {
-	Config *AccountConfigT `json:"config"`
-}
-
-type (
-	UpdatableAWSAccountConfig   = UpdatableAccountConfigTyped[AWSAccountConfig]
-	UpdatableAzureAccountConfig = UpdatableAccountConfigTyped[AzureAccountConfig]
-)
-
-// AWSAccountConfig is the configuration for AWS cloud integration account
-type AWSAccountConfig struct {
-	EnabledRegions []string `json:"regions"`
-}
-
-// AzureAccountConfig is the configuration for Azure cloud integration account
-type AzureAccountConfig struct {
-	DeploymentRegion      string   `json:"deployment_region,omitempty"`
-	EnabledResourceGroups []string `json:"resource_groups,omitempty"`
-}
-
-// GettableServices is a generic struct for listing services of a cloud integration account used in ListServices API
-type GettableServices[ServiceSummaryT any] struct {
-	Services []ServiceSummaryT `json:"services"`
-}
-
-type (
-	GettableAWSServices   = GettableServices[AWSServiceSummary]
-	GettableAzureServices = GettableServices[AzureServiceSummary]
-)
-
-// GetServiceDetailsReq is a req struct for getting service definition details
-type GetServiceDetailsReq struct {
-	OrgID          valuer.UUID
-	ServiceId      string
-	CloudAccountID *string
-}
-
-// ServiceSummary is a generic struct for service summary used in ListServices API
-type ServiceSummary[ServiceConfigT any] struct {
-	DefinitionMetadata
-	Config *ServiceConfigT `json:"config"`
-}
-
-type (
-	AWSServiceSummary   = ServiceSummary[AWSServiceConfig]
-	AzureServiceSummary = ServiceSummary[AzureServiceConfig]
-)
-
-// GettableServiceDetails is a generic struct for service details used in GetServiceDetails API
-type GettableServiceDetails[DefinitionT any, ServiceConfigT any] struct {
-	Definition       DefinitionT              `json:",inline"`
-	Config           ServiceConfigT           `json:"config"`
-	ConnectionStatus *ServiceConnectionStatus `json:"status,omitempty"`
-}
-
-type (
-	GettableAWSServiceDetails   = GettableServiceDetails[AWSDefinition, *AWSServiceConfig]
-	GettableAzureServiceDetails = GettableServiceDetails[AzureDefinition, *AzureServiceConfig]
-)
-
-// ServiceConnectionStatus represents integration connection status for a particular service
-// this struct helps to check ingested data and determines connection status by whether data was ingested or not.
-// this is composite struct for both metrics and logs
-type ServiceConnectionStatus struct {
-	Logs    []*SignalConnectionStatus `json:"logs"`
-	Metrics []*SignalConnectionStatus `json:"metrics"`
-}
-
-// SignalConnectionStatus represents connection status for a particular signal type (logs or metrics) for a service
-// this struct is used in API responses for clients to show relevant information about the connection status.
-type SignalConnectionStatus struct {
-	CategoryID           string `json:"category"`
-	CategoryDisplayName  string `json:"category_display_name"`
-	LastReceivedTsMillis int64  `json:"last_received_ts_ms"` // epoch milliseconds
-	LastReceivedFrom     string `json:"last_received_from"`  // resource identifier
-}
-
-// GettableCloudIntegrationConnectionParams is response for connection params API
-type GettableCloudIntegrationConnectionParams struct {
-	IngestionUrl string `json:"ingestion_url,omitempty"`
-	IngestionKey string `json:"ingestion_key,omitempty"`
-	SigNozAPIUrl string `json:"signoz_api_url,omitempty"`
-	SigNozAPIKey string `json:"signoz_api_key,omitempty"`
-}
-
-// GettableIngestionKey is a struct for ingestion key returned from gateway
-type GettableIngestionKey struct {
-	Name  string `json:"name"`
-	Value string `json:"value"`
-	// other attributes from gateway response not included here since they are not being used.
-}
-
-// GettableIngestionKeysSearch is a struct for response of ingestion keys search API on gateway
-type GettableIngestionKeysSearch struct {
-	Status string                 `json:"status"`
-	Data   []GettableIngestionKey `json:"data"`
-	Error  string                 `json:"error"`
-}
-
-// GettableCreateIngestionKey is a struct for response of create ingestion key API on gateway
-type GettableCreateIngestionKey struct {
-	Status string               `json:"status"`
-	Data   GettableIngestionKey `json:"data"`
-	Error  string               `json:"error"`
-}
-
-// GettableDeployment is response struct for deployment details fetched from Zeus
-type GettableDeployment struct {
-	Name        string `json:"name"`
-	ClusterInfo struct {
-		Region struct {
-			DNS string `json:"dns"`
-		} `json:"region"`
-	} `json:"cluster"`
-}
-
-// --------------------------------------------------------------------------
-// Cloud integration uses the cloud_integration table
-// and cloud_integrations_service table
-// --------------------------------------------------------------------------
-
-type CloudIntegration struct {
-	bun.BaseModel `bun:"table:cloud_integration"`
-
-	types.Identifiable
-	types.TimeAuditable
-	Provider        string         `json:"provider" bun:"provider,type:text,unique:provider_id"`
-	Config          *AccountConfig `json:"config" bun:"config,type:text"`
-	AccountID       *string        `json:"account_id" bun:"account_id,type:text"`
-	LastAgentReport *AgentReport   `json:"last_agent_report" bun:"last_agent_report,type:text"`
-	RemovedAt       *time.Time     `json:"removed_at" bun:"removed_at,type:timestamp,nullzero"`
-	OrgID           string         `bun:"org_id,type:text,unique:provider_id"`
-}
-
-func (a *CloudIntegration) Status() AccountStatus {
-	status := AccountStatus{}
-	if a.LastAgentReport != nil {
-		lastHeartbeat := a.LastAgentReport.TimestampMillis
-		status.Integration.LastHeartbeatTsMillis = &lastHeartbeat
-	}
-	return status
-}
-
-func (a *CloudIntegration) Account() Account {
-	ca := Account{Id: a.ID.StringValue(), Status: a.Status()}
-
-	if a.AccountID != nil {
-		ca.CloudAccountId = *a.AccountID
-	}
-
-	if a.Config != nil {
-		ca.Config = *a.Config
-	} else {
-		ca.Config = DefaultAccountConfig()
-	}
-	return ca
-}
-
-type Account struct {
-	Id             string        `json:"id"`
-	CloudAccountId string        `json:"cloud_account_id"`
-	Config         AccountConfig `json:"config"`
-	Status         AccountStatus `json:"status"`
-}
-
-type AccountStatus struct {
-	Integration AccountIntegrationStatus `json:"integration"`
-}
-
-type AccountIntegrationStatus struct {
-	LastHeartbeatTsMillis *int64 `json:"last_heartbeat_ts_ms"`
-}
-
-func DefaultAccountConfig() AccountConfig {
-	return AccountConfig{
-		EnabledRegions: []string{},
-	}
-}
-
-type AccountConfig struct {
-	EnabledRegions []string `json:"regions"`
-}
-
-// For serializing from db
-func (c *AccountConfig) Scan(src any) error {
-	var data []byte
-	switch v := src.(type) {
-	case []byte:
-		data = v
-	case string:
-		data = []byte(v)
-	default:
-		return errors.NewInternalf(errors.CodeInternal, "tried to scan from %T instead of string or bytes", src)
-	}
-
-	return json.Unmarshal(data, c)
-}
-
-// For serializing to db
-func (c *AccountConfig) Value() (driver.Value, error) {
-	if c == nil {
-		return nil, errors.NewInternalf(errors.CodeInternal, "cloud account config is nil")
-	}
-
-	serialized, err := json.Marshal(c)
-	if err != nil {
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't serialize cloud account config to JSON")
-	}
-	// Return as string instead of []byte to ensure PostgreSQL stores as text, not bytea
-	return string(serialized), nil
-}
-
-type AgentReport struct {
-	TimestampMillis int64          `json:"timestamp_millis"`
-	Data            map[string]any `json:"data"`
-}
-
-// For serializing from db
-func (r *AgentReport) Scan(src any) error {
-	var data []byte
-	switch v := src.(type) {
-	case []byte:
-		data = v
-	case string:
-		data = []byte(v)
-	default:
-		return errors.NewInternalf(errors.CodeInternal, "tried to scan from %T instead of string or bytes", src)
-	}
-
-	return json.Unmarshal(data, r)
-}
-
-// For serializing to db
-func (r *AgentReport) Value() (driver.Value, error) {
-	if r == nil {
-		return nil, errors.NewInternalf(errors.CodeInternal, "agent report is nil")
-	}
-
-	serialized, err := json.Marshal(r)
-	if err != nil {
-		return nil, errors.WrapInternalf(
-			err, errors.CodeInternal, "couldn't serialize agent report to JSON",
-		)
-	}
-	// Return as string instead of []byte to ensure PostgreSQL stores as text, not bytea
-	return string(serialized), nil
-}
-
-type CloudIntegrationService struct {
-	bun.BaseModel `bun:"table:cloud_integration_service,alias:cis"`
-
-	types.Identifiable
-	types.TimeAuditable
-	Type               string             `bun:"type,type:text,notnull,unique:cloud_integration_id_type"`
-	Config             CloudServiceConfig `bun:"config,type:text"`
-	CloudIntegrationID string             `bun:"cloud_integration_id,type:text,notnull,unique:cloud_integration_id_type,references:cloud_integrations(id),on_delete:cascade"`
-}
-
-type CloudServiceLogsConfig struct {
-	Enabled   bool                `json:"enabled"`
-	S3Buckets map[string][]string `json:"s3_buckets,omitempty"`
-}
-
-type CloudServiceMetricsConfig struct {
-	Enabled bool `json:"enabled"`
-}
-
-type CloudServiceConfig struct {
-	Logs    *CloudServiceLogsConfig    `json:"logs,omitempty"`
-	Metrics *CloudServiceMetricsConfig `json:"metrics,omitempty"`
-}
-
-// For serializing from db
-func (c *CloudServiceConfig) Scan(src any) error {
-	var data []byte
-	switch src := src.(type) {
-	case []byte:
-		data = src
-	case string:
-		data = []byte(src)
-	default:
-		return errors.NewInternalf(errors.CodeInternal, "tried to scan from %T instead of string or bytes", src)
-	}
-
-	return json.Unmarshal(data, c)
-}
-
-// For serializing to db
-func (c *CloudServiceConfig) Value() (driver.Value, error) {
-	if c == nil {
-		return nil, errors.NewInternalf(errors.CodeInternal, "cloud service config is nil")
-	}
-
-	serialized, err := json.Marshal(c)
-	if err != nil {
-		return nil, errors.WrapInternalf(
-			err, errors.CodeInternal, "couldn't serialize cloud service config to JSON",
-		)
-	}
-	// Return as string instead of []byte to ensure PostgreSQL stores as text, not bytea
-	return string(serialized), nil
-}
--- a/pkg/types/cloudintegrationtypes/regions.go
+++ b/pkg/types/cloudintegrationtypes/regions.go
@@ -1,103 +0,0 @@
-package cloudintegrationtypes
-
-import (
-	"github.com/SigNoz/signoz/pkg/errors"
-)
-
-var (
-	CodeInvalidCloudRegion    = errors.MustNewCode("invalid_cloud_region")
-	CodeMismatchCloudProvider = errors.MustNewCode("cloud_provider_mismatch")
-)
-
-// List of all valid cloud regions on Amazon Web Services
-var ValidAWSRegions = map[string]bool{
-	"af-south-1":     true, // Africa (Cape Town).
-	"ap-east-1":      true, // Asia Pacific (Hong Kong).
-	"ap-northeast-1": true, // Asia Pacific (Tokyo).
-	"ap-northeast-2": true, // Asia Pacific (Seoul).
-	"ap-northeast-3": true, // Asia Pacific (Osaka).
-	"ap-south-1":     true, // Asia Pacific (Mumbai).
-	"ap-south-2":     true, // Asia Pacific (Hyderabad).
-	"ap-southeast-1": true, // Asia Pacific (Singapore).
-	"ap-southeast-2": true, // Asia Pacific (Sydney).
-	"ap-southeast-3": true, // Asia Pacific (Jakarta).
-	"ap-southeast-4": true, // Asia Pacific (Melbourne).
-	"ca-central-1":   true, // Canada (Central).
-	"ca-west-1":      true, // Canada West (Calgary).
-	"eu-central-1":   true, // Europe (Frankfurt).
-	"eu-central-2":   true, // Europe (Zurich).
-	"eu-north-1":     true, // Europe (Stockholm).
-	"eu-south-1":     true, // Europe (Milan).
-	"eu-south-2":     true, // Europe (Spain).
-	"eu-west-1":      true, // Europe (Ireland).
-	"eu-west-2":      true, // Europe (London).
-	"eu-west-3":      true, // Europe (Paris).
-	"il-central-1":   true, // Israel (Tel Aviv).
-	"me-central-1":   true, // Middle East (UAE).
-	"me-south-1":     true, // Middle East (Bahrain).
-	"sa-east-1":      true, // South America (Sao Paulo).
-	"us-east-1":      true, // US East (N. Virginia).
-	"us-east-2":      true, // US East (Ohio).
-	"us-west-1":      true, // US West (N. California).
-	"us-west-2":      true, // US West (Oregon).
-}
-
-// List of all valid cloud regions for Microsoft Azure
-var ValidAzureRegions = map[string]bool{
-	"australiacentral":   true, // Australia Central
-	"australiacentral2":  true, // Australia Central 2
-	"australiaeast":      true, // Australia East
-	"australiasoutheast": true, // Australia Southeast
-	"austriaeast":        true, // Austria East
-	"belgiumcentral":     true, // Belgium Central
-	"brazilsouth":        true, // Brazil South
-	"brazilsoutheast":    true, // Brazil Southeast
-	"canadacentral":      true, // Canada Central
-	"canadaeast":         true, // Canada East
-	"centralindia":       true, // Central India
-	"centralus":          true, // Central US
-	"chilecentral":       true, // Chile Central
-	"denmarkeast":        true, // Denmark East
-	"eastasia":           true, // East Asia
-	"eastus":             true, // East US
-	"eastus2":            true, // East US 2
-	"francecentral":      true, // France Central
-	"francesouth":        true, // France South
-	"germanynorth":       true, // Germany North
-	"germanywestcentral": true, // Germany West Central
-	"indonesiacentral":   true, // Indonesia Central
-	"israelcentral":      true, // Israel Central
-	"italynorth":         true, // Italy North
-	"japaneast":          true, // Japan East
-	"japanwest":          true, // Japan West
-	"koreacentral":       true, // Korea Central
-	"koreasouth":         true, // Korea South
-	"malaysiawest":       true, // Malaysia West
-	"mexicocentral":      true, // Mexico Central
-	"newzealandnorth":    true, // New Zealand North
-	"northcentralus":     true, // North Central US
-	"northeurope":        true, // North Europe
-	"norwayeast":         true, // Norway East
-	"norwaywest":         true, // Norway West
-	"polandcentral":      true, // Poland Central
-	"qatarcentral":       true, // Qatar Central
-	"southafricanorth":   true, // South Africa North
-	"southafricawest":    true, // South Africa West
-	"southcentralus":     true, // South Central US
-	"southindia":         true, // South India
-	"southeastasia":      true, // Southeast Asia
-	"spaincentral":       true, // Spain Central
-	"swedencentral":      true, // Sweden Central
-	"switzerlandnorth":   true, // Switzerland North
-	"switzerlandwest":    true, // Switzerland West
-	"uaecentral":         true, // UAE Central
-	"uaenorth":           true, // UAE North
-	"uksouth":            true, // UK South
-	"ukwest":             true, // UK West
-	"westcentralus":      true, // West Central US
-	"westeurope":         true, // West Europe
-	"westindia":          true, // West India
-	"westus":             true, // West US
-	"westus2":            true, // West US 2
-	"westus3":            true, // West US 3
-}
--- a/pkg/types/cloudintegrationtypes/servicedefinitions.go
+++ b/pkg/types/cloudintegrationtypes/servicedefinitions.go
@@ -1,267 +0,0 @@
-package cloudintegrationtypes
-
-import (
-	"fmt"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-var S3Sync = valuer.NewString("s3sync")
-
-// Generic interface for cloud service definition.
-// This is implemented by AWSDefinition and AzureDefinition, which represent service definitions for AWS and Azure respectively.
-// Generics work well so far because service definitions share a similar logic.
-// We dont want to over-do generics as well, if the service definitions functionally diverge in the future consider breaking generics.
-type Definition interface {
-	GetId() string
-	Validate() error
-	PopulateDashboardURLs(cloudProvider CloudProviderType, svcId string)
-	GetIngestionStatusCheck() *IngestionStatusCheck
-	GetAssets() Assets
-}
-
-// AWSDefinition represents AWS Service definition, which includes collection strategy, dashboards and meta info for integration
-type AWSDefinition = ServiceDefinition[AWSCollectionStrategy]
-
-// AzureDefinition represents Azure Service definition, which includes collection strategy, dashboards and meta info for integration
-type AzureDefinition = ServiceDefinition[AzureCollectionStrategy]
-
-// Making AWSDefinition and AzureDefinition satisfy Definition interface, so that they can be used in a generic way
-var (
-	_ Definition = &AWSDefinition{}
-	_ Definition = &AzureDefinition{}
-)
-
-// ServiceDefinition represents generic struct for cloud service, regardless of the cloud provider.
-// this struct must satify Definition interface.
-// StrategyT is of either AWSCollectionStrategy or AzureCollectionStrategy, depending on the cloud provider.
-type ServiceDefinition[StrategyT any] struct {
-	DefinitionMetadata
-	Overview             string                `json:"overview"` // markdown
-	Assets               Assets                `json:"assets"`
-	SupportedSignals     SupportedSignals      `json:"supported_signals"`
-	DataCollected        DataCollected         `json:"data_collected"`
-	IngestionStatusCheck *IngestionStatusCheck `json:"ingestion_status_check,omitempty"`
-	Strategy             *StrategyT            `json:"telemetry_collection_strategy"`
-}
-
-// Following methods are quite self explanatory, they are just to satisfy the Definition interface and provide some utility functions for service definitions.
-func (def *ServiceDefinition[StrategyT]) GetId() string {
-	return def.Id
-}
-
-func (def *ServiceDefinition[StrategyT]) Validate() error {
-	seenDashboardIds := map[string]interface{}{}
-
-	if def.Strategy == nil {
-		return errors.NewInternalf(errors.CodeInternal, "telemetry_collection_strategy is required")
-	}
-
-	for _, dd := range def.Assets.Dashboards {
-		if _, seen := seenDashboardIds[dd.Id]; seen {
-			return errors.NewInternalf(errors.CodeInternal, "multiple dashboards found with id %s", dd.Id)
-		}
-		seenDashboardIds[dd.Id] = nil
-	}
-
-	return nil
-}
-
-func (def *ServiceDefinition[StrategyT]) PopulateDashboardURLs(cloudProvider CloudProviderType, svcId string) {
-	for i := range def.Assets.Dashboards {
-		dashboardId := def.Assets.Dashboards[i].Id
-		url := "/dashboard/" + GetCloudIntegrationDashboardID(cloudProvider, svcId, dashboardId)
-		def.Assets.Dashboards[i].Url = url
-	}
-}
-
-func (def *ServiceDefinition[StrategyT]) GetIngestionStatusCheck() *IngestionStatusCheck {
-	return def.IngestionStatusCheck
-}
-
-func (def *ServiceDefinition[StrategyT]) GetAssets() Assets {
-	return def.Assets
-}
-
-// DefinitionMetadata represents service definition metadata. This is useful for showing service overview
-type DefinitionMetadata struct {
-	Id    string `json:"id"`
-	Title string `json:"title"`
-	Icon  string `json:"icon"`
-}
-
-// IngestionStatusCheckCategory represents a category of ingestion status check. Applies for both metrics and logs.
-// A category can be "Overview" of metrics or "Enhanced" Metrics for AWS, and "Transaction" or "Capacity" metrics for Azure.
-// Each category can have multiple checks (AND logic), if all checks pass,
-// then we can be sure that data is being ingested for that category of the signal
-type IngestionStatusCheckCategory struct {
-	Category    string                           `json:"category"`
-	DisplayName string                           `json:"display_name"`
-	Checks      []*IngestionStatusCheckAttribute `json:"checks"`
-}
-
-// IngestionStatusCheckAttribute represents a check or condition for ingestion status.
-// Key can be metric name or part of log message
-type IngestionStatusCheckAttribute struct {
-	Key        string                                 `json:"key"` // OPTIONAL search key (metric name or log message)
-	Attributes []*IngestionStatusCheckAttributeFilter `json:"attributes"`
-}
-
-// IngestionStatusCheck represents combined checks for metrics and logs for a service
-type IngestionStatusCheck struct {
-	Metrics []*IngestionStatusCheckCategory `json:"metrics"`
-	Logs    []*IngestionStatusCheckCategory `json:"logs"`
-}
-
-// IngestionStatusCheckAttributeFilter represents filter for a check, which can be used to filter specific log messages or metrics with specific attributes.
-// For example, we can use it to filter logs with specific log level or metrics with specific dimensions.
-type IngestionStatusCheckAttributeFilter struct {
-	Name     string `json:"name"`
-	Operator string `json:"operator"`
-	Value    string `json:"value"` // OPTIONAL
-}
-
-// Assets represents the collection of dashboards
-type Assets struct {
-	Dashboards []Dashboard `json:"dashboards"`
-}
-
-// SupportedSignals for cloud provider's service
-type SupportedSignals struct {
-	Logs    bool `json:"logs"`
-	Metrics bool `json:"metrics"`
-}
-
-// DataCollected is curated static list of metrics and logs, this is shown as part of service overview
-type DataCollected struct {
-	Logs    []CollectedLogAttribute `json:"logs"`
-	Metrics []CollectedMetric       `json:"metrics"`
-}
-
-// CollectedLogAttribute represents a log attribute that is present in all log entries for a service,
-// this is shown as part of service overview
-type CollectedLogAttribute struct {
-	Name string `json:"name"`
-	Path string `json:"path"`
-	Type string `json:"type"`
-}
-
-// CollectedMetric represents a metric that is collected for a service, this is shown as part of service overview
-type CollectedMetric struct {
-	Name        string `json:"name"`
-	Type        string `json:"type"`
-	Unit        string `json:"unit"`
-	Description string `json:"description"`
-}
-
-// AWSCollectionStrategy represents signal collection strategy for AWS services.
-// this is AWS specific.
-type AWSCollectionStrategy struct {
-	Metrics   *AWSMetricsStrategy `json:"aws_metrics,omitempty"`
-	Logs      *AWSLogsStrategy    `json:"aws_logs,omitempty"`
-	S3Buckets map[string][]string `json:"s3_buckets,omitempty"` // Only available in S3 Sync Service Type in AWS
-}
-
-// AzureCollectionStrategy represents signal collection strategy for Azure services.
-// this is Azure specific.
-type AzureCollectionStrategy struct {
-	Metrics []*AzureMetricsStrategy `json:"azure_metrics,omitempty"`
-	Logs    []*AzureLogsStrategy    `json:"azure_logs,omitempty"`
-}
-
-// AWSMetricsStrategy represents metrics collection strategy for AWS services.
-// this is AWS specific.
-type AWSMetricsStrategy struct {
-	// to be used as https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-metricstream.html#cfn-cloudwatch-metricstream-includefilters
-	StreamFilters []struct {
-		// json tags here are in the shape expected by AWS API as detailed at
-		// https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudwatch-metricstream-metricstreamfilter.html
-		Namespace   string   `json:"Namespace"`
-		MetricNames []string `json:"MetricNames,omitempty"`
-	} `json:"cloudwatch_metric_stream_filters"`
-}
-
-// AWSLogsStrategy represents logs collection strategy for AWS services.
-// this is AWS specific.
-type AWSLogsStrategy struct {
-	Subscriptions []struct {
-		// subscribe to all logs groups with specified prefix.
-		// eg: `/aws/rds/`
-		LogGroupNamePrefix string `json:"log_group_name_prefix"`
-
-		// https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html
-		// "" implies no filtering is required.
-		FilterPattern string `json:"filter_pattern"`
-	} `json:"cloudwatch_logs_subscriptions"`
-}
-
-// AzureMetricsStrategy represents metrics collection strategy for Azure services.
-// this is Azure specific.
-type AzureMetricsStrategy struct {
-	CategoryType string `json:"category_type"`
-	Name         string `json:"name"`
-}
-
-// AzureLogsStrategy represents logs collection strategy for Azure services.
-// this is Azure specific. Even though this is similar to AzureMetricsStrategy, keeping it separate for future flexibility and clarity.
-type AzureLogsStrategy struct {
-	CategoryType string `json:"category_type"`
-	Name         string `json:"name"`
-}
-
-// Dashboard represents a dashboard definition for cloud integration.
-type Dashboard struct {
-	Id          string                                `json:"id"`
-	Url         string                                `json:"url"`
-	Title       string                                `json:"title"`
-	Description string                                `json:"description"`
-	Image       string                                `json:"image"`
-	Definition  *dashboardtypes.StorableDashboardData `json:"definition,omitempty"`
-}
-
-// UTILS
-
-// GetCloudIntegrationDashboardID returns the dashboard id for a cloud integration, given the cloud provider, service id, and dashboard id.
-// This is used to generate unique dashboard ids for cloud integration, and also to parse the dashboard id to get the cloud provider and service id when needed.
-func GetCloudIntegrationDashboardID(cloudProvider CloudProviderType, svcId, dashboardId string) string {
-	return fmt.Sprintf("cloud-integration--%s--%s--%s", cloudProvider, svcId, dashboardId)
-}
-
-// GetDashboardsFromAssets returns the list of dashboards for the cloud provider service from definition
-func GetDashboardsFromAssets(
-	svcId string,
-	orgID valuer.UUID,
-	cloudProvider CloudProviderType,
-	createdAt time.Time,
-	assets Assets,
-) []*dashboardtypes.Dashboard {
-	dashboards := make([]*dashboardtypes.Dashboard, 0)
-
-	for _, d := range assets.Dashboards {
-		if d.Definition == nil {
-			continue
-		}
-
-		author := fmt.Sprintf("%s-integration", cloudProvider)
-		dashboards = append(dashboards, &dashboardtypes.Dashboard{
-			ID:     GetCloudIntegrationDashboardID(cloudProvider, svcId, d.Id),
-			Locked: true,
-			OrgID:  orgID,
-			Data:   *d.Definition,
-			TimeAuditable: types.TimeAuditable{
-				CreatedAt: createdAt,
-				UpdatedAt: createdAt,
-			},
-			UserAuditable: types.UserAuditable{
-				CreatedBy: author,
-				UpdatedBy: author,
-			},
-		})
-	}
-
-	return dashboards
-}
--- a/pkg/types/cloudintegrationtypes/store.go
+++ b/pkg/types/cloudintegrationtypes/store.go
@@ -1,42 +0,0 @@
-package cloudintegrationtypes
-
-import (
-	"context"
-	"time"
-)
-
-type CloudIntegrationAccountStore interface {
-	ListConnected(ctx context.Context, orgId string, provider string) ([]CloudIntegration, error)
-
-	Get(ctx context.Context, orgId string, provider string, id string) (*CloudIntegration, error)
-
-	GetConnectedCloudAccount(ctx context.Context, orgId, provider string, accountID string) (*CloudIntegration, error)
-
-	// Insert an account or update it by (cloudProvider, id)
-	// for specified non-empty fields
-	Upsert(
-		ctx context.Context,
-		orgId string,
-		provider string,
-		id *string,
-		config []byte,
-		accountId *string,
-		agentReport *AgentReport,
-		removedAt *time.Time,
-	) (*CloudIntegration, error)
-}
-
-type CloudIntegrationServiceStore interface {
-	Get(ctx context.Context, orgID, cloudAccountId, serviceType string) ([]byte, error)
-
-	Upsert(
-		ctx context.Context,
-		orgID,
-		cloudProvider,
-		cloudAccountId,
-		serviceId string,
-		config []byte,
-	) ([]byte, error)
-
-	GetAllForAccount(ctx context.Context, orgID, cloudAccountId string) (map[string][]byte, error)
-}
--- a/pkg/types/serviceaccounttypes/factor_api_key.go
+++ b/pkg/types/serviceaccounttypes/factor_api_key.go
@@ -11,22 +11,20 @@ import (
 )

 var (
-	ErrCodeAPIkeyInvalidInput        = errors.MustNewCode("service_account_factor_api_key_invalid_input")
-	ErrCodeAPIKeyAlreadyExists       = errors.MustNewCode("service_account_factor_api_key_already_exists")
-	ErrCodeAPIKeytNotFound           = errors.MustNewCode("service_account_factor_api_key_not_found")
-	ErrCodeAPIKeyExpired             = errors.MustNewCode("api_key_expired")
-	ErrCodeAPIkeyOlderLastObservedAt = errors.MustNewCode("api_key_older_last_observed_at")
+	ErrCodeServiceAccountFactorAPIkeyInvalidInput  = errors.MustNewCode("service_account_factor_api_key_invalid_input")
+	ErrCodeServiceAccountFactorAPIKeyAlreadyExists = errors.MustNewCode("service_account_factor_api_key_already_exists")
+	ErrCodeServiceAccounFactorAPIKeytNotFound      = errors.MustNewCode("service_account_factor_api_key_not_found")
 )

 type StorableFactorAPIKey struct {
-	bun.BaseModel `bun:"table:factor_api_key,alias:factor_api_key"`
+	bun.BaseModel `bun:"table:factor_api_key"`

 	types.Identifiable
 	types.TimeAuditable
 	Name             string    `bun:"name"`
 	Key              string    `bun:"key"`
 	ExpiresAt        uint64    `bun:"expires_at"`
-	LastObservedAt   time.Time `bun:"last_observed_at"`
+	LastUsed         time.Time `bun:"last_used"`
 	ServiceAccountID string    `bun:"service_account_id"`
 }

@@ -35,9 +33,9 @@ type FactorAPIKey struct {
 	types.TimeAuditable
 	Name             string      `json:"name" requrired:"true"`
 	Key              string      `json:"key" required:"true"`
-	ExpiresAt        uint64      `json:"expiresAt" required:"true"`
-	LastObservedAt   time.Time   `json:"lastObservedAt" required:"true"`
-	ServiceAccountID valuer.UUID `json:"serviceAccountId" required:"true"`
+	ExpiresAt        uint64      `json:"expires_at" required:"true"`
+	LastUsed         time.Time   `json:"last_used" required:"true"`
+	ServiceAccountID valuer.UUID `json:"service_account_id" required:"true"`
 }

 type GettableFactorAPIKeyWithKey struct {
@@ -49,19 +47,19 @@ type GettableFactorAPIKey struct {
 	types.Identifiable
 	types.TimeAuditable
 	Name             string      `json:"name" requrired:"true"`
-	ExpiresAt        uint64      `json:"expiresAt" required:"true"`
-	LastObservedAt   time.Time   `json:"lastObservedAt" required:"true"`
-	ServiceAccountID valuer.UUID `json:"serviceAccountId" required:"true"`
+	ExpiresAt        uint64      `json:"expires_at" required:"true"`
+	LastUsed         time.Time   `json:"last_used" required:"true"`
+	ServiceAccountID valuer.UUID `json:"service_account_id" required:"true"`
 }

 type PostableFactorAPIKey struct {
 	Name      string `json:"name" required:"true"`
-	ExpiresAt uint64 `json:"expiresAt" required:"true"`
+	ExpiresAt uint64 `json:"expires_at" required:"true"`
 }

 type UpdatableFactorAPIKey struct {
 	Name      string `json:"name" required:"true"`
-	ExpiresAt uint64 `json:"expiresAt" required:"true"`
+	ExpiresAt uint64 `json:"expires_at" required:"true"`
 }

 func NewFactorAPIKeyFromStorable(storable *StorableFactorAPIKey) *FactorAPIKey {
@@ -71,7 +69,7 @@ func NewFactorAPIKeyFromStorable(storable *StorableFactorAPIKey) *FactorAPIKey {
 		Name:             storable.Name,
 		Key:              storable.Key,
 		ExpiresAt:        storable.ExpiresAt,
-		LastObservedAt:   storable.LastObservedAt,
+		LastUsed:         storable.LastUsed,
 		ServiceAccountID: valuer.MustNewUUID(storable.ServiceAccountID),
 	}
 }
@@ -93,7 +91,7 @@ func NewStorableFactorAPIKey(factorAPIKey *FactorAPIKey) *StorableFactorAPIKey {
 		Name:             factorAPIKey.Name,
 		Key:              factorAPIKey.Key,
 		ExpiresAt:        factorAPIKey.ExpiresAt,
-		LastObservedAt:   factorAPIKey.LastObservedAt,
+		LastUsed:         factorAPIKey.LastUsed,
 		ServiceAccountID: factorAPIKey.ServiceAccountID.String(),
 	}
 }
@@ -107,7 +105,7 @@ func NewGettableFactorAPIKeys(keys []*FactorAPIKey) []*GettableFactorAPIKey {
 			TimeAuditable:    key.TimeAuditable,
 			Name:             key.Name,
 			ExpiresAt:        key.ExpiresAt,
-			LastObservedAt:   key.LastObservedAt,
+			LastUsed:         key.LastUsed,
 			ServiceAccountID: key.ServiceAccountID,
 		}
 	}
@@ -130,29 +128,6 @@ func (apiKey *FactorAPIKey) Update(name string, expiresAt uint64) {
 	apiKey.UpdatedAt = time.Now()
 }

-func (apiKey *FactorAPIKey) IsExpired() error {
-	if apiKey.ExpiresAt == 0 {
-		return nil
-	}
-
-	if time.Now().After(time.Unix(int64(apiKey.ExpiresAt), 0)) {
-		return errors.New(errors.TypeUnauthenticated, ErrCodeAPIKeyExpired, "api key has been expired")
-	}
-
-	return nil
-}
-
-func (apiKey *FactorAPIKey) UpdateLastObservedAt(lastObservedAt time.Time) error {
-	if lastObservedAt.Before(apiKey.LastObservedAt) {
-		return errors.New(errors.TypeInvalidInput, ErrCodeAPIkeyOlderLastObservedAt, "last observed at is before the current last observed at")
-	}
-
-	apiKey.LastObservedAt = lastObservedAt
-	apiKey.UpdatedAt = time.Now()
-
-	return nil
-}
-
 func (key *PostableFactorAPIKey) UnmarshalJSON(data []byte) error {
 	type Alias PostableFactorAPIKey

@@ -162,7 +137,7 @@ func (key *PostableFactorAPIKey) UnmarshalJSON(data []byte) error {
 	}

 	if temp.Name == "" {
-		return errors.New(errors.TypeInvalidInput, ErrCodeAPIkeyInvalidInput, "name cannot be empty")
+		return errors.New(errors.TypeInvalidInput, ErrCodeServiceAccountFactorAPIkeyInvalidInput, "name cannot be empty")
 	}

 	*key = PostableFactorAPIKey(temp)
@@ -178,7 +153,7 @@ func (key *UpdatableFactorAPIKey) UnmarshalJSON(data []byte) error {
 	}

 	if temp.Name == "" {
-		return errors.New(errors.TypeInvalidInput, ErrCodeAPIkeyInvalidInput, "name cannot be empty")
+		return errors.New(errors.TypeInvalidInput, ErrCodeServiceAccountFactorAPIkeyInvalidInput, "name cannot be empty")
 	}

 	*key = UpdatableFactorAPIKey(temp)
--- a/pkg/types/serviceaccounttypes/service_acccount.go
+++ b/pkg/types/serviceaccounttypes/service_acccount.go
@@ -4,7 +4,7 @@ import (
 	"crypto/rand"
 	"encoding/base64"
 	"encoding/json"
-	"regexp"
+	"slices"
 	"time"

 	"github.com/SigNoz/signoz/pkg/errors"
@@ -15,11 +15,10 @@ import (
 )

 var (
-	ErrCodeServiceAccountInvalidInput         = errors.MustNewCode("service_account_invalid_input")
-	ErrCodeServiceAccountAlreadyExists        = errors.MustNewCode("service_account_already_exists")
-	ErrCodeServiceAccountNotFound             = errors.MustNewCode("service_account_not_found")
-	ErrCodeServiceAccountRoleAlreadyExists    = errors.MustNewCode("service_account_role_already_exists")
-	ErrCodeServiceAccountOperationUnsupported = errors.MustNewCode("service_account_operation_unsupported")
+	ErrCodeServiceAccountInvalidInput      = errors.MustNewCode("service_account_invalid_input")
+	ErrCodeServiceAccountAlreadyExists     = errors.MustNewCode("service_account_already_exists")
+	ErrCodeServiceAccountNotFound          = errors.MustNewCode("service_account_not_found")
+	ErrCodeServiceAccountRoleAlreadyExists = errors.MustNewCode("service_account_role_already_exists")
 )

 var (
@@ -28,31 +27,25 @@ var (
 	ValidStatus    = []valuer.String{StatusActive, StatusDisabled}
 )

-var (
-	serviceAccountNameRegex = regexp.MustCompile("^[a-z-]{1,50}$")
-)
-
 type StorableServiceAccount struct {
 	bun.BaseModel `bun:"table:service_account,alias:service_account"`

 	types.Identifiable
 	types.TimeAuditable
-	Name      string        `bun:"name"`
-	Email     string        `bun:"email"`
-	Status    valuer.String `bun:"status"`
-	OrgID     string        `bun:"org_id"`
-	DeletedAt time.Time     `bun:"deleted_at"`
+	Name   string        `bun:"name"`
+	Email  string        `bun:"email"`
+	Status valuer.String `bun:"status"`
+	OrgID  string        `bun:"org_id"`
 }

 type ServiceAccount struct {
 	types.Identifiable
 	types.TimeAuditable
-	Name      string        `json:"name" required:"true"`
-	Email     valuer.Email  `json:"email" required:"true"`
-	Roles     []string      `json:"roles" required:"true" nullable:"false"`
-	Status    valuer.String `json:"status" required:"true"`
-	OrgID     valuer.UUID   `json:"orgId" required:"true"`
-	DeletedAt time.Time     `json:"deletedAt" required:"true"`
+	Name   string        `json:"name" required:"true"`
+	Email  valuer.Email  `json:"email" required:"true"`
+	Roles  []string      `json:"roles" required:"true" nullable:"false"`
+	Status valuer.String `json:"status" required:"true"`
+	OrgID  valuer.UUID   `json:"orgID" required:"true"`
 }

 type PostableServiceAccount struct {
@@ -80,12 +73,11 @@ func NewServiceAccount(name string, email valuer.Email, roles []string, status v
 			CreatedAt: time.Now(),
 			UpdatedAt: time.Now(),
 		},
-		Name:      name,
-		Email:     email,
-		Roles:     roles,
-		Status:    status,
-		OrgID:     orgID,
-		DeletedAt: time.Time{},
+		Name:   name,
+		Email:  email,
+		Roles:  roles,
+		Status: status,
+		OrgID:  orgID,
 	}
 }

@@ -98,7 +90,6 @@ func NewServiceAccountFromStorables(storableServiceAccount *StorableServiceAccou
 		Roles:         roles,
 		Status:        storableServiceAccount.Status,
 		OrgID:         valuer.MustNewUUID(storableServiceAccount.OrgID),
-		DeletedAt:     storableServiceAccount.DeletedAt,
 	}
 }

@@ -135,46 +126,22 @@ func NewStorableServiceAccount(serviceAccount *ServiceAccount) *StorableServiceA
 		Email:         serviceAccount.Email.String(),
 		Status:        serviceAccount.Status,
 		OrgID:         serviceAccount.OrgID.String(),
-		DeletedAt:     serviceAccount.DeletedAt,
 	}
 }

-func (sa *ServiceAccount) Update(name string, email valuer.Email, roles []string) error {
-	if err := sa.ErrIfDisabled(); err != nil {
-		return err
-	}
-
+func (sa *ServiceAccount) Update(name string, email valuer.Email, roles []string) {
 	sa.Name = name
 	sa.Email = email
 	sa.Roles = roles
 	sa.UpdatedAt = time.Now()
-	return nil
 }

-func (sa *ServiceAccount) UpdateStatus(status valuer.String) error {
-	if err := sa.ErrIfDisabled(); err != nil {
-		return err
-	}
-
+func (sa *ServiceAccount) UpdateStatus(status valuer.String) {
 	sa.Status = status
 	sa.UpdatedAt = time.Now()
-	sa.DeletedAt = time.Now()
-	return nil
-}
-
-func (sa *ServiceAccount) ErrIfDisabled() error {
-	if sa.Status == StatusDisabled {
-		return errors.New(errors.TypeUnsupported, ErrCodeServiceAccountOperationUnsupported, "this operation is not supported for disabled service account")
-	}
-
-	return nil
 }

 func (sa *ServiceAccount) NewFactorAPIKey(name string, expiresAt uint64) (*FactorAPIKey, error) {
-	if err := sa.ErrIfDisabled(); err != nil {
-		return nil, err
-	}
-
 	key := make([]byte, 32)
 	_, err := rand.Read(key)
 	if err != nil {
@@ -194,7 +161,7 @@ func (sa *ServiceAccount) NewFactorAPIKey(name string, expiresAt uint64) (*Facto
 		Name:             name,
 		Key:              encodedKey,
 		ExpiresAt:        expiresAt,
-		LastObservedAt:   time.Now(),
+		LastUsed:         time.Now(),
 		ServiceAccountID: sa.ID,
 	}, nil
 }
@@ -237,8 +204,8 @@ func (sa *PostableServiceAccount) UnmarshalJSON(data []byte) error {
 		return err
 	}

-	if match := serviceAccountNameRegex.MatchString(temp.Name); !match {
-		return errors.Newf(errors.TypeInvalidInput, ErrCodeServiceAccountInvalidInput, "name must conform to the regex: %s", serviceAccountNameRegex.String())
+	if temp.Name == "" {
+		return errors.New(errors.TypeInvalidInput, ErrCodeServiceAccountInvalidInput, "name cannot be empty")
 	}

 	if len(temp.Roles) == 0 {
@@ -257,8 +224,8 @@ func (sa *UpdatableServiceAccount) UnmarshalJSON(data []byte) error {
 		return err
 	}

-	if match := serviceAccountNameRegex.MatchString(temp.Name); !match {
-		return errors.Newf(errors.TypeInvalidInput, ErrCodeServiceAccountInvalidInput, "name must conform to the regex: %s", serviceAccountNameRegex.String())
+	if temp.Name == "" {
+		return errors.New(errors.TypeInvalidInput, ErrCodeServiceAccountInvalidInput, "name cannot be empty")
 	}

 	if len(temp.Roles) == 0 {
@@ -277,8 +244,8 @@ func (sa *UpdatableServiceAccountStatus) UnmarshalJSON(data []byte) error {
 		return err
 	}

-	if temp.Status != StatusDisabled {
-		return errors.Newf(errors.TypeInvalidInput, ErrCodeServiceAccountInvalidInput, "invalid status: %s, allowed status are: %v", temp.Status, StatusDisabled)
+	if !slices.Contains(ValidStatus, temp.Status) {
+		return errors.Newf(errors.TypeInvalidInput, ErrCodeServiceAccountInvalidInput, "invalid status: %s, allowed status are: %v", temp.Status, ValidStatus)
 	}

 	*sa = UpdatableServiceAccountStatus(temp)
--- a/pkg/types/serviceaccounttypes/store.go
+++ b/pkg/types/serviceaccounttypes/store.go
@@ -10,7 +10,6 @@ type Store interface {
 	// Service Account
 	Create(context.Context, *StorableServiceAccount) error
 	Get(context.Context, valuer.UUID, valuer.UUID) (*StorableServiceAccount, error)
-	GetActiveByOrgIDAndName(context.Context, valuer.UUID, string) (*StorableServiceAccount, error)
 	GetByID(context.Context, valuer.UUID) (*StorableServiceAccount, error)
 	List(context.Context, valuer.UUID) ([]*StorableServiceAccount, error)
 	Update(context.Context, valuer.UUID, *StorableServiceAccount) error
--- a/pkg/types/telemetrytypes/store.go
+++ b/pkg/types/telemetrytypes/store.go
@@ -45,6 +45,8 @@ type MetadataStore interface {

 	// GetFirstSeenFromMetricMetadata gets the first seen timestamp for a metric metadata lookup key.
 	GetFirstSeenFromMetricMetadata(ctx context.Context, lookupKeys []MetricMetadataLookupKey) (map[MetricMetadataLookupKey]int64, error)
+
+	FetchLastSeenInfoMulti(ctx context.Context, metricNames ...string) (map[string]int64, error)
 }

 type MetricMetadataLookupKey struct {
--- a/pkg/types/telemetrytypes/telemetrytypestest/metadata_store.go
+++ b/pkg/types/telemetrytypes/telemetrytypestest/metadata_store.go
@@ -342,3 +342,7 @@ func (m *MockMetadataStore) SetFirstSeenFromMetricMetadata(firstSeenMap map[tele
 		m.LookupKeysMap[key] = value
 	}
 }
+
+func (m *MockMetadataStore) FetchLastSeenInfoMulti(ctx context.Context, metricNames ...string) (map[string]int64, error) {
+	return make(map[string]int64), nil
+}
Author	SHA1	Message	Date
Naman Verma	c2393f580a	chore: add last seen info in err message	2026-03-12 14:19:29 +05:30
Naman Verma	68971ce346	revert: no need for special err handling in threshold rule	2026-03-12 13:47:07 +05:30
Naman Verma	8b32c08a05	test: unit test add mock for metadata call (which is expected in the test's scenario)	2026-03-12 13:25:51 +05:30
Naman Verma	5c5c20a090	fix: throw a not found err if metric data is missing	2026-03-12 13:16:47 +05:30
Naman Verma	973836533c	revert: revert seeding of absent metrics	2026-03-12 12:27:00 +05:30
Naman Verma	6766c6005a	Merge branch 'main' into nv/10559	2026-03-12 12:24:32 +05:30
Naman Verma	0ac5686651	test: unit test add mock for metadata call (which is expected in the test's scenario)	2026-03-11 22:55:04 +05:30
Naman Verma	1bdb8e6308	chore: better package import name	2026-03-11 21:37:07 +05:30
Naman Verma	cf88b42702	fix: don't send absent metrics to query builder	2026-03-11 21:35:39 +05:30
Naman Verma	45e69c07a1	chore: move temporality+type fetcher to the case where it is actually used	2026-03-11 19:24:55 +05:30
Naman Verma	4e6fa6286b	revert: revert check for metric type without query range constraint	2026-03-11 17:09:21 +05:30
Naman Verma	b453010075	fix: check for metric type without query range constraint	2026-03-11 16:29:28 +05:30