fix: added unit tests, renamed file, added validation

fix: better names for functions
Merge branch 'main' into tvats-export-traces
2026-03-16 18:02:09 +00:00 · 2026-03-16 19:40:00 +05:30 · 2026-03-16 15:36:16 +05:30 · 2026-03-16 14:45:55 +05:30 · 2026-03-16 14:41:32 +05:30 · 2026-03-15 20:25:24 +05:30
94 changed files with 5022 additions and 1983 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1,6 +1,8 @@
 # CODEOWNERS info: https://help.github.com/en/articles/about-code-owners

-# Owners are automatically requested for review for PRs that changes code that they own.
+# Owners are automatically requested for review for PRs that changes code
+
+# that they own.

 /frontend/ @SigNoz/frontend-maintainers

@@ -9,10 +11,8 @@
 /frontend/src/container/OnboardingV2Container/onboarding-configs/onboarding-config-with-links.json @makeavish
 /frontend/src/container/OnboardingV2Container/AddDataSource/AddDataSource.tsx @makeavish

-# CI
-/deploy/ @therealpandey
-.github @therealpandey
-go.mod @therealpandey
+/deploy/ @SigNoz/devops
+.github @SigNoz/devops

 # Scaffold Owners

--- a/.github/workflows/mergequeueci.yaml
+++ b/.github/workflows/mergequeueci.yaml
@@ -8,7 +8,6 @@ on:
 jobs:
  notify:
    runs-on: ubuntu-latest
-    if: github.event.pull_request.merged == false
    steps:
      - name: alert
        uses: slackapi/slack-github-action@v2.1.1
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -17,5 +17,7 @@
 	},
 	"[html]": {
 		"editor.defaultFormatter": "vscode.html-language-features"
-	}
+	},
+	"python-envs.defaultEnvManager": "ms-python.python:system",
+	"python-envs.pythonProjects": []
 }
--- a/cmd/community/server.go
+++ b/cmd/community/server.go
@@ -18,7 +18,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
-	"github.com/SigNoz/signoz/pkg/modules/user"
 	"github.com/SigNoz/signoz/pkg/querier"
 	"github.com/SigNoz/signoz/pkg/query-service/app"
 	"github.com/SigNoz/signoz/pkg/queryparser"
@@ -74,8 +73,8 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 		},
 		signoz.NewSQLStoreProviderFactories(),
 		signoz.NewTelemetryStoreProviderFactories(),
-		func(ctx context.Context, providerSettings factory.ProviderSettings, store authtypes.AuthNStore, licensing licensing.Licensing, userGetter user.Getter) (map[authtypes.AuthNProvider]authn.AuthN, error) {
-			return signoz.NewAuthNs(ctx, providerSettings, store, licensing, userGetter)
+		func(ctx context.Context, providerSettings factory.ProviderSettings, store authtypes.AuthNStore, licensing licensing.Licensing) (map[authtypes.AuthNProvider]authn.AuthN, error) {
+			return signoz.NewAuthNs(ctx, providerSettings, store, licensing)
 		},
 		func(ctx context.Context, sqlstore sqlstore.SQLStore, _ licensing.Licensing, _ dashboard.Module) factory.ProviderFactory[authz.AuthZ, authz.Config] {
 			return openfgaauthz.NewProviderFactory(sqlstore, openfgaschema.NewSchema().Get(ctx))
--- a/cmd/enterprise/server.go
+++ b/cmd/enterprise/server.go
@@ -9,12 +9,12 @@ import (
 	"github.com/SigNoz/signoz/ee/authn/callbackauthn/oidccallbackauthn"
 	"github.com/SigNoz/signoz/ee/authn/callbackauthn/samlcallbackauthn"
 	"github.com/SigNoz/signoz/ee/authz/openfgaauthz"
+	eequerier "github.com/SigNoz/signoz/ee/querier"
 	"github.com/SigNoz/signoz/ee/authz/openfgaschema"
 	"github.com/SigNoz/signoz/ee/gateway/httpgateway"
 	enterpriselicensing "github.com/SigNoz/signoz/ee/licensing"
 	"github.com/SigNoz/signoz/ee/licensing/httplicensing"
 	"github.com/SigNoz/signoz/ee/modules/dashboard/impldashboard"
-	eequerier "github.com/SigNoz/signoz/ee/querier"
 	enterpriseapp "github.com/SigNoz/signoz/ee/query-service/app"
 	"github.com/SigNoz/signoz/ee/sqlschema/postgressqlschema"
 	"github.com/SigNoz/signoz/ee/sqlstore/postgressqlstore"
@@ -29,7 +29,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	pkgimpldashboard "github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
-	"github.com/SigNoz/signoz/pkg/modules/user"
 	"github.com/SigNoz/signoz/pkg/querier"
 	"github.com/SigNoz/signoz/pkg/queryparser"
 	"github.com/SigNoz/signoz/pkg/signoz"
@@ -96,7 +95,7 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 		},
 		sqlstoreFactories,
 		signoz.NewTelemetryStoreProviderFactories(),
-		func(ctx context.Context, providerSettings factory.ProviderSettings, store authtypes.AuthNStore, licensing licensing.Licensing, userGetter user.Getter) (map[authtypes.AuthNProvider]authn.AuthN, error) {
+		func(ctx context.Context, providerSettings factory.ProviderSettings, store authtypes.AuthNStore, licensing licensing.Licensing) (map[authtypes.AuthNProvider]authn.AuthN, error) {
 			samlCallbackAuthN, err := samlcallbackauthn.New(ctx, store, licensing)
 			if err != nil {
 				return nil, err
@@ -107,7 +106,7 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 				return nil, err
 			}

-			authNs, err := signoz.NewAuthNs(ctx, providerSettings, store, licensing, userGetter)
+			authNs, err := signoz.NewAuthNs(ctx, providerSettings, store, licensing)
 			if err != nil {
 				return nil, err
 			}
--- a/docs/api/openapi.yml
+++ b/docs/api/openapi.yml
@@ -220,13 +220,6 @@ components:
      - additions
      - deletions
      type: object
-    AuthtypesPatchableRole:
-      properties:
-        description:
-          type: string
-      required:
-      - description
-      type: object
    AuthtypesPostableAuthDomain:
      properties:
        config:
@@ -243,15 +236,6 @@ components:
        password:
          type: string
      type: object
-    AuthtypesPostableRole:
-      properties:
-        description:
-          type: string
-        name:
-          type: string
-      required:
-      - name
-      type: object
    AuthtypesPostableRotateToken:
      properties:
        refreshToken:
@@ -267,31 +251,6 @@ components:
      - name
      - type
      type: object
-    AuthtypesRole:
-      properties:
-        createdAt:
-          format: date-time
-          type: string
-        description:
-          type: string
-        id:
-          type: string
-        name:
-          type: string
-        orgId:
-          type: string
-        type:
-          type: string
-        updatedAt:
-          format: date-time
-          type: string
-      required:
-      - id
-      - name
-      - description
-      - type
-      - orgId
-      type: object
    AuthtypesRoleMapping:
      properties:
        defaultRole:
@@ -1763,6 +1722,47 @@ components:
      - status
      - error
      type: object
+    RoletypesPatchableRole:
+      properties:
+        description:
+          type: string
+      required:
+      - description
+      type: object
+    RoletypesPostableRole:
+      properties:
+        description:
+          type: string
+        name:
+          type: string
+      required:
+      - name
+      type: object
+    RoletypesRole:
+      properties:
+        createdAt:
+          format: date-time
+          type: string
+        description:
+          type: string
+        id:
+          type: string
+        name:
+          type: string
+        orgId:
+          type: string
+        type:
+          type: string
+        updatedAt:
+          format: date-time
+          type: string
+      required:
+      - id
+      - name
+      - description
+      - type
+      - orgId
+      type: object
    ServiceaccounttypesFactorAPIKey:
      properties:
        createdAt:
@@ -1984,6 +1984,52 @@ components:
            type: string
          type: array
      type: object
+    TypesChangePasswordRequest:
+      properties:
+        newPassword:
+          type: string
+        oldPassword:
+          type: string
+        userId:
+          type: string
+      type: object
+    TypesGettableAPIKey:
+      properties:
+        createdAt:
+          format: date-time
+          type: string
+        createdBy:
+          type: string
+        createdByUser:
+          $ref: '#/components/schemas/TypesUser'
+        expiresAt:
+          format: int64
+          type: integer
+        id:
+          type: string
+        lastUsed:
+          format: int64
+          type: integer
+        name:
+          type: string
+        revoked:
+          type: boolean
+        role:
+          type: string
+        token:
+          type: string
+        updatedAt:
+          format: date-time
+          type: string
+        updatedBy:
+          type: string
+        updatedByUser:
+          $ref: '#/components/schemas/TypesUser'
+        userId:
+          type: string
+      required:
+      - id
+      type: object
    TypesGettableGlobalConfig:
      properties:
        external_url:
@@ -1998,6 +2044,31 @@ components:
      required:
      - id
      type: object
+    TypesInvite:
+      properties:
+        createdAt:
+          format: date-time
+          type: string
+        email:
+          type: string
+        id:
+          type: string
+        inviteLink:
+          type: string
+        name:
+          type: string
+        orgId:
+          type: string
+        role:
+          type: string
+        token:
+          type: string
+        updatedAt:
+          format: date-time
+          type: string
+      required:
+      - id
+      type: object
    TypesOrganization:
      properties:
        alias:
@@ -2020,78 +2091,7 @@ components:
      required:
      - id
      type: object
-    UsertypesChangePasswordRequest:
-      properties:
-        newPassword:
-          type: string
-        oldPassword:
-          type: string
-        userId:
-          type: string
-      type: object
-    UsertypesGettableAPIKey:
-      properties:
-        createdAt:
-          format: date-time
-          type: string
-        createdBy:
-          type: string
-        createdByUser:
-          $ref: '#/components/schemas/UsertypesUser'
-        expiresAt:
-          format: int64
-          type: integer
-        id:
-          type: string
-        lastUsed:
-          format: int64
-          type: integer
-        name:
-          type: string
-        revoked:
-          type: boolean
-        role:
-          type: string
-        token:
-          type: string
-        updatedAt:
-          format: date-time
-          type: string
-        updatedBy:
-          type: string
-        updatedByUser:
-          $ref: '#/components/schemas/UsertypesUser'
-        userId:
-          type: string
-      required:
-      - id
-      type: object
-    UsertypesInvite:
-      properties:
-        createdAt:
-          format: date-time
-          type: string
-        email:
-          type: string
-        id:
-          type: string
-        inviteLink:
-          type: string
-        name:
-          type: string
-        orgId:
-          type: string
-        role:
-          type: string
-        token:
-          type: string
-        updatedAt:
-          format: date-time
-          type: string
-      required:
-      - id
-      type: object
-    UsertypesPostableAPIKey:
+    TypesPostableAPIKey:
      properties:
        expiresInDays:
          format: int64
@@ -2101,7 +2101,7 @@ components:
        role:
          type: string
      type: object
-    UsertypesPostableAcceptInvite:
+    TypesPostableAcceptInvite:
      properties:
        displayName:
          type: string
@@ -2112,16 +2112,16 @@ components:
        token:
          type: string
      type: object
-    UsertypesPostableBulkInviteRequest:
+    TypesPostableBulkInviteRequest:
      properties:
        invites:
          items:
-            $ref: '#/components/schemas/UsertypesPostableInvite'
+            $ref: '#/components/schemas/TypesPostableInvite'
          type: array
      required:
      - invites
      type: object
-    UsertypesPostableForgotPassword:
+    TypesPostableForgotPassword:
      properties:
        email:
          type: string
@@ -2133,7 +2133,7 @@ components:
      - orgId
      - email
      type: object
-    UsertypesPostableInvite:
+    TypesPostableInvite:
      properties:
        email:
          type: string
@@ -2144,14 +2144,14 @@ components:
        role:
          type: string
      type: object
-    UsertypesPostableResetPassword:
+    TypesPostableResetPassword:
      properties:
        password:
          type: string
        token:
          type: string
      type: object
-    UsertypesResetPasswordToken:
+    TypesResetPasswordToken:
      properties:
        expiresAt:
          format: date-time
@@ -2165,7 +2165,7 @@ components:
      required:
      - id
      type: object
-    UsertypesStorableAPIKey:
+    TypesStorableAPIKey:
      properties:
        createdAt:
          format: date-time
@@ -2192,7 +2192,7 @@ components:
      required:
      - id
      type: object
-    UsertypesUser:
+    TypesUser:
      properties:
        createdAt:
          format: date-time
@@ -2392,7 +2392,7 @@ paths:
        content:
          application/json:
            schema:
-              $ref: '#/components/schemas/UsertypesChangePasswordRequest'
+              $ref: '#/components/schemas/TypesChangePasswordRequest'
      responses:
        "204":
          description: No Content
@@ -3001,6 +3001,210 @@ paths:
      summary: Update auth domain
      tags:
      - authdomains
+  /api/v1/export_raw_data:
+    get:
+      deprecated: false
+      description: This endpoints allows simple query exporting raw data for traces
+        and logs
+      operationId: HandleExportRawDataGET
+      parameters:
+      - description: The output format for the export.
+        in: query
+        name: format
+        schema:
+          default: csv
+          description: The output format for the export.
+          enum:
+          - csv
+          - jsonl
+          type: string
+      - description: The type of data to export.
+        in: query
+        name: signal
+        required: true
+        schema:
+          $ref: '#/components/schemas/TelemetrytypesSignal'
+      - deprecated: true
+        description: 'Deprecated: use signal instead.'
+        in: query
+        name: source
+        schema:
+          deprecated: true
+          description: 'Deprecated: use signal instead.'
+          type: string
+      - description: The start time for the query in unix timestamp nanoseconds.
+        in: query
+        name: start
+        schema:
+          description: The start time for the query in unix timestamp nanoseconds.
+          minimum: 0
+          type: integer
+      - description: The end time for the query in unix timestamp nanoseconds.
+        in: query
+        name: end
+        schema:
+          description: The end time for the query in unix timestamp nanoseconds.
+          minimum: 0
+          type: integer
+      - description: The maximum number of rows to export.
+        in: query
+        name: limit
+        schema:
+          default: 10000
+          description: The maximum number of rows to export.
+          maximum: 50000
+          minimum: 1
+          type: integer
+      - deprecated: true
+        description: 'Deprecated: use filterExpression instead.'
+        in: query
+        name: filter
+        schema:
+          deprecated: true
+          description: 'Deprecated: use filterExpression instead.'
+          type: string
+      - content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/Querybuildertypesv5Filter'
+        description: The filter expression to apply to the query.
+        in: query
+        name: filterExpression
+      - deprecated: true
+        description: 'Deprecated: use selectFields instead.'
+        in: query
+        name: columns
+        schema:
+          deprecated: true
+          description: 'Deprecated: use selectFields instead.'
+          items:
+            type: string
+          type: array
+      - description: The columns to include in the export.
+        in: query
+        name: selectFields
+        schema:
+          description: The columns to include in the export.
+          items:
+            $ref: '#/components/schemas/TelemetrytypesTelemetryFieldKey'
+          type: array
+      - deprecated: true
+        description: 'Deprecated: use order instead.'
+        in: query
+        name: order_by
+        schema:
+          deprecated: true
+          description: 'Deprecated: use order instead.'
+          type: string
+      - description: The sorting order with keys and directions.
+        in: query
+        name: order
+        schema:
+          description: The sorting order with keys and directions.
+          items:
+            $ref: '#/components/schemas/Querybuildertypesv5OrderBy'
+          type: array
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: OK
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Bad Request
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - VIEWER
+      - tokenizer:
+        - VIEWER
+      summary: Export raw data
+      tags:
+      - logs
+      - traces
+    post:
+      deprecated: false
+      description: This endpoints allows complex query exporting raw data for traces
+        and logs
+      operationId: HandleExportRawDataPOST
+      parameters:
+      - description: The output format for the export.
+        in: query
+        name: format
+        schema:
+          default: csv
+          description: The output format for the export.
+          enum:
+          - csv
+          - jsonl
+          type: string
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/Querybuildertypesv5QueryRangeRequest'
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: OK
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Bad Request
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - VIEWER
+      - tokenizer:
+        - VIEWER
+      summary: Export raw data
+      tags:
+      - logs
+      - traces
  /api/v1/fields/keys:
    get:
      deprecated: false
@@ -3197,7 +3401,7 @@ paths:
              schema:
                properties:
                  data:
-                    $ref: '#/components/schemas/UsertypesResetPasswordToken'
+                    $ref: '#/components/schemas/TypesResetPasswordToken'
                  status:
                    type: string
                required:
@@ -3302,7 +3506,7 @@ paths:
                properties:
                  data:
                    items:
-                      $ref: '#/components/schemas/UsertypesInvite'
+                      $ref: '#/components/schemas/TypesInvite'
                    type: array
                  status:
                    type: string
@@ -3345,7 +3549,7 @@ paths:
        content:
          application/json:
            schema:
-              $ref: '#/components/schemas/UsertypesPostableInvite'
+              $ref: '#/components/schemas/TypesPostableInvite'
      responses:
        "201":
          content:
@@ -3353,7 +3557,7 @@ paths:
              schema:
                properties:
                  data:
-                    $ref: '#/components/schemas/UsertypesInvite'
+                    $ref: '#/components/schemas/TypesInvite'
                  status:
                    type: string
                required:
@@ -3469,7 +3673,7 @@ paths:
              schema:
                properties:
                  data:
-                    $ref: '#/components/schemas/UsertypesInvite'
+                    $ref: '#/components/schemas/TypesInvite'
                  status:
                    type: string
                required:
@@ -3507,7 +3711,7 @@ paths:
        content:
          application/json:
            schema:
-              $ref: '#/components/schemas/UsertypesPostableAcceptInvite'
+              $ref: '#/components/schemas/TypesPostableAcceptInvite'
      responses:
        "201":
          content:
@@ -3515,7 +3719,7 @@ paths:
              schema:
                properties:
                  data:
-                    $ref: '#/components/schemas/UsertypesUser'
+                    $ref: '#/components/schemas/TypesUser'
                  status:
                    type: string
                required:
@@ -3553,7 +3757,7 @@ paths:
        content:
          application/json:
            schema:
-              $ref: '#/components/schemas/UsertypesPostableBulkInviteRequest'
+              $ref: '#/components/schemas/TypesPostableBulkInviteRequest'
      responses:
        "201":
          description: Created
@@ -3878,7 +4082,7 @@ paths:
                properties:
                  data:
                    items:
-                      $ref: '#/components/schemas/UsertypesGettableAPIKey'
+                      $ref: '#/components/schemas/TypesGettableAPIKey'
                    type: array
                  status:
                    type: string
@@ -3921,7 +4125,7 @@ paths:
        content:
          application/json:
            schema:
-              $ref: '#/components/schemas/UsertypesPostableAPIKey'
+              $ref: '#/components/schemas/TypesPostableAPIKey'
      responses:
        "201":
          content:
@@ -3929,7 +4133,7 @@ paths:
              schema:
                properties:
                  data:
-                    $ref: '#/components/schemas/UsertypesGettableAPIKey'
+                    $ref: '#/components/schemas/TypesGettableAPIKey'
                  status:
                    type: string
                required:
@@ -4035,7 +4239,7 @@ paths:
        content:
          application/json:
            schema:
-              $ref: '#/components/schemas/UsertypesStorableAPIKey'
+              $ref: '#/components/schemas/TypesStorableAPIKey'
      responses:
        "204":
          content:
@@ -4196,7 +4400,7 @@ paths:
        content:
          application/json:
            schema:
-              $ref: '#/components/schemas/UsertypesPostableResetPassword'
+              $ref: '#/components/schemas/TypesPostableResetPassword'
      responses:
        "204":
          description: No Content
@@ -4234,7 +4438,7 @@ paths:
                properties:
                  data:
                    items:
-                      $ref: '#/components/schemas/AuthtypesRole'
+                      $ref: '#/components/schemas/RoletypesRole'
                    type: array
                  status:
                    type: string
@@ -4277,7 +4481,7 @@ paths:
        content:
          application/json:
            schema:
-              $ref: '#/components/schemas/AuthtypesPostableRole'
+              $ref: '#/components/schemas/RoletypesPostableRole'
      responses:
        "201":
          content:
@@ -4422,7 +4626,7 @@ paths:
              schema:
                properties:
                  data:
-                    $ref: '#/components/schemas/AuthtypesRole'
+                    $ref: '#/components/schemas/RoletypesRole'
                  status:
                    type: string
                required:
@@ -4470,7 +4674,7 @@ paths:
        content:
          application/json:
            schema:
-              $ref: '#/components/schemas/AuthtypesPatchableRole'
+              $ref: '#/components/schemas/RoletypesPatchableRole'
      responses:
        "204":
          content:
@@ -5271,7 +5475,7 @@ paths:
                properties:
                  data:
                    items:
-                      $ref: '#/components/schemas/UsertypesUser'
+                      $ref: '#/components/schemas/TypesUser'
                    type: array
                  status:
                    type: string
@@ -5369,7 +5573,7 @@ paths:
              schema:
                properties:
                  data:
-                    $ref: '#/components/schemas/UsertypesUser'
+                    $ref: '#/components/schemas/TypesUser'
                  status:
                    type: string
                required:
@@ -5423,7 +5627,7 @@ paths:
        content:
          application/json:
            schema:
-              $ref: '#/components/schemas/UsertypesUser'
+              $ref: '#/components/schemas/TypesUser'
      responses:
        "200":
          content:
@@ -5431,7 +5635,7 @@ paths:
              schema:
                properties:
                  data:
-                    $ref: '#/components/schemas/UsertypesUser'
+                    $ref: '#/components/schemas/TypesUser'
                  status:
                    type: string
                required:
@@ -5489,7 +5693,7 @@ paths:
              schema:
                properties:
                  data:
-                    $ref: '#/components/schemas/UsertypesUser'
+                    $ref: '#/components/schemas/TypesUser'
                  status:
                    type: string
                required:
@@ -5692,7 +5896,7 @@ paths:
        content:
          application/json:
            schema:
-              $ref: '#/components/schemas/UsertypesPostableForgotPassword'
+              $ref: '#/components/schemas/TypesPostableForgotPassword'
      responses:
        "204":
          description: No Content
--- a/docs/contributing/go/handler.md
+++ b/docs/contributing/go/handler.md
@@ -123,6 +123,7 @@ if err := router.Handle("/api/v1/things", handler.New(
        Description:         "This endpoint creates a thing",
        Request:             new(types.PostableThing),
        RequestContentType:  "application/json",
+        RequestQuery:        new(types.QueryableThing),
        Response:            new(types.GettableThing),
        ResponseContentType: "application/json",
        SuccessStatusCode:   http.StatusCreated,
@@ -155,6 +156,8 @@ The `handler.New` function ties the HTTP handler to OpenAPI metadata via `OpenAP
 - **Request / RequestContentType**:
  - `Request` is a Go type that describes the request body or form.
  - `RequestContentType` is usually `"application/json"` or `"application/x-www-form-urlencoded"` (for callbacks like SAML).
+- **RequestQuery**:
+  - `RequestQuery` is a Go type that descirbes query url params.
 - **RequestExamples**: An array of `handler.OpenAPIExample` that provide concrete request payloads in the generated spec. See [Adding request examples](#adding-request-examples) below.
 - **Response / ResponseContentType**:
  - `Response` is the Go type for the successful response payload.
--- a/ee/authz/openfgaauthz/provider.go
+++ b/ee/authz/openfgaauthz/provider.go
@@ -13,6 +13,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/licensing"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/roletypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	openfgav1 "github.com/openfga/api/proto/openfga/v1"
 	openfgapkgtransformer "github.com/openfga/language/pkg/go/transformer"
@@ -22,7 +23,7 @@ type provider struct {
 	pkgAuthzService authz.AuthZ
 	openfgaServer   *openfgaserver.Server
 	licensing       licensing.Licensing
-	store           authtypes.RoleStore
+	store           roletypes.Store
 	registry        []authz.RegisterTypeable
 }

@@ -81,23 +82,23 @@ func (provider *provider) Write(ctx context.Context, additions []*openfgav1.Tupl
 	return provider.openfgaServer.Write(ctx, additions, deletions)
 }

-func (provider *provider) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*authtypes.Role, error) {
+func (provider *provider) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*roletypes.Role, error) {
 	return provider.pkgAuthzService.Get(ctx, orgID, id)
 }

-func (provider *provider) GetByOrgIDAndName(ctx context.Context, orgID valuer.UUID, name string) (*authtypes.Role, error) {
+func (provider *provider) GetByOrgIDAndName(ctx context.Context, orgID valuer.UUID, name string) (*roletypes.Role, error) {
 	return provider.pkgAuthzService.GetByOrgIDAndName(ctx, orgID, name)
 }

-func (provider *provider) List(ctx context.Context, orgID valuer.UUID) ([]*authtypes.Role, error) {
+func (provider *provider) List(ctx context.Context, orgID valuer.UUID) ([]*roletypes.Role, error) {
 	return provider.pkgAuthzService.List(ctx, orgID)
 }

-func (provider *provider) ListByOrgIDAndNames(ctx context.Context, orgID valuer.UUID, names []string) ([]*authtypes.Role, error) {
+func (provider *provider) ListByOrgIDAndNames(ctx context.Context, orgID valuer.UUID, names []string) ([]*roletypes.Role, error) {
 	return provider.pkgAuthzService.ListByOrgIDAndNames(ctx, orgID, names)
 }

-func (provider *provider) ListByOrgIDAndIDs(ctx context.Context, orgID valuer.UUID, ids []valuer.UUID) ([]*authtypes.Role, error) {
+func (provider *provider) ListByOrgIDAndIDs(ctx context.Context, orgID valuer.UUID, ids []valuer.UUID) ([]*roletypes.Role, error) {
 	return provider.pkgAuthzService.ListByOrgIDAndIDs(ctx, orgID, ids)
 }

@@ -113,7 +114,7 @@ func (provider *provider) Revoke(ctx context.Context, orgID valuer.UUID, names [
 	return provider.pkgAuthzService.Revoke(ctx, orgID, names, subject)
 }

-func (provider *provider) CreateManagedRoles(ctx context.Context, orgID valuer.UUID, managedRoles []*authtypes.Role) error {
+func (provider *provider) CreateManagedRoles(ctx context.Context, orgID valuer.UUID, managedRoles []*roletypes.Role) error {
 	return provider.pkgAuthzService.CreateManagedRoles(ctx, orgID, managedRoles)
 }

@@ -135,16 +136,16 @@ func (provider *provider) CreateManagedUserRoleTransactions(ctx context.Context,
 	return provider.Write(ctx, tuples, nil)
 }

-func (provider *provider) Create(ctx context.Context, orgID valuer.UUID, role *authtypes.Role) error {
+func (provider *provider) Create(ctx context.Context, orgID valuer.UUID, role *roletypes.Role) error {
 	_, err := provider.licensing.GetActive(ctx, orgID)
 	if err != nil {
 		return errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
 	}

-	return provider.store.Create(ctx, authtypes.NewStorableRoleFromRole(role))
+	return provider.store.Create(ctx, roletypes.NewStorableRoleFromRole(role))
 }

-func (provider *provider) GetOrCreate(ctx context.Context, orgID valuer.UUID, role *authtypes.Role) (*authtypes.Role, error) {
+func (provider *provider) GetOrCreate(ctx context.Context, orgID valuer.UUID, role *roletypes.Role) (*roletypes.Role, error) {
 	_, err := provider.licensing.GetActive(ctx, orgID)
 	if err != nil {
 		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
@@ -158,10 +159,10 @@ func (provider *provider) GetOrCreate(ctx context.Context, orgID valuer.UUID, ro
 	}

 	if existingRole != nil {
-		return authtypes.NewRoleFromStorableRole(existingRole), nil
+		return roletypes.NewRoleFromStorableRole(existingRole), nil
 	}

-	err = provider.store.Create(ctx, authtypes.NewStorableRoleFromRole(role))
+	err = provider.store.Create(ctx, roletypes.NewStorableRoleFromRole(role))
 	if err != nil {
 		return nil, err
 	}
@@ -216,13 +217,13 @@ func (provider *provider) GetObjects(ctx context.Context, orgID valuer.UUID, id
 	return objects, nil
 }

-func (provider *provider) Patch(ctx context.Context, orgID valuer.UUID, role *authtypes.Role) error {
+func (provider *provider) Patch(ctx context.Context, orgID valuer.UUID, role *roletypes.Role) error {
 	_, err := provider.licensing.GetActive(ctx, orgID)
 	if err != nil {
 		return errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
 	}

-	return provider.store.Update(ctx, orgID, authtypes.NewStorableRoleFromRole(role))
+	return provider.store.Update(ctx, orgID, roletypes.NewStorableRoleFromRole(role))
 }

 func (provider *provider) PatchObjects(ctx context.Context, orgID valuer.UUID, name string, relation authtypes.Relation, additions, deletions []*authtypes.Object) error {
@@ -231,12 +232,12 @@ func (provider *provider) PatchObjects(ctx context.Context, orgID valuer.UUID, n
 		return errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
 	}

-	additionTuples, err := authtypes.GetAdditionTuples(name, orgID, relation, additions)
+	additionTuples, err := roletypes.GetAdditionTuples(name, orgID, relation, additions)
 	if err != nil {
 		return err
 	}

-	deletionTuples, err := authtypes.GetDeletionTuples(name, orgID, relation, deletions)
+	deletionTuples, err := roletypes.GetDeletionTuples(name, orgID, relation, deletions)
 	if err != nil {
 		return err
 	}
@@ -260,7 +261,7 @@ func (provider *provider) Delete(ctx context.Context, orgID valuer.UUID, id valu
 		return err
 	}

-	role := authtypes.NewRoleFromStorableRole(storableRole)
+	role := roletypes.NewRoleFromStorableRole(storableRole)
 	err = role.ErrIfManaged()
 	if err != nil {
 		return err
@@ -270,7 +271,7 @@ func (provider *provider) Delete(ctx context.Context, orgID valuer.UUID, id valu
 }

 func (provider *provider) MustGetTypeables() []authtypes.Typeable {
-	return []authtypes.Typeable{authtypes.TypeableRole, authtypes.TypeableResourcesRoles}
+	return []authtypes.Typeable{authtypes.TypeableRole, roletypes.TypeableResourcesRoles}
 }

 func (provider *provider) getManagedRoleGrantTuples(orgID valuer.UUID, userID valuer.UUID) ([]*openfgav1.TupleKey, error) {
@@ -282,7 +283,7 @@ func (provider *provider) getManagedRoleGrantTuples(orgID valuer.UUID, userID va
 		adminSubject,
 		authtypes.RelationAssignee,
 		[]authtypes.Selector{
-			authtypes.MustNewSelector(authtypes.TypeRole, authtypes.SigNozAdminRoleName),
+			authtypes.MustNewSelector(authtypes.TypeRole, roletypes.SigNozAdminRoleName),
 		},
 		orgID,
 	)
@@ -297,7 +298,7 @@ func (provider *provider) getManagedRoleGrantTuples(orgID valuer.UUID, userID va
 		anonymousSubject,
 		authtypes.RelationAssignee,
 		[]authtypes.Selector{
-			authtypes.MustNewSelector(authtypes.TypeRole, authtypes.SigNozAnonymousRoleName),
+			authtypes.MustNewSelector(authtypes.TypeRole, roletypes.SigNozAnonymousRoleName),
 		},
 		orgID,
 	)
--- a/ee/modules/dashboard/impldashboard/module.go
+++ b/ee/modules/dashboard/impldashboard/module.go
@@ -19,6 +19,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
 	"github.com/SigNoz/signoz/pkg/types/instrumentationtypes"
 	"github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
+	"github.com/SigNoz/signoz/pkg/types/roletypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 )

@@ -213,7 +214,7 @@ func (module *module) Update(ctx context.Context, orgID valuer.UUID, id valuer.U
 	return module.pkgDashboardModule.Update(ctx, orgID, id, updatedBy, data, diff)
 }

-func (module *module) LockUnlock(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, role authtypes.LegacyRole, lock bool) error {
+func (module *module) LockUnlock(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, role types.Role, lock bool) error {
 	return module.pkgDashboardModule.LockUnlock(ctx, orgID, id, updatedBy, role, lock)
 }

@@ -223,7 +224,7 @@ func (module *module) MustGetTypeables() []authtypes.Typeable {

 func (module *module) MustGetManagedRoleTransactions() map[string][]*authtypes.Transaction {
 	return map[string][]*authtypes.Transaction{
-		authtypes.SigNozAnonymousRoleName: {
+		roletypes.SigNozAnonymousRoleName: {
 			{
 				ID:       valuer.GenerateUUID(),
 				Relation: authtypes.RelationRead,
--- a/ee/query-service/app/api/cloudIntegrations.go
+++ b/ee/query-service/app/api/cloudIntegrations.go
@@ -14,8 +14,8 @@ import (
 	"github.com/SigNoz/signoz/pkg/http/render"
 	"github.com/SigNoz/signoz/pkg/modules/user"
 	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
+	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/usertypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/gorilla/mux"
 	"go.uber.org/zap"
@@ -143,10 +143,10 @@ func (ah *APIHandler) getOrCreateCloudIntegrationPAT(ctx context.Context, orgId
 		zap.String("cloudProvider", cloudProvider),
 	)

-	newPAT, err := usertypes.NewStorableAPIKey(
+	newPAT, err := types.NewStorableAPIKey(
 		integrationPATName,
 		integrationUser.ID,
-		authtypes.RoleViewer,
+		types.RoleViewer,
 		0,
 	)
 	if err != nil {
@@ -166,16 +166,16 @@ func (ah *APIHandler) getOrCreateCloudIntegrationPAT(ctx context.Context, orgId

 func (ah *APIHandler) getOrCreateCloudIntegrationUser(
 	ctx context.Context, orgId string, cloudProvider string,
-) (*usertypes.User, *basemodel.ApiError) {
+) (*types.User, *basemodel.ApiError) {
 	cloudIntegrationUserName := fmt.Sprintf("%s-integration", cloudProvider)
 	email := valuer.MustNewEmail(fmt.Sprintf("%s@signoz.io", cloudIntegrationUserName))

-	cloudIntegrationUser, err := usertypes.NewUser(cloudIntegrationUserName, email, authtypes.RoleViewer, valuer.MustNewUUID(orgId), usertypes.UserStatusActive)
+	cloudIntegrationUser, err := types.NewUser(cloudIntegrationUserName, email, types.RoleViewer, valuer.MustNewUUID(orgId), types.UserStatusActive)
 	if err != nil {
 		return nil, basemodel.InternalError(fmt.Errorf("couldn't create cloud integration user: %w", err))
 	}

-	password := usertypes.MustGenerateFactorPassword(cloudIntegrationUser.ID.StringValue())
+	password := types.MustGenerateFactorPassword(cloudIntegrationUser.ID.StringValue())

 	cloudIntegrationUser, err = ah.Signoz.Modules.User.GetOrCreateUser(ctx, cloudIntegrationUser, user.WithFactorPassword(password))
 	if err != nil {
--- a/frontend/src/api/generated/services/logs/index.ts
+++ b/frontend/src/api/generated/services/logs/index.ts
@@ -20,11 +20,214 @@ import { useMutation, useQuery } from 'react-query';
 import type { BodyType, ErrorType } from '../../../generatedAPIInstance';
 import { GeneratedAPIInstance } from '../../../generatedAPIInstance';
 import type {
+	HandleExportRawDataGETParams,
+	HandleExportRawDataPOSTParams,
 	ListPromotedAndIndexedPaths200,
 	PromotetypesPromotePathDTO,
+	Querybuildertypesv5QueryRangeRequestDTO,
 	RenderErrorResponseDTO,
 } from '../sigNoz.schemas';

+/**
+ * This endpoints allows simple query exporting raw data for traces and logs
+ * @summary Export raw data
+ */
+export const handleExportRawDataGET = (
+	params: HandleExportRawDataGETParams,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<string>({
+		url: `/api/v1/export_raw_data`,
+		method: 'GET',
+		params,
+		signal,
+	});
+};
+
+export const getHandleExportRawDataGETQueryKey = (
+	params?: HandleExportRawDataGETParams,
+) => {
+	return [`/api/v1/export_raw_data`, ...(params ? [params] : [])] as const;
+};
+
+export const getHandleExportRawDataGETQueryOptions = <
+	TData = Awaited<ReturnType<typeof handleExportRawDataGET>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(
+	params: HandleExportRawDataGETParams,
+	options?: {
+		query?: UseQueryOptions<
+			Awaited<ReturnType<typeof handleExportRawDataGET>>,
+			TError,
+			TData
+		>;
+	},
+) => {
+	const { query: queryOptions } = options ?? {};
+
+	const queryKey =
+		queryOptions?.queryKey ?? getHandleExportRawDataGETQueryKey(params);
+
+	const queryFn: QueryFunction<
+		Awaited<ReturnType<typeof handleExportRawDataGET>>
+	> = ({ signal }) => handleExportRawDataGET(params, signal);
+
+	return { queryKey, queryFn, ...queryOptions } as UseQueryOptions<
+		Awaited<ReturnType<typeof handleExportRawDataGET>>,
+		TError,
+		TData
+	> & { queryKey: QueryKey };
+};
+
+export type HandleExportRawDataGETQueryResult = NonNullable<
+	Awaited<ReturnType<typeof handleExportRawDataGET>>
+>;
+export type HandleExportRawDataGETQueryError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Export raw data
+ */
+
+export function useHandleExportRawDataGET<
+	TData = Awaited<ReturnType<typeof handleExportRawDataGET>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(
+	params: HandleExportRawDataGETParams,
+	options?: {
+		query?: UseQueryOptions<
+			Awaited<ReturnType<typeof handleExportRawDataGET>>,
+			TError,
+			TData
+		>;
+	},
+): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
+	const queryOptions = getHandleExportRawDataGETQueryOptions(params, options);
+
+	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
+		queryKey: QueryKey;
+	};
+
+	query.queryKey = queryOptions.queryKey;
+
+	return query;
+}
+
+/**
+ * @summary Export raw data
+ */
+export const invalidateHandleExportRawDataGET = async (
+	queryClient: QueryClient,
+	params: HandleExportRawDataGETParams,
+	options?: InvalidateOptions,
+): Promise<QueryClient> => {
+	await queryClient.invalidateQueries(
+		{ queryKey: getHandleExportRawDataGETQueryKey(params) },
+		options,
+	);
+
+	return queryClient;
+};
+
+/**
+ * This endpoints allows complex query exporting raw data for traces and logs
+ * @summary Export raw data
+ */
+export const handleExportRawDataPOST = (
+	querybuildertypesv5QueryRangeRequestDTO: BodyType<Querybuildertypesv5QueryRangeRequestDTO>,
+	params?: HandleExportRawDataPOSTParams,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<string>({
+		url: `/api/v1/export_raw_data`,
+		method: 'POST',
+		headers: { 'Content-Type': 'application/json' },
+		data: querybuildertypesv5QueryRangeRequestDTO,
+		params,
+		signal,
+	});
+};
+
+export const getHandleExportRawDataPOSTMutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof handleExportRawDataPOST>>,
+		TError,
+		{
+			data: BodyType<Querybuildertypesv5QueryRangeRequestDTO>;
+			params?: HandleExportRawDataPOSTParams;
+		},
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof handleExportRawDataPOST>>,
+	TError,
+	{
+		data: BodyType<Querybuildertypesv5QueryRangeRequestDTO>;
+		params?: HandleExportRawDataPOSTParams;
+	},
+	TContext
+> => {
+	const mutationKey = ['handleExportRawDataPOST'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+		  'mutationKey' in options.mutation &&
+		  options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof handleExportRawDataPOST>>,
+		{
+			data: BodyType<Querybuildertypesv5QueryRangeRequestDTO>;
+			params?: HandleExportRawDataPOSTParams;
+		}
+	> = (props) => {
+		const { data, params } = props ?? {};
+
+		return handleExportRawDataPOST(data, params);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type HandleExportRawDataPOSTMutationResult = NonNullable<
+	Awaited<ReturnType<typeof handleExportRawDataPOST>>
+>;
+export type HandleExportRawDataPOSTMutationBody = BodyType<Querybuildertypesv5QueryRangeRequestDTO>;
+export type HandleExportRawDataPOSTMutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Export raw data
+ */
+export const useHandleExportRawDataPOST = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof handleExportRawDataPOST>>,
+		TError,
+		{
+			data: BodyType<Querybuildertypesv5QueryRangeRequestDTO>;
+			params?: HandleExportRawDataPOSTParams;
+		},
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof handleExportRawDataPOST>>,
+	TError,
+	{
+		data: BodyType<Querybuildertypesv5QueryRangeRequestDTO>;
+		params?: HandleExportRawDataPOSTParams;
+	},
+	TContext
+> => {
+	const mutationOptions = getHandleExportRawDataPOSTMutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
 /**
 * This endpoints promotes and indexes paths
 * @summary Promote and index paths
--- a/frontend/src/api/generated/services/role/index.ts
+++ b/frontend/src/api/generated/services/role/index.ts
@@ -21,8 +21,6 @@ import type { BodyType, ErrorType } from '../../../generatedAPIInstance';
 import { GeneratedAPIInstance } from '../../../generatedAPIInstance';
 import type {
 	AuthtypesPatchableObjectsDTO,
-	AuthtypesPatchableRoleDTO,
-	AuthtypesPostableRoleDTO,
 	CreateRole201,
 	DeleteRolePathParameters,
 	GetObjects200,
@@ -33,6 +31,8 @@ import type {
 	PatchObjectsPathParameters,
 	PatchRolePathParameters,
 	RenderErrorResponseDTO,
+	RoletypesPatchableRoleDTO,
+	RoletypesPostableRoleDTO,
 } from '../sigNoz.schemas';

 /**
@@ -118,14 +118,14 @@ export const invalidateListRoles = async (
 * @summary Create role
 */
 export const createRole = (
-	authtypesPostableRoleDTO: BodyType<AuthtypesPostableRoleDTO>,
+	roletypesPostableRoleDTO: BodyType<RoletypesPostableRoleDTO>,
 	signal?: AbortSignal,
 ) => {
 	return GeneratedAPIInstance<CreateRole201>({
 		url: `/api/v1/roles`,
 		method: 'POST',
 		headers: { 'Content-Type': 'application/json' },
-		data: authtypesPostableRoleDTO,
+		data: roletypesPostableRoleDTO,
 		signal,
 	});
 };
@@ -137,13 +137,13 @@ export const getCreateRoleMutationOptions = <
 	mutation?: UseMutationOptions<
 		Awaited<ReturnType<typeof createRole>>,
 		TError,
-		{ data: BodyType<AuthtypesPostableRoleDTO> },
+		{ data: BodyType<RoletypesPostableRoleDTO> },
 		TContext
 	>;
 }): UseMutationOptions<
 	Awaited<ReturnType<typeof createRole>>,
 	TError,
-	{ data: BodyType<AuthtypesPostableRoleDTO> },
+	{ data: BodyType<RoletypesPostableRoleDTO> },
 	TContext
 > => {
 	const mutationKey = ['createRole'];
@@ -157,7 +157,7 @@ export const getCreateRoleMutationOptions = <

 	const mutationFn: MutationFunction<
 		Awaited<ReturnType<typeof createRole>>,
-		{ data: BodyType<AuthtypesPostableRoleDTO> }
+		{ data: BodyType<RoletypesPostableRoleDTO> }
 	> = (props) => {
 		const { data } = props ?? {};

@@ -170,7 +170,7 @@ export const getCreateRoleMutationOptions = <
 export type CreateRoleMutationResult = NonNullable<
 	Awaited<ReturnType<typeof createRole>>
 >;
-export type CreateRoleMutationBody = BodyType<AuthtypesPostableRoleDTO>;
+export type CreateRoleMutationBody = BodyType<RoletypesPostableRoleDTO>;
 export type CreateRoleMutationError = ErrorType<RenderErrorResponseDTO>;

 /**
@@ -183,13 +183,13 @@ export const useCreateRole = <
 	mutation?: UseMutationOptions<
 		Awaited<ReturnType<typeof createRole>>,
 		TError,
-		{ data: BodyType<AuthtypesPostableRoleDTO> },
+		{ data: BodyType<RoletypesPostableRoleDTO> },
 		TContext
 	>;
 }): UseMutationResult<
 	Awaited<ReturnType<typeof createRole>>,
 	TError,
-	{ data: BodyType<AuthtypesPostableRoleDTO> },
+	{ data: BodyType<RoletypesPostableRoleDTO> },
 	TContext
 > => {
 	const mutationOptions = getCreateRoleMutationOptions(options);
@@ -370,13 +370,13 @@ export const invalidateGetRole = async (
 */
 export const patchRole = (
 	{ id }: PatchRolePathParameters,
-	authtypesPatchableRoleDTO: BodyType<AuthtypesPatchableRoleDTO>,
+	roletypesPatchableRoleDTO: BodyType<RoletypesPatchableRoleDTO>,
 ) => {
 	return GeneratedAPIInstance<string>({
 		url: `/api/v1/roles/${id}`,
 		method: 'PATCH',
 		headers: { 'Content-Type': 'application/json' },
-		data: authtypesPatchableRoleDTO,
+		data: roletypesPatchableRoleDTO,
 	});
 };

@@ -389,7 +389,7 @@ export const getPatchRoleMutationOptions = <
 		TError,
 		{
 			pathParams: PatchRolePathParameters;
-			data: BodyType<AuthtypesPatchableRoleDTO>;
+			data: BodyType<RoletypesPatchableRoleDTO>;
 		},
 		TContext
 	>;
@@ -398,7 +398,7 @@ export const getPatchRoleMutationOptions = <
 	TError,
 	{
 		pathParams: PatchRolePathParameters;
-		data: BodyType<AuthtypesPatchableRoleDTO>;
+		data: BodyType<RoletypesPatchableRoleDTO>;
 	},
 	TContext
 > => {
@@ -415,7 +415,7 @@ export const getPatchRoleMutationOptions = <
 		Awaited<ReturnType<typeof patchRole>>,
 		{
 			pathParams: PatchRolePathParameters;
-			data: BodyType<AuthtypesPatchableRoleDTO>;
+			data: BodyType<RoletypesPatchableRoleDTO>;
 		}
 	> = (props) => {
 		const { pathParams, data } = props ?? {};
@@ -429,7 +429,7 @@ export const getPatchRoleMutationOptions = <
 export type PatchRoleMutationResult = NonNullable<
 	Awaited<ReturnType<typeof patchRole>>
 >;
-export type PatchRoleMutationBody = BodyType<AuthtypesPatchableRoleDTO>;
+export type PatchRoleMutationBody = BodyType<RoletypesPatchableRoleDTO>;
 export type PatchRoleMutationError = ErrorType<RenderErrorResponseDTO>;

 /**
@@ -444,7 +444,7 @@ export const usePatchRole = <
 		TError,
 		{
 			pathParams: PatchRolePathParameters;
-			data: BodyType<AuthtypesPatchableRoleDTO>;
+			data: BodyType<RoletypesPatchableRoleDTO>;
 		},
 		TContext
 	>;
@@ -453,7 +453,7 @@ export const usePatchRole = <
 	TError,
 	{
 		pathParams: PatchRolePathParameters;
-		data: BodyType<AuthtypesPatchableRoleDTO>;
+		data: BodyType<RoletypesPatchableRoleDTO>;
 	},
 	TContext
 > => {
--- a/frontend/src/api/generated/services/sigNoz.schemas.ts
+++ b/frontend/src/api/generated/services/sigNoz.schemas.ts
@@ -278,13 +278,6 @@ export interface AuthtypesPatchableObjectsDTO {
 	deletions: AuthtypesGettableObjectsDTO[] | null;
 }

-export interface AuthtypesPatchableRoleDTO {
-	/**
-	 * @type string
-	 */
-	description: string;
-}
-
 export interface AuthtypesPostableAuthDomainDTO {
 	config?: AuthtypesAuthDomainConfigDTO;
 	/**
@@ -308,17 +301,6 @@ export interface AuthtypesPostableEmailPasswordSessionDTO {
 	password?: string;
 }

-export interface AuthtypesPostableRoleDTO {
-	/**
-	 * @type string
-	 */
-	description?: string;
-	/**
-	 * @type string
-	 */
-	name: string;
-}
-
 export interface AuthtypesPostableRotateTokenDTO {
 	/**
 	 * @type string
@@ -337,39 +319,6 @@ export interface AuthtypesResourceDTO {
 	type: string;
 }

-export interface AuthtypesRoleDTO {
-	/**
-	 * @type string
-	 * @format date-time
-	 */
-	createdAt?: Date;
-	/**
-	 * @type string
-	 */
-	description: string;
-	/**
-	 * @type string
-	 */
-	id: string;
-	/**
-	 * @type string
-	 */
-	name: string;
-	/**
-	 * @type string
-	 */
-	orgId: string;
-	/**
-	 * @type string
-	 */
-	type: string;
-	/**
-	 * @type string
-	 * @format date-time
-	 */
-	updatedAt?: Date;
-}
-
 /**
 * @nullable
 */
@@ -2090,6 +2039,57 @@ export interface RenderErrorResponseDTO {
 	status: string;
 }

+export interface RoletypesPatchableRoleDTO {
+	/**
+	 * @type string
+	 */
+	description: string;
+}
+
+export interface RoletypesPostableRoleDTO {
+	/**
+	 * @type string
+	 */
+	description?: string;
+	/**
+	 * @type string
+	 */
+	name: string;
+}
+
+export interface RoletypesRoleDTO {
+	/**
+	 * @type string
+	 * @format date-time
+	 */
+	createdAt?: Date;
+	/**
+	 * @type string
+	 */
+	description: string;
+	/**
+	 * @type string
+	 */
+	id: string;
+	/**
+	 * @type string
+	 */
+	name: string;
+	/**
+	 * @type string
+	 */
+	orgId: string;
+	/**
+	 * @type string
+	 */
+	type: string;
+	/**
+	 * @type string
+	 * @format date-time
+	 */
+	updatedAt?: Date;
+}
+
 export interface ServiceaccounttypesFactorAPIKeyDTO {
 	/**
 	 * @type string
@@ -2330,59 +2330,7 @@ export interface TelemetrytypesTelemetryFieldValuesDTO {
 	stringValues?: string[];
 }

-export interface TypesGettableGlobalConfigDTO {
-	/**
-	 * @type string
-	 */
-	external_url?: string;
-	/**
-	 * @type string
-	 */
-	ingestion_url?: string;
-}
-
-export interface TypesIdentifiableDTO {
-	/**
-	 * @type string
-	 */
-	id: string;
-}
-
-export interface TypesOrganizationDTO {
-	/**
-	 * @type string
-	 */
-	alias?: string;
-	/**
-	 * @type string
-	 * @format date-time
-	 */
-	createdAt?: Date;
-	/**
-	 * @type string
-	 */
-	displayName?: string;
-	/**
-	 * @type string
-	 */
-	id: string;
-	/**
-	 * @type integer
-	 * @minimum 0
-	 */
-	key?: number;
-	/**
-	 * @type string
-	 */
-	name?: string;
-	/**
-	 * @type string
-	 * @format date-time
-	 */
-	updatedAt?: Date;
-}
-
-export interface UsertypesChangePasswordRequestDTO {
+export interface TypesChangePasswordRequestDTO {
 	/**
 	 * @type string
 	 */
@@ -2397,7 +2345,7 @@ export interface UsertypesChangePasswordRequestDTO {
 	userId?: string;
 }

-export interface UsertypesGettableAPIKeyDTO {
+export interface TypesGettableAPIKeyDTO {
 	/**
 	 * @type string
 	 * @format date-time
@@ -2407,7 +2355,7 @@ export interface UsertypesGettableAPIKeyDTO {
 	 * @type string
 	 */
 	createdBy?: string;
-	createdByUser?: UsertypesUserDTO;
+	createdByUser?: TypesUserDTO;
 	/**
 	 * @type integer
 	 * @format int64
@@ -2447,14 +2395,32 @@ export interface UsertypesGettableAPIKeyDTO {
 	 * @type string
 	 */
 	updatedBy?: string;
-	updatedByUser?: UsertypesUserDTO;
+	updatedByUser?: TypesUserDTO;
 	/**
 	 * @type string
 	 */
 	userId?: string;
 }

-export interface UsertypesInviteDTO {
+export interface TypesGettableGlobalConfigDTO {
+	/**
+	 * @type string
+	 */
+	external_url?: string;
+	/**
+	 * @type string
+	 */
+	ingestion_url?: string;
+}
+
+export interface TypesIdentifiableDTO {
+	/**
+	 * @type string
+	 */
+	id: string;
+}
+
+export interface TypesInviteDTO {
 	/**
 	 * @type string
 	 * @format date-time
@@ -2495,7 +2461,41 @@ export interface UsertypesInviteDTO {
 	updatedAt?: Date;
 }

-export interface UsertypesPostableAPIKeyDTO {
+export interface TypesOrganizationDTO {
+	/**
+	 * @type string
+	 */
+	alias?: string;
+	/**
+	 * @type string
+	 * @format date-time
+	 */
+	createdAt?: Date;
+	/**
+	 * @type string
+	 */
+	displayName?: string;
+	/**
+	 * @type string
+	 */
+	id: string;
+	/**
+	 * @type integer
+	 * @minimum 0
+	 */
+	key?: number;
+	/**
+	 * @type string
+	 */
+	name?: string;
+	/**
+	 * @type string
+	 * @format date-time
+	 */
+	updatedAt?: Date;
+}
+
+export interface TypesPostableAPIKeyDTO {
 	/**
 	 * @type integer
 	 * @format int64
@@ -2511,7 +2511,7 @@ export interface UsertypesPostableAPIKeyDTO {
 	role?: string;
 }

-export interface UsertypesPostableAcceptInviteDTO {
+export interface TypesPostableAcceptInviteDTO {
 	/**
 	 * @type string
 	 */
@@ -2530,14 +2530,14 @@ export interface UsertypesPostableAcceptInviteDTO {
 	token?: string;
 }

-export interface UsertypesPostableBulkInviteRequestDTO {
+export interface TypesPostableBulkInviteRequestDTO {
 	/**
 	 * @type array
 	 */
-	invites: UsertypesPostableInviteDTO[];
+	invites: TypesPostableInviteDTO[];
 }

-export interface UsertypesPostableForgotPasswordDTO {
+export interface TypesPostableForgotPasswordDTO {
 	/**
 	 * @type string
 	 */
@@ -2552,7 +2552,7 @@ export interface UsertypesPostableForgotPasswordDTO {
 	orgId: string;
 }

-export interface UsertypesPostableInviteDTO {
+export interface TypesPostableInviteDTO {
 	/**
 	 * @type string
 	 */
@@ -2571,7 +2571,7 @@ export interface UsertypesPostableInviteDTO {
 	role?: string;
 }

-export interface UsertypesPostableResetPasswordDTO {
+export interface TypesPostableResetPasswordDTO {
 	/**
 	 * @type string
 	 */
@@ -2582,7 +2582,7 @@ export interface UsertypesPostableResetPasswordDTO {
 	token?: string;
 }

-export interface UsertypesResetPasswordTokenDTO {
+export interface TypesResetPasswordTokenDTO {
 	/**
 	 * @type string
 	 * @format date-time
@@ -2602,7 +2602,7 @@ export interface UsertypesResetPasswordTokenDTO {
 	token?: string;
 }

-export interface UsertypesStorableAPIKeyDTO {
+export interface TypesStorableAPIKeyDTO {
 	/**
 	 * @type string
 	 * @format date-time
@@ -2647,7 +2647,7 @@ export interface UsertypesStorableAPIKeyDTO {
 	userId?: string;
 }

-export interface UsertypesUserDTO {
+export interface TypesUserDTO {
 	/**
 	 * @type string
 	 * @format date-time
@@ -2896,6 +2896,89 @@ export type DeleteAuthDomainPathParameters = {
 export type UpdateAuthDomainPathParameters = {
 	id: string;
 };
+export type HandleExportRawDataGETParams = {
+	/**
+	 * @enum csv,jsonl
+	 * @type string
+	 * @description The output format for the export.
+	 */
+	format?: HandleExportRawDataGETFormat;
+	/**
+	 * @description The type of data to export.
+	 */
+	signal: TelemetrytypesSignalDTO;
+	/**
+	 * @type string
+	 * @description Deprecated: use signal instead.
+	 */
+	source?: string;
+	/**
+	 * @type integer
+	 * @minimum 0
+	 * @description The start time for the query in unix timestamp nanoseconds.
+	 */
+	start?: number;
+	/**
+	 * @type integer
+	 * @minimum 0
+	 * @description The end time for the query in unix timestamp nanoseconds.
+	 */
+	end?: number;
+	/**
+	 * @type integer
+	 * @maximum 50000
+	 * @minimum 1
+	 * @description The maximum number of rows to export.
+	 */
+	limit?: number;
+	/**
+	 * @type string
+	 * @description Deprecated: use filterExpression instead.
+	 */
+	filter?: string;
+	/**
+	 * @description The filter expression to apply to the query.
+	 */
+	filterExpression?: Querybuildertypesv5FilterDTO;
+	/**
+	 * @type array
+	 * @description Deprecated: use selectFields instead.
+	 */
+	columns?: string[];
+	/**
+	 * @type array
+	 * @description The columns to include in the export.
+	 */
+	selectFields?: TelemetrytypesTelemetryFieldKeyDTO[];
+	/**
+	 * @type string
+	 * @description Deprecated: use order instead.
+	 */
+	order_by?: string;
+	/**
+	 * @type array
+	 * @description The sorting order with keys and directions.
+	 */
+	order?: Querybuildertypesv5OrderByDTO[];
+};
+
+export enum HandleExportRawDataGETFormat {
+	csv = 'csv',
+	jsonl = 'jsonl',
+}
+export type HandleExportRawDataPOSTParams = {
+	/**
+	 * @enum csv,jsonl
+	 * @type string
+	 * @description The output format for the export.
+	 */
+	format?: HandleExportRawDataPOSTFormat;
+};
+
+export enum HandleExportRawDataPOSTFormat {
+	csv = 'csv',
+	jsonl = 'jsonl',
+}
 export type GetFieldsKeysParams = {
 	/**
 	 * @description undefined
@@ -3018,7 +3101,7 @@ export type GetResetPasswordTokenPathParameters = {
 	id: string;
 };
 export type GetResetPasswordToken200 = {
-	data: UsertypesResetPasswordTokenDTO;
+	data: TypesResetPasswordTokenDTO;
 	/**
 	 * @type string
 	 */
@@ -3037,7 +3120,7 @@ export type ListInvite200 = {
 	/**
 	 * @type array
 	 */
-	data: UsertypesInviteDTO[];
+	data: TypesInviteDTO[];
 	/**
 	 * @type string
 	 */
@@ -3045,7 +3128,7 @@ export type ListInvite200 = {
 };

 export type CreateInvite201 = {
-	data: UsertypesInviteDTO;
+	data: TypesInviteDTO;
 	/**
 	 * @type string
 	 */
@@ -3059,7 +3142,7 @@ export type GetInvitePathParameters = {
 	token: string;
 };
 export type GetInvite200 = {
-	data: UsertypesInviteDTO;
+	data: TypesInviteDTO;
 	/**
 	 * @type string
 	 */
@@ -3067,7 +3150,7 @@ export type GetInvite200 = {
 };

 export type AcceptInvite201 = {
-	data: UsertypesUserDTO;
+	data: TypesUserDTO;
 	/**
 	 * @type string
 	 */
@@ -3115,7 +3198,7 @@ export type ListAPIKeys200 = {
 	/**
 	 * @type array
 	 */
-	data: UsertypesGettableAPIKeyDTO[];
+	data: TypesGettableAPIKeyDTO[];
 	/**
 	 * @type string
 	 */
@@ -3123,7 +3206,7 @@ export type ListAPIKeys200 = {
 };

 export type CreateAPIKey201 = {
-	data: UsertypesGettableAPIKeyDTO;
+	data: TypesGettableAPIKeyDTO;
 	/**
 	 * @type string
 	 */
@@ -3163,7 +3246,7 @@ export type ListRoles200 = {
 	/**
 	 * @type array
 	 */
-	data: AuthtypesRoleDTO[];
+	data: RoletypesRoleDTO[];
 	/**
 	 * @type string
 	 */
@@ -3185,7 +3268,7 @@ export type GetRolePathParameters = {
 	id: string;
 };
 export type GetRole200 = {
-	data: AuthtypesRoleDTO;
+	data: RoletypesRoleDTO;
 	/**
 	 * @type string
 	 */
@@ -3290,7 +3373,7 @@ export type ListUsers200 = {
 	/**
 	 * @type array
 	 */
-	data: UsertypesUserDTO[];
+	data: TypesUserDTO[];
 	/**
 	 * @type string
 	 */
@@ -3304,7 +3387,7 @@ export type GetUserPathParameters = {
 	id: string;
 };
 export type GetUser200 = {
-	data: UsertypesUserDTO;
+	data: TypesUserDTO;
 	/**
 	 * @type string
 	 */
@@ -3315,7 +3398,7 @@ export type UpdateUserPathParameters = {
 	id: string;
 };
 export type UpdateUser200 = {
-	data: UsertypesUserDTO;
+	data: TypesUserDTO;
 	/**
 	 * @type string
 	 */
@@ -3323,7 +3406,7 @@ export type UpdateUser200 = {
 };

 export type GetMyUser200 = {
-	data: UsertypesUserDTO;
+	data: TypesUserDTO;
 	/**
 	 * @type string
 	 */
--- a/frontend/src/api/generated/services/users/index.ts
+++ b/frontend/src/api/generated/services/users/index.ts
@@ -38,18 +38,18 @@ import type {
 	ListUsers200,
 	RenderErrorResponseDTO,
 	RevokeAPIKeyPathParameters,
+	TypesChangePasswordRequestDTO,
+	TypesPostableAcceptInviteDTO,
+	TypesPostableAPIKeyDTO,
+	TypesPostableBulkInviteRequestDTO,
+	TypesPostableForgotPasswordDTO,
+	TypesPostableInviteDTO,
+	TypesPostableResetPasswordDTO,
+	TypesStorableAPIKeyDTO,
+	TypesUserDTO,
 	UpdateAPIKeyPathParameters,
 	UpdateUser200,
 	UpdateUserPathParameters,
-	UsertypesChangePasswordRequestDTO,
-	UsertypesPostableAcceptInviteDTO,
-	UsertypesPostableAPIKeyDTO,
-	UsertypesPostableBulkInviteRequestDTO,
-	UsertypesPostableForgotPasswordDTO,
-	UsertypesPostableInviteDTO,
-	UsertypesPostableResetPasswordDTO,
-	UsertypesStorableAPIKeyDTO,
-	UsertypesUserDTO,
 } from '../sigNoz.schemas';

 /**
@@ -58,14 +58,14 @@ import type {
 */
 export const changePassword = (
 	{ id }: ChangePasswordPathParameters,
-	usertypesChangePasswordRequestDTO: BodyType<UsertypesChangePasswordRequestDTO>,
+	typesChangePasswordRequestDTO: BodyType<TypesChangePasswordRequestDTO>,
 	signal?: AbortSignal,
 ) => {
 	return GeneratedAPIInstance<void>({
 		url: `/api/v1/changePassword/${id}`,
 		method: 'POST',
 		headers: { 'Content-Type': 'application/json' },
-		data: usertypesChangePasswordRequestDTO,
+		data: typesChangePasswordRequestDTO,
 		signal,
 	});
 };
@@ -79,7 +79,7 @@ export const getChangePasswordMutationOptions = <
 		TError,
 		{
 			pathParams: ChangePasswordPathParameters;
-			data: BodyType<UsertypesChangePasswordRequestDTO>;
+			data: BodyType<TypesChangePasswordRequestDTO>;
 		},
 		TContext
 	>;
@@ -88,7 +88,7 @@ export const getChangePasswordMutationOptions = <
 	TError,
 	{
 		pathParams: ChangePasswordPathParameters;
-		data: BodyType<UsertypesChangePasswordRequestDTO>;
+		data: BodyType<TypesChangePasswordRequestDTO>;
 	},
 	TContext
 > => {
@@ -105,7 +105,7 @@ export const getChangePasswordMutationOptions = <
 		Awaited<ReturnType<typeof changePassword>>,
 		{
 			pathParams: ChangePasswordPathParameters;
-			data: BodyType<UsertypesChangePasswordRequestDTO>;
+			data: BodyType<TypesChangePasswordRequestDTO>;
 		}
 	> = (props) => {
 		const { pathParams, data } = props ?? {};
@@ -119,7 +119,7 @@ export const getChangePasswordMutationOptions = <
 export type ChangePasswordMutationResult = NonNullable<
 	Awaited<ReturnType<typeof changePassword>>
 >;
-export type ChangePasswordMutationBody = BodyType<UsertypesChangePasswordRequestDTO>;
+export type ChangePasswordMutationBody = BodyType<TypesChangePasswordRequestDTO>;
 export type ChangePasswordMutationError = ErrorType<RenderErrorResponseDTO>;

 /**
@@ -134,7 +134,7 @@ export const useChangePassword = <
 		TError,
 		{
 			pathParams: ChangePasswordPathParameters;
-			data: BodyType<UsertypesChangePasswordRequestDTO>;
+			data: BodyType<TypesChangePasswordRequestDTO>;
 		},
 		TContext
 	>;
@@ -143,7 +143,7 @@ export const useChangePassword = <
 	TError,
 	{
 		pathParams: ChangePasswordPathParameters;
-		data: BodyType<UsertypesChangePasswordRequestDTO>;
+		data: BodyType<TypesChangePasswordRequestDTO>;
 	},
 	TContext
 > => {
@@ -338,14 +338,14 @@ export const invalidateListInvite = async (
 * @summary Create invite
 */
 export const createInvite = (
-	usertypesPostableInviteDTO: BodyType<UsertypesPostableInviteDTO>,
+	typesPostableInviteDTO: BodyType<TypesPostableInviteDTO>,
 	signal?: AbortSignal,
 ) => {
 	return GeneratedAPIInstance<CreateInvite201>({
 		url: `/api/v1/invite`,
 		method: 'POST',
 		headers: { 'Content-Type': 'application/json' },
-		data: usertypesPostableInviteDTO,
+		data: typesPostableInviteDTO,
 		signal,
 	});
 };
@@ -357,13 +357,13 @@ export const getCreateInviteMutationOptions = <
 	mutation?: UseMutationOptions<
 		Awaited<ReturnType<typeof createInvite>>,
 		TError,
-		{ data: BodyType<UsertypesPostableInviteDTO> },
+		{ data: BodyType<TypesPostableInviteDTO> },
 		TContext
 	>;
 }): UseMutationOptions<
 	Awaited<ReturnType<typeof createInvite>>,
 	TError,
-	{ data: BodyType<UsertypesPostableInviteDTO> },
+	{ data: BodyType<TypesPostableInviteDTO> },
 	TContext
 > => {
 	const mutationKey = ['createInvite'];
@@ -377,7 +377,7 @@ export const getCreateInviteMutationOptions = <

 	const mutationFn: MutationFunction<
 		Awaited<ReturnType<typeof createInvite>>,
-		{ data: BodyType<UsertypesPostableInviteDTO> }
+		{ data: BodyType<TypesPostableInviteDTO> }
 	> = (props) => {
 		const { data } = props ?? {};

@@ -390,7 +390,7 @@ export const getCreateInviteMutationOptions = <
 export type CreateInviteMutationResult = NonNullable<
 	Awaited<ReturnType<typeof createInvite>>
 >;
-export type CreateInviteMutationBody = BodyType<UsertypesPostableInviteDTO>;
+export type CreateInviteMutationBody = BodyType<TypesPostableInviteDTO>;
 export type CreateInviteMutationError = ErrorType<RenderErrorResponseDTO>;

 /**
@@ -403,13 +403,13 @@ export const useCreateInvite = <
 	mutation?: UseMutationOptions<
 		Awaited<ReturnType<typeof createInvite>>,
 		TError,
-		{ data: BodyType<UsertypesPostableInviteDTO> },
+		{ data: BodyType<TypesPostableInviteDTO> },
 		TContext
 	>;
 }): UseMutationResult<
 	Awaited<ReturnType<typeof createInvite>>,
 	TError,
-	{ data: BodyType<UsertypesPostableInviteDTO> },
+	{ data: BodyType<TypesPostableInviteDTO> },
 	TContext
 > => {
 	const mutationOptions = getCreateInviteMutationOptions(options);
@@ -589,14 +589,14 @@ export const invalidateGetInvite = async (
 * @summary Accept invite
 */
 export const acceptInvite = (
-	usertypesPostableAcceptInviteDTO: BodyType<UsertypesPostableAcceptInviteDTO>,
+	typesPostableAcceptInviteDTO: BodyType<TypesPostableAcceptInviteDTO>,
 	signal?: AbortSignal,
 ) => {
 	return GeneratedAPIInstance<AcceptInvite201>({
 		url: `/api/v1/invite/accept`,
 		method: 'POST',
 		headers: { 'Content-Type': 'application/json' },
-		data: usertypesPostableAcceptInviteDTO,
+		data: typesPostableAcceptInviteDTO,
 		signal,
 	});
 };
@@ -608,13 +608,13 @@ export const getAcceptInviteMutationOptions = <
 	mutation?: UseMutationOptions<
 		Awaited<ReturnType<typeof acceptInvite>>,
 		TError,
-		{ data: BodyType<UsertypesPostableAcceptInviteDTO> },
+		{ data: BodyType<TypesPostableAcceptInviteDTO> },
 		TContext
 	>;
 }): UseMutationOptions<
 	Awaited<ReturnType<typeof acceptInvite>>,
 	TError,
-	{ data: BodyType<UsertypesPostableAcceptInviteDTO> },
+	{ data: BodyType<TypesPostableAcceptInviteDTO> },
 	TContext
 > => {
 	const mutationKey = ['acceptInvite'];
@@ -628,7 +628,7 @@ export const getAcceptInviteMutationOptions = <

 	const mutationFn: MutationFunction<
 		Awaited<ReturnType<typeof acceptInvite>>,
-		{ data: BodyType<UsertypesPostableAcceptInviteDTO> }
+		{ data: BodyType<TypesPostableAcceptInviteDTO> }
 	> = (props) => {
 		const { data } = props ?? {};

@@ -641,7 +641,7 @@ export const getAcceptInviteMutationOptions = <
 export type AcceptInviteMutationResult = NonNullable<
 	Awaited<ReturnType<typeof acceptInvite>>
 >;
-export type AcceptInviteMutationBody = BodyType<UsertypesPostableAcceptInviteDTO>;
+export type AcceptInviteMutationBody = BodyType<TypesPostableAcceptInviteDTO>;
 export type AcceptInviteMutationError = ErrorType<RenderErrorResponseDTO>;

 /**
@@ -654,13 +654,13 @@ export const useAcceptInvite = <
 	mutation?: UseMutationOptions<
 		Awaited<ReturnType<typeof acceptInvite>>,
 		TError,
-		{ data: BodyType<UsertypesPostableAcceptInviteDTO> },
+		{ data: BodyType<TypesPostableAcceptInviteDTO> },
 		TContext
 	>;
 }): UseMutationResult<
 	Awaited<ReturnType<typeof acceptInvite>>,
 	TError,
-	{ data: BodyType<UsertypesPostableAcceptInviteDTO> },
+	{ data: BodyType<TypesPostableAcceptInviteDTO> },
 	TContext
 > => {
 	const mutationOptions = getAcceptInviteMutationOptions(options);
@@ -672,14 +672,14 @@ export const useAcceptInvite = <
 * @summary Create bulk invite
 */
 export const createBulkInvite = (
-	usertypesPostableBulkInviteRequestDTO: BodyType<UsertypesPostableBulkInviteRequestDTO>,
+	typesPostableBulkInviteRequestDTO: BodyType<TypesPostableBulkInviteRequestDTO>,
 	signal?: AbortSignal,
 ) => {
 	return GeneratedAPIInstance<void>({
 		url: `/api/v1/invite/bulk`,
 		method: 'POST',
 		headers: { 'Content-Type': 'application/json' },
-		data: usertypesPostableBulkInviteRequestDTO,
+		data: typesPostableBulkInviteRequestDTO,
 		signal,
 	});
 };
@@ -691,13 +691,13 @@ export const getCreateBulkInviteMutationOptions = <
 	mutation?: UseMutationOptions<
 		Awaited<ReturnType<typeof createBulkInvite>>,
 		TError,
-		{ data: BodyType<UsertypesPostableBulkInviteRequestDTO> },
+		{ data: BodyType<TypesPostableBulkInviteRequestDTO> },
 		TContext
 	>;
 }): UseMutationOptions<
 	Awaited<ReturnType<typeof createBulkInvite>>,
 	TError,
-	{ data: BodyType<UsertypesPostableBulkInviteRequestDTO> },
+	{ data: BodyType<TypesPostableBulkInviteRequestDTO> },
 	TContext
 > => {
 	const mutationKey = ['createBulkInvite'];
@@ -711,7 +711,7 @@ export const getCreateBulkInviteMutationOptions = <

 	const mutationFn: MutationFunction<
 		Awaited<ReturnType<typeof createBulkInvite>>,
-		{ data: BodyType<UsertypesPostableBulkInviteRequestDTO> }
+		{ data: BodyType<TypesPostableBulkInviteRequestDTO> }
 	> = (props) => {
 		const { data } = props ?? {};

@@ -724,7 +724,7 @@ export const getCreateBulkInviteMutationOptions = <
 export type CreateBulkInviteMutationResult = NonNullable<
 	Awaited<ReturnType<typeof createBulkInvite>>
 >;
-export type CreateBulkInviteMutationBody = BodyType<UsertypesPostableBulkInviteRequestDTO>;
+export type CreateBulkInviteMutationBody = BodyType<TypesPostableBulkInviteRequestDTO>;
 export type CreateBulkInviteMutationError = ErrorType<RenderErrorResponseDTO>;

 /**
@@ -737,13 +737,13 @@ export const useCreateBulkInvite = <
 	mutation?: UseMutationOptions<
 		Awaited<ReturnType<typeof createBulkInvite>>,
 		TError,
-		{ data: BodyType<UsertypesPostableBulkInviteRequestDTO> },
+		{ data: BodyType<TypesPostableBulkInviteRequestDTO> },
 		TContext
 	>;
 }): UseMutationResult<
 	Awaited<ReturnType<typeof createBulkInvite>>,
 	TError,
-	{ data: BodyType<UsertypesPostableBulkInviteRequestDTO> },
+	{ data: BodyType<TypesPostableBulkInviteRequestDTO> },
 	TContext
 > => {
 	const mutationOptions = getCreateBulkInviteMutationOptions(options);
@@ -841,14 +841,14 @@ export const invalidateListAPIKeys = async (
 * @summary Create api key
 */
 export const createAPIKey = (
-	usertypesPostableAPIKeyDTO: BodyType<UsertypesPostableAPIKeyDTO>,
+	typesPostableAPIKeyDTO: BodyType<TypesPostableAPIKeyDTO>,
 	signal?: AbortSignal,
 ) => {
 	return GeneratedAPIInstance<CreateAPIKey201>({
 		url: `/api/v1/pats`,
 		method: 'POST',
 		headers: { 'Content-Type': 'application/json' },
-		data: usertypesPostableAPIKeyDTO,
+		data: typesPostableAPIKeyDTO,
 		signal,
 	});
 };
@@ -860,13 +860,13 @@ export const getCreateAPIKeyMutationOptions = <
 	mutation?: UseMutationOptions<
 		Awaited<ReturnType<typeof createAPIKey>>,
 		TError,
-		{ data: BodyType<UsertypesPostableAPIKeyDTO> },
+		{ data: BodyType<TypesPostableAPIKeyDTO> },
 		TContext
 	>;
 }): UseMutationOptions<
 	Awaited<ReturnType<typeof createAPIKey>>,
 	TError,
-	{ data: BodyType<UsertypesPostableAPIKeyDTO> },
+	{ data: BodyType<TypesPostableAPIKeyDTO> },
 	TContext
 > => {
 	const mutationKey = ['createAPIKey'];
@@ -880,7 +880,7 @@ export const getCreateAPIKeyMutationOptions = <

 	const mutationFn: MutationFunction<
 		Awaited<ReturnType<typeof createAPIKey>>,
-		{ data: BodyType<UsertypesPostableAPIKeyDTO> }
+		{ data: BodyType<TypesPostableAPIKeyDTO> }
 	> = (props) => {
 		const { data } = props ?? {};

@@ -893,7 +893,7 @@ export const getCreateAPIKeyMutationOptions = <
 export type CreateAPIKeyMutationResult = NonNullable<
 	Awaited<ReturnType<typeof createAPIKey>>
 >;
-export type CreateAPIKeyMutationBody = BodyType<UsertypesPostableAPIKeyDTO>;
+export type CreateAPIKeyMutationBody = BodyType<TypesPostableAPIKeyDTO>;
 export type CreateAPIKeyMutationError = ErrorType<RenderErrorResponseDTO>;

 /**
@@ -906,13 +906,13 @@ export const useCreateAPIKey = <
 	mutation?: UseMutationOptions<
 		Awaited<ReturnType<typeof createAPIKey>>,
 		TError,
-		{ data: BodyType<UsertypesPostableAPIKeyDTO> },
+		{ data: BodyType<TypesPostableAPIKeyDTO> },
 		TContext
 	>;
 }): UseMutationResult<
 	Awaited<ReturnType<typeof createAPIKey>>,
 	TError,
-	{ data: BodyType<UsertypesPostableAPIKeyDTO> },
+	{ data: BodyType<TypesPostableAPIKeyDTO> },
 	TContext
 > => {
 	const mutationOptions = getCreateAPIKeyMutationOptions(options);
@@ -1002,13 +1002,13 @@ export const useRevokeAPIKey = <
 */
 export const updateAPIKey = (
 	{ id }: UpdateAPIKeyPathParameters,
-	usertypesStorableAPIKeyDTO: BodyType<UsertypesStorableAPIKeyDTO>,
+	typesStorableAPIKeyDTO: BodyType<TypesStorableAPIKeyDTO>,
 ) => {
 	return GeneratedAPIInstance<string>({
 		url: `/api/v1/pats/${id}`,
 		method: 'PUT',
 		headers: { 'Content-Type': 'application/json' },
-		data: usertypesStorableAPIKeyDTO,
+		data: typesStorableAPIKeyDTO,
 	});
 };

@@ -1021,7 +1021,7 @@ export const getUpdateAPIKeyMutationOptions = <
 		TError,
 		{
 			pathParams: UpdateAPIKeyPathParameters;
-			data: BodyType<UsertypesStorableAPIKeyDTO>;
+			data: BodyType<TypesStorableAPIKeyDTO>;
 		},
 		TContext
 	>;
@@ -1030,7 +1030,7 @@ export const getUpdateAPIKeyMutationOptions = <
 	TError,
 	{
 		pathParams: UpdateAPIKeyPathParameters;
-		data: BodyType<UsertypesStorableAPIKeyDTO>;
+		data: BodyType<TypesStorableAPIKeyDTO>;
 	},
 	TContext
 > => {
@@ -1047,7 +1047,7 @@ export const getUpdateAPIKeyMutationOptions = <
 		Awaited<ReturnType<typeof updateAPIKey>>,
 		{
 			pathParams: UpdateAPIKeyPathParameters;
-			data: BodyType<UsertypesStorableAPIKeyDTO>;
+			data: BodyType<TypesStorableAPIKeyDTO>;
 		}
 	> = (props) => {
 		const { pathParams, data } = props ?? {};
@@ -1061,7 +1061,7 @@ export const getUpdateAPIKeyMutationOptions = <
 export type UpdateAPIKeyMutationResult = NonNullable<
 	Awaited<ReturnType<typeof updateAPIKey>>
 >;
-export type UpdateAPIKeyMutationBody = BodyType<UsertypesStorableAPIKeyDTO>;
+export type UpdateAPIKeyMutationBody = BodyType<TypesStorableAPIKeyDTO>;
 export type UpdateAPIKeyMutationError = ErrorType<RenderErrorResponseDTO>;

 /**
@@ -1076,7 +1076,7 @@ export const useUpdateAPIKey = <
 		TError,
 		{
 			pathParams: UpdateAPIKeyPathParameters;
-			data: BodyType<UsertypesStorableAPIKeyDTO>;
+			data: BodyType<TypesStorableAPIKeyDTO>;
 		},
 		TContext
 	>;
@@ -1085,7 +1085,7 @@ export const useUpdateAPIKey = <
 	TError,
 	{
 		pathParams: UpdateAPIKeyPathParameters;
-		data: BodyType<UsertypesStorableAPIKeyDTO>;
+		data: BodyType<TypesStorableAPIKeyDTO>;
 	},
 	TContext
 > => {
@@ -1098,14 +1098,14 @@ export const useUpdateAPIKey = <
 * @summary Reset password
 */
 export const resetPassword = (
-	usertypesPostableResetPasswordDTO: BodyType<UsertypesPostableResetPasswordDTO>,
+	typesPostableResetPasswordDTO: BodyType<TypesPostableResetPasswordDTO>,
 	signal?: AbortSignal,
 ) => {
 	return GeneratedAPIInstance<void>({
 		url: `/api/v1/resetPassword`,
 		method: 'POST',
 		headers: { 'Content-Type': 'application/json' },
-		data: usertypesPostableResetPasswordDTO,
+		data: typesPostableResetPasswordDTO,
 		signal,
 	});
 };
@@ -1117,13 +1117,13 @@ export const getResetPasswordMutationOptions = <
 	mutation?: UseMutationOptions<
 		Awaited<ReturnType<typeof resetPassword>>,
 		TError,
-		{ data: BodyType<UsertypesPostableResetPasswordDTO> },
+		{ data: BodyType<TypesPostableResetPasswordDTO> },
 		TContext
 	>;
 }): UseMutationOptions<
 	Awaited<ReturnType<typeof resetPassword>>,
 	TError,
-	{ data: BodyType<UsertypesPostableResetPasswordDTO> },
+	{ data: BodyType<TypesPostableResetPasswordDTO> },
 	TContext
 > => {
 	const mutationKey = ['resetPassword'];
@@ -1137,7 +1137,7 @@ export const getResetPasswordMutationOptions = <

 	const mutationFn: MutationFunction<
 		Awaited<ReturnType<typeof resetPassword>>,
-		{ data: BodyType<UsertypesPostableResetPasswordDTO> }
+		{ data: BodyType<TypesPostableResetPasswordDTO> }
 	> = (props) => {
 		const { data } = props ?? {};

@@ -1150,7 +1150,7 @@ export const getResetPasswordMutationOptions = <
 export type ResetPasswordMutationResult = NonNullable<
 	Awaited<ReturnType<typeof resetPassword>>
 >;
-export type ResetPasswordMutationBody = BodyType<UsertypesPostableResetPasswordDTO>;
+export type ResetPasswordMutationBody = BodyType<TypesPostableResetPasswordDTO>;
 export type ResetPasswordMutationError = ErrorType<RenderErrorResponseDTO>;

 /**
@@ -1163,13 +1163,13 @@ export const useResetPassword = <
 	mutation?: UseMutationOptions<
 		Awaited<ReturnType<typeof resetPassword>>,
 		TError,
-		{ data: BodyType<UsertypesPostableResetPasswordDTO> },
+		{ data: BodyType<TypesPostableResetPasswordDTO> },
 		TContext
 	>;
 }): UseMutationResult<
 	Awaited<ReturnType<typeof resetPassword>>,
 	TError,
-	{ data: BodyType<UsertypesPostableResetPasswordDTO> },
+	{ data: BodyType<TypesPostableResetPasswordDTO> },
 	TContext
 > => {
 	const mutationOptions = getResetPasswordMutationOptions(options);
@@ -1428,13 +1428,13 @@ export const invalidateGetUser = async (
 */
 export const updateUser = (
 	{ id }: UpdateUserPathParameters,
-	usertypesUserDTO: BodyType<UsertypesUserDTO>,
+	typesUserDTO: BodyType<TypesUserDTO>,
 ) => {
 	return GeneratedAPIInstance<UpdateUser200>({
 		url: `/api/v1/user/${id}`,
 		method: 'PUT',
 		headers: { 'Content-Type': 'application/json' },
-		data: usertypesUserDTO,
+		data: typesUserDTO,
 	});
 };

@@ -1445,13 +1445,13 @@ export const getUpdateUserMutationOptions = <
 	mutation?: UseMutationOptions<
 		Awaited<ReturnType<typeof updateUser>>,
 		TError,
-		{ pathParams: UpdateUserPathParameters; data: BodyType<UsertypesUserDTO> },
+		{ pathParams: UpdateUserPathParameters; data: BodyType<TypesUserDTO> },
 		TContext
 	>;
 }): UseMutationOptions<
 	Awaited<ReturnType<typeof updateUser>>,
 	TError,
-	{ pathParams: UpdateUserPathParameters; data: BodyType<UsertypesUserDTO> },
+	{ pathParams: UpdateUserPathParameters; data: BodyType<TypesUserDTO> },
 	TContext
 > => {
 	const mutationKey = ['updateUser'];
@@ -1465,7 +1465,7 @@ export const getUpdateUserMutationOptions = <

 	const mutationFn: MutationFunction<
 		Awaited<ReturnType<typeof updateUser>>,
-		{ pathParams: UpdateUserPathParameters; data: BodyType<UsertypesUserDTO> }
+		{ pathParams: UpdateUserPathParameters; data: BodyType<TypesUserDTO> }
 	> = (props) => {
 		const { pathParams, data } = props ?? {};

@@ -1478,7 +1478,7 @@ export const getUpdateUserMutationOptions = <
 export type UpdateUserMutationResult = NonNullable<
 	Awaited<ReturnType<typeof updateUser>>
 >;
-export type UpdateUserMutationBody = BodyType<UsertypesUserDTO>;
+export type UpdateUserMutationBody = BodyType<TypesUserDTO>;
 export type UpdateUserMutationError = ErrorType<RenderErrorResponseDTO>;

 /**
@@ -1491,13 +1491,13 @@ export const useUpdateUser = <
 	mutation?: UseMutationOptions<
 		Awaited<ReturnType<typeof updateUser>>,
 		TError,
-		{ pathParams: UpdateUserPathParameters; data: BodyType<UsertypesUserDTO> },
+		{ pathParams: UpdateUserPathParameters; data: BodyType<TypesUserDTO> },
 		TContext
 	>;
 }): UseMutationResult<
 	Awaited<ReturnType<typeof updateUser>>,
 	TError,
-	{ pathParams: UpdateUserPathParameters; data: BodyType<UsertypesUserDTO> },
+	{ pathParams: UpdateUserPathParameters; data: BodyType<TypesUserDTO> },
 	TContext
 > => {
 	const mutationOptions = getUpdateUserMutationOptions(options);
@@ -1587,14 +1587,14 @@ export const invalidateGetMyUser = async (
 * @summary Forgot password
 */
 export const forgotPassword = (
-	usertypesPostableForgotPasswordDTO: BodyType<UsertypesPostableForgotPasswordDTO>,
+	typesPostableForgotPasswordDTO: BodyType<TypesPostableForgotPasswordDTO>,
 	signal?: AbortSignal,
 ) => {
 	return GeneratedAPIInstance<void>({
 		url: `/api/v2/factor_password/forgot`,
 		method: 'POST',
 		headers: { 'Content-Type': 'application/json' },
-		data: usertypesPostableForgotPasswordDTO,
+		data: typesPostableForgotPasswordDTO,
 		signal,
 	});
 };
@@ -1606,13 +1606,13 @@ export const getForgotPasswordMutationOptions = <
 	mutation?: UseMutationOptions<
 		Awaited<ReturnType<typeof forgotPassword>>,
 		TError,
-		{ data: BodyType<UsertypesPostableForgotPasswordDTO> },
+		{ data: BodyType<TypesPostableForgotPasswordDTO> },
 		TContext
 	>;
 }): UseMutationOptions<
 	Awaited<ReturnType<typeof forgotPassword>>,
 	TError,
-	{ data: BodyType<UsertypesPostableForgotPasswordDTO> },
+	{ data: BodyType<TypesPostableForgotPasswordDTO> },
 	TContext
 > => {
 	const mutationKey = ['forgotPassword'];
@@ -1626,7 +1626,7 @@ export const getForgotPasswordMutationOptions = <

 	const mutationFn: MutationFunction<
 		Awaited<ReturnType<typeof forgotPassword>>,
-		{ data: BodyType<UsertypesPostableForgotPasswordDTO> }
+		{ data: BodyType<TypesPostableForgotPasswordDTO> }
 	> = (props) => {
 		const { data } = props ?? {};

@@ -1639,7 +1639,7 @@ export const getForgotPasswordMutationOptions = <
 export type ForgotPasswordMutationResult = NonNullable<
 	Awaited<ReturnType<typeof forgotPassword>>
 >;
-export type ForgotPasswordMutationBody = BodyType<UsertypesPostableForgotPasswordDTO>;
+export type ForgotPasswordMutationBody = BodyType<TypesPostableForgotPasswordDTO>;
 export type ForgotPasswordMutationError = ErrorType<RenderErrorResponseDTO>;

 /**
@@ -1652,13 +1652,13 @@ export const useForgotPassword = <
 	mutation?: UseMutationOptions<
 		Awaited<ReturnType<typeof forgotPassword>>,
 		TError,
-		{ data: BodyType<UsertypesPostableForgotPasswordDTO> },
+		{ data: BodyType<TypesPostableForgotPasswordDTO> },
 		TContext
 	>;
 }): UseMutationResult<
 	Awaited<ReturnType<typeof forgotPassword>>,
 	TError,
-	{ data: BodyType<UsertypesPostableForgotPasswordDTO> },
+	{ data: BodyType<TypesPostableForgotPasswordDTO> },
 	TContext
 > => {
 	const mutationOptions = getForgotPasswordMutationOptions(options);
--- a/frontend/src/container/RolesSettings/RolesComponents/CreateRoleModal.tsx
+++ b/frontend/src/container/RolesSettings/RolesComponents/CreateRoleModal.tsx
@@ -13,8 +13,8 @@ import {
 	usePatchRole,
 } from 'api/generated/services/role';
 import {
-	AuthtypesPostableRoleDTO,
 	RenderErrorResponseDTO,
+	RoletypesPostableRoleDTO,
 } from 'api/generated/services/sigNoz.schemas';
 import { ErrorType } from 'api/generatedAPIInstance';
 import ROUTES from 'constants/routes';
@@ -114,7 +114,7 @@ function CreateRoleModal({
 					data: { description: values.description || '' },
 				});
 			} else {
-				const data: AuthtypesPostableRoleDTO = {
+				const data: RoletypesPostableRoleDTO = {
 					name: values.name,
 					...(values.description ? { description: values.description } : {}),
 				};
--- a/frontend/src/container/RolesSettings/RolesComponents/RolesListingTable.tsx
+++ b/frontend/src/container/RolesSettings/RolesComponents/RolesListingTable.tsx
@@ -2,7 +2,7 @@ import { useCallback, useEffect, useMemo } from 'react';
 import { useHistory } from 'react-router-dom';
 import { Pagination, Skeleton } from 'antd';
 import { useListRoles } from 'api/generated/services/role';
-import { AuthtypesRoleDTO } from 'api/generated/services/sigNoz.schemas';
+import { RoletypesRoleDTO } from 'api/generated/services/sigNoz.schemas';
 import ErrorInPlace from 'components/ErrorInPlace/ErrorInPlace';
 import { DATE_TIME_FORMATS } from 'constants/dateTimeFormats';
 import ROUTES from 'constants/routes';
@@ -20,7 +20,7 @@ const PAGE_SIZE = 20;

 type DisplayItem =
 	| { type: 'section'; label: string; count?: number }
-	| { type: 'role'; role: AuthtypesRoleDTO };
+	| { type: 'role'; role: RoletypesRoleDTO };

 interface RolesListingTableProps {
 	searchQuery: string;
@@ -187,7 +187,7 @@ function RolesListingTable({
 	};

 	// todo: use table from periscope when its available for consumption
-	const renderRow = (role: AuthtypesRoleDTO): JSX.Element => (
+	const renderRow = (role: RoletypesRoleDTO): JSX.Element => (
 		<div
 			key={role.id}
 			className={`roles-table-row ${
--- a/frontend/src/mocks-server/mockdata/roles.ts
+++ b/frontend/src/mocks-server/mockdata/roles.ts
@@ -1,8 +1,8 @@
-import { AuthtypesRoleDTO } from 'api/generated/services/sigNoz.schemas';
+import { RoletypesRoleDTO } from 'api/generated/services/sigNoz.schemas';

 const orgId = '019ba2bb-2fa1-7b24-8159-cfca08617ef9';

-export const managedRoles: AuthtypesRoleDTO[] = [
+export const managedRoles: RoletypesRoleDTO[] = [
 	{
 		id: '019c24aa-2248-756f-9833-984f1ab63819',
 		createdAt: new Date('2026-02-03T18:00:55.624356Z'),
@@ -35,7 +35,7 @@ export const managedRoles: AuthtypesRoleDTO[] = [
 	},
 ];

-export const customRoles: AuthtypesRoleDTO[] = [
+export const customRoles: RoletypesRoleDTO[] = [
 	{
 		id: '019c24aa-3333-0001-aaaa-111111111111',
 		createdAt: new Date('2026-02-10T10:30:00.000Z'),
@@ -56,7 +56,7 @@ export const customRoles: AuthtypesRoleDTO[] = [
 	},
 ];

-export const allRoles: AuthtypesRoleDTO[] = [...managedRoles, ...customRoles];
+export const allRoles: RoletypesRoleDTO[] = [...managedRoles, ...customRoles];

 export const listRolesSuccessResponse = {
 	status: 'success',
--- a/pkg/apiserver/signozapiserver/authdomain.go
+++ b/pkg/apiserver/signozapiserver/authdomain.go
@@ -4,6 +4,7 @@ import (
 	"net/http"

 	"github.com/SigNoz/signoz/pkg/http/handler"
+	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/gorilla/mux"
 )
@@ -21,7 +22,7 @@ func (provider *provider) addAuthDomainRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -38,7 +39,7 @@ func (provider *provider) addAuthDomainRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusConflict},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPost).GetError(); err != nil {
 		return err
 	}
@@ -55,7 +56,7 @@ func (provider *provider) addAuthDomainRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusConflict},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPut).GetError(); err != nil {
 		return err
 	}
@@ -72,7 +73,7 @@ func (provider *provider) addAuthDomainRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusBadRequest},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodDelete).GetError(); err != nil {
 		return err
 	}
--- a/pkg/apiserver/signozapiserver/dashboard.go
+++ b/pkg/apiserver/signozapiserver/dashboard.go
@@ -25,7 +25,7 @@ func (provider *provider) addDashboardRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusCreated,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPost).GetError(); err != nil {
 		return err
 	}
@@ -42,7 +42,7 @@ func (provider *provider) addDashboardRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -59,7 +59,7 @@ func (provider *provider) addDashboardRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPut).GetError(); err != nil {
 		return err
 	}
@@ -76,7 +76,7 @@ func (provider *provider) addDashboardRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodDelete).GetError(); err != nil {
 		return err
 	}
--- a/pkg/apiserver/signozapiserver/fields.go
+++ b/pkg/apiserver/signozapiserver/fields.go
@@ -4,7 +4,7 @@ import (
 	"net/http"

 	"github.com/SigNoz/signoz/pkg/http/handler"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
 	"github.com/gorilla/mux"
 )
@@ -23,7 +23,7 @@ func (provider *provider) addFieldsRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleViewer),
+		SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -41,7 +41,7 @@ func (provider *provider) addFieldsRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleViewer),
+		SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
--- a/pkg/apiserver/signozapiserver/flagger.go
+++ b/pkg/apiserver/signozapiserver/flagger.go
@@ -4,7 +4,7 @@ import (
 	"net/http"

 	"github.com/SigNoz/signoz/pkg/http/handler"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/featuretypes"
 	"github.com/gorilla/mux"
 )
@@ -22,7 +22,7 @@ func (provider *provider) addFlaggerRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleViewer),
+		SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
--- a/pkg/apiserver/signozapiserver/gateway.go
+++ b/pkg/apiserver/signozapiserver/gateway.go
@@ -4,7 +4,7 @@ import (
 	"net/http"

 	"github.com/SigNoz/signoz/pkg/http/handler"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/gatewaytypes"
 	"github.com/gorilla/mux"
 )
@@ -23,7 +23,7 @@ func (provider *provider) addGatewayRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -41,7 +41,7 @@ func (provider *provider) addGatewayRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -58,7 +58,7 @@ func (provider *provider) addGatewayRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusCreated,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPost).GetError(); err != nil {
 		return err
 	}
@@ -75,7 +75,7 @@ func (provider *provider) addGatewayRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPatch).GetError(); err != nil {
 		return err
 	}
@@ -92,7 +92,7 @@ func (provider *provider) addGatewayRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodDelete).GetError(); err != nil {
 		return err
 	}
@@ -109,7 +109,7 @@ func (provider *provider) addGatewayRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusCreated,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPost).GetError(); err != nil {
 		return err
 	}
@@ -126,7 +126,7 @@ func (provider *provider) addGatewayRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPatch).GetError(); err != nil {
 		return err
 	}
@@ -143,7 +143,7 @@ func (provider *provider) addGatewayRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodDelete).GetError(); err != nil {
 		return err
 	}
--- a/pkg/apiserver/signozapiserver/global.go
+++ b/pkg/apiserver/signozapiserver/global.go
@@ -5,7 +5,6 @@ import (

 	"github.com/SigNoz/signoz/pkg/http/handler"
 	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/gorilla/mux"
 )

@@ -22,7 +21,7 @@ func (provider *provider) addGlobalRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleEditor),
+		SecuritySchemes:     newSecuritySchemes(types.RoleEditor),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
--- a/pkg/apiserver/signozapiserver/metricsexplorer.go
+++ b/pkg/apiserver/signozapiserver/metricsexplorer.go
@@ -4,7 +4,7 @@ import (
 	"net/http"

 	"github.com/SigNoz/signoz/pkg/http/handler"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/metricsexplorertypes"
 	"github.com/gorilla/mux"
 )
@@ -25,7 +25,7 @@ func (provider *provider) addMetricsExplorerRoutes(router *mux.Router) error {
 			SuccessStatusCode:   http.StatusOK,
 			ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusUnauthorized, http.StatusInternalServerError},
 			Deprecated:          false,
-			SecuritySchemes:     newSecuritySchemes(authtypes.RoleViewer),
+			SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
 		})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -44,7 +44,7 @@ func (provider *provider) addMetricsExplorerRoutes(router *mux.Router) error {
 			SuccessStatusCode:   http.StatusOK,
 			ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusUnauthorized, http.StatusInternalServerError},
 			Deprecated:          false,
-			SecuritySchemes:     newSecuritySchemes(authtypes.RoleViewer),
+			SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
 		})).Methods(http.MethodPost).GetError(); err != nil {
 		return err
 	}
@@ -63,7 +63,7 @@ func (provider *provider) addMetricsExplorerRoutes(router *mux.Router) error {
 			SuccessStatusCode:   http.StatusOK,
 			ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusUnauthorized, http.StatusInternalServerError},
 			Deprecated:          false,
-			SecuritySchemes:     newSecuritySchemes(authtypes.RoleViewer),
+			SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
 		})).Methods(http.MethodPost).GetError(); err != nil {
 		return err
 	}
@@ -83,7 +83,7 @@ func (provider *provider) addMetricsExplorerRoutes(router *mux.Router) error {
 			SuccessStatusCode:   http.StatusOK,
 			ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusUnauthorized, http.StatusNotFound, http.StatusInternalServerError},
 			Deprecated:          false,
-			SecuritySchemes:     newSecuritySchemes(authtypes.RoleViewer),
+			SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
 		})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -102,7 +102,7 @@ func (provider *provider) addMetricsExplorerRoutes(router *mux.Router) error {
 			SuccessStatusCode:   http.StatusOK,
 			ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusUnauthorized, http.StatusNotFound, http.StatusInternalServerError},
 			Deprecated:          false,
-			SecuritySchemes:     newSecuritySchemes(authtypes.RoleViewer),
+			SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
 		})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -121,7 +121,7 @@ func (provider *provider) addMetricsExplorerRoutes(router *mux.Router) error {
 			SuccessStatusCode:   http.StatusOK,
 			ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusUnauthorized, http.StatusInternalServerError},
 			Deprecated:          false,
-			SecuritySchemes:     newSecuritySchemes(authtypes.RoleEditor),
+			SecuritySchemes:     newSecuritySchemes(types.RoleEditor),
 		})).Methods(http.MethodPost).GetError(); err != nil {
 		return err
 	}
@@ -140,7 +140,7 @@ func (provider *provider) addMetricsExplorerRoutes(router *mux.Router) error {
 			SuccessStatusCode:   http.StatusOK,
 			ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusUnauthorized, http.StatusNotFound, http.StatusInternalServerError},
 			Deprecated:          false,
-			SecuritySchemes:     newSecuritySchemes(authtypes.RoleViewer),
+			SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
 		})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -159,7 +159,7 @@ func (provider *provider) addMetricsExplorerRoutes(router *mux.Router) error {
 			SuccessStatusCode:   http.StatusOK,
 			ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusUnauthorized, http.StatusNotFound, http.StatusInternalServerError},
 			Deprecated:          false,
-			SecuritySchemes:     newSecuritySchemes(authtypes.RoleViewer),
+			SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
 		})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -178,7 +178,7 @@ func (provider *provider) addMetricsExplorerRoutes(router *mux.Router) error {
 			SuccessStatusCode:   http.StatusOK,
 			ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusUnauthorized, http.StatusNotFound, http.StatusInternalServerError},
 			Deprecated:          false,
-			SecuritySchemes:     newSecuritySchemes(authtypes.RoleViewer),
+			SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
 		})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
--- a/pkg/apiserver/signozapiserver/org.go
+++ b/pkg/apiserver/signozapiserver/org.go
@@ -5,7 +5,6 @@ import (

 	"github.com/SigNoz/signoz/pkg/http/handler"
 	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/gorilla/mux"
 )

@@ -22,7 +21,7 @@ func (provider *provider) addOrgRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -39,7 +38,7 @@ func (provider *provider) addOrgRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusConflict, http.StatusBadRequest},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPut).GetError(); err != nil {
 		return err
 	}
--- a/pkg/apiserver/signozapiserver/preference.go
+++ b/pkg/apiserver/signozapiserver/preference.go
@@ -4,7 +4,7 @@ import (
 	"net/http"

 	"github.com/SigNoz/signoz/pkg/http/handler"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/preferencetypes"
 	"github.com/gorilla/mux"
 )
@@ -22,7 +22,7 @@ func (provider *provider) addPreferenceRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleViewer),
+		SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -39,7 +39,7 @@ func (provider *provider) addPreferenceRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{http.StatusNotFound},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleViewer),
+		SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -56,7 +56,7 @@ func (provider *provider) addPreferenceRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleViewer),
+		SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
 	})).Methods(http.MethodPut).GetError(); err != nil {
 		return err
 	}
@@ -73,7 +73,7 @@ func (provider *provider) addPreferenceRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -90,7 +90,7 @@ func (provider *provider) addPreferenceRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -107,7 +107,7 @@ func (provider *provider) addPreferenceRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPut).GetError(); err != nil {
 		return err
 	}
--- a/pkg/apiserver/signozapiserver/promote.go
+++ b/pkg/apiserver/signozapiserver/promote.go
@@ -4,7 +4,7 @@ import (
 	"net/http"

 	"github.com/SigNoz/signoz/pkg/http/handler"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/promotetypes"
 	"github.com/gorilla/mux"
 )
@@ -21,7 +21,7 @@ func (provider *provider) addPromoteRoutes(router *mux.Router) error {
 		ResponseContentType: "",
 		SuccessStatusCode:   http.StatusCreated,
 		ErrorStatusCodes:    []int{http.StatusBadRequest},
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleEditor),
+		SecuritySchemes:     newSecuritySchemes(types.RoleEditor),
 	})).Methods(http.MethodPost).GetError(); err != nil {
 		return err
 	}
@@ -37,7 +37,7 @@ func (provider *provider) addPromoteRoutes(router *mux.Router) error {
 		ResponseContentType: "",
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{http.StatusBadRequest},
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleViewer),
+		SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
--- a/pkg/apiserver/signozapiserver/provider.go
+++ b/pkg/apiserver/signozapiserver/provider.go
@@ -18,11 +18,12 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/modules/preference"
 	"github.com/SigNoz/signoz/pkg/modules/promote"
+	"github.com/SigNoz/signoz/pkg/modules/rawdataexport"
 	"github.com/SigNoz/signoz/pkg/modules/serviceaccount"
 	"github.com/SigNoz/signoz/pkg/modules/session"
 	"github.com/SigNoz/signoz/pkg/modules/user"
 	"github.com/SigNoz/signoz/pkg/querier"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
 	"github.com/SigNoz/signoz/pkg/zeus"
 	"github.com/gorilla/mux"
@@ -47,6 +48,7 @@ type provider struct {
 	gatewayHandler         gateway.Handler
 	fieldsHandler          fields.Handler
 	authzHandler           authz.Handler
+	rawDataExportHandler   rawdataexport.Handler
 	zeusHandler            zeus.Handler
 	querierHandler         querier.Handler
 	serviceAccountHandler  serviceaccount.Handler
@@ -69,6 +71,7 @@ func NewFactory(
 	gatewayHandler gateway.Handler,
 	fieldsHandler fields.Handler,
 	authzHandler authz.Handler,
+	rawDataExportHandler rawdataexport.Handler,
 	zeusHandler zeus.Handler,
 	querierHandler querier.Handler,
 	serviceAccountHandler serviceaccount.Handler,
@@ -94,6 +97,7 @@ func NewFactory(
 			gatewayHandler,
 			fieldsHandler,
 			authzHandler,
+			rawDataExportHandler,
 			zeusHandler,
 			querierHandler,
 			serviceAccountHandler,
@@ -121,6 +125,7 @@ func newProvider(
 	gatewayHandler gateway.Handler,
 	fieldsHandler fields.Handler,
 	authzHandler authz.Handler,
+	rawDataExportHandler rawdataexport.Handler,
 	zeusHandler zeus.Handler,
 	querierHandler querier.Handler,
 	serviceAccountHandler serviceaccount.Handler,
@@ -146,6 +151,7 @@ func newProvider(
 		gatewayHandler:         gatewayHandler,
 		fieldsHandler:          fieldsHandler,
 		authzHandler:           authzHandler,
+		rawDataExportHandler:   rawDataExportHandler,
 		zeusHandler:            zeusHandler,
 		querierHandler:         querierHandler,
 		serviceAccountHandler:  serviceAccountHandler,
@@ -221,6 +227,10 @@ func (provider *provider) AddToRouter(router *mux.Router) error {
 		return err
 	}

+	if err := provider.addRawDataExportRoutes(router); err != nil {
+		return err
+	}
+
 	if err := provider.addZeusRoutes(router); err != nil {
 		return err
 	}
@@ -236,7 +246,7 @@ func (provider *provider) AddToRouter(router *mux.Router) error {
 	return nil
 }

-func newSecuritySchemes(role authtypes.LegacyRole) []handler.OpenAPISecurityScheme {
+func newSecuritySchemes(role types.Role) []handler.OpenAPISecurityScheme {
 	return []handler.OpenAPISecurityScheme{
 		{Name: ctxtypes.AuthTypeAPIKey.StringValue(), Scopes: []string{role.String()}},
 		{Name: ctxtypes.AuthTypeTokenizer.StringValue(), Scopes: []string{role.String()}},
--- a/pkg/apiserver/signozapiserver/querier.go
+++ b/pkg/apiserver/signozapiserver/querier.go
@@ -4,7 +4,7 @@ import (
 	"net/http"

 	"github.com/SigNoz/signoz/pkg/http/handler"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types"
 	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
 	"github.com/gorilla/mux"
 )
@@ -446,7 +446,7 @@ func (provider *provider) addQuerierRoutes(router *mux.Router) error {
 		ResponseContentType: "application/json",
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{http.StatusBadRequest},
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleViewer),
+		SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
 	})).Methods(http.MethodPost).GetError(); err != nil {
 		return err
 	}
@@ -462,7 +462,7 @@ func (provider *provider) addQuerierRoutes(router *mux.Router) error {
 		ResponseContentType: "application/json",
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{http.StatusBadRequest},
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleViewer),
+		SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
 	})).Methods(http.MethodPost).GetError(); err != nil {
 		return err
 	}
--- a/pkg/apiserver/signozapiserver/rawDataExport.go
+++ b/pkg/apiserver/signozapiserver/rawDataExport.go
@@ -0,0 +1,47 @@
+package signozapiserver
+
+import (
+	"net/http"
+
+	"github.com/SigNoz/signoz/pkg/http/handler"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/types/exporttypes"
+	v5 "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
+	"github.com/gorilla/mux"
+)
+
+func (provider *provider) addRawDataExportRoutes(router *mux.Router) error {
+	if err := router.Handle("/api/v1/export_raw_data", handler.New(provider.authZ.ViewAccess(provider.rawDataExportHandler.ExportRawData), handler.OpenAPIDef{
+		ID:                  "HandleExportRawDataGET",
+		Tags:                []string{"logs", "traces"},
+		Summary:             "Export raw data",
+		Description:         "This endpoints allows simple query exporting raw data for traces and logs",
+		RequestQuery:        new(exporttypes.ExportRawDataQueryParams),
+		RequestContentType:  "",
+		Response:            nil,
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusOK,
+		ErrorStatusCodes:    []int{http.StatusBadRequest},
+		SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
+	})).Methods(http.MethodGet).GetError(); err != nil {
+		return err
+	}
+	if err := router.Handle("/api/v1/export_raw_data", handler.New(provider.authZ.ViewAccess(provider.rawDataExportHandler.ExportRawData), handler.OpenAPIDef{
+		ID:                  "HandleExportRawDataPOST",
+		Tags:                []string{"logs", "traces"},
+		Summary:             "Export raw data",
+		Description:         "This endpoints allows complex query exporting raw data for traces and logs",
+		Request:             new(v5.QueryRangeRequest),
+		RequestQuery:        new(exporttypes.ExportRawDataFormatQueryParam),
+		RequestContentType:  "application/json",
+		Response:            nil,
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusOK,
+		ErrorStatusCodes:    []int{http.StatusBadRequest},
+		SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
+	})).Methods(http.MethodPost).GetError(); err != nil {
+		return err
+	}
+
+	return nil
+}
--- a/pkg/apiserver/signozapiserver/role.go
+++ b/pkg/apiserver/signozapiserver/role.go
@@ -6,6 +6,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/http/handler"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/roletypes"
 	"github.com/gorilla/mux"
 )

@@ -15,14 +16,14 @@ func (provider *provider) addRoleRoutes(router *mux.Router) error {
 		Tags:                []string{"role"},
 		Summary:             "Create role",
 		Description:         "This endpoint creates a role",
-		Request:             new(authtypes.PostableRole),
+		Request:             new(roletypes.PostableRole),
 		RequestContentType:  "",
 		Response:            new(types.Identifiable),
 		ResponseContentType: "application/json",
 		SuccessStatusCode:   http.StatusCreated,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusConflict, http.StatusNotImplemented, http.StatusUnavailableForLegalReasons},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPost).GetError(); err != nil {
 		return err
 	}
@@ -34,12 +35,12 @@ func (provider *provider) addRoleRoutes(router *mux.Router) error {
 		Description:         "This endpoint lists all roles",
 		Request:             nil,
 		RequestContentType:  "",
-		Response:            make([]*authtypes.Role, 0),
+		Response:            make([]*roletypes.Role, 0),
 		ResponseContentType: "application/json",
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -51,12 +52,12 @@ func (provider *provider) addRoleRoutes(router *mux.Router) error {
 		Description:         "This endpoint gets a role",
 		Request:             nil,
 		RequestContentType:  "",
-		Response:            new(authtypes.Role),
+		Response:            new(roletypes.Role),
 		ResponseContentType: "application/json",
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -73,7 +74,7 @@ func (provider *provider) addRoleRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{http.StatusNotFound, http.StatusNotImplemented, http.StatusUnavailableForLegalReasons},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -83,14 +84,14 @@ func (provider *provider) addRoleRoutes(router *mux.Router) error {
 		Tags:                []string{"role"},
 		Summary:             "Patch role",
 		Description:         "This endpoint patches a role",
-		Request:             new(authtypes.PatchableRole),
+		Request:             new(roletypes.PatchableRole),
 		RequestContentType:  "",
 		Response:            nil,
 		ResponseContentType: "application/json",
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusNotFound, http.StatusNotImplemented, http.StatusUnavailableForLegalReasons},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPatch).GetError(); err != nil {
 		return err
 	}
@@ -107,7 +108,7 @@ func (provider *provider) addRoleRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusNotFound, http.StatusBadRequest, http.StatusNotImplemented, http.StatusUnavailableForLegalReasons},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPatch).GetError(); err != nil {
 		return err
 	}
@@ -124,7 +125,7 @@ func (provider *provider) addRoleRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusNotFound, http.StatusNotImplemented, http.StatusUnavailableForLegalReasons},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodDelete).GetError(); err != nil {
 		return err
 	}
--- a/pkg/apiserver/signozapiserver/serviceaccount.go
+++ b/pkg/apiserver/signozapiserver/serviceaccount.go
@@ -5,7 +5,6 @@ import (

 	"github.com/SigNoz/signoz/pkg/http/handler"
 	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/types/serviceaccounttypes"
 	"github.com/gorilla/mux"
 )
@@ -23,7 +22,7 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusCreated,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusConflict},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPost).GetError(); err != nil {
 		return err
 	}
@@ -40,7 +39,7 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -57,7 +56,7 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{http.StatusNotFound},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -74,7 +73,7 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusNotFound, http.StatusBadRequest},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPut).GetError(); err != nil {
 		return err
 	}
@@ -91,7 +90,7 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusNotFound, http.StatusBadRequest},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPut).GetError(); err != nil {
 		return err
 	}
@@ -108,7 +107,7 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusNotFound},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodDelete).GetError(); err != nil {
 		return err
 	}
@@ -125,7 +124,7 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusCreated,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusConflict},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPost).GetError(); err != nil {
 		return err
 	}
@@ -142,7 +141,7 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -159,7 +158,7 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPut).GetError(); err != nil {
 		return err
 	}
@@ -176,7 +175,7 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusNotFound},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodDelete).GetError(); err != nil {
 		return err
 	}
--- a/pkg/apiserver/signozapiserver/user.go
+++ b/pkg/apiserver/signozapiserver/user.go
@@ -4,9 +4,8 @@ import (
 	"net/http"

 	"github.com/SigNoz/signoz/pkg/http/handler"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
-	"github.com/SigNoz/signoz/pkg/types/usertypes"
 	"github.com/gorilla/mux"
 )

@@ -16,14 +15,14 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		Tags:                []string{"users"},
 		Summary:             "Create invite",
 		Description:         "This endpoint creates an invite for a user",
-		Request:             new(usertypes.PostableInvite),
+		Request:             new(types.PostableInvite),
 		RequestContentType:  "application/json",
-		Response:            new(usertypes.Invite),
+		Response:            new(types.Invite),
 		ResponseContentType: "application/json",
 		SuccessStatusCode:   http.StatusCreated,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusConflict},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPost).GetError(); err != nil {
 		return err
 	}
@@ -33,13 +32,13 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		Tags:               []string{"users"},
 		Summary:            "Create bulk invite",
 		Description:        "This endpoint creates a bulk invite for a user",
-		Request:            new(usertypes.PostableBulkInviteRequest),
+		Request:            new(types.PostableBulkInviteRequest),
 		RequestContentType: "application/json",
 		Response:           nil,
 		SuccessStatusCode:  http.StatusCreated,
 		ErrorStatusCodes:   []int{http.StatusBadRequest, http.StatusConflict},
 		Deprecated:         false,
-		SecuritySchemes:    newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:    newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPost).GetError(); err != nil {
 		return err
 	}
@@ -51,7 +50,7 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		Description:         "This endpoint gets an invite by token",
 		Request:             nil,
 		RequestContentType:  "",
-		Response:            new(usertypes.Invite),
+		Response:            new(types.Invite),
 		ResponseContentType: "application/json",
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
@@ -73,7 +72,7 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodDelete).GetError(); err != nil {
 		return err
 	}
@@ -85,12 +84,12 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		Description:         "This endpoint lists all invites",
 		Request:             nil,
 		RequestContentType:  "",
-		Response:            make([]*usertypes.Invite, 0),
+		Response:            make([]*types.Invite, 0),
 		ResponseContentType: "application/json",
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -100,9 +99,9 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		Tags:                []string{"users"},
 		Summary:             "Accept invite",
 		Description:         "This endpoint accepts an invite by token",
-		Request:             new(usertypes.PostableAcceptInvite),
+		Request:             new(types.PostableAcceptInvite),
 		RequestContentType:  "application/json",
-		Response:            new(usertypes.User),
+		Response:            new(types.User),
 		ResponseContentType: "application/json",
 		SuccessStatusCode:   http.StatusCreated,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
@@ -117,14 +116,14 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		Tags:                []string{"users"},
 		Summary:             "Create api key",
 		Description:         "This endpoint creates an api key",
-		Request:             new(usertypes.PostableAPIKey),
+		Request:             new(types.PostableAPIKey),
 		RequestContentType:  "application/json",
-		Response:            new(usertypes.GettableAPIKey),
+		Response:            new(types.GettableAPIKey),
 		ResponseContentType: "application/json",
 		SuccessStatusCode:   http.StatusCreated,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusConflict},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPost).GetError(); err != nil {
 		return err
 	}
@@ -136,12 +135,12 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		Description:         "This endpoint lists all api keys",
 		Request:             nil,
 		RequestContentType:  "",
-		Response:            make([]*usertypes.GettableAPIKey, 0),
+		Response:            make([]*types.GettableAPIKey, 0),
 		ResponseContentType: "application/json",
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -151,14 +150,14 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		Tags:                []string{"users"},
 		Summary:             "Update api key",
 		Description:         "This endpoint updates an api key",
-		Request:             new(usertypes.StorableAPIKey),
+		Request:             new(types.StorableAPIKey),
 		RequestContentType:  "application/json",
 		Response:            nil,
 		ResponseContentType: "application/json",
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPut).GetError(); err != nil {
 		return err
 	}
@@ -175,7 +174,7 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusNotFound},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodDelete).GetError(); err != nil {
 		return err
 	}
@@ -187,12 +186,12 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		Description:         "This endpoint lists all users",
 		Request:             nil,
 		RequestContentType:  "",
-		Response:            make([]*usertypes.GettableUser, 0),
+		Response:            make([]*types.GettableUser, 0),
 		ResponseContentType: "application/json",
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -204,7 +203,7 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		Description:         "This endpoint returns the user I belong to",
 		Request:             nil,
 		RequestContentType:  "",
-		Response:            new(usertypes.GettableUser),
+		Response:            new(types.GettableUser),
 		ResponseContentType: "application/json",
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
@@ -221,12 +220,12 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		Description:         "This endpoint returns the user by id",
 		Request:             nil,
 		RequestContentType:  "",
-		Response:            new(usertypes.GettableUser),
+		Response:            new(types.GettableUser),
 		ResponseContentType: "application/json",
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{http.StatusNotFound},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -236,14 +235,14 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		Tags:                []string{"users"},
 		Summary:             "Update user",
 		Description:         "This endpoint updates the user by id",
-		Request:             new(usertypes.User),
+		Request:             new(types.User),
 		RequestContentType:  "application/json",
-		Response:            new(usertypes.GettableUser),
+		Response:            new(types.GettableUser),
 		ResponseContentType: "application/json",
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPut).GetError(); err != nil {
 		return err
 	}
@@ -260,7 +259,7 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusNotFound},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodDelete).GetError(); err != nil {
 		return err
 	}
@@ -272,12 +271,12 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		Description:         "This endpoint returns the reset password token by id",
 		Request:             nil,
 		RequestContentType:  "",
-		Response:            new(usertypes.ResetPasswordToken),
+		Response:            new(types.ResetPasswordToken),
 		ResponseContentType: "application/json",
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -287,7 +286,7 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		Tags:                []string{"users"},
 		Summary:             "Reset password",
 		Description:         "This endpoint resets the password by token",
-		Request:             new(usertypes.PostableResetPassword),
+		Request:             new(types.PostableResetPassword),
 		RequestContentType:  "application/json",
 		Response:            nil,
 		ResponseContentType: "",
@@ -304,14 +303,14 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		Tags:                []string{"users"},
 		Summary:             "Change password",
 		Description:         "This endpoint changes the password by id",
-		Request:             new(usertypes.ChangePasswordRequest),
+		Request:             new(types.ChangePasswordRequest),
 		RequestContentType:  "application/json",
 		Response:            nil,
 		ResponseContentType: "",
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPost).GetError(); err != nil {
 		return err
 	}
@@ -321,7 +320,7 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		Tags:                []string{"users"},
 		Summary:             "Forgot password",
 		Description:         "This endpoint initiates the forgot password flow by sending a reset password email",
-		Request:             new(usertypes.PostableForgotPassword),
+		Request:             new(types.PostableForgotPassword),
 		RequestContentType:  "application/json",
 		Response:            nil,
 		ResponseContentType: "",
--- a/pkg/apiserver/signozapiserver/zeus.go
+++ b/pkg/apiserver/signozapiserver/zeus.go
@@ -4,7 +4,7 @@ import (
 	"net/http"

 	"github.com/SigNoz/signoz/pkg/http/handler"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/zeustypes"
 	"github.com/gorilla/mux"
 )
@@ -22,7 +22,7 @@ func (provider *provider) addZeusRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusUnauthorized, http.StatusForbidden, http.StatusNotFound, http.StatusConflict},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPut).GetError(); err != nil {
 		return err
 	}
@@ -39,7 +39,7 @@ func (provider *provider) addZeusRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusUnauthorized, http.StatusForbidden, http.StatusNotFound},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -56,7 +56,7 @@ func (provider *provider) addZeusRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusUnauthorized, http.StatusForbidden, http.StatusNotFound, http.StatusConflict},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(authtypes.RoleAdmin),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPut).GetError(); err != nil {
 		return err
 	}
--- a/pkg/authn/authnstore/sqlauthnstore/store.go
+++ b/pkg/authn/authnstore/sqlauthnstore/store.go
@@ -4,6 +4,7 @@ import (
 	"context"

 	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 )
@@ -16,6 +17,37 @@ func NewStore(sqlstore sqlstore.SQLStore) authtypes.AuthNStore {
 	return &store{sqlstore: sqlstore}
 }

+func (store *store) GetActiveUserAndFactorPasswordByEmailAndOrgID(ctx context.Context, email string, orgID valuer.UUID) (*types.User, *types.FactorPassword, error) {
+	user := new(types.User)
+	factorPassword := new(types.FactorPassword)
+
+	err := store.
+		sqlstore.
+		BunDBCtx(ctx).
+		NewSelect().
+		Model(user).
+		Where("email = ?", email).
+		Where("org_id = ?", orgID).
+		Where("status = ?", types.UserStatusActive.StringValue()).
+		Scan(ctx)
+	if err != nil {
+		return nil, nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrCodeUserNotFound, "user with email %s in org %s not found", email, orgID)
+	}
+
+	err = store.
+		sqlstore.
+		BunDBCtx(ctx).
+		NewSelect().
+		Model(factorPassword).
+		Where("user_id = ?", user.ID).
+		Scan(ctx)
+	if err != nil {
+		return nil, nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrCodePasswordNotFound, "user with email %s in org %s does not have password", email, orgID)
+	}
+
+	return user, factorPassword, nil
+}
+
 func (store *store) GetAuthDomainFromID(ctx context.Context, domainID valuer.UUID) (*authtypes.AuthDomain, error) {
 	storableAuthDomain := new(authtypes.StorableAuthDomain)

--- a/pkg/authn/passwordauthn/emailpasswordauthn/authn.go
+++ b/pkg/authn/passwordauthn/emailpasswordauthn/authn.go
@@ -5,30 +5,29 @@ import (

 	"github.com/SigNoz/signoz/pkg/authn"
 	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/modules/user"
+	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/usertypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 )

 var _ authn.PasswordAuthN = (*AuthN)(nil)

 type AuthN struct {
-	userGetter user.Getter
+	store authtypes.AuthNStore
 }

-func New(userGetter user.Getter) *AuthN {
-	return &AuthN{userGetter: userGetter}
+func New(store authtypes.AuthNStore) *AuthN {
+	return &AuthN{store: store}
 }

 func (a *AuthN) Authenticate(ctx context.Context, email string, password string, orgID valuer.UUID) (*authtypes.Identity, error) {
-	user, factorPassword, err := a.userGetter.GetActiveUserAndFactorPasswordByEmailAndOrgID(ctx, email, orgID)
+	user, factorPassword, err := a.store.GetActiveUserAndFactorPasswordByEmailAndOrgID(ctx, email, orgID)
 	if err != nil {
 		return nil, err
 	}

 	if !factorPassword.Equals(password) {
-		return nil, errors.New(errors.TypeUnauthenticated, usertypes.ErrCodeIncorrectPassword, "invalid email or password")
+		return nil, errors.New(errors.TypeUnauthenticated, types.ErrCodeIncorrectPassword, "invalid email or password")
 	}

 	return authtypes.NewIdentity(user.ID, orgID, user.Email, user.Role), nil
--- a/pkg/authz/authz.go
+++ b/pkg/authz/authz.go
@@ -6,6 +6,7 @@ import (

 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/roletypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	openfgav1 "github.com/openfga/api/proto/openfga/v1"
 )
@@ -29,10 +30,10 @@ type AuthZ interface {
 	ListObjects(context.Context, string, authtypes.Relation, authtypes.Typeable) ([]*authtypes.Object, error)

 	// Creates the role.
-	Create(context.Context, valuer.UUID, *authtypes.Role) error
+	Create(context.Context, valuer.UUID, *roletypes.Role) error

 	// Gets the role if it exists or creates one.
-	GetOrCreate(context.Context, valuer.UUID, *authtypes.Role) (*authtypes.Role, error)
+	GetOrCreate(context.Context, valuer.UUID, *roletypes.Role) (*roletypes.Role, error)

 	// Gets the objects associated with the given role and relation.
 	GetObjects(context.Context, valuer.UUID, valuer.UUID, authtypes.Relation) ([]*authtypes.Object, error)
@@ -41,7 +42,7 @@ type AuthZ interface {
 	GetResources(context.Context) []*authtypes.Resource

 	// Patches the role.
-	Patch(context.Context, valuer.UUID, *authtypes.Role) error
+	Patch(context.Context, valuer.UUID, *roletypes.Role) error

 	// Patches the objects in authorization server associated with the given role and relation
 	PatchObjects(context.Context, valuer.UUID, string, authtypes.Relation, []*authtypes.Object, []*authtypes.Object) error
@@ -50,19 +51,19 @@ type AuthZ interface {
 	Delete(context.Context, valuer.UUID, valuer.UUID) error

 	// Gets the role
-	Get(context.Context, valuer.UUID, valuer.UUID) (*authtypes.Role, error)
+	Get(context.Context, valuer.UUID, valuer.UUID) (*roletypes.Role, error)

 	// Gets the role by org_id and name
-	GetByOrgIDAndName(context.Context, valuer.UUID, string) (*authtypes.Role, error)
+	GetByOrgIDAndName(context.Context, valuer.UUID, string) (*roletypes.Role, error)

 	// Lists all the roles for the organization.
-	List(context.Context, valuer.UUID) ([]*authtypes.Role, error)
+	List(context.Context, valuer.UUID) ([]*roletypes.Role, error)

 	//  Lists all the roles for the organization filtered by name
-	ListByOrgIDAndNames(context.Context, valuer.UUID, []string) ([]*authtypes.Role, error)
+	ListByOrgIDAndNames(context.Context, valuer.UUID, []string) ([]*roletypes.Role, error)

 	//  Lists all the roles for the organization filtered by ids
-	ListByOrgIDAndIDs(context.Context, valuer.UUID, []valuer.UUID) ([]*authtypes.Role, error)
+	ListByOrgIDAndIDs(context.Context, valuer.UUID, []valuer.UUID) ([]*roletypes.Role, error)

 	// Grants a role to the subject based on role name.
 	Grant(context.Context, valuer.UUID, []string, string) error
@@ -74,7 +75,7 @@ type AuthZ interface {
 	ModifyGrant(context.Context, valuer.UUID, []string, []string, string) error

 	// Bootstrap the managed roles.
-	CreateManagedRoles(context.Context, valuer.UUID, []*authtypes.Role) error
+	CreateManagedRoles(context.Context, valuer.UUID, []*roletypes.Role) error

 	// Bootstrap managed roles transactions and user assignments
 	CreateManagedUserRoleTransactions(context.Context, valuer.UUID, valuer.UUID) error
--- a/pkg/authz/authzstore/sqlauthzstore/store.go
+++ b/pkg/authz/authzstore/sqlauthzstore/store.go
@@ -5,7 +5,7 @@ import (

 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/roletypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/uptrace/bun"
 )
@@ -14,11 +14,11 @@ type store struct {
 	sqlstore sqlstore.SQLStore
 }

-func NewSqlAuthzStore(sqlstore sqlstore.SQLStore) authtypes.RoleStore {
+func NewSqlAuthzStore(sqlstore sqlstore.SQLStore) roletypes.Store {
 	return &store{sqlstore: sqlstore}
 }

-func (store *store) Create(ctx context.Context, role *authtypes.StorableRole) error {
+func (store *store) Create(ctx context.Context, role *roletypes.StorableRole) error {
 	_, err := store.
 		sqlstore.
 		BunDBCtx(ctx).
@@ -32,8 +32,8 @@ func (store *store) Create(ctx context.Context, role *authtypes.StorableRole) er
 	return nil
 }

-func (store *store) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*authtypes.StorableRole, error) {
-	role := new(authtypes.StorableRole)
+func (store *store) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*roletypes.StorableRole, error) {
+	role := new(roletypes.StorableRole)
 	err := store.
 		sqlstore.
 		BunDBCtx(ctx).
@@ -43,14 +43,14 @@ func (store *store) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID)
 		Where("id = ?", id).
 		Scan(ctx)
 	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, authtypes.ErrCodeRoleNotFound, "role with id: %s doesn't exist", id)
+		return nil, store.sqlstore.WrapNotFoundErrf(err, roletypes.ErrCodeRoleNotFound, "role with id: %s doesn't exist", id)
 	}

 	return role, nil
 }

-func (store *store) GetByOrgIDAndName(ctx context.Context, orgID valuer.UUID, name string) (*authtypes.StorableRole, error) {
-	role := new(authtypes.StorableRole)
+func (store *store) GetByOrgIDAndName(ctx context.Context, orgID valuer.UUID, name string) (*roletypes.StorableRole, error) {
+	role := new(roletypes.StorableRole)
 	err := store.
 		sqlstore.
 		BunDBCtx(ctx).
@@ -60,14 +60,14 @@ func (store *store) GetByOrgIDAndName(ctx context.Context, orgID valuer.UUID, na
 		Where("name = ?", name).
 		Scan(ctx)
 	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, authtypes.ErrCodeRoleNotFound, "role with name: %s doesn't exist", name)
+		return nil, store.sqlstore.WrapNotFoundErrf(err, roletypes.ErrCodeRoleNotFound, "role with name: %s doesn't exist", name)
 	}

 	return role, nil
 }

-func (store *store) List(ctx context.Context, orgID valuer.UUID) ([]*authtypes.StorableRole, error) {
-	roles := make([]*authtypes.StorableRole, 0)
+func (store *store) List(ctx context.Context, orgID valuer.UUID) ([]*roletypes.StorableRole, error) {
+	roles := make([]*roletypes.StorableRole, 0)
 	err := store.
 		sqlstore.
 		BunDBCtx(ctx).
@@ -82,8 +82,8 @@ func (store *store) List(ctx context.Context, orgID valuer.UUID) ([]*authtypes.S
 	return roles, nil
 }

-func (store *store) ListByOrgIDAndNames(ctx context.Context, orgID valuer.UUID, names []string) ([]*authtypes.StorableRole, error) {
-	roles := make([]*authtypes.StorableRole, 0)
+func (store *store) ListByOrgIDAndNames(ctx context.Context, orgID valuer.UUID, names []string) ([]*roletypes.StorableRole, error) {
+	roles := make([]*roletypes.StorableRole, 0)
 	err := store.
 		sqlstore.
 		BunDBCtx(ctx).
@@ -99,7 +99,7 @@ func (store *store) ListByOrgIDAndNames(ctx context.Context, orgID valuer.UUID,
 	if len(roles) != len(names) {
 		return nil, store.sqlstore.WrapNotFoundErrf(
 			nil,
-			authtypes.ErrCodeRoleNotFound,
+			roletypes.ErrCodeRoleNotFound,
 			"not all roles found for the provided names: %v", names,
 		)
 	}
@@ -107,8 +107,8 @@ func (store *store) ListByOrgIDAndNames(ctx context.Context, orgID valuer.UUID,
 	return roles, nil
 }

-func (store *store) ListByOrgIDAndIDs(ctx context.Context, orgID valuer.UUID, ids []valuer.UUID) ([]*authtypes.StorableRole, error) {
-	roles := make([]*authtypes.StorableRole, 0)
+func (store *store) ListByOrgIDAndIDs(ctx context.Context, orgID valuer.UUID, ids []valuer.UUID) ([]*roletypes.StorableRole, error) {
+	roles := make([]*roletypes.StorableRole, 0)
 	err := store.
 		sqlstore.
 		BunDBCtx(ctx).
@@ -124,7 +124,7 @@ func (store *store) ListByOrgIDAndIDs(ctx context.Context, orgID valuer.UUID, id
 	if len(roles) != len(ids) {
 		return nil, store.sqlstore.WrapNotFoundErrf(
 			nil,
-			authtypes.ErrCodeRoleNotFound,
+			roletypes.ErrCodeRoleNotFound,
 			"not all roles found for the provided ids: %v", ids,
 		)
 	}
@@ -132,7 +132,7 @@ func (store *store) ListByOrgIDAndIDs(ctx context.Context, orgID valuer.UUID, id
 	return roles, nil
 }

-func (store *store) Update(ctx context.Context, orgID valuer.UUID, role *authtypes.StorableRole) error {
+func (store *store) Update(ctx context.Context, orgID valuer.UUID, role *roletypes.StorableRole) error {
 	_, err := store.
 		sqlstore.
 		BunDBCtx(ctx).
@@ -153,12 +153,12 @@ func (store *store) Delete(ctx context.Context, orgID valuer.UUID, id valuer.UUI
 		sqlstore.
 		BunDBCtx(ctx).
 		NewDelete().
-		Model(new(authtypes.StorableRole)).
+		Model(new(roletypes.StorableRole)).
 		Where("org_id = ?", orgID).
 		Where("id = ?", id).
 		Exec(ctx)
 	if err != nil {
-		return store.sqlstore.WrapNotFoundErrf(err, authtypes.ErrCodeRoleNotFound, "role with id %s doesn't exist", id)
+		return store.sqlstore.WrapNotFoundErrf(err, roletypes.ErrCodeRoleNotFound, "role with id %s doesn't exist", id)
 	}

 	return nil
--- a/pkg/authz/openfgaauthz/provider.go
+++ b/pkg/authz/openfgaauthz/provider.go
@@ -8,6 +8,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/authz/openfgaserver"
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/roletypes"
 	"github.com/SigNoz/signoz/pkg/valuer"

 	"github.com/SigNoz/signoz/pkg/factory"
@@ -18,7 +19,7 @@ import (

 type provider struct {
 	server *openfgaserver.Server
-	store  authtypes.RoleStore
+	store  roletypes.Store
 }

 func NewProviderFactory(sqlstore sqlstore.SQLStore, openfgaSchema []openfgapkgtransformer.ModuleFile) factory.ProviderFactory[authz.AuthZ, authz.Config] {
@@ -67,61 +68,61 @@ func (provider *provider) ListObjects(ctx context.Context, subject string, relat
 	return provider.server.ListObjects(ctx, subject, relation, typeable)
 }

-func (provider *provider) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*authtypes.Role, error) {
+func (provider *provider) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*roletypes.Role, error) {
 	storableRole, err := provider.store.Get(ctx, orgID, id)
 	if err != nil {
 		return nil, err
 	}

-	return authtypes.NewRoleFromStorableRole(storableRole), nil
+	return roletypes.NewRoleFromStorableRole(storableRole), nil
 }

-func (provider *provider) GetByOrgIDAndName(ctx context.Context, orgID valuer.UUID, name string) (*authtypes.Role, error) {
+func (provider *provider) GetByOrgIDAndName(ctx context.Context, orgID valuer.UUID, name string) (*roletypes.Role, error) {
 	storableRole, err := provider.store.GetByOrgIDAndName(ctx, orgID, name)
 	if err != nil {
 		return nil, err
 	}

-	return authtypes.NewRoleFromStorableRole(storableRole), nil
+	return roletypes.NewRoleFromStorableRole(storableRole), nil
 }

-func (provider *provider) List(ctx context.Context, orgID valuer.UUID) ([]*authtypes.Role, error) {
+func (provider *provider) List(ctx context.Context, orgID valuer.UUID) ([]*roletypes.Role, error) {
 	storableRoles, err := provider.store.List(ctx, orgID)
 	if err != nil {
 		return nil, err
 	}

-	roles := make([]*authtypes.Role, len(storableRoles))
+	roles := make([]*roletypes.Role, len(storableRoles))
 	for idx, storableRole := range storableRoles {
-		roles[idx] = authtypes.NewRoleFromStorableRole(storableRole)
+		roles[idx] = roletypes.NewRoleFromStorableRole(storableRole)
 	}

 	return roles, nil
 }

-func (provider *provider) ListByOrgIDAndNames(ctx context.Context, orgID valuer.UUID, names []string) ([]*authtypes.Role, error) {
+func (provider *provider) ListByOrgIDAndNames(ctx context.Context, orgID valuer.UUID, names []string) ([]*roletypes.Role, error) {
 	storableRoles, err := provider.store.ListByOrgIDAndNames(ctx, orgID, names)
 	if err != nil {
 		return nil, err
 	}

-	roles := make([]*authtypes.Role, len(storableRoles))
+	roles := make([]*roletypes.Role, len(storableRoles))
 	for idx, storable := range storableRoles {
-		roles[idx] = authtypes.NewRoleFromStorableRole(storable)
+		roles[idx] = roletypes.NewRoleFromStorableRole(storable)
 	}

 	return roles, nil
 }

-func (provider *provider) ListByOrgIDAndIDs(ctx context.Context, orgID valuer.UUID, ids []valuer.UUID) ([]*authtypes.Role, error) {
+func (provider *provider) ListByOrgIDAndIDs(ctx context.Context, orgID valuer.UUID, ids []valuer.UUID) ([]*roletypes.Role, error) {
 	storableRoles, err := provider.store.ListByOrgIDAndIDs(ctx, orgID, ids)
 	if err != nil {
 		return nil, err
 	}

-	roles := make([]*authtypes.Role, len(storableRoles))
+	roles := make([]*roletypes.Role, len(storableRoles))
 	for idx, storable := range storableRoles {
-		roles[idx] = authtypes.NewRoleFromStorableRole(storable)
+		roles[idx] = roletypes.NewRoleFromStorableRole(storable)
 	}

 	return roles, nil
@@ -178,10 +179,10 @@ func (provider *provider) Revoke(ctx context.Context, orgID valuer.UUID, names [
 	return provider.Write(ctx, nil, tuples)
 }

-func (provider *provider) CreateManagedRoles(ctx context.Context, _ valuer.UUID, managedRoles []*authtypes.Role) error {
+func (provider *provider) CreateManagedRoles(ctx context.Context, _ valuer.UUID, managedRoles []*roletypes.Role) error {
 	err := provider.store.RunInTx(ctx, func(ctx context.Context) error {
 		for _, role := range managedRoles {
-			err := provider.store.Create(ctx, authtypes.NewStorableRoleFromRole(role))
+			err := provider.store.Create(ctx, roletypes.NewStorableRoleFromRole(role))
 			if err != nil {
 				return err
 			}
@@ -198,15 +199,15 @@ func (provider *provider) CreateManagedRoles(ctx context.Context, _ valuer.UUID,
 }

 func (provider *provider) CreateManagedUserRoleTransactions(ctx context.Context, orgID valuer.UUID, userID valuer.UUID) error {
-	return provider.Grant(ctx, orgID, []string{authtypes.SigNozAdminRoleName}, authtypes.MustNewSubject(authtypes.TypeableUser, userID.String(), orgID, nil))
+	return provider.Grant(ctx, orgID, []string{roletypes.SigNozAdminRoleName}, authtypes.MustNewSubject(authtypes.TypeableUser, userID.String(), orgID, nil))
 }

-func (setter *provider) Create(_ context.Context, _ valuer.UUID, _ *authtypes.Role) error {
-	return errors.Newf(errors.TypeUnsupported, authtypes.ErrCodeRoleUnsupported, "not implemented")
+func (setter *provider) Create(_ context.Context, _ valuer.UUID, _ *roletypes.Role) error {
+	return errors.Newf(errors.TypeUnsupported, roletypes.ErrCodeRoleUnsupported, "not implemented")
 }

-func (provider *provider) GetOrCreate(_ context.Context, _ valuer.UUID, _ *authtypes.Role) (*authtypes.Role, error) {
-	return nil, errors.Newf(errors.TypeUnsupported, authtypes.ErrCodeRoleUnsupported, "not implemented")
+func (provider *provider) GetOrCreate(_ context.Context, _ valuer.UUID, _ *roletypes.Role) (*roletypes.Role, error) {
+	return nil, errors.Newf(errors.TypeUnsupported, roletypes.ErrCodeRoleUnsupported, "not implemented")
 }

 func (provider *provider) GetResources(_ context.Context) []*authtypes.Resource {
@@ -214,19 +215,19 @@ func (provider *provider) GetResources(_ context.Context) []*authtypes.Resource
 }

 func (provider *provider) GetObjects(ctx context.Context, orgID valuer.UUID, id valuer.UUID, relation authtypes.Relation) ([]*authtypes.Object, error) {
-	return nil, errors.Newf(errors.TypeUnsupported, authtypes.ErrCodeRoleUnsupported, "not implemented")
+	return nil, errors.Newf(errors.TypeUnsupported, roletypes.ErrCodeRoleUnsupported, "not implemented")
 }

-func (provider *provider) Patch(_ context.Context, _ valuer.UUID, _ *authtypes.Role) error {
-	return errors.Newf(errors.TypeUnsupported, authtypes.ErrCodeRoleUnsupported, "not implemented")
+func (provider *provider) Patch(_ context.Context, _ valuer.UUID, _ *roletypes.Role) error {
+	return errors.Newf(errors.TypeUnsupported, roletypes.ErrCodeRoleUnsupported, "not implemented")
 }

 func (provider *provider) PatchObjects(_ context.Context, _ valuer.UUID, _ string, _ authtypes.Relation, _, _ []*authtypes.Object) error {
-	return errors.Newf(errors.TypeUnsupported, authtypes.ErrCodeRoleUnsupported, "not implemented")
+	return errors.Newf(errors.TypeUnsupported, roletypes.ErrCodeRoleUnsupported, "not implemented")
 }

 func (provider *provider) Delete(_ context.Context, _ valuer.UUID, _ valuer.UUID) error {
-	return errors.Newf(errors.TypeUnsupported, authtypes.ErrCodeRoleUnsupported, "not implemented")
+	return errors.Newf(errors.TypeUnsupported, roletypes.ErrCodeRoleUnsupported, "not implemented")
 }

 func (provider *provider) MustGetTypeables() []authtypes.Typeable {
--- a/pkg/authz/signozauthzapi/handler.go
+++ b/pkg/authz/signozauthzapi/handler.go
@@ -9,6 +9,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/http/render"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/roletypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/gorilla/mux"
 )
@@ -29,13 +30,13 @@ func (handler *handler) Create(rw http.ResponseWriter, r *http.Request) {
 		return
 	}

-	req := new(authtypes.PostableRole)
+	req := new(roletypes.PostableRole)
 	if err := binding.JSON.BindBody(r.Body, req); err != nil {
 		render.Error(rw, err)
 		return
 	}

-	role := authtypes.NewRole(req.Name, req.Description, authtypes.RoleTypeCustom, valuer.MustNewUUID(claims.OrgID))
+	role := roletypes.NewRole(req.Name, req.Description, roletypes.RoleTypeCustom, valuer.MustNewUUID(claims.OrgID))
 	err = handler.authz.Create(ctx, valuer.MustNewUUID(claims.OrgID), role)
 	if err != nil {
 		render.Error(rw, err)
@@ -55,7 +56,7 @@ func (handler *handler) Get(rw http.ResponseWriter, r *http.Request) {

 	id, ok := mux.Vars(r)["id"]
 	if !ok {
-		render.Error(rw, errors.New(errors.TypeInvalidInput, authtypes.ErrCodeRoleInvalidInput, "id is missing from the request"))
+		render.Error(rw, errors.New(errors.TypeInvalidInput, roletypes.ErrCodeRoleInvalidInput, "id is missing from the request"))
 		return
 	}
 	roleID, err := valuer.NewUUID(id)
@@ -83,7 +84,7 @@ func (handler *handler) GetObjects(rw http.ResponseWriter, r *http.Request) {

 	id, ok := mux.Vars(r)["id"]
 	if !ok {
-		render.Error(rw, errors.New(errors.TypeInvalidInput, authtypes.ErrCodeRoleInvalidInput, "id is missing from the request"))
+		render.Error(rw, errors.New(errors.TypeInvalidInput, roletypes.ErrCodeRoleInvalidInput, "id is missing from the request"))
 		return
 	}
 	roleID, err := valuer.NewUUID(id)
@@ -94,7 +95,7 @@ func (handler *handler) GetObjects(rw http.ResponseWriter, r *http.Request) {

 	relationStr, ok := mux.Vars(r)["relation"]
 	if !ok {
-		render.Error(rw, errors.New(errors.TypeInvalidInput, authtypes.ErrCodeRoleInvalidInput, "relation is missing from the request"))
+		render.Error(rw, errors.New(errors.TypeInvalidInput, roletypes.ErrCodeRoleInvalidInput, "relation is missing from the request"))
 		return
 	}
 	relation, err := authtypes.NewRelation(relationStr)
@@ -149,7 +150,7 @@ func (handler *handler) Patch(rw http.ResponseWriter, r *http.Request) {
 		return
 	}

-	req := new(authtypes.PatchableRole)
+	req := new(roletypes.PatchableRole)
 	if err := binding.JSON.BindBody(r.Body, req); err != nil {
 		render.Error(rw, err)
 		return
--- a/pkg/http/middleware/api_key.go
+++ b/pkg/http/middleware/api_key.go
@@ -11,7 +11,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
-	"github.com/SigNoz/signoz/pkg/types/usertypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"golang.org/x/sync/singleflight"
 )
@@ -44,7 +43,7 @@ func (a *APIKey) Wrap(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		var values []string
 		var apiKeyToken string
-		var apiKey usertypes.StorableAPIKey
+		var apiKey types.StorableAPIKey

 		for _, header := range a.headers {
 			values = append(values, r.Header.Get(header))
@@ -75,13 +74,13 @@ func (a *APIKey) Wrap(next http.Handler) http.Handler {
 		}

 		// allow the APIKey if expires_at is not set
-		if apiKey.ExpiresAt.Before(time.Now()) && !apiKey.ExpiresAt.Equal(usertypes.NEVER_EXPIRES) {
+		if apiKey.ExpiresAt.Before(time.Now()) && !apiKey.ExpiresAt.Equal(types.NEVER_EXPIRES) {
 			next.ServeHTTP(w, r)
 			return
 		}

 		// get user from db
-		user := usertypes.User{}
+		user := types.User{}
 		err = a.store.BunDB().NewSelect().Model(&user).Where("id = ?", apiKey.UserID).Scan(r.Context())
 		if err != nil {
 			next.ServeHTTP(w, r)
--- a/pkg/http/middleware/authz.go
+++ b/pkg/http/middleware/authz.go
@@ -10,6 +10,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
+	"github.com/SigNoz/signoz/pkg/types/roletypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/gorilla/mux"
 )
@@ -55,9 +56,9 @@ func (middleware *AuthZ) ViewAccess(next http.HandlerFunc) http.HandlerFunc {
 		}

 		selectors := []authtypes.Selector{
-			authtypes.MustNewSelector(authtypes.TypeRole, authtypes.SigNozAdminRoleName),
-			authtypes.MustNewSelector(authtypes.TypeRole, authtypes.SigNozEditorRoleName),
-			authtypes.MustNewSelector(authtypes.TypeRole, authtypes.SigNozViewerRoleName),
+			authtypes.MustNewSelector(authtypes.TypeRole, roletypes.SigNozAdminRoleName),
+			authtypes.MustNewSelector(authtypes.TypeRole, roletypes.SigNozEditorRoleName),
+			authtypes.MustNewSelector(authtypes.TypeRole, roletypes.SigNozViewerRoleName),
 		}

 		err = middleware.authzService.CheckWithTupleCreation(
@@ -107,8 +108,8 @@ func (middleware *AuthZ) EditAccess(next http.HandlerFunc) http.HandlerFunc {
 		}

 		selectors := []authtypes.Selector{
-			authtypes.MustNewSelector(authtypes.TypeRole, authtypes.SigNozAdminRoleName),
-			authtypes.MustNewSelector(authtypes.TypeRole, authtypes.SigNozEditorRoleName),
+			authtypes.MustNewSelector(authtypes.TypeRole, roletypes.SigNozAdminRoleName),
+			authtypes.MustNewSelector(authtypes.TypeRole, roletypes.SigNozEditorRoleName),
 		}

 		err = middleware.authzService.CheckWithTupleCreation(
@@ -158,7 +159,7 @@ func (middleware *AuthZ) AdminAccess(next http.HandlerFunc) http.HandlerFunc {
 		}

 		selectors := []authtypes.Selector{
-			authtypes.MustNewSelector(authtypes.TypeRole, authtypes.SigNozAdminRoleName),
+			authtypes.MustNewSelector(authtypes.TypeRole, roletypes.SigNozAdminRoleName),
 		}

 		err = middleware.authzService.CheckWithTupleCreation(
--- a/pkg/modules/dashboard/dashboard.go
+++ b/pkg/modules/dashboard/dashboard.go
@@ -43,7 +43,7 @@ type Module interface {

 	Update(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, data dashboardtypes.UpdatableDashboard, diff int) (*dashboardtypes.Dashboard, error)

-	LockUnlock(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, role authtypes.LegacyRole, lock bool) error
+	LockUnlock(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, role types.Role, lock bool) error

 	Delete(ctx context.Context, orgID valuer.UUID, id valuer.UUID) error

--- a/pkg/modules/dashboard/impldashboard/module.go
+++ b/pkg/modules/dashboard/impldashboard/module.go
@@ -99,7 +99,7 @@ func (module *module) Update(ctx context.Context, orgID valuer.UUID, id valuer.U
 	return dashboard, nil
 }

-func (module *module) LockUnlock(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, role authtypes.LegacyRole, lock bool) error {
+func (module *module) LockUnlock(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, role types.Role, lock bool) error {
 	dashboard, err := module.Get(ctx, orgID, id)
 	if err != nil {
 		return err
--- a/pkg/modules/rawdataexport/implrawdataexport/handler.go
+++ b/pkg/modules/rawdataexport/implrawdataexport/handler.go
@@ -6,18 +6,18 @@ import (
 	"fmt"
 	"io"
 	"net/http"
-	"net/url"
+	"slices"
 	"strconv"
-	"strings"
 	"time"
 	"unicode"
 	"unicode/utf8"

 	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/http/binding"
 	"github.com/SigNoz/signoz/pkg/http/render"
 	"github.com/SigNoz/signoz/pkg/modules/rawdataexport"
-	"github.com/SigNoz/signoz/pkg/telemetrylogs"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/exporttypes"
 	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
 	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
@@ -31,129 +31,54 @@ func NewHandler(module rawdataexport.Module) rawdataexport.Handler {
 	return &handler{module: module}
 }

-// ExportRawData handles data export requests.
-//
-// API Documentation:
-// Endpoint: GET /api/v1/export_raw_data
-//
-// Query Parameters:
-//
-//   - source (optional): Type of data to export ["logs" (default), "metrics", "traces"]
-//     Note: Currently only "logs" is fully supported
-//
-//   - format (optional): Output format ["csv" (default), "jsonl"]
-//
-//   - start (required): Start time for query (Unix timestamp in nanoseconds)
-//
-//   - end (required): End time for query (Unix timestamp in nanoseconds)
-//
-//   - limit (optional): Maximum number of rows to export
-//     Constraints: Must be positive and cannot exceed MAX_EXPORT_ROW_COUNT_LIMIT
-//
-//   - filter (optional): Filter expression to apply to the query
-//
-//   - columns (optional): Specific columns to include in export
-//     Default: all columns are returned
-//     Format: ["context.field:type", "context.field", "field"]
-//
-//   - order_by (optional): Sorting specification ["column:direction" or "context.field:type:direction"]
-//     Direction: "asc" or "desc"
-//     Default: ["timestamp:desc", "id:desc"]
-//
-// Response Headers:
-//   - Content-Type: "text/csv" or "application/x-ndjson"
-//   - Content-Encoding: "gzip" (handled by HTTP middleware)
-//   - Content-Disposition: "attachment; filename=\"data_exported.[format]\""
-//   - Cache-Control: "no-cache"
-//   - Vary: "Accept-Encoding"
-//   - Transfer-Encoding: "chunked"
-//   - Trailers: X-Response-Complete
-//
-// Response Format:
-//
-//	CSV: Headers in first row, data in subsequent rows
-//	JSONL: One JSON object per line
-//
-// Example Usage:
-//
-//	Basic CSV export:
-//	  GET /api/v1/export_raw_data?start=1693612800000000000&end=1693699199000000000
-//
-//	Export with columns and format:
-//	  GET /api/v1/export_raw_data?start=1693612800000000000&end=1693699199000000000&format=jsonl
-//	      &columns=timestamp&columns=severity&columns=message
-//
-//	Export with filter and ordering:
-//	  GET /api/v1/export_raw_data?start=1693612800000000000&end=1693699199000000000
-//	      &filter=severity="error"&order_by=timestamp:desc&limit=1000
 func (handler *handler) ExportRawData(rw http.ResponseWriter, r *http.Request) {
-	source, err := getExportQuerySource(r.URL.Query())
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
+	var queryRangeRequest qbtypes.QueryRangeRequest
+	var format string

-	switch source {
-	case "logs":
-		handler.exportLogs(rw, r)
-	case "traces":
-		handler.exportTraces(rw, r)
-	case "metrics":
-		handler.exportMetrics(rw, r)
+	switch r.Method {
+	case http.MethodGet:
+		var params exporttypes.ExportRawDataQueryParams
+		if err := binding.Query.BindQuery(r.URL.Query(), &params); err != nil {
+			render.Error(rw, err)
+			return
+		}
+		if err := params.Normalize(); err != nil {
+			render.Error(rw, err)
+			return
+		}
+		if err := params.Validate(); err != nil {
+			render.Error(rw, err)
+			return
+		}
+		format = params.Format
+		queryRangeRequest = buildQueryRangeRequest(&params)
+	case http.MethodPost:
+		var formatParam exporttypes.ExportRawDataFormatQueryParam
+		if err := binding.Query.BindQuery(r.URL.Query(), &formatParam); err != nil {
+			render.Error(rw, err)
+			return
+		}
+		format = formatParam.Format
+		if err := json.NewDecoder(r.Body).Decode(&queryRangeRequest); err != nil {
+			render.Error(rw, errors.NewInvalidInputf(errors.CodeInvalidInput, "invalid request body: %v", err))
+			return
+		}
 	default:
-		render.Error(rw, errors.NewInvalidInputf(errors.CodeInvalidInput, "invalid source: must be logs"))
+		render.Error(rw, errors.Newf(errors.TypeMethodNotAllowed, errors.CodeMethodNotAllowed, "method not allowed, only GET/POST supported"))
+		return
 	}
-}

-func (handler *handler) exportMetrics(rw http.ResponseWriter, r *http.Request) {
-	render.Error(rw, errors.Newf(errors.TypeUnsupported, errors.CodeUnsupported, "metrics export is not yet supported"))
-}
-
-func (handler *handler) exportTraces(rw http.ResponseWriter, r *http.Request) {
-	render.Error(rw, errors.Newf(errors.TypeUnsupported, errors.CodeUnsupported, "traces export is not yet supported"))
-}
-
-func (handler *handler) exportLogs(rw http.ResponseWriter, r *http.Request) {
-	// Set up response headers
-	rw.Header().Set("Cache-Control", "no-cache")
-	rw.Header().Set("Vary", "Accept-Encoding") // Indicate that response varies based on Accept-Encoding
-	rw.Header().Set("Access-Control-Expose-Headers", "Content-Disposition, X-Response-Complete")
-	rw.Header().Set("Trailer", "X-Response-Complete")
-	rw.Header().Set("Transfer-Encoding", "chunked")
-
-	queryParams := r.URL.Query()
-
-	startTime, endTime, err := getExportQueryTimeRange(queryParams)
-	if err != nil {
+	if err := validateSpecForExport(&queryRangeRequest); err != nil {
 		render.Error(rw, err)
 		return
 	}

-	limit, err := getExportQueryLimit(queryParams)
-	if err != nil {
+	if err := validateAndApplyDefaultExportLimits(queryRangeRequest.CompositeQuery.Queries); err != nil {
 		render.Error(rw, err)
 		return
 	}

-	format, err := getExportQueryFormat(queryParams)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	// Set appropriate content type and filename
-	filename := fmt.Sprintf("data_exported_%s.%s", time.Now().Format("2006-01-02_150405"), format)
-	rw.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", filename))
-
-	filterExpression := queryParams.Get("filter")
-
-	orderByExpression, err := getExportQueryOrderBy(queryParams)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	columns := getExportQueryColumns(queryParams)
+	queryRangeRequest.UseDefaultOrderBy()

 	claims, err := authtypes.ClaimsFromContext(r.Context())
 	if err != nil {
@@ -161,76 +86,132 @@ func (handler *handler) exportLogs(rw http.ResponseWriter, r *http.Request) {
 		return
 	}

-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "orgID is invalid"))
-		return
-	}
+	orgID := valuer.MustNewUUID(claims.OrgID)

-	queryRangeRequest := qbtypes.QueryRangeRequest{
-		Start:       startTime,
-		End:         endTime,
-		RequestType: qbtypes.RequestTypeRaw,
-		CompositeQuery: qbtypes.CompositeQuery{
-			Queries: []qbtypes.QueryEnvelope{
-				{
-					Type: qbtypes.QueryTypeBuilder,
-					Spec: nil,
-				},
-			},
-		},
-	}
+	setExportResponseHeaders(rw, format)

-	spec := qbtypes.QueryBuilderQuery[qbtypes.LogAggregation]{
-		Signal: telemetrytypes.SignalLogs,
-		Name:   "raw",
-		Filter: &qbtypes.Filter{
-			Expression: filterExpression,
-		},
-		Limit: limit,
-		Order: orderByExpression,
-	}
-
-	spec.SelectFields = columns
-
-	queryRangeRequest.CompositeQuery.Queries[0].Spec = spec
-
-	// This will signal Export module to stop sending data
 	doneChan := make(chan any)
 	defer close(doneChan)
 	rowChan, errChan := handler.module.ExportRawData(r.Context(), orgID, &queryRangeRequest, doneChan)

-	var isComplete bool
+	isComplete, err := handler.executeExport(rowChan, errChan, format, rw)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+	rw.Header().Set("X-Response-Complete", strconv.FormatBool(isComplete))
+}

+// validateSpecForExport validates query specs
+func validateSpecForExport(req *qbtypes.QueryRangeRequest) error {
+
+	queries := req.CompositeQuery.Queries
+
+	// If the trace operator query is not present, and there are multiple queries, return an error
+	if req.TraceOperatorQueryIndex() == -1 && len(queries) > 1 {
+		return errors.NewInvalidInputf(errors.CodeInvalidInput, "multiple queries not allowed without a trace operator query")
+	}
+
+	for idx := range queries {
+		switch spec := queries[idx].Spec.(type) {
+		case qbtypes.QueryBuilderQuery[qbtypes.LogAggregation],
+			qbtypes.QueryBuilderQuery[qbtypes.TraceAggregation],
+			qbtypes.QueryBuilderTraceOperator:
+			// Supported spec types
+		default:
+			return errors.NewInvalidInputf(errors.CodeInvalidInput, "unsupported query at index %d type: %T", idx, spec)
+		}
+	}
+
+	opts := append(qbtypes.GetValidationOptions(req.RequestType), qbtypes.WithSkipLimitOffsetValidation())
+	return req.Validate(opts...)
+}
+
+func validateAndApplyDefaultExportLimits(queries []qbtypes.QueryEnvelope) error {
+	for idx := range queries {
+		limit := queries[idx].GetLimit()
+		if limit == 0 {
+			limit = DefaultExportRowCountLimit
+		} else if limit < 0 {
+			return errors.NewInvalidInputf(errors.CodeInvalidInput, "limit must be positive")
+		} else if limit > MaxExportRowCountLimit {
+			return errors.NewInvalidInputf(errors.CodeInvalidInput, "limit cannot be more than %d", MaxExportRowCountLimit)
+		}
+		queries[idx].SetLimit(limit)
+	}
+	return nil
+}
+
+// buildQueryEnvelope creates a QueryEnvelope with a QueryBuilderQuery for the given aggregation type.
+func buildQueryEnvelope[T any](signal telemetrytypes.Signal, filter *qbtypes.Filter, limit int, order []qbtypes.OrderBy, selectFields []telemetrytypes.TelemetryFieldKey) qbtypes.QueryEnvelope {
+	return qbtypes.QueryEnvelope{
+		Type: qbtypes.QueryTypeBuilder,
+		Spec: qbtypes.QueryBuilderQuery[T]{
+			Signal:       signal,
+			Filter:       filter,
+			Limit:        limit,
+			Order:        order,
+			SelectFields: selectFields,
+		},
+	}
+}
+
+// buildQueryRangeRequest builds a QueryRangeRequest from already-bound and validated GET query params.
+func buildQueryRangeRequest(params *exporttypes.ExportRawDataQueryParams) qbtypes.QueryRangeRequest {
+	var query qbtypes.QueryEnvelope
+	switch params.Signal {
+	case telemetrytypes.SignalLogs:
+		query = buildQueryEnvelope[qbtypes.LogAggregation](params.Signal, &params.Filter, params.Limit, params.Order, params.SelectFields)
+	case telemetrytypes.SignalTraces:
+		query = buildQueryEnvelope[qbtypes.TraceAggregation](params.Signal, &params.Filter, params.Limit, params.Order, params.SelectFields)
+	}
+
+	return qbtypes.QueryRangeRequest{
+		Start:       params.Start,
+		End:         params.End,
+		RequestType: qbtypes.RequestTypeRaw,
+		CompositeQuery: qbtypes.CompositeQuery{
+			Queries: []qbtypes.QueryEnvelope{query},
+		},
+	}
+}
+
+// setExportResponseHeaders sets common HTTP headers for export responses.
+func setExportResponseHeaders(rw http.ResponseWriter, format string) {
+	rw.Header().Set("Cache-Control", "no-cache")
+	rw.Header().Set("Vary", "Accept-Encoding")
+	rw.Header().Set("Access-Control-Expose-Headers", "Content-Disposition, X-Response-Complete")
+	rw.Header().Set("Trailer", "X-Response-Complete")
+	rw.Header().Set("Transfer-Encoding", "chunked")
+	filename := fmt.Sprintf("data_exported_%s.%s", time.Now().Format("2006-01-02_150405"), format)
+	rw.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", filename))
+}
+
+// executeExport streams data from rowChan to the response writer in the specified format.
+func (handler *handler) executeExport(rowChan <-chan *qbtypes.RawRow, errChan <-chan error, format string, rw http.ResponseWriter) (bool, error) {
 	switch format {
 	case "csv", "":
 		rw.Header().Set("Content-Type", "text/csv")
 		csvWriter := csv.NewWriter(rw)
-		isComplete, err = handler.exportLogsCSV(rowChan, errChan, csvWriter)
+		isComplete, err := handler.exportRawDataCSV(rowChan, errChan, csvWriter)
 		if err != nil {
-			render.Error(rw, err)
-			return
+			return false, err
 		}
 		csvWriter.Flush()
+		return isComplete, nil
 	case "jsonl":
 		rw.Header().Set("Content-Type", "application/x-ndjson")
-		isComplete, err = handler.exportLogsJSONL(rowChan, errChan, rw)
-		if err != nil {
-			render.Error(rw, err)
-			return
-		}
+		return handler.exportRawDataJSONL(rowChan, errChan, rw)
 	default:
-		render.Error(rw, errors.NewInvalidInputf(errors.CodeInvalidInput, "invalid format: must be csv or jsonl"))
-		return
+		return false, errors.NewInvalidInputf(errors.CodeInvalidInput, "invalid format: must be csv or jsonl")
 	}
-
-	rw.Header().Set("X-Response-Complete", strconv.FormatBool(isComplete))
 }

-func (handler *handler) exportLogsCSV(rowChan <-chan *qbtypes.RawRow, errChan <-chan error, csvWriter *csv.Writer) (bool, error) {
-	var header []string
+// exportRawDataCSV is a generic CSV export function that works with any raw data (logs, traces, etc.)
+func (handler *handler) exportRawDataCSV(rowChan <-chan *qbtypes.RawRow, errChan <-chan error, csvWriter *csv.Writer) (bool, error) {

-	headerToIndexMapping := make(map[string]int, len(header))
+	var header []string
+	headerToIndexMapping := make(map[string]int)

 	totalBytes := uint64(0)
 	for {
@@ -268,8 +249,8 @@ func (handler *handler) exportLogsCSV(rowChan <-chan *qbtypes.RawRow, errChan <-
 	}
 }

-func (handler *handler) exportLogsJSONL(rowChan <-chan *qbtypes.RawRow, errChan <-chan error, writer io.Writer) (bool, error) {
-
+// exportRawDataJSONL is a generic JSONL export function that works with any raw data (logs, traces, etc.)
+func (handler *handler) exportRawDataJSONL(rowChan <-chan *qbtypes.RawRow, errChan <-chan error, writer io.Writer) (bool, error) {
 	totalBytes := uint64(0)
 	for {
 		select {
@@ -277,9 +258,11 @@ func (handler *handler) exportLogsJSONL(rowChan <-chan *qbtypes.RawRow, errChan
 			if !ok {
 				return true, nil
 			}
-			// Handle JSON format (JSONL - one object per line)
-			jsonBytes, _ := json.Marshal(row.Data)
-			totalBytes += uint64(len(jsonBytes)) + 1 // +1 for newline
+			jsonBytes, err := json.Marshal(row.Data)
+			if err != nil {
+				return false, errors.NewUnexpectedf(errors.CodeInternal, "error marshaling JSON: %s", err)
+			}
+			totalBytes += uint64(len(jsonBytes)) + 1

 			if _, err := writer.Write(jsonBytes); err != nil {
 				return false, errors.NewUnexpectedf(errors.CodeInternal, "error writing JSON: %s", err)
@@ -299,74 +282,33 @@ func (handler *handler) exportLogsJSONL(rowChan <-chan *qbtypes.RawRow, errChan
 	}
 }

-func getExportQuerySource(queryParams url.Values) (string, error) {
-	switch queryParams.Get("source") {
-	case "logs", "":
-		return "logs", nil
-	case "metrics":
-		return "metrics", errors.NewInvalidInputf(errors.CodeInvalidInput, "metrics export not yet supported")
-	case "traces":
-		return "traces", errors.NewInvalidInputf(errors.CodeInvalidInput, "traces export not yet supported")
-	default:
-		return "", errors.NewInvalidInputf(errors.CodeInvalidInput, "invalid source: must be logs, metrics or traces")
-	}
-}
-
-func getExportQueryFormat(queryParams url.Values) (string, error) {
-	switch queryParams.Get("format") {
-	case "csv", "":
-		return "csv", nil
-	case "jsonl":
-		return "jsonl", nil
-	default:
-		return "", errors.NewInvalidInputf(errors.CodeInvalidInput, "invalid format: must be csv or jsonl")
-	}
-}
-
-func getExportQueryLimit(queryParams url.Values) (int, error) {
-
-	limitStr := queryParams.Get("limit")
-	if limitStr == "" {
-		return DefaultExportRowCountLimit, nil
-	} else {
-		limit, err := strconv.Atoi(limitStr)
-		if err != nil {
-			return 0, errors.NewInvalidInputf(errors.CodeInvalidInput, "invalid limit format: %s", err.Error())
-		}
-		if limit <= 0 {
-			return 0, errors.NewInvalidInputf(errors.CodeInvalidInput, "limit must be positive")
-		}
-		if limit > MaxExportRowCountLimit {
-			return 0, errors.NewInvalidInputf(errors.CodeInvalidInput, "limit cannot be more than %d", MaxExportRowCountLimit)
-		}
-		return limit, nil
-	}
-}
-
-func getExportQueryTimeRange(queryParams url.Values) (uint64, uint64, error) {
-
-	startTimeStr := queryParams.Get("start")
-	endTimeStr := queryParams.Get("end")
-
-	if startTimeStr == "" || endTimeStr == "" {
-		return 0, 0, errors.NewInvalidInputf(errors.CodeInvalidInput, "start and end time are required")
-	}
-	startTime, err := strconv.ParseUint(startTimeStr, 10, 64)
-	if err != nil {
-		return 0, 0, errors.NewInvalidInputf(errors.CodeInvalidInput, "invalid start time format: %s", err.Error())
-	}
-	endTime, err := strconv.ParseUint(endTimeStr, 10, 64)
-	if err != nil {
-		return 0, 0, errors.NewInvalidInputf(errors.CodeInvalidInput, "invalid end time format: %s", err.Error())
-	}
-	return startTime, endTime, nil
-}
+// priorityColumns defines the columns that should appear first in the CSV output, in order.
+var priorityColumns = []string{"timestamp", "id"}

 func constructCSVHeaderFromQueryResponse(data map[string]any) []string {
 	header := make([]string, 0, len(data))
 	for key := range data {
 		header = append(header, key)
 	}
+	// This is to ensure CSV output is consistent across multiple queries
+	slices.SortFunc(header, func(a, b string) int {
+		ai, bi := slices.Index(priorityColumns, a), slices.Index(priorityColumns, b)
+		switch {
+		case ai != -1 && bi != -1:
+			return ai - bi
+		case ai != -1:
+			return -1
+		case bi != -1:
+			return 1
+		default:
+			if a < b {
+				return -1
+			} else if a > b {
+				return 1
+			}
+			return 0
+		}
+	})
 	return header
 }

@@ -427,9 +369,12 @@ func constructCSVRecordFromQueryResponse(data map[string]any, headerToIndexMappi
 				valueStr = v.String()

 			default:
-				// For all other complex types (maps, structs, etc.)
-				jsonBytes, _ := json.Marshal(v)
-				valueStr = string(jsonBytes)
+				jsonBytes, err := json.Marshal(v)
+				if err != nil {
+					valueStr = fmt.Sprintf("%v", v)
+				} else {
+					valueStr = string(jsonBytes)
+				}
 			}

 			record[index] = sanitizeForCSV(valueStr)
@@ -438,26 +383,6 @@ func constructCSVRecordFromQueryResponse(data map[string]any, headerToIndexMappi
 	return record
 }

-// getExportQueryColumns parses the "columns" query parameters and returns a slice of TelemetryFieldKey structs.
-// Each column should be a valid telemetry field key in the format "context.field:type" or "context.field" or "field"
-func getExportQueryColumns(queryParams url.Values) []telemetrytypes.TelemetryFieldKey {
-	columnParams := queryParams["columns"]
-
-	columns := make([]telemetrytypes.TelemetryFieldKey, 0, len(columnParams))
-
-	for _, columnStr := range columnParams {
-		// Skip empty strings
-		columnStr = strings.TrimSpace(columnStr)
-		if columnStr == "" {
-			continue
-		}
-
-		columns = append(columns, telemetrytypes.GetFieldKeyFromKeyText(columnStr))
-	}
-
-	return columns
-}
-
 func getsizeOfStringSlice(slice []string) uint64 {
 	var totalBytes uint64
 	for _, str := range slice {
@@ -465,52 +390,3 @@ func getsizeOfStringSlice(slice []string) uint64 {
 	}
 	return totalBytes
 }
-
-// getExportQueryOrderBy parses the "order_by" query parameters and returns a slice of OrderBy structs.
-// Each "order_by" parameter should be in the format "column:direction"
-// Each "column" should be a valid telemetry field key in the format "context.field:type" or "context.field" or "field"
-func getExportQueryOrderBy(queryParams url.Values) ([]qbtypes.OrderBy, error) {
-	orderByParam := queryParams.Get("order_by")
-
-	orderByParam = strings.TrimSpace(orderByParam)
-	if orderByParam == "" {
-		return telemetrylogs.DefaultLogsV2SortingOrder, nil
-	}
-
-	parts := strings.Split(orderByParam, ":")
-	if len(parts) != 2 && len(parts) != 3 {
-		return nil, errors.NewInvalidInputf(errors.CodeInvalidInput, "invalid order_by format: %s, should be <column>:<direction>", orderByParam)
-	}
-
-	column := strings.Join(parts[:len(parts)-1], ":")
-	direction := parts[len(parts)-1]
-
-	orderDirection, ok := qbtypes.OrderDirectionMap[direction]
-	if !ok {
-		return nil, errors.NewInvalidInputf(errors.CodeInvalidInput, "invalid order_by direction: %s, should be one of %s, %s", direction, qbtypes.OrderDirectionAsc, qbtypes.OrderDirectionDesc)
-	}
-
-	orderByKey := telemetrytypes.GetFieldKeyFromKeyText(column)
-
-	orderBy := []qbtypes.OrderBy{
-		{
-			Key: qbtypes.OrderByKey{
-				TelemetryFieldKey: orderByKey,
-			},
-			Direction: orderDirection,
-		},
-	}
-
-	// If we are ordering by the timestamp column, also order by the ID column
-	if orderByKey.Name == telemetrylogs.LogsV2TimestampColumn {
-		orderBy = append(orderBy, qbtypes.OrderBy{
-			Key: qbtypes.OrderByKey{
-				TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
-					Name: telemetrylogs.LogsV2IDColumn,
-				},
-			},
-			Direction: orderDirection,
-		})
-	}
-	return orderBy, nil
-}
--- a/pkg/modules/rawdataexport/implrawdataexport/handler_test.go
+++ b/pkg/modules/rawdataexport/implrawdataexport/handler_test.go
@@ -2,162 +2,85 @@ package implrawdataexport

 import (
 	"net/url"
-	"strconv"
 	"testing"

-	"github.com/SigNoz/signoz/pkg/telemetrylogs"
+	"github.com/SigNoz/signoz/pkg/http/binding"
+	"github.com/SigNoz/signoz/pkg/types/exporttypes"
 	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
-	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
 	"github.com/stretchr/testify/assert"
 )

-func TestGetExportQuerySource(t *testing.T) {
-	tests := []struct {
-		name           string
-		queryParams    url.Values
-		expectedSource string
-		expectedError  bool
-	}{
-		{
-			name:           "default logs source",
-			queryParams:    url.Values{},
-			expectedSource: "logs",
-			expectedError:  false,
-		},
-		{
-			name:           "explicit logs source",
-			queryParams:    url.Values{"source": {"logs"}},
-			expectedSource: "logs",
-			expectedError:  false,
-		},
-		{
-			name:           "metrics source - not supported",
-			queryParams:    url.Values{"source": {"metrics"}},
-			expectedSource: "metrics",
-			expectedError:  true,
-		},
-		{
-			name:           "traces source - not supported",
-			queryParams:    url.Values{"source": {"traces"}},
-			expectedSource: "traces",
-			expectedError:  true,
-		},
-		{
-			name:           "invalid source",
-			queryParams:    url.Values{"source": {"invalid"}},
-			expectedSource: "",
-			expectedError:  true,
-		},
-	}
+func TestExportRawDataQueryParams_BindingDefaults(t *testing.T) {
+	var params exporttypes.ExportRawDataQueryParams
+	err := binding.Query.BindQuery(url.Values{}, &params)
+	assert.NoError(t, err)
+	assert.Equal(t, "csv", params.Format)
+	assert.Equal(t, DefaultExportRowCountLimit, params.Limit)
+}

-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			source, err := getExportQuerySource(tt.queryParams)
-			assert.Equal(t, tt.expectedSource, source)
-			if tt.expectedError {
-				assert.Error(t, err)
-			} else {
-				assert.NoError(t, err)
-			}
-		})
+func logQuery(limit int) qbtypes.QueryEnvelope {
+	return qbtypes.QueryEnvelope{
+		Type: qbtypes.QueryTypeBuilder,
+		Spec: qbtypes.QueryBuilderQuery[qbtypes.LogAggregation]{Limit: limit},
 	}
 }

-func TestGetExportQueryFormat(t *testing.T) {
-	tests := []struct {
-		name           string
-		queryParams    url.Values
-		expectedFormat string
-		expectedError  bool
-	}{
-		{
-			name:           "default csv format",
-			queryParams:    url.Values{},
-			expectedFormat: "csv",
-			expectedError:  false,
-		},
-		{
-			name:           "explicit csv format",
-			queryParams:    url.Values{"format": {"csv"}},
-			expectedFormat: "csv",
-			expectedError:  false,
-		},
-		{
-			name:           "jsonl format",
-			queryParams:    url.Values{"format": {"jsonl"}},
-			expectedFormat: "jsonl",
-			expectedError:  false,
-		},
-		{
-			name:           "invalid format",
-			queryParams:    url.Values{"format": {"xml"}},
-			expectedFormat: "",
-			expectedError:  true,
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			format, err := getExportQueryFormat(tt.queryParams)
-			assert.Equal(t, tt.expectedFormat, format)
-			if tt.expectedError {
-				assert.Error(t, err)
-			} else {
-				assert.NoError(t, err)
-			}
-		})
+func traceQuery(limit int) qbtypes.QueryEnvelope {
+	return qbtypes.QueryEnvelope{
+		Type: qbtypes.QueryTypeBuilder,
+		Spec: qbtypes.QueryBuilderQuery[qbtypes.TraceAggregation]{Limit: limit},
 	}
 }

-func TestGetExportQueryLimit(t *testing.T) {
+func traceOperatorQuery(limit int) qbtypes.QueryEnvelope {
+	return qbtypes.QueryEnvelope{
+		Type: qbtypes.QueryTypeTraceOperator,
+		Spec: qbtypes.QueryBuilderTraceOperator{Limit: limit, Expression: "A"},
+	}
+}
+
+func makeRequest(queries ...qbtypes.QueryEnvelope) qbtypes.QueryRangeRequest {
+	return qbtypes.QueryRangeRequest{
+		Start:          1000000000000,
+		End:            1000003600000,
+		RequestType:    qbtypes.RequestTypeRaw,
+		CompositeQuery: qbtypes.CompositeQuery{Queries: queries},
+	}
+}
+
+func TestValidateSpecForExport(t *testing.T) {
 	tests := []struct {
 		name          string
-		queryParams   url.Values
-		expectedLimit int
+		req           qbtypes.QueryRangeRequest
 		expectedError bool
 	}{
 		{
-			name:          "default limit",
-			queryParams:   url.Values{},
-			expectedLimit: DefaultExportRowCountLimit,
-			expectedError: false,
+			name: "single log query",
+			req:  makeRequest(logQuery(0)),
 		},
 		{
-			name:          "valid limit",
-			queryParams:   url.Values{"limit": {"5000"}},
-			expectedLimit: 5000,
-			expectedError: false,
+			name: "single trace query",
+			req:  makeRequest(traceQuery(0)),
 		},
 		{
-			name:          "maximum limit",
-			queryParams:   url.Values{"limit": {strconv.Itoa(MaxExportRowCountLimit)}},
-			expectedLimit: MaxExportRowCountLimit,
-			expectedError: false,
+			name: "trace operator alone",
+			req:  makeRequest(traceOperatorQuery(0)),
 		},
 		{
-			name:          "limit exceeds maximum",
-			queryParams:   url.Values{"limit": {"100000"}},
-			expectedLimit: 0,
+			name:          "multiple queries without trace operator",
+			req:           makeRequest(logQuery(0), traceQuery(0)),
 			expectedError: true,
 		},
 		{
-			name:          "invalid limit format",
-			queryParams:   url.Values{"limit": {"invalid"}},
-			expectedLimit: 0,
-			expectedError: true,
-		},
-		{
-			name:          "negative limit",
-			queryParams:   url.Values{"limit": {"-100"}},
-			expectedLimit: 0,
+			name:          "unsupported query type",
+			req:           makeRequest(qbtypes.QueryEnvelope{Type: qbtypes.QueryTypeBuilder, Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{}}),
 			expectedError: true,
 		},
 	}

 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			limit, err := getExportQueryLimit(tt.queryParams)
-			assert.Equal(t, tt.expectedLimit, limit)
+			err := validateSpecForExport(&tt.req)
 			if tt.expectedError {
 				assert.Error(t, err)
 			} else {
@@ -167,352 +90,69 @@ func TestGetExportQueryLimit(t *testing.T) {
 	}
 }

-func TestGetExportQueryTimeRange(t *testing.T) {
-	tests := []struct {
-		name              string
-		queryParams       url.Values
-		expectedStartTime uint64
-		expectedEndTime   uint64
-		expectedError     bool
-	}{
-		{
-			name: "valid time range",
-			queryParams: url.Values{
-				"start": {"1640995200"},
-				"end":   {"1641081600"},
-			},
-			expectedStartTime: 1640995200,
-			expectedEndTime:   1641081600,
-			expectedError:     false,
-		},
-		{
-			name:          "missing start time",
-			queryParams:   url.Values{"end": {"1641081600"}},
-			expectedError: true,
-		},
-		{
-			name:          "missing end time",
-			queryParams:   url.Values{"start": {"1640995200"}},
-			expectedError: true,
-		},
-		{
-			name:          "missing both times",
-			queryParams:   url.Values{},
-			expectedError: true,
-		},
-		{
-			name: "invalid start time format",
-			queryParams: url.Values{
-				"start": {"invalid"},
-				"end":   {"1641081600"},
-			},
-			expectedError: true,
-		},
-		{
-			name: "invalid end time format",
-			queryParams: url.Values{
-				"start": {"1640995200"},
-				"end":   {"invalid"},
-			},
-			expectedError: true,
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			startTime, endTime, err := getExportQueryTimeRange(tt.queryParams)
-			if tt.expectedError {
-				assert.Error(t, err)
-			} else {
-				assert.NoError(t, err)
-				assert.Equal(t, tt.expectedStartTime, startTime)
-				assert.Equal(t, tt.expectedEndTime, endTime)
-			}
-		})
-	}
-}
-
-func TestGetExportQueryColumns(t *testing.T) {
-	tests := []struct {
-		name            string
-		queryParams     url.Values
-		expectedColumns []telemetrytypes.TelemetryFieldKey
-	}{
-		{
-			name:            "no columns specified",
-			queryParams:     url.Values{},
-			expectedColumns: []telemetrytypes.TelemetryFieldKey{},
-		},
-		{
-			name: "single column",
-			queryParams: url.Values{
-				"columns": {"timestamp"},
-			},
-			expectedColumns: []telemetrytypes.TelemetryFieldKey{
-				{Name: "timestamp"},
-			},
-		},
-		{
-			name: "multiple columns",
-			queryParams: url.Values{
-				"columns": {"timestamp", "message", "level"},
-			},
-			expectedColumns: []telemetrytypes.TelemetryFieldKey{
-				{Name: "timestamp"},
-				{Name: "message"},
-				{Name: "level"},
-			},
-		},
-		{
-			name: "empty column name (should be skipped)",
-			queryParams: url.Values{
-				"columns": {"timestamp", "", "level"},
-			},
-			expectedColumns: []telemetrytypes.TelemetryFieldKey{
-				{Name: "timestamp"},
-				{Name: "level"},
-			},
-		},
-		{
-			name: "whitespace column name (should be skipped)",
-			queryParams: url.Values{
-				"columns": {"timestamp", "   ", "level"},
-			},
-			expectedColumns: []telemetrytypes.TelemetryFieldKey{
-				{Name: "timestamp"},
-				{Name: "level"},
-			},
-		},
-		{
-			name: "valid column name with data type",
-			queryParams: url.Values{
-				"columns": {"timestamp", "attribute.user:string", "level"},
-			},
-			expectedColumns: []telemetrytypes.TelemetryFieldKey{
-				{Name: "timestamp"},
-				{Name: "user", FieldContext: telemetrytypes.FieldContextAttribute, FieldDataType: telemetrytypes.FieldDataTypeString},
-				{Name: "level"},
-			},
-		},
-		{
-			name: "valid column name with dot notation",
-			queryParams: url.Values{
-				"columns": {"timestamp", "attribute.user.string", "level"},
-			},
-			expectedColumns: []telemetrytypes.TelemetryFieldKey{
-				{Name: "timestamp"},
-				{Name: "user.string", FieldContext: telemetrytypes.FieldContextAttribute},
-				{Name: "level"},
-			},
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			columns := getExportQueryColumns(tt.queryParams)
-			assert.Equal(t, len(tt.expectedColumns), len(columns))
-			for i, expectedCol := range tt.expectedColumns {
-				assert.Equal(t, expectedCol, columns[i])
-			}
-		})
-	}
-}
-
-func TestGetExportQueryOrderBy(t *testing.T) {
+func TestValidateAndApplyDefaultExportLimits(t *testing.T) {
 	tests := []struct {
 		name          string
-		queryParams   url.Values
-		expectedOrder []qbtypes.OrderBy
+		queries       []qbtypes.QueryEnvelope
 		expectedError bool
+		checkQueries  func(t *testing.T, queries []qbtypes.QueryEnvelope)
 	}{
 		{
-			name:        "no order specified",
-			queryParams: url.Values{},
-			expectedOrder: []qbtypes.OrderBy{
-				{
-					Direction: qbtypes.OrderDirectionDesc,
-					Key: qbtypes.OrderByKey{
-						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
-							Name: telemetrylogs.LogsV2TimestampColumn,
-						},
-					},
-				},
-				{
-					Direction: qbtypes.OrderDirectionDesc,
-					Key: qbtypes.OrderByKey{
-						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
-							Name: telemetrylogs.LogsV2IDColumn,
-						},
-					},
-				},
+			name:    "single log query, zero limit gets default",
+			queries: makeRequest(logQuery(0)).CompositeQuery.Queries,
+			checkQueries: func(t *testing.T, q []qbtypes.QueryEnvelope) {
+				assert.Equal(t, DefaultExportRowCountLimit, q[0].GetLimit())
 			},
-			expectedError: false,
 		},
 		{
-			name: "single order error, direction not specified",
-			queryParams: url.Values{
-				"order_by": {"timestamp"},
+			name:    "single log query, valid limit kept",
+			queries: makeRequest(logQuery(1000)).CompositeQuery.Queries,
+			checkQueries: func(t *testing.T, q []qbtypes.QueryEnvelope) {
+				assert.Equal(t, 1000, q[0].GetLimit())
 			},
-			expectedOrder: nil,
+		},
+		{
+			name:    "single log query, max limit kept",
+			queries: makeRequest(logQuery(MaxExportRowCountLimit)).CompositeQuery.Queries,
+			checkQueries: func(t *testing.T, q []qbtypes.QueryEnvelope) {
+				assert.Equal(t, MaxExportRowCountLimit, q[0].GetLimit())
+			},
+		},
+		{
+			name:          "single log query, limit exceeds max",
+			queries:       makeRequest(logQuery(MaxExportRowCountLimit + 1)).CompositeQuery.Queries,
 			expectedError: true,
 		},
 		{
-			name: "single order no error",
-			queryParams: url.Values{
-				"order_by": {"timestamp:asc"},
-			},
-			expectedOrder: []qbtypes.OrderBy{
-				{
-					Direction: qbtypes.OrderDirectionAsc,
-					Key: qbtypes.OrderByKey{
-						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
-							Name: telemetrylogs.LogsV2TimestampColumn,
-						},
-					},
-				},
-				{
-					Direction: qbtypes.OrderDirectionAsc,
-					Key: qbtypes.OrderByKey{
-						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
-							Name: telemetrylogs.LogsV2IDColumn,
-						},
-					},
-				},
-			},
-			expectedError: false,
-		},
-		{
-			name: "multiple orders",
-			queryParams: url.Values{
-				"order_by": {"timestamp:asc", "body:desc", "id:asc"},
-			},
-			expectedOrder: []qbtypes.OrderBy{
-				{
-					Direction: qbtypes.OrderDirectionAsc,
-					Key: qbtypes.OrderByKey{
-						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
-							Name: telemetrylogs.LogsV2TimestampColumn,
-						},
-					},
-				},
-				{
-					Direction: qbtypes.OrderDirectionAsc,
-					Key: qbtypes.OrderByKey{
-						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
-							Name: telemetrylogs.LogsV2IDColumn,
-						},
-					},
-				},
-			},
-			expectedError: false,
-		},
-		{
-			name: "empty order name (should be skipped)",
-			queryParams: url.Values{
-				"order_by": {"timestamp:asc", "", "id:asc"},
-			},
-			expectedOrder: []qbtypes.OrderBy{
-				{
-					Direction: qbtypes.OrderDirectionAsc,
-					Key: qbtypes.OrderByKey{
-						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
-							Name: telemetrylogs.LogsV2TimestampColumn,
-						},
-					},
-				},
-				{
-					Direction: qbtypes.OrderDirectionAsc,
-					Key: qbtypes.OrderByKey{
-						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
-							Name: telemetrylogs.LogsV2IDColumn,
-						},
-					},
-				},
-			},
-			expectedError: false,
-		},
-		{
-			name: "whitespace order name (should be skipped)",
-			queryParams: url.Values{
-				"order_by": {"timestamp:asc", "   ", "id:asc"},
-			},
-			expectedOrder: []qbtypes.OrderBy{
-				{
-					Direction: qbtypes.OrderDirectionAsc,
-					Key: qbtypes.OrderByKey{
-						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
-							Name: telemetrylogs.LogsV2TimestampColumn,
-						},
-					},
-				},
-				{
-					Direction: qbtypes.OrderDirectionAsc,
-					Key: qbtypes.OrderByKey{
-						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
-							Name: telemetrylogs.LogsV2IDColumn,
-						},
-					},
-				},
-			},
-			expectedError: false,
-		},
-		{
-			name: "invalid order name (should error out)",
-			queryParams: url.Values{
-				"order_by": {"attributes.user:", "id:asc"},
-			},
-			expectedOrder: nil,
+			name:          "single log query, negative limit",
+			queries:       makeRequest(logQuery(-1)).CompositeQuery.Queries,
 			expectedError: true,
 		},
 		{
-			name: "valid order name (should be included)",
-			queryParams: url.Values{
-				"order_by": {"attribute.user:string:desc", "id:asc"},
+			name:    "single trace query, zero limit gets default",
+			queries: makeRequest(traceQuery(0)).CompositeQuery.Queries,
+			checkQueries: func(t *testing.T, q []qbtypes.QueryEnvelope) {
+				assert.Equal(t, DefaultExportRowCountLimit, q[0].GetLimit())
 			},
-			expectedOrder: []qbtypes.OrderBy{
-				{
-					Direction: qbtypes.OrderDirectionDesc,
-					Key: qbtypes.OrderByKey{
-						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
-							Name:          "user",
-							FieldContext:  telemetrytypes.FieldContextAttribute,
-							FieldDataType: telemetrytypes.FieldDataTypeString,
-						},
-					},
-				},
-			},
-			expectedError: false,
 		},
 		{
-			name: "valid order name (should be included)",
-			queryParams: url.Values{
-				"order_by": {"attribute.user.string:desc", "id:asc"},
+			name:    "trace operator alone, zero limit gets default",
+			queries: makeRequest(traceOperatorQuery(0)).CompositeQuery.Queries,
+			checkQueries: func(t *testing.T, q []qbtypes.QueryEnvelope) {
+				assert.Equal(t, DefaultExportRowCountLimit, q[0].GetLimit())
 			},
-			expectedOrder: []qbtypes.OrderBy{
-				{
-					Direction: qbtypes.OrderDirectionDesc,
-					Key: qbtypes.OrderByKey{
-						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
-							Name:         "user.string",
-							FieldContext: telemetrytypes.FieldContextAttribute,
-						},
-					},
-				},
-			},
-			expectedError: false,
 		},
 	}

 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			order, err := getExportQueryOrderBy(tt.queryParams)
+			err := validateAndApplyDefaultExportLimits(tt.queries)
 			if tt.expectedError {
 				assert.Error(t, err)
 			} else {
 				assert.NoError(t, err)
-				assert.Equal(t, len(tt.expectedOrder), len(order))
-				for i, expectedOrd := range tt.expectedOrder {
-					assert.Equal(t, expectedOrd, order[i])
+				if tt.checkQueries != nil {
+					tt.checkQueries(t, tt.queries)
 				}
 			}
 		})
@@ -529,13 +169,8 @@ func TestConstructCSVHeaderFromQueryResponse(t *testing.T) {

 	header := constructCSVHeaderFromQueryResponse(data)

-	// Since map iteration order is not guaranteed, check that all expected keys are present
-	expectedKeys := []string{"timestamp", "message", "level", "id"}
-	assert.Equal(t, len(expectedKeys), len(header))
-
-	for _, key := range expectedKeys {
-		assert.Contains(t, header, key)
-	}
+	// Priority columns come first in order, then the rest alphabetically.
+	assert.Equal(t, []string{"timestamp", "id", "level", "message"}, header)
 }

 func TestConstructCSVRecordFromQueryResponse(t *testing.T) {
--- a/pkg/modules/rawdataexport/implrawdataexport/module.go
+++ b/pkg/modules/rawdataexport/implrawdataexport/module.go
@@ -28,8 +28,18 @@ func (m *Module) ExportRawData(ctx context.Context, orgID valuer.UUID, rangeRequ
 		instrumentationtypes.CodeFunctionName: "ExportRawData",
 	})

-	spec := rangeRequest.CompositeQuery.Queries[0].Spec.(qbtypes.QueryBuilderQuery[qbtypes.LogAggregation])
-	rowCountLimit := spec.Limit
+	traceOperatorQueryIndex := rangeRequest.TraceOperatorQueryIndex()
+
+	queries := rangeRequest.CompositeQuery.Queries
+
+	// If the trace operator query is present, mark the queries other than trace operator as disabled
+	if traceOperatorQueryIndex > -1 {
+		for idx := range len(queries) {
+			if idx != traceOperatorQueryIndex {
+				queries[idx].SetDisabled(true)
+			}
+		}
+	}

 	rowChan := make(chan *qbtypes.RawRow, 1)
 	errChan := make(chan error, 1)
@@ -43,52 +53,62 @@ func (m *Module) ExportRawData(ctx context.Context, orgID valuer.UUID, rangeRequ
 		defer close(errChan)
 		defer close(rowChan)

-		rowCount := 0
-
-		for rowCount < rowCountLimit {
-			spec.Limit = min(ChunkSize, rowCountLimit-rowCount)
-			spec.Offset = rowCount
-
-			rangeRequest.CompositeQuery.Queries[0].Spec = spec
-
-			response, err := m.querier.QueryRange(contextWithTimeout, orgID, rangeRequest)
-			if err != nil {
-				errChan <- err
-				return
-			}
-
-			newRowsCount := 0
-			for _, result := range response.Data.Results {
-				resultData, ok := result.(*qbtypes.RawData)
-				if !ok {
-					errChan <- errors.NewInternalf(errors.CodeInternal, "expected RawData, got %T", result)
-					return
-				}
-
-				newRowsCount += len(resultData.Rows)
-				for _, row := range resultData.Rows {
-					select {
-					case rowChan <- row:
-					case <-doneChan:
-						return
-					case <-ctx.Done():
-						errChan <- ctx.Err()
-						return
-					}
-				}
-
-			}
-
-			// Break if we did not receive any new rows
-			if newRowsCount == 0 {
-				return
-			}
-
-			rowCount += newRowsCount
-
+		if traceOperatorQueryIndex > -1 {
+			// If the trace operator query is present, we need to export the data for the trace operator query only
+			exportRawDataForSingleQuery(m.querier, contextWithTimeout, orgID, rangeRequest, rowChan, errChan, doneChan, traceOperatorQueryIndex)
+		} else {
+			// If the trace operator query is not present, we need to export the data for the first query only
+			exportRawDataForSingleQuery(m.querier, contextWithTimeout, orgID, rangeRequest, rowChan, errChan, doneChan, 0)
 		}
 	}()

 	return rowChan, errChan

 }
+
+func exportRawDataForSingleQuery(querier querier.Querier, ctx context.Context, orgID valuer.UUID, rangeRequest *qbtypes.QueryRangeRequest, rowChan chan *qbtypes.RawRow, errChan chan error, doneChan chan any, queryIndex int) {
+
+	queries := rangeRequest.CompositeQuery.Queries
+	rowCountLimit := queries[queryIndex].GetLimit()
+	rowCount := 0
+
+	for rowCount < rowCountLimit {
+		chunkSize := min(ChunkSize, rowCountLimit-rowCount)
+		queries[queryIndex].SetLimit(chunkSize)
+		queries[queryIndex].SetOffset(rowCount)
+
+		response, err := querier.QueryRange(ctx, orgID, rangeRequest)
+		if err != nil {
+			errChan <- err
+			return
+		}
+
+		newRowsCount := 0
+		for _, result := range response.Data.Results {
+			resultData, ok := result.(*qbtypes.RawData)
+			if !ok {
+				errChan <- errors.NewInternalf(errors.CodeInternal, "expected RawData, got %T", result)
+				return
+			}
+
+			newRowsCount += len(resultData.Rows)
+			for _, row := range resultData.Rows {
+				select {
+				case rowChan <- row:
+				case <-doneChan:
+					return
+				case <-ctx.Done():
+					errChan <- ctx.Err()
+					return
+				}
+			}
+		}
+
+		rowCount += newRowsCount
+
+		// Stop if we received fewer rows than requested — no more data available
+		if newRowsCount < chunkSize {
+			return
+		}
+	}
+}
--- a/pkg/modules/session/implsession/module.go
+++ b/pkg/modules/session/implsession/module.go
@@ -17,7 +17,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/tokenizer"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/usertypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 )

@@ -67,7 +66,7 @@ func (module *module) GetSessionContext(ctx context.Context, email valuer.Email,
 	}

 	// filter out deleted users
-	users = slices.DeleteFunc(users, func(user *usertypes.User) bool { return user.ErrIfDeleted() != nil })
+	users = slices.DeleteFunc(users, func(user *types.User) bool { return user.ErrIfDeleted() != nil })

 	// Since email is a valuer, we can be sure that it is a valid email and we can split it to get the domain name.
 	name := strings.Split(email.String(), "@")[1]
@@ -145,7 +144,7 @@ func (module *module) CreateCallbackAuthNSession(ctx context.Context, authNProvi
 	roleMapping := authDomain.AuthDomainConfig().RoleMapping
 	role := roleMapping.NewRoleFromCallbackIdentity(callbackIdentity)

-	user, err := usertypes.NewUser(callbackIdentity.Name, callbackIdentity.Email, role, callbackIdentity.OrgID, usertypes.UserStatusActive)
+	user, err := types.NewUser(callbackIdentity.Name, callbackIdentity.Email, role, callbackIdentity.OrgID, types.UserStatusActive)
 	if err != nil {
 		return "", err
 	}
--- a/pkg/modules/tracefunnel/impltracefunnel/module.go
+++ b/pkg/modules/tracefunnel/impltracefunnel/module.go
@@ -8,7 +8,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/tracefunnel"
 	"github.com/SigNoz/signoz/pkg/types"
 	traceFunnels "github.com/SigNoz/signoz/pkg/types/tracefunneltypes"
-	"github.com/SigNoz/signoz/pkg/types/usertypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 )

@@ -31,7 +30,7 @@ func (module *module) Create(ctx context.Context, timestamp int64, name string,
 	funnel.CreatedBy = userID.String()

 	// Set up the user relationship
-	funnel.CreatedByUser = &usertypes.User{
+	funnel.CreatedByUser = &types.User{
 		Identifiable: types.Identifiable{
 			ID: userID,
 		},
--- a/pkg/modules/user/config.go
+++ b/pkg/modules/user/config.go
@@ -5,7 +5,7 @@ import (

 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/factory"
-	"github.com/SigNoz/signoz/pkg/types/usertypes"
+	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/valuer"
 )

@@ -68,7 +68,7 @@ func (c Config) Validate() error {
 		if c.Root.Password == "" {
 			return errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "user::root::password is required when root user is enabled")
 		}
-		if !usertypes.IsPasswordValid(c.Root.Password) {
+		if !types.IsPasswordValid(c.Root.Password) {
 			return errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "user::root::password does not meet password requirements")
 		}
 	}
--- a/pkg/modules/user/impluser/getter.go
+++ b/pkg/modules/user/impluser/getter.go
@@ -6,25 +6,25 @@ import (

 	"github.com/SigNoz/signoz/pkg/flagger"
 	"github.com/SigNoz/signoz/pkg/modules/user"
+	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/featuretypes"
-	"github.com/SigNoz/signoz/pkg/types/usertypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 )

 type getter struct {
-	store   usertypes.UserStore
+	store   types.UserStore
 	flagger flagger.Flagger
 }

-func NewGetter(store usertypes.UserStore, flagger flagger.Flagger) user.Getter {
+func NewGetter(store types.UserStore, flagger flagger.Flagger) user.Getter {
 	return &getter{store: store, flagger: flagger}
 }

-func (module *getter) GetRootUserByOrgID(ctx context.Context, orgID valuer.UUID) (*usertypes.User, error) {
+func (module *getter) GetRootUserByOrgID(ctx context.Context, orgID valuer.UUID) (*types.User, error) {
 	return module.store.GetRootUserByOrgID(ctx, orgID)
 }

-func (module *getter) ListByOrgID(ctx context.Context, orgID valuer.UUID) ([]*usertypes.User, error) {
+func (module *getter) ListByOrgID(ctx context.Context, orgID valuer.UUID) ([]*types.User, error) {
 	users, err := module.store.ListUsersByOrgID(ctx, orgID)
 	if err != nil {
 		return nil, err
@@ -35,13 +35,13 @@ func (module *getter) ListByOrgID(ctx context.Context, orgID valuer.UUID) ([]*us
 	hideRootUsers := module.flagger.BooleanOrEmpty(ctx, flagger.FeatureHideRootUser, evalCtx)

 	if hideRootUsers {
-		users = slices.DeleteFunc(users, func(user *usertypes.User) bool { return user.IsRoot })
+		users = slices.DeleteFunc(users, func(user *types.User) bool { return user.IsRoot })
 	}

 	return users, nil
 }

-func (module *getter) GetUsersByEmail(ctx context.Context, email valuer.Email) ([]*usertypes.User, error) {
+func (module *getter) GetUsersByEmail(ctx context.Context, email valuer.Email) ([]*types.User, error) {
 	users, err := module.store.GetUsersByEmail(ctx, email)
 	if err != nil {
 		return nil, err
@@ -50,7 +50,7 @@ func (module *getter) GetUsersByEmail(ctx context.Context, email valuer.Email) (
 	return users, nil
 }

-func (module *getter) GetByOrgIDAndID(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*usertypes.User, error) {
+func (module *getter) GetByOrgIDAndID(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*types.User, error) {
 	user, err := module.store.GetByOrgIDAndID(ctx, orgID, id)
 	if err != nil {
 		return nil, err
@@ -59,7 +59,7 @@ func (module *getter) GetByOrgIDAndID(ctx context.Context, orgID valuer.UUID, id
 	return user, nil
 }

-func (module *getter) Get(ctx context.Context, id valuer.UUID) (*usertypes.User, error) {
+func (module *getter) Get(ctx context.Context, id valuer.UUID) (*types.User, error) {
 	user, err := module.store.GetUser(ctx, id)
 	if err != nil {
 		return nil, err
@@ -68,7 +68,7 @@ func (module *getter) Get(ctx context.Context, id valuer.UUID) (*usertypes.User,
 	return user, nil
 }

-func (module *getter) ListUsersByEmailAndOrgIDs(ctx context.Context, email valuer.Email, orgIDs []valuer.UUID) ([]*usertypes.User, error) {
+func (module *getter) ListUsersByEmailAndOrgIDs(ctx context.Context, email valuer.Email, orgIDs []valuer.UUID) ([]*types.User, error) {
 	users, err := module.store.ListUsersByEmailAndOrgIDs(ctx, email, orgIDs)
 	if err != nil {
 		return nil, err
@@ -95,7 +95,7 @@ func (module *getter) CountByOrgIDAndStatuses(ctx context.Context, orgID valuer.
 	return counts, nil
 }

-func (module *getter) GetFactorPasswordByUserID(ctx context.Context, userID valuer.UUID) (*usertypes.FactorPassword, error) {
+func (module *getter) GetFactorPasswordByUserID(ctx context.Context, userID valuer.UUID) (*types.FactorPassword, error) {
 	factorPassword, err := module.store.GetPasswordByUserID(ctx, userID)
 	if err != nil {
 		return nil, err
@@ -103,12 +103,3 @@ func (module *getter) GetFactorPasswordByUserID(ctx context.Context, userID valu

 	return factorPassword, nil
 }
-
-func (module *getter) GetActiveUserAndFactorPasswordByEmailAndOrgID(ctx context.Context, email string, orgID valuer.UUID) (*usertypes.User, *usertypes.FactorPassword, error) {
-	user, factorPassword, err := module.store.GetActiveUserAndFactorPasswordByEmailAndOrgID(ctx, email, orgID)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	return user, factorPassword, nil
-}
--- a/pkg/modules/user/impluser/handler.go
+++ b/pkg/modules/user/impluser/handler.go
@@ -11,9 +11,9 @@ import (
 	"github.com/SigNoz/signoz/pkg/http/binding"
 	"github.com/SigNoz/signoz/pkg/http/render"
 	root "github.com/SigNoz/signoz/pkg/modules/user"
+	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/types/integrationtypes"
-	"github.com/SigNoz/signoz/pkg/types/usertypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/gorilla/mux"
 )
@@ -31,7 +31,7 @@ func (h *handler) AcceptInvite(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()

-	req := new(usertypes.PostableAcceptInvite)
+	req := new(types.PostableAcceptInvite)
 	if err := binding.JSON.BindBody(r.Body, req); err != nil {
 		render.Error(w, err)
 		return
@@ -56,14 +56,14 @@ func (h *handler) CreateInvite(rw http.ResponseWriter, r *http.Request) {
 		return
 	}

-	var req usertypes.PostableInvite
+	var req types.PostableInvite
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
 		render.Error(rw, err)
 		return
 	}

-	invites, err := h.module.CreateBulkInvite(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(claims.UserID), &usertypes.PostableBulkInviteRequest{
-		Invites: []usertypes.PostableInvite{req},
+	invites, err := h.module.CreateBulkInvite(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(claims.UserID), &types.PostableBulkInviteRequest{
+		Invites: []types.PostableInvite{req},
 	})
 	if err != nil {
 		render.Error(rw, err)
@@ -83,7 +83,7 @@ func (h *handler) CreateBulkInvite(rw http.ResponseWriter, r *http.Request) {
 		return
 	}

-	var req usertypes.PostableBulkInviteRequest
+	var req types.PostableBulkInviteRequest
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
 		render.Error(rw, err)
 		return
@@ -214,7 +214,7 @@ func (h *handler) ListUsers(w http.ResponseWriter, r *http.Request) {
 	}

 	// temp code - show only active users
-	users = slices.DeleteFunc(users, func(user *usertypes.User) bool { return user.Status != usertypes.UserStatusActive })
+	users = slices.DeleteFunc(users, func(user *types.User) bool { return user.Status != types.UserStatusActive })

 	render.Success(w, http.StatusOK, users)
 }
@@ -231,7 +231,7 @@ func (h *handler) UpdateUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	var user usertypes.User
+	var user types.User
 	if err := json.NewDecoder(r.Body).Decode(&user); err != nil {
 		render.Error(w, err)
 		return
@@ -297,7 +297,7 @@ func (handler *handler) ResetPassword(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()

-	req := new(usertypes.PostableResetPassword)
+	req := new(types.PostableResetPassword)
 	if err := json.NewDecoder(r.Body).Decode(req); err != nil {
 		render.Error(w, err)
 		return
@@ -316,7 +316,7 @@ func (handler *handler) ChangePassword(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()

-	var req usertypes.ChangePasswordRequest
+	var req types.ChangePasswordRequest
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
 		render.Error(w, err)
 		return
@@ -335,7 +335,7 @@ func (h *handler) ForgotPassword(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()

-	req := new(usertypes.PostableForgotPassword)
+	req := new(types.PostableForgotPassword)
 	if err := binding.JSON.BindBody(r.Body, req); err != nil {
 		render.Error(w, err)
 		return
@@ -360,13 +360,13 @@ func (h *handler) CreateAPIKey(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	req := new(usertypes.PostableAPIKey)
+	req := new(types.PostableAPIKey)
 	if err := json.NewDecoder(r.Body).Decode(req); err != nil {
 		render.Error(w, errors.Wrapf(err, errors.TypeInvalidInput, errors.CodeInvalidInput, "failed to decode api key"))
 		return
 	}

-	apiKey, err := usertypes.NewStorableAPIKey(
+	apiKey, err := types.NewStorableAPIKey(
 		req.Name,
 		valuer.MustNewUUID(claims.UserID),
 		req.Role,
@@ -411,13 +411,13 @@ func (h *handler) ListAPIKeys(w http.ResponseWriter, r *http.Request) {

 	// for backward compatibility
 	if len(apiKeys) == 0 {
-		render.Success(w, http.StatusOK, []usertypes.GettableAPIKey{})
+		render.Success(w, http.StatusOK, []types.GettableAPIKey{})
 		return
 	}

-	result := make([]*usertypes.GettableAPIKey, len(apiKeys))
+	result := make([]*types.GettableAPIKey, len(apiKeys))
 	for i, apiKey := range apiKeys {
-		result[i] = usertypes.NewGettableAPIKeyFromStorableAPIKey(apiKey)
+		result[i] = types.NewGettableAPIKeyFromStorableAPIKey(apiKey)
 	}

 	render.Success(w, http.StatusOK, result)
@@ -434,7 +434,7 @@ func (h *handler) UpdateAPIKey(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	req := usertypes.StorableAPIKey{}
+	req := types.StorableAPIKey{}
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
 		render.Error(w, errors.Wrapf(err, errors.TypeInvalidInput, errors.CodeInvalidInput, "failed to decode api key"))
 		return
--- a/pkg/modules/user/impluser/module.go
+++ b/pkg/modules/user/impluser/module.go
@@ -19,13 +19,13 @@ import (
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/types/emailtypes"
 	"github.com/SigNoz/signoz/pkg/types/integrationtypes"
-	"github.com/SigNoz/signoz/pkg/types/usertypes"
+	"github.com/SigNoz/signoz/pkg/types/roletypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/dustin/go-humanize"
 )

 type Module struct {
-	store     usertypes.UserStore
+	store     types.UserStore
 	tokenizer tokenizer.Tokenizer
 	emailing  emailing.Emailing
 	settings  factory.ScopedProviderSettings
@@ -36,7 +36,7 @@ type Module struct {
 }

 // This module is a WIP, don't take inspiration from this.
-func NewModule(store usertypes.UserStore, tokenizer tokenizer.Tokenizer, emailing emailing.Emailing, providerSettings factory.ProviderSettings, orgSetter organization.Setter, authz authz.AuthZ, analytics analytics.Analytics, config user.Config) root.Module {
+func NewModule(store types.UserStore, tokenizer tokenizer.Tokenizer, emailing emailing.Emailing, providerSettings factory.ProviderSettings, orgSetter organization.Setter, authz authz.AuthZ, analytics analytics.Analytics, config user.Config) root.Module {
 	settings := factory.NewScopedProviderSettings(providerSettings, "github.com/SigNoz/signoz/pkg/modules/user/impluser")
 	return &Module{
 		store:     store,
@@ -50,7 +50,7 @@ func NewModule(store usertypes.UserStore, tokenizer tokenizer.Tokenizer, emailin
 	}
 }

-func (m *Module) AcceptInvite(ctx context.Context, token string, password string) (*usertypes.User, error) {
+func (m *Module) AcceptInvite(ctx context.Context, token string, password string) (*types.User, error) {
 	// get the user by reset password token
 	user, err := m.store.GetUserByResetPasswordToken(ctx, token)
 	if err != nil {
@@ -72,7 +72,7 @@ func (m *Module) AcceptInvite(ctx context.Context, token string, password string
 	return user, nil
 }

-func (m *Module) GetInviteByToken(ctx context.Context, token string) (*usertypes.Invite, error) {
+func (m *Module) GetInviteByToken(ctx context.Context, token string) (*types.Invite, error) {
 	// get the user
 	user, err := m.store.GetUserByResetPasswordToken(ctx, token)
 	if err != nil {
@@ -80,7 +80,7 @@ func (m *Module) GetInviteByToken(ctx context.Context, token string) (*usertypes
 	}

 	// create a dummy invite obj for backward compatibility
-	invite := &usertypes.Invite{
+	invite := &types.Invite{
 		Identifiable: types.Identifiable{
 			ID: user.ID,
 		},
@@ -99,7 +99,7 @@ func (m *Module) GetInviteByToken(ctx context.Context, token string) (*usertypes
 }

 // CreateBulk implements invite.Module.
-func (m *Module) CreateBulkInvite(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, bulkInvites *usertypes.PostableBulkInviteRequest) ([]*usertypes.Invite, error) {
+func (m *Module) CreateBulkInvite(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, bulkInvites *types.PostableBulkInviteRequest) ([]*types.Invite, error) {
 	creator, err := m.store.GetUser(ctx, userID)
 	if err != nil {
 		return nil, err
@@ -110,7 +110,7 @@ func (m *Module) CreateBulkInvite(ctx context.Context, orgID valuer.UUID, userID
 	for idx, invite := range bulkInvites.Invites {
 		emails[idx] = invite.Email.StringValue()
 	}
-	users, err := m.store.GetUsersByEmailsOrgIDAndStatuses(ctx, orgID, emails, []string{usertypes.UserStatusActive.StringValue(), usertypes.UserStatusPendingInvite.StringValue()})
+	users, err := m.store.GetUsersByEmailsOrgIDAndStatuses(ctx, orgID, emails, []string{types.UserStatusActive.StringValue(), types.UserStatusPendingInvite.StringValue()})
 	if err != nil {
 		return nil, err
 	}
@@ -120,7 +120,7 @@ func (m *Module) CreateBulkInvite(ctx context.Context, orgID valuer.UUID, userID
 			return nil, errors.WithAdditionalf(err, "Cannot send invite to root user")
 		}

-		if users[0].Status == usertypes.UserStatusPendingInvite {
+		if users[0].Status == types.UserStatusPendingInvite {
 			return nil, errors.Newf(errors.TypeAlreadyExists, errors.CodeAlreadyExists, "An invite already exists for this email: %s", users[0].Email.StringValue())
 		}

@@ -128,21 +128,21 @@ func (m *Module) CreateBulkInvite(ctx context.Context, orgID valuer.UUID, userID
 	}

 	type userWithResetToken struct {
-		User               *usertypes.User
-		ResetPasswordToken *usertypes.ResetPasswordToken
+		User               *types.User
+		ResetPasswordToken *types.ResetPasswordToken
 	}

 	newUsersWithResetToken := make([]*userWithResetToken, len(bulkInvites.Invites))

 	if err := m.store.RunInTx(ctx, func(ctx context.Context) error {
 		for idx, invite := range bulkInvites.Invites {
-			role, err := authtypes.NewLegacyRole(invite.Role.String())
+			role, err := types.NewRole(invite.Role.String())
 			if err != nil {
 				return err
 			}

 			// create a new user with pending invite status
-			newUser, err := usertypes.NewUser(invite.Name, invite.Email, role, orgID, usertypes.UserStatusPendingInvite)
+			newUser, err := types.NewUser(invite.Name, invite.Email, role, orgID, types.UserStatusPendingInvite)
 			if err != nil {
 				return err
 			}
@@ -170,7 +170,7 @@ func (m *Module) CreateBulkInvite(ctx context.Context, orgID valuer.UUID, userID
 		return nil, err
 	}

-	invites := make([]*usertypes.Invite, len(bulkInvites.Invites))
+	invites := make([]*types.Invite, len(bulkInvites.Invites))

 	// send password reset emails to all the invited users
 	for idx, userWithToken := range newUsersWithResetToken {
@@ -179,7 +179,7 @@ func (m *Module) CreateBulkInvite(ctx context.Context, orgID valuer.UUID, userID
 			"invitee_role":  userWithToken.User.Role,
 		})

-		invite := &usertypes.Invite{
+		invite := &types.Invite{
 			Identifiable: types.Identifiable{
 				ID: userWithToken.User.ID,
 			},
@@ -219,16 +219,16 @@ func (m *Module) CreateBulkInvite(ctx context.Context, orgID valuer.UUID, userID
 	return invites, nil
 }

-func (m *Module) ListInvite(ctx context.Context, orgID string) ([]*usertypes.Invite, error) {
+func (m *Module) ListInvite(ctx context.Context, orgID string) ([]*types.Invite, error) {
 	// find all the users with pending_invite status
 	users, err := m.store.ListUsersByOrgID(ctx, valuer.MustNewUUID(orgID))
 	if err != nil {
 		return nil, err
 	}

-	pendingUsers := slices.DeleteFunc(users, func(user *usertypes.User) bool { return user.Status != usertypes.UserStatusPendingInvite })
+	pendingUsers := slices.DeleteFunc(users, func(user *types.User) bool { return user.Status != types.UserStatusPendingInvite })

-	var invites []*usertypes.Invite
+	var invites []*types.Invite

 	for _, pUser := range pendingUsers {
 		// get the reset password token
@@ -238,7 +238,7 @@ func (m *Module) ListInvite(ctx context.Context, orgID string) ([]*usertypes.Inv
 		}

 		// create a dummy invite obj for backward compatibility
-		invite := &usertypes.Invite{
+		invite := &types.Invite{
 			Identifiable: types.Identifiable{
 				ID: pUser.ID,
 			},
@@ -259,11 +259,11 @@ func (m *Module) ListInvite(ctx context.Context, orgID string) ([]*usertypes.Inv
 	return invites, nil
 }

-func (module *Module) CreateUser(ctx context.Context, input *usertypes.User, opts ...root.CreateUserOption) error {
+func (module *Module) CreateUser(ctx context.Context, input *types.User, opts ...root.CreateUserOption) error {
 	createUserOpts := root.NewCreateUserOptions(opts...)

 	// since assign is idempotant multiple calls to assign won't cause issues in case of retries.
-	err := module.authz.Grant(ctx, input.OrgID, []string{authtypes.MustGetSigNozManagedRoleFromExistingRole(input.Role)}, authtypes.MustNewSubject(authtypes.TypeableUser, input.ID.StringValue(), input.OrgID, nil))
+	err := module.authz.Grant(ctx, input.OrgID, []string{roletypes.MustGetSigNozManagedRoleFromExistingRole(input.Role)}, authtypes.MustNewSubject(authtypes.TypeableUser, input.ID.StringValue(), input.OrgID, nil))
 	if err != nil {
 		return err
 	}
@@ -284,14 +284,14 @@ func (module *Module) CreateUser(ctx context.Context, input *usertypes.User, opt
 		return err
 	}

-	traitsOrProperties := usertypes.NewTraitsFromUser(input)
+	traitsOrProperties := types.NewTraitsFromUser(input)
 	module.analytics.IdentifyUser(ctx, input.OrgID.String(), input.ID.String(), traitsOrProperties)
 	module.analytics.TrackUser(ctx, input.OrgID.String(), input.ID.String(), "User Created", traitsOrProperties)

 	return nil
 }

-func (m *Module) UpdateUser(ctx context.Context, orgID valuer.UUID, id string, user *usertypes.User, updatedBy string) (*usertypes.User, error) {
+func (m *Module) UpdateUser(ctx context.Context, orgID valuer.UUID, id string, user *types.User, updatedBy string) (*types.User, error) {
 	existingUser, err := m.store.GetUser(ctx, valuer.MustNewUUID(id))
 	if err != nil {
 		return nil, err
@@ -314,13 +314,13 @@ func (m *Module) UpdateUser(ctx context.Context, orgID valuer.UUID, id string, u
 		return nil, err
 	}

-	if user.Role != "" && user.Role != existingUser.Role && requestor.Role != authtypes.RoleAdmin {
+	if user.Role != "" && user.Role != existingUser.Role && requestor.Role != types.RoleAdmin {
 		return nil, errors.New(errors.TypeForbidden, errors.CodeForbidden, "only admins can change roles")
 	}

 	// Make sure that the request is not demoting the last admin user.
-	if user.Role != "" && user.Role != existingUser.Role && existingUser.Role == authtypes.RoleAdmin {
-		adminUsers, err := m.store.GetActiveUsersByRoleAndOrgID(ctx, authtypes.RoleAdmin, orgID)
+	if user.Role != "" && user.Role != existingUser.Role && existingUser.Role == types.RoleAdmin {
+		adminUsers, err := m.store.GetActiveUsersByRoleAndOrgID(ctx, types.RoleAdmin, orgID)
 		if err != nil {
 			return nil, err
 		}
@@ -333,8 +333,8 @@ func (m *Module) UpdateUser(ctx context.Context, orgID valuer.UUID, id string, u
 	if user.Role != "" && user.Role != existingUser.Role {
 		err = m.authz.ModifyGrant(ctx,
 			orgID,
-			[]string{authtypes.MustGetSigNozManagedRoleFromExistingRole(existingUser.Role)},
-			[]string{authtypes.MustGetSigNozManagedRoleFromExistingRole(user.Role)},
+			[]string{roletypes.MustGetSigNozManagedRoleFromExistingRole(existingUser.Role)},
+			[]string{roletypes.MustGetSigNozManagedRoleFromExistingRole(user.Role)},
 			authtypes.MustNewSubject(authtypes.TypeableUser, id, orgID, nil),
 		)
 		if err != nil {
@@ -350,12 +350,12 @@ func (m *Module) UpdateUser(ctx context.Context, orgID valuer.UUID, id string, u
 	return existingUser, nil
 }

-func (module *Module) UpdateAnyUser(ctx context.Context, orgID valuer.UUID, user *usertypes.User) error {
+func (module *Module) UpdateAnyUser(ctx context.Context, orgID valuer.UUID, user *types.User) error {
 	if err := module.store.UpdateUser(ctx, orgID, user); err != nil {
 		return err
 	}

-	traits := usertypes.NewTraitsFromUser(user)
+	traits := types.NewTraitsFromUser(user)
 	module.analytics.IdentifyUser(ctx, user.OrgID.String(), user.ID.String(), traits)
 	module.analytics.TrackUser(ctx, user.OrgID.String(), user.ID.String(), "User Updated", traits)

@@ -385,17 +385,17 @@ func (module *Module) DeleteUser(ctx context.Context, orgID valuer.UUID, id stri
 	}

 	// don't allow to delete the last admin user
-	adminUsers, err := module.store.GetActiveUsersByRoleAndOrgID(ctx, authtypes.RoleAdmin, orgID)
+	adminUsers, err := module.store.GetActiveUsersByRoleAndOrgID(ctx, types.RoleAdmin, orgID)
 	if err != nil {
 		return err
 	}

-	if len(adminUsers) == 1 && user.Role == authtypes.RoleAdmin {
+	if len(adminUsers) == 1 && user.Role == types.RoleAdmin {
 		return errors.New(errors.TypeForbidden, errors.CodeForbidden, "cannot delete the last admin")
 	}

 	// since revoke is idempotant multiple calls to revoke won't cause issues in case of retries
-	err = module.authz.Revoke(ctx, orgID, []string{authtypes.MustGetSigNozManagedRoleFromExistingRole(user.Role)}, authtypes.MustNewSubject(authtypes.TypeableUser, id, orgID, nil))
+	err = module.authz.Revoke(ctx, orgID, []string{roletypes.MustGetSigNozManagedRoleFromExistingRole(user.Role)}, authtypes.MustNewSubject(authtypes.TypeableUser, id, orgID, nil))
 	if err != nil {
 		return err
 	}
@@ -412,7 +412,7 @@ func (module *Module) DeleteUser(ctx context.Context, orgID valuer.UUID, id stri
 	return nil
 }

-func (module *Module) GetOrCreateResetPasswordToken(ctx context.Context, userID valuer.UUID) (*usertypes.ResetPasswordToken, error) {
+func (module *Module) GetOrCreateResetPasswordToken(ctx context.Context, userID valuer.UUID) (*types.ResetPasswordToken, error) {
 	user, err := module.store.GetUser(ctx, userID)
 	if err != nil {
 		return nil, err
@@ -435,7 +435,7 @@ func (module *Module) GetOrCreateResetPasswordToken(ctx context.Context, userID

 	if password == nil {
 		// if the user does not have a password, we need to create a new one (common for SSO/SAML users)
-		password = usertypes.MustGenerateFactorPassword(userID.String())
+		password = types.MustGenerateFactorPassword(userID.String())

 		if err := module.store.CreatePassword(ctx, password); err != nil {
 			return nil, err
@@ -461,7 +461,7 @@ func (module *Module) GetOrCreateResetPasswordToken(ctx context.Context, userID
 	}

 	// create a new token
-	resetPasswordToken, err := usertypes.NewResetPasswordToken(password.ID, time.Now().Add(module.config.Password.Reset.MaxTokenLifetime))
+	resetPasswordToken, err := types.NewResetPasswordToken(password.ID, time.Now().Add(module.config.Password.Reset.MaxTokenLifetime))
 	if err != nil {
 		return nil, err
 	}
@@ -554,11 +554,11 @@ func (module *Module) UpdatePasswordByResetPasswordToken(ctx context.Context, to
 	}

 	// since grant is idempotent, multiple calls won't cause issues in case of retries
-	if user.Status == usertypes.UserStatusPendingInvite {
+	if user.Status == types.UserStatusPendingInvite {
 		if err = module.authz.Grant(
 			ctx,
 			user.OrgID,
-			[]string{authtypes.MustGetSigNozManagedRoleFromExistingRole(user.Role)},
+			[]string{roletypes.MustGetSigNozManagedRoleFromExistingRole(user.Role)},
 			authtypes.MustNewSubject(authtypes.TypeableUser, user.ID.StringValue(), user.OrgID, nil),
 		); err != nil {
 			return err
@@ -566,8 +566,8 @@ func (module *Module) UpdatePasswordByResetPasswordToken(ctx context.Context, to
 	}

 	return module.store.RunInTx(ctx, func(ctx context.Context) error {
-		if user.Status == usertypes.UserStatusPendingInvite {
-			if err := user.UpdateStatus(usertypes.UserStatusActive); err != nil {
+		if user.Status == types.UserStatusPendingInvite {
+			if err := user.UpdateStatus(types.UserStatusActive); err != nil {
 				return err
 			}
 			if err := module.store.UpdateUser(ctx, user.OrgID, user); err != nil {
@@ -607,7 +607,7 @@ func (module *Module) UpdatePassword(ctx context.Context, userID valuer.UUID, ol
 	}

 	if !password.Equals(oldpasswd) {
-		return errors.New(errors.TypeInvalidInput, usertypes.ErrCodeIncorrectPassword, "old password is incorrect")
+		return errors.New(errors.TypeInvalidInput, types.ErrCodeIncorrectPassword, "old password is incorrect")
 	}

 	if err := password.Update(passwd); err != nil {
@@ -631,7 +631,7 @@ func (module *Module) UpdatePassword(ctx context.Context, userID valuer.UUID, ol
 	return module.tokenizer.DeleteTokensByUserID(ctx, userID)
 }

-func (module *Module) GetOrCreateUser(ctx context.Context, user *usertypes.User, opts ...root.CreateUserOption) (*usertypes.User, error) {
+func (module *Module) GetOrCreateUser(ctx context.Context, user *types.User, opts ...root.CreateUserOption) (*types.User, error) {
 	existingUser, err := module.GetNonDeletedUserByEmailAndOrgID(ctx, user.Email, user.OrgID)
 	if err != nil {
 		if !errors.Ast(err, errors.TypeNotFound) {
@@ -641,7 +641,7 @@ func (module *Module) GetOrCreateUser(ctx context.Context, user *usertypes.User,

 	if existingUser != nil {
 		// for users logging through SSO flow but are having status as pending_invite
-		if existingUser.Status == usertypes.UserStatusPendingInvite {
+		if existingUser.Status == types.UserStatusPendingInvite {
 			// respect the role coming from the SSO
 			existingUser.Update("", user.Role)
 			// activate the user
@@ -661,19 +661,19 @@ func (module *Module) GetOrCreateUser(ctx context.Context, user *usertypes.User,
 	return user, nil
 }

-func (m *Module) CreateAPIKey(ctx context.Context, apiKey *usertypes.StorableAPIKey) error {
+func (m *Module) CreateAPIKey(ctx context.Context, apiKey *types.StorableAPIKey) error {
 	return m.store.CreateAPIKey(ctx, apiKey)
 }

-func (m *Module) UpdateAPIKey(ctx context.Context, id valuer.UUID, apiKey *usertypes.StorableAPIKey, updaterID valuer.UUID) error {
+func (m *Module) UpdateAPIKey(ctx context.Context, id valuer.UUID, apiKey *types.StorableAPIKey, updaterID valuer.UUID) error {
 	return m.store.UpdateAPIKey(ctx, id, apiKey, updaterID)
 }

-func (m *Module) ListAPIKeys(ctx context.Context, orgID valuer.UUID) ([]*usertypes.StorableAPIKeyUser, error) {
+func (m *Module) ListAPIKeys(ctx context.Context, orgID valuer.UUID) ([]*types.StorableAPIKeyUser, error) {
 	return m.store.ListAPIKeys(ctx, orgID)
 }

-func (m *Module) GetAPIKey(ctx context.Context, orgID, id valuer.UUID) (*usertypes.StorableAPIKeyUser, error) {
+func (m *Module) GetAPIKey(ctx context.Context, orgID, id valuer.UUID) (*types.StorableAPIKeyUser, error) {
 	return m.store.GetAPIKey(ctx, orgID, id)
 }

@@ -681,18 +681,18 @@ func (m *Module) RevokeAPIKey(ctx context.Context, id, removedByUserID valuer.UU
 	return m.store.RevokeAPIKey(ctx, id, removedByUserID)
 }

-func (module *Module) CreateFirstUser(ctx context.Context, organization *types.Organization, name string, email valuer.Email, passwd string) (*usertypes.User, error) {
-	user, err := usertypes.NewRootUser(name, email, organization.ID)
+func (module *Module) CreateFirstUser(ctx context.Context, organization *types.Organization, name string, email valuer.Email, passwd string) (*types.User, error) {
+	user, err := types.NewRootUser(name, email, organization.ID)
 	if err != nil {
 		return nil, err
 	}

-	password, err := usertypes.NewFactorPassword(passwd, user.ID.StringValue())
+	password, err := types.NewFactorPassword(passwd, user.ID.StringValue())
 	if err != nil {
 		return nil, err
 	}

-	managedRoles := authtypes.NewManagedRoles(organization.ID)
+	managedRoles := roletypes.NewManagedRoles(organization.ID)
 	err = module.authz.CreateManagedUserRoleTransactions(ctx, organization.ID, user.ID)
 	if err != nil {
 		return nil, err
@@ -726,12 +726,12 @@ func (module *Module) CreateFirstUser(ctx context.Context, organization *types.O

 func (module *Module) Collect(ctx context.Context, orgID valuer.UUID) (map[string]any, error) {
 	stats := make(map[string]any)
-	counts, err := module.store.CountByOrgIDAndStatuses(ctx, orgID, []string{usertypes.UserStatusActive.StringValue(), usertypes.UserStatusDeleted.StringValue(), usertypes.UserStatusPendingInvite.StringValue()})
+	counts, err := module.store.CountByOrgIDAndStatuses(ctx, orgID, []string{types.UserStatusActive.StringValue(), types.UserStatusDeleted.StringValue(), types.UserStatusPendingInvite.StringValue()})
 	if err == nil {
-		stats["user.count"] = counts[usertypes.UserStatusActive] + counts[usertypes.UserStatusDeleted] + counts[usertypes.UserStatusPendingInvite]
-		stats["user.count.active"] = counts[usertypes.UserStatusActive]
-		stats["user.count.deleted"] = counts[usertypes.UserStatusDeleted]
-		stats["user.count.pending_invite"] = counts[usertypes.UserStatusPendingInvite]
+		stats["user.count"] = counts[types.UserStatusActive] + counts[types.UserStatusDeleted] + counts[types.UserStatusPendingInvite]
+		stats["user.count.active"] = counts[types.UserStatusActive]
+		stats["user.count.deleted"] = counts[types.UserStatusDeleted]
+		stats["user.count.pending_invite"] = counts[types.UserStatusPendingInvite]
 	}

 	count, err := module.store.CountAPIKeyByOrgID(ctx, orgID)
@@ -743,14 +743,14 @@ func (module *Module) Collect(ctx context.Context, orgID valuer.UUID) (map[strin
 }

 // this function restricts that only one non-deleted user email can exist for an org ID, if found more, it throws an error
-func (module *Module) GetNonDeletedUserByEmailAndOrgID(ctx context.Context, email valuer.Email, orgID valuer.UUID) (*usertypes.User, error) {
+func (module *Module) GetNonDeletedUserByEmailAndOrgID(ctx context.Context, email valuer.Email, orgID valuer.UUID) (*types.User, error) {
 	existingUsers, err := module.store.GetUsersByEmailAndOrgID(ctx, email, orgID)
 	if err != nil {
 		return nil, err
 	}

 	// filter out the deleted users
-	existingUsers = slices.DeleteFunc(existingUsers, func(user *usertypes.User) bool { return user.ErrIfDeleted() != nil })
+	existingUsers = slices.DeleteFunc(existingUsers, func(user *types.User) bool { return user.ErrIfDeleted() != nil })

 	if len(existingUsers) > 1 {
 		return nil, errors.Newf(errors.TypeInternal, errors.CodeInternal, "Multiple non-deleted users found for email %s in org_id: %s", email.StringValue(), orgID.StringValue())
@@ -764,7 +764,7 @@ func (module *Module) GetNonDeletedUserByEmailAndOrgID(ctx context.Context, emai

 }

-func (module *Module) createUserWithoutGrant(ctx context.Context, input *usertypes.User, opts ...root.CreateUserOption) error {
+func (module *Module) createUserWithoutGrant(ctx context.Context, input *types.User, opts ...root.CreateUserOption) error {
 	createUserOpts := root.NewCreateUserOptions(opts...)
 	if err := module.store.RunInTx(ctx, func(ctx context.Context) error {
 		if err := module.store.CreateUser(ctx, input); err != nil {
@@ -782,25 +782,25 @@ func (module *Module) createUserWithoutGrant(ctx context.Context, input *usertyp
 		return err
 	}

-	traitsOrProperties := usertypes.NewTraitsFromUser(input)
+	traitsOrProperties := types.NewTraitsFromUser(input)
 	module.analytics.IdentifyUser(ctx, input.OrgID.String(), input.ID.String(), traitsOrProperties)
 	module.analytics.TrackUser(ctx, input.OrgID.String(), input.ID.String(), "User Created", traitsOrProperties)

 	return nil
 }

-func (module *Module) activatePendingUser(ctx context.Context, user *usertypes.User) error {
+func (module *Module) activatePendingUser(ctx context.Context, user *types.User) error {
 	err := module.authz.Grant(
 		ctx,
 		user.OrgID,
-		[]string{authtypes.MustGetSigNozManagedRoleFromExistingRole(user.Role)},
+		[]string{roletypes.MustGetSigNozManagedRoleFromExistingRole(user.Role)},
 		authtypes.MustNewSubject(authtypes.TypeableUser, user.ID.StringValue(), user.OrgID, nil),
 	)
 	if err != nil {
 		return err
 	}

-	if err := user.UpdateStatus(usertypes.UserStatusActive); err != nil {
+	if err := user.UpdateStatus(types.UserStatusActive); err != nil {
 		return err
 	}
 	err = module.store.UpdateUser(ctx, user.OrgID, user)
--- a/pkg/modules/user/impluser/service.go
+++ b/pkg/modules/user/impluser/service.go
@@ -11,13 +11,13 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/user"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/usertypes"
+	"github.com/SigNoz/signoz/pkg/types/roletypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 )

 type service struct {
 	settings  factory.ScopedProviderSettings
-	store     usertypes.UserStore
+	store     types.UserStore
 	module    user.Module
 	orgGetter organization.Getter
 	authz     authz.AuthZ
@@ -27,7 +27,7 @@ type service struct {

 func NewService(
 	providerSettings factory.ProviderSettings,
-	store usertypes.UserStore,
+	store types.UserStore,
 	module user.Module,
 	orgGetter organization.Getter,
 	authz authz.AuthZ,
@@ -156,11 +156,11 @@ func (s *service) createOrPromoteRootUser(ctx context.Context, orgID valuer.UUID
 			return err
 		}

-		if oldRole != authtypes.RoleAdmin {
+		if oldRole != types.RoleAdmin {
 			if err := s.authz.ModifyGrant(ctx,
 				orgID,
-				[]string{authtypes.MustGetSigNozManagedRoleFromExistingRole(oldRole)},
-				[]string{authtypes.MustGetSigNozManagedRoleFromExistingRole(authtypes.RoleAdmin)},
+				[]string{roletypes.MustGetSigNozManagedRoleFromExistingRole(oldRole)},
+				[]string{roletypes.MustGetSigNozManagedRoleFromExistingRole(types.RoleAdmin)},
 				authtypes.MustNewSubject(authtypes.TypeableUser, existingUser.ID.StringValue(), orgID, nil),
 			); err != nil {
 				return err
@@ -171,12 +171,12 @@ func (s *service) createOrPromoteRootUser(ctx context.Context, orgID valuer.UUID
 	}

 	// Create new root user
-	newUser, err := usertypes.NewRootUser(s.config.Email.String(), s.config.Email, orgID)
+	newUser, err := types.NewRootUser(s.config.Email.String(), s.config.Email, orgID)
 	if err != nil {
 		return err
 	}

-	factorPassword, err := usertypes.NewFactorPassword(s.config.Password, newUser.ID.StringValue())
+	factorPassword, err := types.NewFactorPassword(s.config.Password, newUser.ID.StringValue())
 	if err != nil {
 		return err
 	}
@@ -184,7 +184,7 @@ func (s *service) createOrPromoteRootUser(ctx context.Context, orgID valuer.UUID
 	return s.module.CreateUser(ctx, newUser, user.WithFactorPassword(factorPassword))
 }

-func (s *service) updateExistingRootUser(ctx context.Context, orgID valuer.UUID, existingRoot *usertypes.User) error {
+func (s *service) updateExistingRootUser(ctx context.Context, orgID valuer.UUID, existingRoot *types.User) error {
 	existingRoot.PromoteToRoot()

 	if existingRoot.Email != s.config.Email {
@@ -204,7 +204,7 @@ func (s *service) setPassword(ctx context.Context, userID valuer.UUID) error {
 			return err
 		}

-		factorPassword, err := usertypes.NewFactorPassword(s.config.Password, userID.StringValue())
+		factorPassword, err := types.NewFactorPassword(s.config.Password, userID.StringValue())
 		if err != nil {
 			return err
 		}
--- a/pkg/modules/user/impluser/store.go
+++ b/pkg/modules/user/impluser/store.go
@@ -9,9 +9,9 @@ import (
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/types/preferencetypes"
-	"github.com/SigNoz/signoz/pkg/types/usertypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/uptrace/bun"
 )
@@ -21,11 +21,11 @@ type store struct {
 	settings factory.ProviderSettings
 }

-func NewStore(sqlstore sqlstore.SQLStore, settings factory.ProviderSettings) usertypes.UserStore {
+func NewStore(sqlstore sqlstore.SQLStore, settings factory.ProviderSettings) types.UserStore {
 	return &store{sqlstore: sqlstore, settings: settings}
 }

-func (store *store) CreatePassword(ctx context.Context, password *usertypes.FactorPassword) error {
+func (store *store) CreatePassword(ctx context.Context, password *types.FactorPassword) error {
 	_, err := store.
 		sqlstore.
 		BunDBCtx(ctx).
@@ -33,13 +33,13 @@ func (store *store) CreatePassword(ctx context.Context, password *usertypes.Fact
 		Model(password).
 		Exec(ctx)
 	if err != nil {
-		return store.sqlstore.WrapAlreadyExistsErrf(err, usertypes.ErrPasswordAlreadyExists, "password for user %s already exists", password.UserID)
+		return store.sqlstore.WrapAlreadyExistsErrf(err, types.ErrPasswordAlreadyExists, "password for user %s already exists", password.UserID)
 	}

 	return nil
 }

-func (store *store) CreateUser(ctx context.Context, user *usertypes.User) error {
+func (store *store) CreateUser(ctx context.Context, user *types.User) error {
 	_, err := store.
 		sqlstore.
 		BunDBCtx(ctx).
@@ -47,13 +47,13 @@ func (store *store) CreateUser(ctx context.Context, user *usertypes.User) error
 		Model(user).
 		Exec(ctx)
 	if err != nil {
-		return store.sqlstore.WrapAlreadyExistsErrf(err, usertypes.ErrUserAlreadyExists, "user with email %s already exists in org %s", user.Email, user.OrgID)
+		return store.sqlstore.WrapAlreadyExistsErrf(err, types.ErrUserAlreadyExists, "user with email %s already exists in org %s", user.Email, user.OrgID)
 	}
 	return nil
 }

-func (store *store) GetUsersByEmail(ctx context.Context, email valuer.Email) ([]*usertypes.User, error) {
-	var users []*usertypes.User
+func (store *store) GetUsersByEmail(ctx context.Context, email valuer.Email) ([]*types.User, error) {
+	var users []*types.User

 	err := store.
 		sqlstore.
@@ -69,8 +69,8 @@ func (store *store) GetUsersByEmail(ctx context.Context, email valuer.Email) ([]
 	return users, nil
 }

-func (store *store) GetUser(ctx context.Context, id valuer.UUID) (*usertypes.User, error) {
-	user := new(usertypes.User)
+func (store *store) GetUser(ctx context.Context, id valuer.UUID) (*types.User, error) {
+	user := new(types.User)

 	err := store.
 		sqlstore.
@@ -80,14 +80,14 @@ func (store *store) GetUser(ctx context.Context, id valuer.UUID) (*usertypes.Use
 		Where("id = ?", id).
 		Scan(ctx)
 	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, usertypes.ErrCodeUserNotFound, "user with id %s does not exist", id)
+		return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrCodeUserNotFound, "user with id %s does not exist", id)
 	}

 	return user, nil
 }

-func (store *store) GetByOrgIDAndID(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*usertypes.User, error) {
-	user := new(usertypes.User)
+func (store *store) GetByOrgIDAndID(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*types.User, error) {
+	user := new(types.User)

 	err := store.
 		sqlstore.
@@ -98,14 +98,14 @@ func (store *store) GetByOrgIDAndID(ctx context.Context, orgID valuer.UUID, id v
 		Where("id = ?", id).
 		Scan(ctx)
 	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, usertypes.ErrCodeUserNotFound, "user with id %s does not exist", id)
+		return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrCodeUserNotFound, "user with id %s does not exist", id)
 	}

 	return user, nil
 }

-func (store *store) GetUsersByEmailAndOrgID(ctx context.Context, email valuer.Email, orgID valuer.UUID) ([]*usertypes.User, error) {
-	var users []*usertypes.User
+func (store *store) GetUsersByEmailAndOrgID(ctx context.Context, email valuer.Email, orgID valuer.UUID) ([]*types.User, error) {
+	var users []*types.User

 	err := store.
 		sqlstore.
@@ -122,8 +122,8 @@ func (store *store) GetUsersByEmailAndOrgID(ctx context.Context, email valuer.Em
 	return users, nil
 }

-func (store *store) GetActiveUsersByRoleAndOrgID(ctx context.Context, role authtypes.LegacyRole, orgID valuer.UUID) ([]*usertypes.User, error) {
-	var users []*usertypes.User
+func (store *store) GetActiveUsersByRoleAndOrgID(ctx context.Context, role types.Role, orgID valuer.UUID) ([]*types.User, error) {
+	var users []*types.User

 	err := store.
 		sqlstore.
@@ -132,7 +132,7 @@ func (store *store) GetActiveUsersByRoleAndOrgID(ctx context.Context, role autht
 		Model(&users).
 		Where("org_id = ?", orgID).
 		Where("role = ?", role).
-		Where("status = ?", usertypes.UserStatusActive.StringValue()).
+		Where("status = ?", types.UserStatusActive.StringValue()).
 		Scan(ctx)
 	if err != nil {
 		return nil, err
@@ -141,7 +141,7 @@ func (store *store) GetActiveUsersByRoleAndOrgID(ctx context.Context, role autht
 	return users, nil
 }

-func (store *store) UpdateUser(ctx context.Context, orgID valuer.UUID, user *usertypes.User) error {
+func (store *store) UpdateUser(ctx context.Context, orgID valuer.UUID, user *types.User) error {
 	_, err := store.
 		sqlstore.
 		BunDBCtx(ctx).
@@ -157,13 +157,13 @@ func (store *store) UpdateUser(ctx context.Context, orgID valuer.UUID, user *use
 		Where("id = ?", user.ID).
 		Exec(ctx)
 	if err != nil {
-		return store.sqlstore.WrapNotFoundErrf(err, usertypes.ErrCodeUserNotFound, "user does not exist in org: %s", orgID)
+		return store.sqlstore.WrapNotFoundErrf(err, types.ErrCodeUserNotFound, "user does not exist in org: %s", orgID)
 	}
 	return nil
 }

-func (store *store) ListUsersByOrgID(ctx context.Context, orgID valuer.UUID) ([]*usertypes.GettableUser, error) {
-	users := []*usertypes.User{}
+func (store *store) ListUsersByOrgID(ctx context.Context, orgID valuer.UUID) ([]*types.GettableUser, error) {
+	users := []*types.User{}

 	err := store.
 		sqlstore.
@@ -191,7 +191,7 @@ func (store *store) DeleteUser(ctx context.Context, orgID string, id string) err

 	// get the password id

-	var password usertypes.FactorPassword
+	var password types.FactorPassword
 	err = tx.NewSelect().
 		Model(&password).
 		Where("user_id = ?", id).
@@ -202,7 +202,7 @@ func (store *store) DeleteUser(ctx context.Context, orgID string, id string) err

 	// delete reset password request
 	_, err = tx.NewDelete().
-		Model(new(usertypes.ResetPasswordToken)).
+		Model(new(types.ResetPasswordToken)).
 		Where("password_id = ?", password.ID.String()).
 		Exec(ctx)
 	if err != nil {
@@ -211,7 +211,7 @@ func (store *store) DeleteUser(ctx context.Context, orgID string, id string) err

 	// delete factor password
 	_, err = tx.NewDelete().
-		Model(new(usertypes.FactorPassword)).
+		Model(new(types.FactorPassword)).
 		Where("user_id = ?", id).
 		Exec(ctx)
 	if err != nil {
@@ -220,7 +220,7 @@ func (store *store) DeleteUser(ctx context.Context, orgID string, id string) err

 	// delete api keys
 	_, err = tx.NewDelete().
-		Model(&usertypes.StorableAPIKey{}).
+		Model(&types.StorableAPIKey{}).
 		Where("user_id = ?", id).
 		Exec(ctx)
 	if err != nil {
@@ -247,7 +247,7 @@ func (store *store) DeleteUser(ctx context.Context, orgID string, id string) err

 	// delete user
 	_, err = tx.NewDelete().
-		Model(new(usertypes.User)).
+		Model(new(types.User)).
 		Where("org_id = ?", orgID).
 		Where("id = ?", id).
 		Exec(ctx)
@@ -275,7 +275,7 @@ func (store *store) SoftDeleteUser(ctx context.Context, orgID string, id string)

 	// get the password id

-	var password usertypes.FactorPassword
+	var password types.FactorPassword
 	err = tx.NewSelect().
 		Model(&password).
 		Where("user_id = ?", id).
@@ -286,7 +286,7 @@ func (store *store) SoftDeleteUser(ctx context.Context, orgID string, id string)

 	// delete reset password request
 	_, err = tx.NewDelete().
-		Model(new(usertypes.ResetPasswordToken)).
+		Model(new(types.ResetPasswordToken)).
 		Where("password_id = ?", password.ID.String()).
 		Exec(ctx)
 	if err != nil {
@@ -295,7 +295,7 @@ func (store *store) SoftDeleteUser(ctx context.Context, orgID string, id string)

 	// delete factor password
 	_, err = tx.NewDelete().
-		Model(new(usertypes.FactorPassword)).
+		Model(new(types.FactorPassword)).
 		Where("user_id = ?", id).
 		Exec(ctx)
 	if err != nil {
@@ -304,7 +304,7 @@ func (store *store) SoftDeleteUser(ctx context.Context, orgID string, id string)

 	// delete api keys
 	_, err = tx.NewDelete().
-		Model(&usertypes.StorableAPIKey{}).
+		Model(&types.StorableAPIKey{}).
 		Where("user_id = ?", id).
 		Exec(ctx)
 	if err != nil {
@@ -332,8 +332,8 @@ func (store *store) SoftDeleteUser(ctx context.Context, orgID string, id string)
 	// soft delete user
 	now := time.Now()
 	_, err = tx.NewUpdate().
-		Model(new(usertypes.User)).
-		Set("status = ?", usertypes.UserStatusDeleted).
+		Model(new(types.User)).
+		Set("status = ?", types.UserStatusDeleted).
 		Set("deleted_at = ?", now).
 		Set("updated_at = ?", now).
 		Where("org_id = ?", orgID).
@@ -351,7 +351,7 @@ func (store *store) SoftDeleteUser(ctx context.Context, orgID string, id string)
 	return nil
 }

-func (store *store) CreateResetPasswordToken(ctx context.Context, resetPasswordToken *usertypes.ResetPasswordToken) error {
+func (store *store) CreateResetPasswordToken(ctx context.Context, resetPasswordToken *types.ResetPasswordToken) error {
 	_, err := store.
 		sqlstore.
 		BunDBCtx(ctx).
@@ -359,14 +359,14 @@ func (store *store) CreateResetPasswordToken(ctx context.Context, resetPasswordT
 		Model(resetPasswordToken).
 		Exec(ctx)
 	if err != nil {
-		return store.sqlstore.WrapAlreadyExistsErrf(err, usertypes.ErrResetPasswordTokenAlreadyExists, "reset password token for password  %s already exists", resetPasswordToken.PasswordID)
+		return store.sqlstore.WrapAlreadyExistsErrf(err, types.ErrResetPasswordTokenAlreadyExists, "reset password token for password  %s already exists", resetPasswordToken.PasswordID)
 	}

 	return nil
 }

-func (store *store) GetPassword(ctx context.Context, id valuer.UUID) (*usertypes.FactorPassword, error) {
-	password := new(usertypes.FactorPassword)
+func (store *store) GetPassword(ctx context.Context, id valuer.UUID) (*types.FactorPassword, error) {
+	password := new(types.FactorPassword)

 	err := store.
 		sqlstore.
@@ -376,14 +376,14 @@ func (store *store) GetPassword(ctx context.Context, id valuer.UUID) (*usertypes
 		Where("id = ?", id).
 		Scan(ctx)
 	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, usertypes.ErrCodePasswordNotFound, "password with id: %s does not exist", id)
+		return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrPasswordNotFound, "password with id: %s does not exist", id)
 	}

 	return password, nil
 }

-func (store *store) GetPasswordByUserID(ctx context.Context, userID valuer.UUID) (*usertypes.FactorPassword, error) {
-	password := new(usertypes.FactorPassword)
+func (store *store) GetPasswordByUserID(ctx context.Context, userID valuer.UUID) (*types.FactorPassword, error) {
+	password := new(types.FactorPassword)

 	err := store.
 		sqlstore.
@@ -393,13 +393,13 @@ func (store *store) GetPasswordByUserID(ctx context.Context, userID valuer.UUID)
 		Where("user_id = ?", userID).
 		Scan(ctx)
 	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, usertypes.ErrCodePasswordNotFound, "password for user %s does not exist", userID)
+		return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrPasswordNotFound, "password for user %s does not exist", userID)
 	}
 	return password, nil
 }

-func (store *store) GetResetPasswordTokenByPasswordID(ctx context.Context, passwordID valuer.UUID) (*usertypes.ResetPasswordToken, error) {
-	resetPasswordToken := new(usertypes.ResetPasswordToken)
+func (store *store) GetResetPasswordTokenByPasswordID(ctx context.Context, passwordID valuer.UUID) (*types.ResetPasswordToken, error) {
+	resetPasswordToken := new(types.ResetPasswordToken)

 	err := store.
 		sqlstore.
@@ -409,7 +409,7 @@ func (store *store) GetResetPasswordTokenByPasswordID(ctx context.Context, passw
 		Where("password_id = ?", passwordID).
 		Scan(ctx)
 	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, usertypes.ErrResetPasswordTokenNotFound, "reset password token for password %s does not exist", passwordID)
+		return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrResetPasswordTokenNotFound, "reset password token for password %s does not exist", passwordID)
 	}

 	return resetPasswordToken, nil
@@ -417,7 +417,7 @@ func (store *store) GetResetPasswordTokenByPasswordID(ctx context.Context, passw

 func (store *store) DeleteResetPasswordTokenByPasswordID(ctx context.Context, passwordID valuer.UUID) error {
 	_, err := store.sqlstore.BunDBCtx(ctx).NewDelete().
-		Model(&usertypes.ResetPasswordToken{}).
+		Model(&types.ResetPasswordToken{}).
 		Where("password_id = ?", passwordID).
 		Exec(ctx)
 	if err != nil {
@@ -427,8 +427,8 @@ func (store *store) DeleteResetPasswordTokenByPasswordID(ctx context.Context, pa
 	return nil
 }

-func (store *store) GetResetPasswordToken(ctx context.Context, token string) (*usertypes.ResetPasswordToken, error) {
-	resetPasswordRequest := new(usertypes.ResetPasswordToken)
+func (store *store) GetResetPasswordToken(ctx context.Context, token string) (*types.ResetPasswordToken, error) {
+	resetPasswordRequest := new(types.ResetPasswordToken)

 	err := store.
 		sqlstore.
@@ -438,38 +438,38 @@ func (store *store) GetResetPasswordToken(ctx context.Context, token string) (*u
 		Where("token = ?", token).
 		Scan(ctx)
 	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, usertypes.ErrResetPasswordTokenNotFound, "reset password token does not exist")
+		return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrResetPasswordTokenNotFound, "reset password token does not exist")
 	}

 	return resetPasswordRequest, nil
 }

-func (store *store) UpdatePassword(ctx context.Context, factorPassword *usertypes.FactorPassword) error {
+func (store *store) UpdatePassword(ctx context.Context, factorPassword *types.FactorPassword) error {
 	_, err := store.sqlstore.BunDBCtx(ctx).
 		NewUpdate().
 		Model(factorPassword).
 		Where("user_id = ?", factorPassword.UserID).
 		Exec(ctx)
 	if err != nil {
-		return store.sqlstore.WrapNotFoundErrf(err, usertypes.ErrCodePasswordNotFound, "password for user %s does not exist", factorPassword.UserID)
+		return store.sqlstore.WrapNotFoundErrf(err, types.ErrPasswordNotFound, "password for user %s does not exist", factorPassword.UserID)
 	}

 	return nil
 }

 // --- API KEY ---
-func (store *store) CreateAPIKey(ctx context.Context, apiKey *usertypes.StorableAPIKey) error {
+func (store *store) CreateAPIKey(ctx context.Context, apiKey *types.StorableAPIKey) error {
 	_, err := store.sqlstore.BunDB().NewInsert().
 		Model(apiKey).
 		Exec(ctx)
 	if err != nil {
-		return store.sqlstore.WrapAlreadyExistsErrf(err, usertypes.ErrAPIKeyAlreadyExists, "API key with token: %s already exists", apiKey.Token)
+		return store.sqlstore.WrapAlreadyExistsErrf(err, types.ErrAPIKeyAlreadyExists, "API key with token: %s already exists", apiKey.Token)
 	}

 	return nil
 }

-func (store *store) UpdateAPIKey(ctx context.Context, id valuer.UUID, apiKey *usertypes.StorableAPIKey, updaterID valuer.UUID) error {
+func (store *store) UpdateAPIKey(ctx context.Context, id valuer.UUID, apiKey *types.StorableAPIKey, updaterID valuer.UUID) error {
 	apiKey.UpdatedBy = updaterID.String()
 	apiKey.UpdatedAt = time.Now()
 	_, err := store.sqlstore.BunDB().NewUpdate().
@@ -479,13 +479,13 @@ func (store *store) UpdateAPIKey(ctx context.Context, id valuer.UUID, apiKey *us
 		Where("revoked = false").
 		Exec(ctx)
 	if err != nil {
-		return store.sqlstore.WrapNotFoundErrf(err, usertypes.ErrAPIKeyNotFound, "API key with id: %s does not exist", id)
+		return store.sqlstore.WrapNotFoundErrf(err, types.ErrAPIKeyNotFound, "API key with id: %s does not exist", id)
 	}
 	return nil
 }

-func (store *store) ListAPIKeys(ctx context.Context, orgID valuer.UUID) ([]*usertypes.StorableAPIKeyUser, error) {
-	orgUserAPIKeys := new(usertypes.OrgUserAPIKey)
+func (store *store) ListAPIKeys(ctx context.Context, orgID valuer.UUID) ([]*types.StorableAPIKeyUser, error) {
+	orgUserAPIKeys := new(types.OrgUserAPIKey)

 	if err := store.sqlstore.BunDB().NewSelect().
 		Model(orgUserAPIKeys).
@@ -502,7 +502,7 @@ func (store *store) ListAPIKeys(ctx context.Context, orgID valuer.UUID) ([]*user
 	}

 	// Flatten the API keys from all users
-	var allAPIKeys []*usertypes.StorableAPIKeyUser
+	var allAPIKeys []*types.StorableAPIKeyUser
 	for _, user := range orgUserAPIKeys.Users {
 		if user.APIKeys != nil {
 			allAPIKeys = append(allAPIKeys, user.APIKeys...)
@@ -520,7 +520,7 @@ func (store *store) ListAPIKeys(ctx context.Context, orgID valuer.UUID) ([]*user
 func (store *store) RevokeAPIKey(ctx context.Context, id, revokedByUserID valuer.UUID) error {
 	updatedAt := time.Now().Unix()
 	_, err := store.sqlstore.BunDB().NewUpdate().
-		Model(&usertypes.StorableAPIKey{}).
+		Model(&types.StorableAPIKey{}).
 		Set("revoked = ?", true).
 		Set("updated_by = ?", revokedByUserID).
 		Set("updated_at = ?", updatedAt).
@@ -532,8 +532,8 @@ func (store *store) RevokeAPIKey(ctx context.Context, id, revokedByUserID valuer
 	return nil
 }

-func (store *store) GetAPIKey(ctx context.Context, orgID, id valuer.UUID) (*usertypes.StorableAPIKeyUser, error) {
-	apiKey := new(usertypes.OrgUserAPIKey)
+func (store *store) GetAPIKey(ctx context.Context, orgID, id valuer.UUID) (*types.StorableAPIKeyUser, error) {
+	apiKey := new(types.OrgUserAPIKey)
 	if err := store.sqlstore.BunDB().NewSelect().
 		Model(apiKey).
 		Relation("Users").
@@ -545,25 +545,25 @@ func (store *store) GetAPIKey(ctx context.Context, orgID, id valuer.UUID) (*user
 		Relation("Users.APIKeys.CreatedByUser").
 		Relation("Users.APIKeys.UpdatedByUser").
 		Scan(ctx); err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, usertypes.ErrAPIKeyNotFound, "API key with id: %s does not exist", id)
+		return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrAPIKeyNotFound, "API key with id: %s does not exist", id)
 	}

 	// flatten the API keys
-	flattenedAPIKeys := []*usertypes.StorableAPIKeyUser{}
+	flattenedAPIKeys := []*types.StorableAPIKeyUser{}
 	for _, user := range apiKey.Users {
 		if user.APIKeys != nil {
 			flattenedAPIKeys = append(flattenedAPIKeys, user.APIKeys...)
 		}
 	}
 	if len(flattenedAPIKeys) == 0 {
-		return nil, store.sqlstore.WrapNotFoundErrf(errors.New(errors.TypeNotFound, errors.CodeNotFound, "API key with id: %s does not exist"), usertypes.ErrAPIKeyNotFound, "API key with id: %s does not exist", id)
+		return nil, store.sqlstore.WrapNotFoundErrf(errors.New(errors.TypeNotFound, errors.CodeNotFound, "API key with id: %s does not exist"), types.ErrAPIKeyNotFound, "API key with id: %s does not exist", id)
 	}

 	return flattenedAPIKeys[0], nil
 }

 func (store *store) CountByOrgID(ctx context.Context, orgID valuer.UUID) (int64, error) {
-	user := new(usertypes.User)
+	user := new(types.User)

 	count, err := store.
 		sqlstore.
@@ -580,7 +580,7 @@ func (store *store) CountByOrgID(ctx context.Context, orgID valuer.UUID) (int64,
 }

 func (store *store) CountByOrgIDAndStatuses(ctx context.Context, orgID valuer.UUID, statuses []string) (map[valuer.String]int64, error) {
-	user := new(usertypes.User)
+	user := new(types.User)
 	var results []struct {
 		Status valuer.String `bun:"status"`
 		Count  int64         `bun:"count"`
@@ -610,7 +610,7 @@ func (store *store) CountByOrgIDAndStatuses(ctx context.Context, orgID valuer.UU
 }

 func (store *store) CountAPIKeyByOrgID(ctx context.Context, orgID valuer.UUID) (int64, error) {
-	apiKey := new(usertypes.StorableAPIKey)
+	apiKey := new(types.StorableAPIKey)

 	count, err := store.
 		sqlstore.
@@ -633,8 +633,8 @@ func (store *store) RunInTx(ctx context.Context, cb func(ctx context.Context) er
 	})
 }

-func (store *store) GetRootUserByOrgID(ctx context.Context, orgID valuer.UUID) (*usertypes.User, error) {
-	user := new(usertypes.User)
+func (store *store) GetRootUserByOrgID(ctx context.Context, orgID valuer.UUID) (*types.User, error) {
+	user := new(types.User)
 	err := store.
 		sqlstore.
 		BunDBCtx(ctx).
@@ -644,13 +644,13 @@ func (store *store) GetRootUserByOrgID(ctx context.Context, orgID valuer.UUID) (
 		Where("is_root = ?", true).
 		Scan(ctx)
 	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, usertypes.ErrCodeUserNotFound, "root user for org %s not found", orgID)
+		return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrCodeUserNotFound, "root user for org %s not found", orgID)
 	}
 	return user, nil
 }

-func (store *store) ListUsersByEmailAndOrgIDs(ctx context.Context, email valuer.Email, orgIDs []valuer.UUID) ([]*usertypes.User, error) {
-	users := []*usertypes.User{}
+func (store *store) ListUsersByEmailAndOrgIDs(ctx context.Context, email valuer.Email, orgIDs []valuer.UUID) ([]*types.User, error) {
+	users := []*types.User{}
 	err := store.
 		sqlstore.
 		BunDB().
@@ -666,8 +666,8 @@ func (store *store) ListUsersByEmailAndOrgIDs(ctx context.Context, email valuer.
 	return users, nil
 }

-func (store *store) GetUserByResetPasswordToken(ctx context.Context, token string) (*usertypes.User, error) {
-	user := new(usertypes.User)
+func (store *store) GetUserByResetPasswordToken(ctx context.Context, token string) (*types.User, error) {
+	user := new(types.User)

 	err := store.
 		sqlstore.
@@ -679,14 +679,14 @@ func (store *store) GetUserByResetPasswordToken(ctx context.Context, token strin
 		Where("reset_password_token.token = ?", token).
 		Scan(ctx)
 	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, usertypes.ErrCodeUserNotFound, "user not found for reset password token")
+		return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrCodeUserNotFound, "user not found for reset password token")
 	}

 	return user, nil
 }

-func (store *store) GetUsersByEmailsOrgIDAndStatuses(ctx context.Context, orgID valuer.UUID, emails []string, statuses []string) ([]*usertypes.User, error) {
-	users := []*usertypes.User{}
+func (store *store) GetUsersByEmailsOrgIDAndStatuses(ctx context.Context, orgID valuer.UUID, emails []string, statuses []string) ([]*types.User, error) {
+	users := []*types.User{}

 	err := store.
 		sqlstore.
@@ -703,34 +703,3 @@ func (store *store) GetUsersByEmailsOrgIDAndStatuses(ctx context.Context, orgID

 	return users, nil
 }
-
-func (store *store) GetActiveUserAndFactorPasswordByEmailAndOrgID(ctx context.Context, email string, orgID valuer.UUID) (*usertypes.User, *usertypes.FactorPassword, error) {
-	user := new(usertypes.User)
-	factorPassword := new(usertypes.FactorPassword)
-
-	err := store.
-		sqlstore.
-		BunDBCtx(ctx).
-		NewSelect().
-		Model(user).
-		Where("email = ?", email).
-		Where("org_id = ?", orgID).
-		Where("status = ?", usertypes.UserStatusActive.StringValue()).
-		Scan(ctx)
-	if err != nil {
-		return nil, nil, store.sqlstore.WrapNotFoundErrf(err, usertypes.ErrCodeUserNotFound, "user with email %s in org %s not found", email, orgID)
-	}
-
-	err = store.
-		sqlstore.
-		BunDBCtx(ctx).
-		NewSelect().
-		Model(factorPassword).
-		Where("user_id = ?", user.ID).
-		Scan(ctx)
-	if err != nil {
-		return nil, nil, store.sqlstore.WrapNotFoundErrf(err, usertypes.ErrCodePasswordNotFound, "user with email %s in org %s does not have password", email, orgID)
-	}
-
-	return user, factorPassword, nil
-}
--- a/pkg/modules/user/option.go
+++ b/pkg/modules/user/option.go
@@ -1,17 +1,17 @@
 package user

 import (
-	"github.com/SigNoz/signoz/pkg/types/usertypes"
+	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/valuer"
 )

 type createUserOptions struct {
-	FactorPassword *usertypes.FactorPassword
+	FactorPassword *types.FactorPassword
 }

 type CreateUserOption func(*createUserOptions)

-func WithFactorPassword(factorPassword *usertypes.FactorPassword) CreateUserOption {
+func WithFactorPassword(factorPassword *types.FactorPassword) CreateUserOption {
 	return func(o *createUserOptions) {
 		o.FactorPassword = factorPassword
 	}
--- a/pkg/modules/user/user.go
+++ b/pkg/modules/user/user.go
@@ -6,23 +6,22 @@ import (

 	"github.com/SigNoz/signoz/pkg/statsreporter"
 	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/usertypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 )

 type Module interface {
 	// Creates the organization and the first user of that organization.
-	CreateFirstUser(ctx context.Context, organization *types.Organization, name string, email valuer.Email, password string) (*usertypes.User, error)
+	CreateFirstUser(ctx context.Context, organization *types.Organization, name string, email valuer.Email, password string) (*types.User, error)

 	// Creates a user and sends an analytics event.
-	CreateUser(ctx context.Context, user *usertypes.User, opts ...CreateUserOption) error
+	CreateUser(ctx context.Context, user *types.User, opts ...CreateUserOption) error

 	// Get or create a user. If a user with the same email and orgID already exists, it returns the existing user.
-	GetOrCreateUser(ctx context.Context, user *usertypes.User, opts ...CreateUserOption) (*usertypes.User, error)
+	GetOrCreateUser(ctx context.Context, user *types.User, opts ...CreateUserOption) (*types.User, error)

 	// Get or Create a reset password token for a user. If the password does not exist, a new one is randomly generated and inserted. The function
 	// is idempotent and can be called multiple times.
-	GetOrCreateResetPasswordToken(ctx context.Context, userID valuer.UUID) (*usertypes.ResetPasswordToken, error)
+	GetOrCreateResetPasswordToken(ctx context.Context, userID valuer.UUID) (*types.ResetPasswordToken, error)

 	// Updates password of a user using a reset password token. It also deletes all reset password tokens for the user.
 	// This is used to reset the password of a user when they forget their password.
@@ -34,48 +33,48 @@ type Module interface {
 	// Initiate forgot password flow for a user
 	ForgotPassword(ctx context.Context, orgID valuer.UUID, email valuer.Email, frontendBaseURL string) error

-	UpdateUser(ctx context.Context, orgID valuer.UUID, id string, user *usertypes.User, updatedBy string) (*usertypes.User, error)
+	UpdateUser(ctx context.Context, orgID valuer.UUID, id string, user *types.User, updatedBy string) (*types.User, error)

 	// UpdateAnyUser updates a user and persists the changes to the database along with the analytics and identity deletion.
-	UpdateAnyUser(ctx context.Context, orgID valuer.UUID, user *usertypes.User) error
+	UpdateAnyUser(ctx context.Context, orgID valuer.UUID, user *types.User) error
 	DeleteUser(ctx context.Context, orgID valuer.UUID, id string, deletedBy string) error

 	// invite
-	CreateBulkInvite(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, bulkInvites *usertypes.PostableBulkInviteRequest) ([]*usertypes.Invite, error)
-	ListInvite(ctx context.Context, orgID string) ([]*usertypes.Invite, error)
-	AcceptInvite(ctx context.Context, token string, password string) (*usertypes.User, error)
-	GetInviteByToken(ctx context.Context, token string) (*usertypes.Invite, error)
+	CreateBulkInvite(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, bulkInvites *types.PostableBulkInviteRequest) ([]*types.Invite, error)
+	ListInvite(ctx context.Context, orgID string) ([]*types.Invite, error)
+	AcceptInvite(ctx context.Context, token string, password string) (*types.User, error)
+	GetInviteByToken(ctx context.Context, token string) (*types.Invite, error)

 	// API KEY
-	CreateAPIKey(ctx context.Context, apiKey *usertypes.StorableAPIKey) error
-	UpdateAPIKey(ctx context.Context, id valuer.UUID, apiKey *usertypes.StorableAPIKey, updaterID valuer.UUID) error
-	ListAPIKeys(ctx context.Context, orgID valuer.UUID) ([]*usertypes.StorableAPIKeyUser, error)
+	CreateAPIKey(ctx context.Context, apiKey *types.StorableAPIKey) error
+	UpdateAPIKey(ctx context.Context, id valuer.UUID, apiKey *types.StorableAPIKey, updaterID valuer.UUID) error
+	ListAPIKeys(ctx context.Context, orgID valuer.UUID) ([]*types.StorableAPIKeyUser, error)
 	RevokeAPIKey(ctx context.Context, id, removedByUserID valuer.UUID) error
-	GetAPIKey(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*usertypes.StorableAPIKeyUser, error)
+	GetAPIKey(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*types.StorableAPIKeyUser, error)

-	GetNonDeletedUserByEmailAndOrgID(ctx context.Context, email valuer.Email, orgID valuer.UUID) (*usertypes.User, error)
+	GetNonDeletedUserByEmailAndOrgID(ctx context.Context, email valuer.Email, orgID valuer.UUID) (*types.User, error)

 	statsreporter.StatsCollector
 }

 type Getter interface {
 	// Get root user by org id.
-	GetRootUserByOrgID(context.Context, valuer.UUID) (*usertypes.User, error)
+	GetRootUserByOrgID(context.Context, valuer.UUID) (*types.User, error)

 	// Get gets the users based on the given id
-	ListByOrgID(context.Context, valuer.UUID) ([]*usertypes.User, error)
+	ListByOrgID(context.Context, valuer.UUID) ([]*types.User, error)

 	// Get users by email.
-	GetUsersByEmail(context.Context, valuer.Email) ([]*usertypes.User, error)
+	GetUsersByEmail(context.Context, valuer.Email) ([]*types.User, error)

 	// Get user by orgID and id.
-	GetByOrgIDAndID(context.Context, valuer.UUID, valuer.UUID) (*usertypes.User, error)
+	GetByOrgIDAndID(context.Context, valuer.UUID, valuer.UUID) (*types.User, error)

 	// Get user by id.
-	Get(context.Context, valuer.UUID) (*usertypes.User, error)
+	Get(context.Context, valuer.UUID) (*types.User, error)

 	// List users by email and org ids.
-	ListUsersByEmailAndOrgIDs(context.Context, valuer.Email, []valuer.UUID) ([]*usertypes.User, error)
+	ListUsersByEmailAndOrgIDs(context.Context, valuer.Email, []valuer.UUID) ([]*types.User, error)

 	// Count users by org id.
 	CountByOrgID(context.Context, valuer.UUID) (int64, error)
@@ -84,10 +83,7 @@ type Getter interface {
 	CountByOrgIDAndStatuses(context.Context, valuer.UUID, []string) (map[valuer.String]int64, error)

 	// Get factor password by user id.
-	GetFactorPasswordByUserID(context.Context, valuer.UUID) (*usertypes.FactorPassword, error)
-
-	// Get Active User and FactorPassword by email and org id.
-	GetActiveUserAndFactorPasswordByEmailAndOrgID(ctx context.Context, email string, orgID valuer.UUID) (*usertypes.User, *usertypes.FactorPassword, error)
+	GetFactorPasswordByUserID(context.Context, valuer.UUID) (*types.FactorPassword, error)
 }

 type Handler interface {
--- a/pkg/query-service/app/http_handler.go
+++ b/pkg/query-service/app/http_handler.go
@@ -72,7 +72,6 @@ import (
 	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
 	"github.com/SigNoz/signoz/pkg/types/ruletypes"
 	traceFunnels "github.com/SigNoz/signoz/pkg/types/tracefunneltypes"
-	"github.com/SigNoz/signoz/pkg/types/usertypes"

 	"go.uber.org/zap"

@@ -575,9 +574,6 @@ func (aH *APIHandler) RegisterRoutes(router *mux.Router, am *middleware.AuthZ) {
 		aH.LicensingAPI.Activate(rw, req)
 	})).Methods(http.MethodGet)

-	// Export
-	router.HandleFunc("/api/v1/export_raw_data", am.ViewAccess(aH.Signoz.Handlers.RawDataExport.ExportRawData)).Methods(http.MethodGet)
-
 	router.HandleFunc("/api/v1/span_percentile", am.ViewAccess(aH.Signoz.Handlers.SpanPercentile.GetSpanPercentileDetails)).Methods(http.MethodPost)

 	// Query Filter Analyzer api used to extract metric names and grouping columns from a query
@@ -2034,7 +2030,7 @@ func (aH *APIHandler) registerUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	var req usertypes.PostableRegisterOrgAndAdmin
+	var req types.PostableRegisterOrgAndAdmin
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
 		render.Error(w, err)
 		return
--- a/pkg/signoz/authn.go
+++ b/pkg/signoz/authn.go
@@ -8,12 +8,11 @@ import (
 	"github.com/SigNoz/signoz/pkg/authn/passwordauthn/emailpasswordauthn"
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/licensing"
-	"github.com/SigNoz/signoz/pkg/modules/user"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
 )

-func NewAuthNs(ctx context.Context, providerSettings factory.ProviderSettings, store authtypes.AuthNStore, licensing licensing.Licensing, userGetter user.Getter) (map[authtypes.AuthNProvider]authn.AuthN, error) {
-	emailPasswordAuthN := emailpasswordauthn.New(userGetter)
+func NewAuthNs(ctx context.Context, providerSettings factory.ProviderSettings, store authtypes.AuthNStore, licensing licensing.Licensing) (map[authtypes.AuthNProvider]authn.AuthN, error) {
+	emailPasswordAuthN := emailpasswordauthn.New(store)

 	googleCallbackAuthN, err := googlecallbackauthn.New(ctx, store, providerSettings)
 	if err != nil {
--- a/pkg/signoz/openapi.go
+++ b/pkg/signoz/openapi.go
@@ -22,6 +22,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/modules/preference"
 	"github.com/SigNoz/signoz/pkg/modules/promote"
+	"github.com/SigNoz/signoz/pkg/modules/rawdataexport"
 	"github.com/SigNoz/signoz/pkg/modules/serviceaccount"
 	"github.com/SigNoz/signoz/pkg/modules/session"
 	"github.com/SigNoz/signoz/pkg/modules/user"
@@ -58,6 +59,7 @@ func NewOpenAPI(ctx context.Context, instrumentation instrumentation.Instrumenta
 		struct{ gateway.Handler }{},
 		struct{ fields.Handler }{},
 		struct{ authz.Handler }{},
+		struct{ rawdataexport.Handler }{},
 		struct{ zeus.Handler }{},
 		struct{ querier.Handler }{},
 		struct{ serviceaccount.Handler }{},
--- a/pkg/signoz/provider.go
+++ b/pkg/signoz/provider.go
@@ -256,6 +256,7 @@ func NewAPIServerProviderFactories(orgGetter organization.Getter, authz authz.Au
 			handlers.GatewayHandler,
 			handlers.Fields,
 			handlers.AuthzHandler,
+			handlers.RawDataExport,
 			handlers.ZeusHandler,
 			handlers.QuerierHandler,
 			handlers.ServiceAccountHandler,
--- a/pkg/signoz/signoz.go
+++ b/pkg/signoz/signoz.go
@@ -21,7 +21,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/modules/organization/implorganization"
-	"github.com/SigNoz/signoz/pkg/modules/user"
 	"github.com/SigNoz/signoz/pkg/modules/user/impluser"
 	"github.com/SigNoz/signoz/pkg/prometheus"
 	"github.com/SigNoz/signoz/pkg/querier"
@@ -87,7 +86,7 @@ func New(
 	sqlSchemaProviderFactories func(sqlstore.SQLStore) factory.NamedMap[factory.ProviderFactory[sqlschema.SQLSchema, sqlschema.Config]],
 	sqlstoreProviderFactories factory.NamedMap[factory.ProviderFactory[sqlstore.SQLStore, sqlstore.Config]],
 	telemetrystoreProviderFactories factory.NamedMap[factory.ProviderFactory[telemetrystore.TelemetryStore, telemetrystore.Config]],
-	authNsCallback func(ctx context.Context, providerSettings factory.ProviderSettings, store authtypes.AuthNStore, licensing licensing.Licensing, userGetter user.Getter) (map[authtypes.AuthNProvider]authn.AuthN, error),
+	authNsCallback func(ctx context.Context, providerSettings factory.ProviderSettings, store authtypes.AuthNStore, licensing licensing.Licensing) (map[authtypes.AuthNProvider]authn.AuthN, error),
 	authzCallback func(context.Context, sqlstore.SQLStore, licensing.Licensing, dashboard.Module) factory.ProviderFactory[authz.AuthZ, authz.Config],
 	dashboardModuleCallback func(sqlstore.SQLStore, factory.ProviderSettings, analytics.Analytics, organization.Getter, queryparser.QueryParser, querier.Querier, licensing.Licensing) dashboard.Module,
 	gatewayProviderFactory func(licensing.Licensing) factory.ProviderFactory[gateway.Gateway, gateway.Config],
@@ -350,7 +349,7 @@ func New(

 	// Initialize authns
 	store := sqlauthnstore.NewStore(sqlstore)
-	authNs, err := authNsCallback(ctx, providerSettings, store, licensing, userGetter)
+	authNs, err := authNsCallback(ctx, providerSettings, store, licensing)
 	if err != nil {
 		return nil, err
 	}
--- a/pkg/sqlmigration/037_add_trace_funnels.go
+++ b/pkg/sqlmigration/037_add_trace_funnels.go
@@ -2,11 +2,9 @@ package sqlmigration

 import (
 	"context"
-
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
 	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/usertypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/uptrace/bun"
 	"github.com/uptrace/bun/migrate"
@@ -18,12 +16,12 @@ type funnel struct {
 	types.Identifiable // funnel id
 	types.TimeAuditable
 	types.UserAuditable
-	Name          string          `json:"funnel_name" bun:"name,type:text,notnull"` // funnel name
-	Description   string          `json:"description" bun:"description,type:text"`  // funnel description
-	OrgID         valuer.UUID     `json:"org_id" bun:"org_id,type:varchar,notnull"`
-	Steps         []funnelStep    `json:"steps" bun:"steps,type:text,notnull"`
-	Tags          string          `json:"tags" bun:"tags,type:text"`
-	CreatedByUser *usertypes.User `json:"user" bun:"rel:belongs-to,join:created_by=id"`
+	Name          string       `json:"funnel_name" bun:"name,type:text,notnull"` // funnel name
+	Description   string       `json:"description" bun:"description,type:text"`  // funnel description
+	OrgID         valuer.UUID  `json:"org_id" bun:"org_id,type:varchar,notnull"`
+	Steps         []funnelStep `json:"steps" bun:"steps,type:text,notnull"`
+	Tags          string       `json:"tags" bun:"tags,type:text"`
+	CreatedByUser *types.User  `json:"user" bun:"rel:belongs-to,join:created_by=id"`
 }

 type funnelStep struct {
--- a/pkg/sqlmigration/059_add_managed_roles.go
+++ b/pkg/sqlmigration/059_add_managed_roles.go
@@ -7,7 +7,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/sqlschema"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/roletypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/uptrace/bun"
 	"github.com/uptrace/bun/migrate"
@@ -54,7 +54,7 @@ func (migration *addManagedRoles) Up(ctx context.Context, db *bun.DB) error {
 		return err
 	}

-	managedRoles := []*authtypes.StorableRole{}
+	managedRoles := []*roletypes.StorableRole{}
 	for _, orgIDStr := range orgIDs {
 		orgID, err := valuer.NewUUID(orgIDStr)
 		if err != nil {
@@ -62,20 +62,20 @@ func (migration *addManagedRoles) Up(ctx context.Context, db *bun.DB) error {
 		}

 		// signoz admin
-		signozAdminRole := authtypes.NewRole(authtypes.SigNozAdminRoleName, authtypes.SigNozAdminRoleDescription, authtypes.RoleTypeManaged, orgID)
-		managedRoles = append(managedRoles, authtypes.NewStorableRoleFromRole(signozAdminRole))
+		signozAdminRole := roletypes.NewRole(roletypes.SigNozAdminRoleName, roletypes.SigNozAdminRoleDescription, roletypes.RoleTypeManaged, orgID)
+		managedRoles = append(managedRoles, roletypes.NewStorableRoleFromRole(signozAdminRole))

 		// signoz editor
-		signozEditorRole := authtypes.NewRole(authtypes.SigNozEditorRoleName, authtypes.SigNozEditorRoleDescription, authtypes.RoleTypeManaged, orgID)
-		managedRoles = append(managedRoles, authtypes.NewStorableRoleFromRole(signozEditorRole))
+		signozEditorRole := roletypes.NewRole(roletypes.SigNozEditorRoleName, roletypes.SigNozEditorRoleDescription, roletypes.RoleTypeManaged, orgID)
+		managedRoles = append(managedRoles, roletypes.NewStorableRoleFromRole(signozEditorRole))

 		// signoz viewer
-		signozViewerRole := authtypes.NewRole(authtypes.SigNozViewerRoleName, authtypes.SigNozViewerRoleDescription, authtypes.RoleTypeManaged, orgID)
-		managedRoles = append(managedRoles, authtypes.NewStorableRoleFromRole(signozViewerRole))
+		signozViewerRole := roletypes.NewRole(roletypes.SigNozViewerRoleName, roletypes.SigNozViewerRoleDescription, roletypes.RoleTypeManaged, orgID)
+		managedRoles = append(managedRoles, roletypes.NewStorableRoleFromRole(signozViewerRole))

 		// signoz anonymous
-		signozAnonymousRole := authtypes.NewRole(authtypes.SigNozAnonymousRoleName, authtypes.SigNozAnonymousRoleDescription, authtypes.RoleTypeManaged, orgID)
-		managedRoles = append(managedRoles, authtypes.NewStorableRoleFromRole(signozAnonymousRole))
+		signozAnonymousRole := roletypes.NewRole(roletypes.SigNozAnonymousRoleName, roletypes.SigNozAnonymousRoleDescription, roletypes.RoleTypeManaged, orgID)
+		managedRoles = append(managedRoles, roletypes.NewStorableRoleFromRole(signozAnonymousRole))
 	}

 	if len(managedRoles) > 0 {
--- a/pkg/sqlmigration/063_add_public_dashboard_txn.go
+++ b/pkg/sqlmigration/063_add_public_dashboard_txn.go
@@ -6,7 +6,7 @@ import (

 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/roletypes"
 	"github.com/oklog/ulid/v2"
 	"github.com/uptrace/bun"
 	"github.com/uptrace/bun/dialect"
@@ -83,7 +83,7 @@ func (migration *addAnonymousPublicDashboardTransaction) Up(ctx context.Context,
 			INSERT INTO tuple (store, object_type, object_id, relation, _user, user_type, ulid, inserted_at)
 			VALUES (?, ?, ?, ?, ?, ?, ?, ?)
 			ON CONFLICT (store, object_type, object_id, relation, _user) DO NOTHING`,
-				storeID, "metaresource", "organization/"+orgID+"/public-dashboard/*", "read", "role:organization/"+orgID+"/role/"+authtypes.SigNozAnonymousRoleName+"#assignee", "userset", tupleID, now,
+				storeID, "metaresource", "organization/"+orgID+"/public-dashboard/*", "read", "role:organization/"+orgID+"/role/"+roletypes.SigNozAnonymousRoleName+"#assignee", "userset", tupleID, now,
 			)
 			if err != nil {
 				return err
@@ -102,7 +102,7 @@ func (migration *addAnonymousPublicDashboardTransaction) Up(ctx context.Context,
 			INSERT INTO changelog (store, object_type, object_id, relation, _user, operation, ulid, inserted_at)
 			VALUES (?, ?, ?, ?, ?, ?, ?, ?)
 			ON CONFLICT (store, ulid, object_type) DO NOTHING`,
-				storeID, "metaresource", "organization/"+orgID+"/public-dashboard/*", "read", "role:organization/"+orgID+"/role/"+authtypes.SigNozAnonymousRoleName+"#assignee", "TUPLE_OPERATION_WRITE", tupleID, now,
+				storeID, "metaresource", "organization/"+orgID+"/public-dashboard/*", "read", "role:organization/"+orgID+"/role/"+roletypes.SigNozAnonymousRoleName+"#assignee", "TUPLE_OPERATION_WRITE", tupleID, now,
 			)
 			if err != nil {
 				return err
@@ -113,7 +113,7 @@ func (migration *addAnonymousPublicDashboardTransaction) Up(ctx context.Context,
 			INSERT INTO tuple (store, object_type, object_id, relation, user_object_type, user_object_id, user_relation, user_type, ulid, inserted_at)
 			VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
 			ON CONFLICT (store, object_type, object_id, relation, user_object_type, user_object_id, user_relation) DO NOTHING`,
-				storeID, "metaresource", "organization/"+orgID+"/public-dashboard/*", "read", "role", "organization/"+orgID+"/role/"+authtypes.SigNozAnonymousRoleName, "assignee", "userset", tupleID, now,
+				storeID, "metaresource", "organization/"+orgID+"/public-dashboard/*", "read", "role", "organization/"+orgID+"/role/"+roletypes.SigNozAnonymousRoleName, "assignee", "userset", tupleID, now,
 			)
 			if err != nil {
 				return err
@@ -132,7 +132,7 @@ func (migration *addAnonymousPublicDashboardTransaction) Up(ctx context.Context,
 			INSERT INTO changelog (store, object_type, object_id, relation, user_object_type, user_object_id, user_relation, operation, ulid, inserted_at)
 			VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
 			ON CONFLICT (store, ulid, object_type) DO NOTHING`,
-				storeID, "metaresource", "organization/"+orgID+"/public-dashboard/*", "read", "role", "organization/"+orgID+"/role/"+authtypes.SigNozAnonymousRoleName, "assignee", 0, tupleID, now,
+				storeID, "metaresource", "organization/"+orgID+"/public-dashboard/*", "read", "role", "organization/"+orgID+"/role/"+roletypes.SigNozAnonymousRoleName, "assignee", 0, tupleID, now,
 			)
 			if err != nil {
 				return err
--- a/pkg/statsreporter/analyticsstatsreporter/provider.go
+++ b/pkg/statsreporter/analyticsstatsreporter/provider.go
@@ -13,9 +13,9 @@ import (
 	"github.com/SigNoz/signoz/pkg/statsreporter"
 	"github.com/SigNoz/signoz/pkg/telemetrystore"
 	"github.com/SigNoz/signoz/pkg/tokenizer"
+	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
 	"github.com/SigNoz/signoz/pkg/types/instrumentationtypes"
-	"github.com/SigNoz/signoz/pkg/types/usertypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/SigNoz/signoz/pkg/version"
 	"go.opentelemetry.io/otel/attribute"
@@ -175,7 +175,7 @@ func (provider *provider) Report(ctx context.Context) error {
 		}

 		for _, user := range users {
-			traits := usertypes.NewTraitsFromUser(user)
+			traits := types.NewTraitsFromUser(user)
 			if maxLastObservedAt, ok := maxLastObservedAtPerUserID[user.ID]; ok {
 				traits["auth_token.last_observed_at.max.time"] = maxLastObservedAt.UTC()
 				traits["auth_token.last_observed_at.max.time_unix"] = maxLastObservedAt.Unix()
--- a/pkg/tokenizer/jwttokenizer/claims.go
+++ b/pkg/tokenizer/jwttokenizer/claims.go
@@ -2,7 +2,7 @@ package jwttokenizer

 import (
 	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/golang-jwt/jwt/v5"
 )

@@ -10,10 +10,10 @@ var _ jwt.ClaimsValidator = (*Claims)(nil)

 type Claims struct {
 	jwt.RegisteredClaims
-	UserID string               `json:"id"`
-	Email  string               `json:"email"`
-	Role   authtypes.LegacyRole `json:"role"`
-	OrgID  string               `json:"orgId"`
+	UserID string     `json:"id"`
+	Email  string     `json:"email"`
+	Role   types.Role `json:"role"`
+	OrgID  string     `json:"orgId"`
 }

 func (c *Claims) Validate() error {
--- a/pkg/tokenizer/jwttokenizer/provider_test.go
+++ b/pkg/tokenizer/jwttokenizer/provider_test.go
@@ -14,6 +14,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/sqlstore/sqlstoretest"
 	"github.com/SigNoz/signoz/pkg/tokenizer"
 	"github.com/SigNoz/signoz/pkg/tokenizer/tokenizerstore/sqltokenizerstore"
+	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/stretchr/testify/assert"
@@ -61,7 +62,7 @@ func TestLastObservedAt_Concurrent(t *testing.T) {
 		&authtypes.Identity{
 			UserID: valuer.GenerateUUID(),
 			OrgID:  orgID,
-			Role:   authtypes.RoleAdmin,
+			Role:   types.RoleAdmin,
 			Email:  valuer.MustNewEmail("test@test.com"),
 		},
 		map[string]string{},
@@ -73,7 +74,7 @@ func TestLastObservedAt_Concurrent(t *testing.T) {
 		&authtypes.Identity{
 			UserID: valuer.GenerateUUID(),
 			OrgID:  orgID,
-			Role:   authtypes.RoleAdmin,
+			Role:   types.RoleAdmin,
 			Email:  valuer.MustNewEmail("test@test.com"),
 		},
 		map[string]string{},
--- a/pkg/tokenizer/tokenizerstore/sqltokenizerstore/store.go
+++ b/pkg/tokenizer/tokenizerstore/sqltokenizerstore/store.go
@@ -4,8 +4,8 @@ import (
 	"context"

 	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/usertypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/uptrace/bun"
 	"github.com/uptrace/bun/dialect"
@@ -34,7 +34,7 @@ func (store *store) Create(ctx context.Context, token *authtypes.StorableToken)
 }

 func (store *store) GetIdentityByUserID(ctx context.Context, userID valuer.UUID) (*authtypes.Identity, error) {
-	user := new(usertypes.User)
+	user := new(types.User)

 	err := store.
 		sqlstore.
@@ -44,10 +44,10 @@ func (store *store) GetIdentityByUserID(ctx context.Context, userID valuer.UUID)
 		Where("id = ?", userID).
 		Scan(ctx)
 	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, usertypes.ErrCodeUserNotFound, "user with id: %s does not exist", userID)
+		return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrCodeUserNotFound, "user with id: %s does not exist", userID)
 	}

-	return authtypes.NewIdentity(userID, user.OrgID, user.Email, authtypes.LegacyRole(user.Role)), nil
+	return authtypes.NewIdentity(userID, user.OrgID, user.Email, types.Role(user.Role)), nil
 }

 func (store *store) GetByAccessToken(ctx context.Context, accessToken string) (*authtypes.StorableToken, error) {
--- a/pkg/types/authtypes/authn.go
+++ b/pkg/types/authtypes/authn.go
@@ -7,6 +7,7 @@ import (
 	"strings"

 	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/valuer"
 )

@@ -27,7 +28,7 @@ type Identity struct {
 	UserID valuer.UUID  `json:"userId"`
 	OrgID  valuer.UUID  `json:"orgId"`
 	Email  valuer.Email `json:"email"`
-	Role   LegacyRole   `json:"role"`
+	Role   types.Role   `json:"role"`
 }

 type CallbackIdentity struct {
@@ -77,7 +78,7 @@ func NewStateFromString(state string) (State, error) {
 	}, nil
 }

-func NewIdentity(userID valuer.UUID, orgID valuer.UUID, email valuer.Email, role LegacyRole) *Identity {
+func NewIdentity(userID valuer.UUID, orgID valuer.UUID, email valuer.Email, role types.Role) *Identity {
 	return &Identity{
 		UserID: userID,
 		OrgID:  orgID,
@@ -123,6 +124,9 @@ func (typ *Identity) ToClaims() Claims {
 }

 type AuthNStore interface {
+	// Get user and factor password by email and orgID.
+	GetActiveUserAndFactorPasswordByEmailAndOrgID(ctx context.Context, email string, orgID valuer.UUID) (*types.User, *types.FactorPassword, error)
+
 	// Get org domain from id.
 	GetAuthDomainFromID(ctx context.Context, domainID valuer.UUID) (*AuthDomain, error)
 }
--- a/pkg/types/authtypes/claims.go
+++ b/pkg/types/authtypes/claims.go
@@ -6,6 +6,7 @@ import (
 	"slices"

 	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/types"
 )

 type claimsKey struct{}
@@ -14,7 +15,7 @@ type accessTokenKey struct{}
 type Claims struct {
 	UserID string
 	Email  string
-	Role   LegacyRole
+	Role   types.Role
 	OrgID  string
 }

@@ -56,7 +57,7 @@ func (c *Claims) LogValue() slog.Value {
 }

 func (c *Claims) IsViewer() error {
-	if slices.Contains([]LegacyRole{RoleViewer, RoleEditor, RoleAdmin}, c.Role) {
+	if slices.Contains([]types.Role{types.RoleViewer, types.RoleEditor, types.RoleAdmin}, c.Role) {
 		return nil
 	}

@@ -64,7 +65,7 @@ func (c *Claims) IsViewer() error {
 }

 func (c *Claims) IsEditor() error {
-	if slices.Contains([]LegacyRole{RoleEditor, RoleAdmin}, c.Role) {
+	if slices.Contains([]types.Role{types.RoleEditor, types.RoleAdmin}, c.Role) {
 		return nil
 	}

@@ -72,7 +73,7 @@ func (c *Claims) IsEditor() error {
 }

 func (c *Claims) IsAdmin() error {
-	if c.Role == RoleAdmin {
+	if c.Role == types.RoleAdmin {
 		return nil
 	}

@@ -84,7 +85,7 @@ func (c *Claims) IsSelfAccess(id string) error {
 		return nil
 	}

-	if c.Role == RoleAdmin {
+	if c.Role == types.RoleAdmin {
 		return nil
 	}

--- a/pkg/types/authtypes/mapping.go
+++ b/pkg/types/authtypes/mapping.go
@@ -5,6 +5,7 @@ import (
 	"strings"

 	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/types"
 )

 type AttributeMapping struct {
@@ -67,13 +68,13 @@ func (typ *RoleMapping) UnmarshalJSON(data []byte) error {
 	}

 	if temp.DefaultRole != "" {
-		if _, err := NewLegacyRole(strings.ToUpper(temp.DefaultRole)); err != nil {
+		if _, err := types.NewRole(strings.ToUpper(temp.DefaultRole)); err != nil {
 			return errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "invalid default role %s", temp.DefaultRole)
 		}
 	}

 	for group, role := range temp.GroupMappings {
-		if _, err := NewLegacyRole(strings.ToUpper(role)); err != nil {
+		if _, err := types.NewRole(strings.ToUpper(role)); err != nil {
 			return errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "invalid role %s for group %s", role, group)
 		}
 	}
@@ -82,25 +83,25 @@ func (typ *RoleMapping) UnmarshalJSON(data []byte) error {
 	return nil
 }

-func (roleMapping *RoleMapping) NewRoleFromCallbackIdentity(callbackIdentity *CallbackIdentity) LegacyRole {
+func (roleMapping *RoleMapping) NewRoleFromCallbackIdentity(callbackIdentity *CallbackIdentity) types.Role {
 	if roleMapping == nil {
-		return RoleViewer
+		return types.RoleViewer
 	}

 	if roleMapping.UseRoleAttribute && callbackIdentity.Role != "" {
-		if role, err := NewLegacyRole(strings.ToUpper(callbackIdentity.Role)); err == nil {
+		if role, err := types.NewRole(strings.ToUpper(callbackIdentity.Role)); err == nil {
 			return role
 		}
 	}

 	if len(roleMapping.GroupMappings) > 0 && len(callbackIdentity.Groups) > 0 {
-		highestRole := RoleViewer
+		highestRole := types.RoleViewer
 		found := false

 		for _, group := range callbackIdentity.Groups {
 			if mappedRole, exists := roleMapping.GroupMappings[group]; exists {
 				found = true
-				if role, err := NewLegacyRole(strings.ToUpper(mappedRole)); err == nil {
+				if role, err := types.NewRole(strings.ToUpper(mappedRole)); err == nil {
 					if compareRoles(role, highestRole) > 0 {
 						highestRole = role
 					}
@@ -114,19 +115,19 @@ func (roleMapping *RoleMapping) NewRoleFromCallbackIdentity(callbackIdentity *Ca
 	}

 	if roleMapping.DefaultRole != "" {
-		if role, err := NewLegacyRole(strings.ToUpper(roleMapping.DefaultRole)); err == nil {
+		if role, err := types.NewRole(strings.ToUpper(roleMapping.DefaultRole)); err == nil {
 			return role
 		}
 	}

-	return RoleViewer
+	return types.RoleViewer
 }

-func compareRoles(a, b LegacyRole) int {
-	order := map[LegacyRole]int{
-		RoleViewer: 0,
-		RoleEditor: 1,
-		RoleAdmin:  2,
+func compareRoles(a, b types.Role) int {
+	order := map[types.Role]int{
+		types.RoleViewer: 0,
+		types.RoleEditor: 1,
+		types.RoleAdmin:  2,
 	}
 	return order[a] - order[b]
 }
--- a/pkg/types/dashboardtypes/dashboard.go
+++ b/pkg/types/dashboardtypes/dashboard.go
@@ -284,14 +284,14 @@ func (dashboard *Dashboard) Update(ctx context.Context, updatableDashboard Updat
 	return nil
 }

-func (dashboard *Dashboard) CanLockUnlock(role authtypes.LegacyRole, updatedBy string) error {
-	if dashboard.CreatedBy != updatedBy && role != authtypes.RoleAdmin {
+func (dashboard *Dashboard) CanLockUnlock(role types.Role, updatedBy string) error {
+	if dashboard.CreatedBy != updatedBy && role != types.RoleAdmin {
 		return errors.Newf(errors.TypeForbidden, errors.CodeForbidden, "you are not authorized to lock/unlock this dashboard")
 	}
 	return nil
 }

-func (dashboard *Dashboard) LockUnlock(lock bool, role authtypes.LegacyRole, updatedBy string) error {
+func (dashboard *Dashboard) LockUnlock(lock bool, role types.Role, updatedBy string) error {
 	err := dashboard.CanLockUnlock(role, updatedBy)
 	if err != nil {
 		return err
--- a/pkg/types/exporttypes/rawdataexport.go
+++ b/pkg/types/exporttypes/rawdataexport.go
@@ -0,0 +1,135 @@
+package exporttypes
+
+import (
+	"strings"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
+	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+// ExportRawDataQueryParams represents the query parameters for the export raw data endpoint
+type ExportRawDataQueryParams struct {
+	ExportRawDataFormatQueryParam
+
+	// Signal specifies the type of data to export: "logs" or "traces"
+	Signal telemetrytypes.Signal `query:"signal" enum:"logs,traces" required:"true" description:"The type of data to export."`
+
+	// Source specifies the type of data to export: "logs" or "traces"
+	// Deprecated: Use Signal instead.
+	Source string `query:"source" deprecated:"true" description:"Deprecated: use signal instead."`
+
+	// Start is the start time for the query (Unix timestamp in nanoseconds)
+	Start uint64 `query:"start" description:"The start time for the query in unix timestamp nanoseconds."`
+
+	// End is the end time for the query (Unix timestamp in nanoseconds)
+	End uint64 `query:"end" description:"The end time for the query in unix timestamp nanoseconds."`
+
+	// Limit specifies the maximum number of rows to export
+	Limit int `query:"limit,default=10000" default:"10000" minimum:"1" maximum:"50000" description:"The maximum number of rows to export."`
+
+	// Filter is a filter expression to apply to the query
+	// Deprecated: Use FilterExpression instead.
+	FilterString string         `query:"filter"  deprecated:"true" description:"Deprecated: use filterExpression instead."`
+	Filter       qbtypes.Filter `query:"filterExpression" description:"The filter expression to apply to the query."`
+
+	// Columns specifies the columns to include in the export
+	// Format: ["context.field:type", "context.field", "field"]
+	// Deprecated: Use SelectFields instead.
+	Columns []string `query:"columns" deprecated:"true" description:"Deprecated: use selectFields instead."`
+
+	// SelectFields specifies the columns to include in the export
+	SelectFields []telemetrytypes.TelemetryFieldKey `query:"selectFields" description:"The columns to include in the export."`
+
+	// OrderBy specifies the sorting order
+	// Format: "column:direction" or "context.field:type:direction"
+	// Direction can be "asc" or "desc"
+	// Deprecated: Use Order instead.
+	OrderBy string `query:"order_by" deprecated:"true" description:"Deprecated: use order instead."`
+
+	// Order specifies the sorting order with keys and directions
+	Order []qbtypes.OrderBy `query:"order" description:"The sorting order with keys and directions."`
+}
+
+type ExportRawDataFormatQueryParam struct {
+	// Format specifies the output format: "csv" or "jsonl"
+	Format string `query:"format,default=csv" default:"csv" enum:"csv,jsonl" description:"The output format for the export."`
+}
+
+func (p *ExportRawDataQueryParams) Normalize() error {
+	if len(p.Order) == 0 && len(p.OrderBy) > 0 {
+		order, err := parseExportQueryOrderBy(p.OrderBy)
+		if err != nil {
+			return err
+		}
+		p.Order = order
+	}
+
+	if len(p.SelectFields) == 0 && len(p.Columns) != 0 {
+		p.SelectFields = parseExportQueryColumns(p.Columns)
+
+	}
+
+	if len(p.Filter.Expression) == 0 && len(p.FilterString) > 0 {
+		p.Filter = qbtypes.Filter{Expression: p.FilterString}
+	}
+
+	if p.Signal == telemetrytypes.SignalUnspecified && p.Source != "" {
+		p.Signal = telemetrytypes.Signal{String: valuer.NewString(p.Source)}
+	}
+
+	return nil
+}
+
+func (p *ExportRawDataQueryParams) Validate() error {
+
+	if p.Signal != telemetrytypes.SignalLogs && p.Signal != telemetrytypes.SignalTraces {
+		return errors.NewInvalidInputf(errors.CodeInvalidInput, "invalid signal %s", p.Signal).WithAdditional("Allowed values: [logs, traces]")
+	}
+
+	return nil
+}
+
+// parseExportQueryColumns converts bound column strings to TelemetryFieldKey structs.
+// Each column should be in the format "context.field:type" or "context.field" or "field"
+func parseExportQueryColumns(columnParams []string) []telemetrytypes.TelemetryFieldKey {
+	columns := make([]telemetrytypes.TelemetryFieldKey, 0, len(columnParams))
+	for _, columnStr := range columnParams {
+		columnStr = strings.TrimSpace(columnStr)
+		if columnStr == "" {
+			continue
+		}
+		columns = append(columns, telemetrytypes.GetFieldKeyFromKeyText(columnStr))
+	}
+	return columns
+}
+
+// parseExportQueryOrderBy converts a bound order_by string to an OrderBy slice.
+// The string should be in the format "column:direction" and additonal validation is handled by the downstream.
+func parseExportQueryOrderBy(orderByParam string) ([]qbtypes.OrderBy, error) {
+	orderByParam = strings.TrimSpace(orderByParam)
+	if orderByParam == "" {
+		return []qbtypes.OrderBy{}, nil
+	}
+
+	parts := strings.Split(orderByParam, ":")
+	if len(parts) < 2 {
+		return []qbtypes.OrderBy{}, errors.NewInvalidInputf(errors.CodeInvalidInput, "invalid %s order by, should be of format <column>:<direction", orderByParam)
+	}
+	column := strings.Join(parts[:len(parts)-1], ":")
+	direction := parts[len(parts)-1]
+
+	if _, ok := qbtypes.OrderDirectionMap[direction]; !ok {
+		return []qbtypes.OrderBy{}, errors.NewInvalidInputf(errors.CodeInvalidInput, "invalid %s direction, should be of either asc or desc", direction)
+	}
+
+	return []qbtypes.OrderBy{
+		{
+			Key: qbtypes.OrderByKey{
+				TelemetryFieldKey: telemetrytypes.GetFieldKeyFromKeyText(column),
+			},
+			Direction: qbtypes.OrderDirectionMap[direction],
+		},
+	}, nil
+}
--- a/pkg/types/exporttypes/rawdataexport_test.go
+++ b/pkg/types/exporttypes/rawdataexport_test.go
@@ -0,0 +1,484 @@
+package exporttypes
+
+import (
+	"testing"
+
+	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
+	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestNormalize(t *testing.T) {
+	tests := []struct {
+		name     string
+		input    ExportRawDataQueryParams
+		expected ExportRawDataQueryParams
+		wantErr  bool
+	}{
+		{
+			name: "order_by migrated to order",
+			input: ExportRawDataQueryParams{
+				OrderBy: "timestamp:asc",
+			},
+			expected: ExportRawDataQueryParams{
+				OrderBy: "timestamp:asc",
+				Order: []qbtypes.OrderBy{
+					{
+						Direction: qbtypes.OrderDirectionAsc,
+						Key: qbtypes.OrderByKey{
+							TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{Name: "timestamp"},
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "order_by with attribute context and string type",
+			input: ExportRawDataQueryParams{
+				OrderBy: "attribute.user.id:string:desc",
+			},
+			expected: ExportRawDataQueryParams{
+				OrderBy: "attribute.user.id:string:desc",
+				Order: []qbtypes.OrderBy{
+					{
+						Direction: qbtypes.OrderDirectionDesc,
+						Key: qbtypes.OrderByKey{
+							TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+								Name:          "user.id",
+								FieldContext:  telemetrytypes.FieldContextAttribute,
+								FieldDataType: telemetrytypes.FieldDataTypeString,
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "order_by with resource context and string type",
+			input: ExportRawDataQueryParams{
+				OrderBy: "resource.service.name:string:asc",
+			},
+			expected: ExportRawDataQueryParams{
+				OrderBy: "resource.service.name:string:asc",
+				Order: []qbtypes.OrderBy{
+					{
+						Direction: qbtypes.OrderDirectionAsc,
+						Key: qbtypes.OrderByKey{
+							TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+								Name:          "service.name",
+								FieldContext:  telemetrytypes.FieldContextResource,
+								FieldDataType: telemetrytypes.FieldDataTypeString,
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "order_by with invalid direction returns error",
+			input: ExportRawDataQueryParams{
+				OrderBy: "attribute.user.id:string:sideways",
+			},
+			wantErr: true,
+		},
+		{
+			name: "order_by is ignored when order is already set",
+			input: ExportRawDataQueryParams{
+				OrderBy: "timestamp:asc",
+				Order: []qbtypes.OrderBy{
+					{
+						Direction: qbtypes.OrderDirectionDesc,
+						Key: qbtypes.OrderByKey{
+							TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{Name: "body"},
+						},
+					},
+				},
+			},
+			expected: ExportRawDataQueryParams{
+				OrderBy: "timestamp:asc",
+				Order: []qbtypes.OrderBy{
+					{
+						Direction: qbtypes.OrderDirectionDesc,
+						Key: qbtypes.OrderByKey{
+							TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{Name: "body"},
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "invalid order_by returns error",
+			input: ExportRawDataQueryParams{
+				OrderBy: "timestamp",
+			},
+			wantErr: true,
+		},
+		{
+			name: "columns migrated to select_fields",
+			input: ExportRawDataQueryParams{
+				Columns: []string{"timestamp", "body"},
+			},
+			expected: ExportRawDataQueryParams{
+				Columns: []string{"timestamp", "body"},
+				SelectFields: []telemetrytypes.TelemetryFieldKey{
+					{Name: "timestamp"},
+					{Name: "body"},
+				},
+			},
+		},
+		{
+			name: "columns with attribute context and type migrated to select_fields",
+			input: ExportRawDataQueryParams{
+				Columns: []string{"attribute.user.id:string", "resource.service.name:string", "attribute.http.status_code:int64"},
+			},
+			expected: ExportRawDataQueryParams{
+				Columns: []string{"attribute.user.id:string", "resource.service.name:string", "attribute.http.status_code:int64"},
+				SelectFields: []telemetrytypes.TelemetryFieldKey{
+					{Name: "user.id", FieldContext: telemetrytypes.FieldContextAttribute, FieldDataType: telemetrytypes.FieldDataTypeString},
+					{Name: "service.name", FieldContext: telemetrytypes.FieldContextResource, FieldDataType: telemetrytypes.FieldDataTypeString},
+					{Name: "http.status_code", FieldContext: telemetrytypes.FieldContextAttribute, FieldDataType: telemetrytypes.FieldDataTypeNumber},
+				},
+			},
+		},
+		{
+			name: "columns with context but no type migrated to select_fields",
+			input: ExportRawDataQueryParams{
+				Columns: []string{"attribute.user.name", "resource.k8s.pod.name"},
+			},
+			expected: ExportRawDataQueryParams{
+				Columns: []string{"attribute.user.name", "resource.k8s.pod.name"},
+				SelectFields: []telemetrytypes.TelemetryFieldKey{
+					{Name: "user.name", FieldContext: telemetrytypes.FieldContextAttribute},
+					{Name: "k8s.pod.name", FieldContext: telemetrytypes.FieldContextResource},
+				},
+			},
+		},
+		{
+			name: "columns is ignored when select_fields is already set",
+			input: ExportRawDataQueryParams{
+				Columns:      []string{"timestamp"},
+				SelectFields: []telemetrytypes.TelemetryFieldKey{{Name: "body"}},
+			},
+			expected: ExportRawDataQueryParams{
+				Columns:      []string{"timestamp"},
+				SelectFields: []telemetrytypes.TelemetryFieldKey{{Name: "body"}},
+			},
+		},
+		{
+			name: "filter string migrated to filter",
+			input: ExportRawDataQueryParams{
+				FilterString: "severity = ERROR",
+			},
+			expected: ExportRawDataQueryParams{
+				FilterString: "severity = ERROR",
+				Filter:       qbtypes.Filter{Expression: "severity = ERROR"},
+			},
+		},
+		{
+			name: "filter string is ignored when filter expression is already set",
+			input: ExportRawDataQueryParams{
+				FilterString: "severity = ERROR",
+				Filter:       qbtypes.Filter{Expression: "level = warn"},
+			},
+			expected: ExportRawDataQueryParams{
+				FilterString: "severity = ERROR",
+				Filter:       qbtypes.Filter{Expression: "level = warn"},
+			},
+		},
+		{
+			name: "source migrated to signal",
+			input: ExportRawDataQueryParams{
+				Source: "logs",
+			},
+			expected: ExportRawDataQueryParams{
+				Source: "logs",
+				Signal: telemetrytypes.Signal{String: valuer.NewString("logs")},
+			},
+		},
+		{
+			name: "source is ignored when signal is already set",
+			input: ExportRawDataQueryParams{
+				Source: "logs",
+				Signal: telemetrytypes.SignalTraces,
+			},
+			expected: ExportRawDataQueryParams{
+				Source: "logs",
+				Signal: telemetrytypes.SignalTraces,
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			p := tt.input
+			err := p.Normalize()
+			if tt.wantErr {
+				require.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+			assert.Equal(t, tt.expected, p)
+		})
+	}
+}
+
+func TestValidate(t *testing.T) {
+	tests := []struct {
+		name    string
+		input   ExportRawDataQueryParams
+		wantErr bool
+	}{
+		{
+			name:    "valid signal logs",
+			input:   ExportRawDataQueryParams{Signal: telemetrytypes.SignalLogs},
+			wantErr: false,
+		},
+		{
+			name:    "valid signal traces",
+			input:   ExportRawDataQueryParams{Signal: telemetrytypes.SignalTraces},
+			wantErr: false,
+		},
+		{
+			name:    "unspecified signal is invalid",
+			input:   ExportRawDataQueryParams{Signal: telemetrytypes.SignalUnspecified},
+			wantErr: true,
+		},
+		{
+			name:    "unknown signal is invalid",
+			input:   ExportRawDataQueryParams{Signal: telemetrytypes.Signal{String: valuer.NewString("metrics")}},
+			wantErr: true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			err := tt.input.Validate()
+			if tt.wantErr {
+				require.Error(t, err)
+			} else {
+				require.NoError(t, err)
+			}
+		})
+	}
+}
+
+func TestParseExportQueryColumns(t *testing.T) {
+	tests := []struct {
+		name            string
+		input           []string
+		expectedColumns []telemetrytypes.TelemetryFieldKey
+	}{
+		{
+			name:            "empty input",
+			input:           []string{},
+			expectedColumns: []telemetrytypes.TelemetryFieldKey{},
+		},
+		{
+			name:  "single column",
+			input: []string{"timestamp"},
+			expectedColumns: []telemetrytypes.TelemetryFieldKey{
+				{Name: "timestamp"},
+			},
+		},
+		{
+			name:  "multiple columns",
+			input: []string{"timestamp", "message", "level"},
+			expectedColumns: []telemetrytypes.TelemetryFieldKey{
+				{Name: "timestamp"},
+				{Name: "message"},
+				{Name: "level"},
+			},
+		},
+		{
+			name:  "empty entry is skipped",
+			input: []string{"timestamp", "", "level"},
+			expectedColumns: []telemetrytypes.TelemetryFieldKey{
+				{Name: "timestamp"},
+				{Name: "level"},
+			},
+		},
+		{
+			name:  "whitespace-only entry is skipped",
+			input: []string{"timestamp", "   ", "level"},
+			expectedColumns: []telemetrytypes.TelemetryFieldKey{
+				{Name: "timestamp"},
+				{Name: "level"},
+			},
+		},
+		{
+			name:  "column with context and type",
+			input: []string{"attribute.user:string"},
+			expectedColumns: []telemetrytypes.TelemetryFieldKey{
+				{Name: "user", FieldContext: telemetrytypes.FieldContextAttribute, FieldDataType: telemetrytypes.FieldDataTypeString},
+			},
+		},
+		{
+			name:  "column with context, dot-notation name",
+			input: []string{"attribute.user.string"},
+			expectedColumns: []telemetrytypes.TelemetryFieldKey{
+				{Name: "user.string", FieldContext: telemetrytypes.FieldContextAttribute},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			columns := parseExportQueryColumns(tt.input)
+			assert.Equal(t, len(tt.expectedColumns), len(columns))
+			for i, expected := range tt.expectedColumns {
+				assert.Equal(t, expected, columns[i])
+			}
+		})
+	}
+}
+
+func TestParseExportQueryOrderBy(t *testing.T) {
+	tests := []struct {
+		name          string
+		input         string
+		expectedOrder []qbtypes.OrderBy
+		wantErr       bool
+	}{
+		{
+			name:          "empty string returns empty slice",
+			input:         "",
+			expectedOrder: []qbtypes.OrderBy{},
+		},
+		{
+			name:          "whitespace-only string returns empty slice",
+			input:         "   ",
+			expectedOrder: []qbtypes.OrderBy{},
+		},
+		{
+			name:    "missing direction returns error",
+			input:   "timestamp",
+			wantErr: true,
+		},
+		{
+			name:    "invalid direction returns error",
+			input:   "timestamp:sideways",
+			wantErr: true,
+		},
+		{
+			name:    "invalid direction with context and type returns error",
+			input:   "attribute.user.id:string:sideways",
+			wantErr: true,
+		},
+		{
+			name:  "simple column asc",
+			input: "timestamp:asc",
+			expectedOrder: []qbtypes.OrderBy{
+				{
+					Direction: qbtypes.OrderDirectionAsc,
+					Key: qbtypes.OrderByKey{
+						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{Name: "timestamp"},
+					},
+				},
+			},
+		},
+		{
+			name:  "simple column desc",
+			input: "timestamp:desc",
+			expectedOrder: []qbtypes.OrderBy{
+				{
+					Direction: qbtypes.OrderDirectionDesc,
+					Key: qbtypes.OrderByKey{
+						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{Name: "timestamp"},
+					},
+				},
+			},
+		},
+		{
+			name:  "column with context and type qualifier",
+			input: "attribute.user:string:desc",
+			expectedOrder: []qbtypes.OrderBy{
+				{
+					Direction: qbtypes.OrderDirectionDesc,
+					Key: qbtypes.OrderByKey{
+						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+							Name:          "user",
+							FieldContext:  telemetrytypes.FieldContextAttribute,
+							FieldDataType: telemetrytypes.FieldDataTypeString,
+						},
+					},
+				},
+			},
+		},
+		{
+			name:  "column with context, dot-notation name",
+			input: "attribute.user.string:desc",
+			expectedOrder: []qbtypes.OrderBy{
+				{
+					Direction: qbtypes.OrderDirectionDesc,
+					Key: qbtypes.OrderByKey{
+						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+							Name:         "user.string",
+							FieldContext: telemetrytypes.FieldContextAttribute,
+						},
+					},
+				},
+			},
+		},
+		{
+			name:  "resource with context and type",
+			input: "resource.service.name:string:asc",
+			expectedOrder: []qbtypes.OrderBy{
+				{
+					Direction: qbtypes.OrderDirectionAsc,
+					Key: qbtypes.OrderByKey{
+						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+							Name:          "service.name",
+							FieldContext:  telemetrytypes.FieldContextResource,
+							FieldDataType: telemetrytypes.FieldDataTypeString,
+						},
+					},
+				},
+			},
+		},
+		{
+			name:  "attribute with number type asc",
+			input: "attribute.http.status_code:int64:asc",
+			expectedOrder: []qbtypes.OrderBy{
+				{
+					Direction: qbtypes.OrderDirectionAsc,
+					Key: qbtypes.OrderByKey{
+						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+							Name:          "http.status_code",
+							FieldContext:  telemetrytypes.FieldContextAttribute,
+							FieldDataType: telemetrytypes.FieldDataTypeNumber,
+						},
+					},
+				},
+			},
+		},
+		{
+			name:  "attribute with context but no type",
+			input: "attribute.user.id:asc",
+			expectedOrder: []qbtypes.OrderBy{
+				{
+					Direction: qbtypes.OrderDirectionAsc,
+					Key: qbtypes.OrderByKey{
+						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+							Name:         "user.id",
+							FieldContext: telemetrytypes.FieldContextAttribute,
+						},
+					},
+				},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			order, err := parseExportQueryOrderBy(tt.input)
+			if tt.wantErr {
+				require.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+			assert.Equal(t, tt.expectedOrder, order)
+		})
+	}
+}
--- a/pkg/types/usertypes/factor_api_key.go
+++ b/pkg/types/usertypes/factor_api_key.go
@@ -1,4 +1,4 @@
-package usertypes
+package types

 import (
 	"crypto/rand"
@@ -6,8 +6,6 @@ import (
 	"time"

 	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/uptrace/bun"
 )
@@ -15,29 +13,29 @@ import (
 var NEVER_EXPIRES = time.Unix(0, 0)

 type PostableAPIKey struct {
-	Name          string               `json:"name"`
-	Role          authtypes.LegacyRole `json:"role"`
-	ExpiresInDays int64                `json:"expiresInDays"`
+	Name          string `json:"name"`
+	Role          Role   `json:"role"`
+	ExpiresInDays int64  `json:"expiresInDays"`
 }

 type GettableAPIKey struct {
-	types.Identifiable
-	types.TimeAuditable
-	types.UserAuditable
-	Token         string               `json:"token"`
-	Role          authtypes.LegacyRole `json:"role"`
-	Name          string               `json:"name"`
-	ExpiresAt     int64                `json:"expiresAt"`
-	LastUsed      int64                `json:"lastUsed"`
-	Revoked       bool                 `json:"revoked"`
-	UserID        string               `json:"userId"`
-	CreatedByUser *User                `json:"createdByUser"`
-	UpdatedByUser *User                `json:"updatedByUser"`
+	Identifiable
+	TimeAuditable
+	UserAuditable
+	Token         string `json:"token"`
+	Role          Role   `json:"role"`
+	Name          string `json:"name"`
+	ExpiresAt     int64  `json:"expiresAt"`
+	LastUsed      int64  `json:"lastUsed"`
+	Revoked       bool   `json:"revoked"`
+	UserID        string `json:"userId"`
+	CreatedByUser *User  `json:"createdByUser"`
+	UpdatedByUser *User  `json:"updatedByUser"`
 }

 type OrgUserAPIKey struct {
-	*types.Organization `bun:",extend"`
-	Users               []*UserWithAPIKey `bun:"rel:has-many,join:id=org_id"`
+	*Organization `bun:",extend"`
+	Users         []*UserWithAPIKey `bun:"rel:has-many,join:id=org_id"`
 }

 type UserWithAPIKey struct {
@@ -55,19 +53,19 @@ type StorableAPIKeyUser struct {
 type StorableAPIKey struct {
 	bun.BaseModel `bun:"table:factor_api_key"`

-	types.Identifiable
-	types.TimeAuditable
-	types.UserAuditable
-	Token     string               `json:"token" bun:"token,type:text,notnull,unique"`
-	Role      authtypes.LegacyRole `json:"role" bun:"role,type:text,notnull,default:'ADMIN'"`
-	Name      string               `json:"name" bun:"name,type:text,notnull"`
-	ExpiresAt time.Time            `json:"-" bun:"expires_at,notnull,nullzero,type:timestamptz"`
-	LastUsed  time.Time            `json:"-" bun:"last_used,notnull,nullzero,type:timestamptz"`
-	Revoked   bool                 `json:"revoked" bun:"revoked,notnull,default:false"`
-	UserID    valuer.UUID          `json:"userId" bun:"user_id,type:text,notnull"`
+	Identifiable
+	TimeAuditable
+	UserAuditable
+	Token     string      `json:"token" bun:"token,type:text,notnull,unique"`
+	Role      Role        `json:"role" bun:"role,type:text,notnull,default:'ADMIN'"`
+	Name      string      `json:"name" bun:"name,type:text,notnull"`
+	ExpiresAt time.Time   `json:"-" bun:"expires_at,notnull,nullzero,type:timestamptz"`
+	LastUsed  time.Time   `json:"-" bun:"last_used,notnull,nullzero,type:timestamptz"`
+	Revoked   bool        `json:"revoked" bun:"revoked,notnull,default:false"`
+	UserID    valuer.UUID `json:"userId" bun:"user_id,type:text,notnull"`
 }

-func NewStorableAPIKey(name string, userID valuer.UUID, role authtypes.LegacyRole, expiresAt int64) (*StorableAPIKey, error) {
+func NewStorableAPIKey(name string, userID valuer.UUID, role Role, expiresAt int64) (*StorableAPIKey, error) {
 	// validate

 	// we allow the APIKey if expiresAt is not set, which means it never expires
@@ -103,14 +101,14 @@ func NewStorableAPIKey(name string, userID valuer.UUID, role authtypes.LegacyRol
 	encodedToken := base64.StdEncoding.EncodeToString(token)

 	return &StorableAPIKey{
-		Identifiable: types.Identifiable{
+		Identifiable: Identifiable{
 			ID: valuer.GenerateUUID(),
 		},
-		TimeAuditable: types.TimeAuditable{
+		TimeAuditable: TimeAuditable{
 			CreatedAt: now,
 			UpdatedAt: now,
 		},
-		UserAuditable: types.UserAuditable{
+		UserAuditable: UserAuditable{
 			CreatedBy: userID.String(),
 			UpdatedBy: userID.String(),
 		},
--- a/pkg/types/usertypes/factor_password.go
+++ b/pkg/types/usertypes/factor_password.go
@@ -1,4 +1,4 @@
-package usertypes
+package types

 import (
 	"encoding/json"
@@ -8,7 +8,6 @@ import (
 	"unicode"

 	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/sethvargo/go-password/password"
 	"github.com/uptrace/bun"
@@ -20,6 +19,7 @@ var (
 	minPasswordLength                      int    = 12
 	ErrInvalidPassword                            = errors.Newf(errors.TypeInvalidInput, errors.MustNewCode("invalid_password"), "password must be at least %d characters long, should contain at least one uppercase letter [A-Z], one lowercase letter [a-z], one number [0-9], and one symbol [%c].", minPasswordLength, symbols)
 	ErrCodeResetPasswordTokenAlreadyExists        = errors.MustNewCode("reset_password_token_already_exists")
+	ErrCodePasswordNotFound                       = errors.MustNewCode("password_not_found")
 	ErrCodeResetPasswordTokenNotFound             = errors.MustNewCode("reset_password_token_not_found")
 	ErrCodePasswordAlreadyExists                  = errors.MustNewCode("password_already_exists")
 	ErrCodeIncorrectPassword                      = errors.MustNewCode("incorrect_password")
@@ -45,7 +45,7 @@ type PostableForgotPassword struct {
 type ResetPasswordToken struct {
 	bun.BaseModel `bun:"table:reset_password_token"`

-	types.Identifiable
+	Identifiable
 	Token      string      `bun:"token,type:text,notnull" json:"token"`
 	PasswordID valuer.UUID `bun:"password_id,type:text,notnull,unique" json:"passwordId"`
 	ExpiresAt  time.Time   `bun:"expires_at,type:timestamptz,nullzero" json:"expiresAt"`
@@ -54,11 +54,11 @@ type ResetPasswordToken struct {
 type FactorPassword struct {
 	bun.BaseModel `bun:"table:factor_password"`

-	types.Identifiable
+	Identifiable
 	Password  string `bun:"password,type:text,notnull" json:"password"`
 	Temporary bool   `bun:"temporary,type:boolean,notnull" json:"temporary"`
 	UserID    string `bun:"user_id,type:text,notnull,unique" json:"userId"`
-	types.TimeAuditable
+	TimeAuditable
 }

 func (request *ChangePasswordRequest) UnmarshalJSON(data []byte) error {
@@ -104,13 +104,13 @@ func NewFactorPassword(password string, userID string) (*FactorPassword, error)
 	}

 	return &FactorPassword{
-		Identifiable: types.Identifiable{
+		Identifiable: Identifiable{
 			ID: valuer.GenerateUUID(),
 		},
 		Password:  string(hashedPassword),
 		Temporary: false,
 		UserID:    userID,
-		TimeAuditable: types.TimeAuditable{
+		TimeAuditable: TimeAuditable{
 			CreatedAt: time.Now(),
 			UpdatedAt: time.Now(),
 		},
@@ -146,7 +146,7 @@ func NewHashedPassword(password string) (string, error) {

 func NewResetPasswordToken(passwordID valuer.UUID, expiresAt time.Time) (*ResetPasswordToken, error) {
 	return &ResetPasswordToken{
-		Identifiable: types.Identifiable{
+		Identifiable: Identifiable{
 			ID: valuer.GenerateUUID(),
 		},
 		Token:      valuer.GenerateUUID().String(),
--- a/pkg/types/usertypes/factor_password_test.go
+++ b/pkg/types/usertypes/factor_password_test.go
@@ -1,4 +1,4 @@
-package usertypes
+package types

 import (
 	"testing"
--- a/pkg/types/usertypes/invite.go
+++ b/pkg/types/usertypes/invite.go
@@ -1,12 +1,10 @@
-package usertypes
+package types

 import (
 	"encoding/json"
 	"time"

 	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/uptrace/bun"
 )
@@ -21,13 +19,13 @@ type GettableInvite = Invite
 type Invite struct {
 	bun.BaseModel `bun:"table:user_invite"`

-	types.Identifiable
-	types.TimeAuditable
-	Name  string               `bun:"name,type:text" json:"name"`
-	Email valuer.Email         `bun:"email,type:text" json:"email"`
-	Token string               `bun:"token,type:text" json:"token"`
-	Role  authtypes.LegacyRole `bun:"role,type:text" json:"role"`
-	OrgID valuer.UUID          `bun:"org_id,type:text" json:"orgId"`
+	Identifiable
+	TimeAuditable
+	Name  string       `bun:"name,type:text" json:"name"`
+	Email valuer.Email `bun:"email,type:text" json:"email"`
+	Token string       `bun:"token,type:text" json:"token"`
+	Role  Role         `bun:"role,type:text" json:"role"`
+	OrgID valuer.UUID  `bun:"org_id,type:text" json:"orgId"`

 	InviteLink string `bun:"-" json:"inviteLink"`
 }
@@ -49,10 +47,10 @@ type PostableAcceptInvite struct {
 }

 type PostableInvite struct {
-	Name            string               `json:"name"`
-	Email           valuer.Email         `json:"email"`
-	Role            authtypes.LegacyRole `json:"role"`
-	FrontendBaseUrl string               `json:"frontendBaseUrl"`
+	Name            string       `json:"name"`
+	Email           valuer.Email `json:"email"`
+	Role            Role         `json:"role"`
+	FrontendBaseUrl string       `json:"frontendBaseUrl"`
 }

 type PostableBulkInviteRequest struct {
@@ -85,9 +83,9 @@ type GettableCreateInviteResponse struct {
 	InviteToken string `json:"token"`
 }

-func NewInvite(name string, role authtypes.LegacyRole, orgID valuer.UUID, email valuer.Email) (*Invite, error) {
+func NewInvite(name string, role Role, orgID valuer.UUID, email valuer.Email) (*Invite, error) {
 	invite := &Invite{
-		Identifiable: types.Identifiable{
+		Identifiable: Identifiable{
 			ID: valuer.GenerateUUID(),
 		},
 		Name:  name,
@@ -95,7 +93,7 @@ func NewInvite(name string, role authtypes.LegacyRole, orgID valuer.UUID, email
 		Token: valuer.GenerateUUID().String(),
 		Role:  role,
 		OrgID: orgID,
-		TimeAuditable: types.TimeAuditable{
+		TimeAuditable: TimeAuditable{
 			CreatedAt: time.Now(),
 			UpdatedAt: time.Now(),
 		},
--- a/pkg/types/querybuildertypes/querybuildertypesv5/req.go
+++ b/pkg/types/querybuildertypes/querybuildertypesv5/req.go
@@ -393,6 +393,77 @@ func (r *QueryRangeRequest) HasOrderSpecified() bool {
 	return false
 }

+// UseDefaultOrderBy applies UseDefaultOrderByForListQuery to every query in the
+// composite query when the request type is a list query (raw, raw_stream, trace).
+func (r *QueryRangeRequest) UseDefaultOrderBy() {
+
+	// Based on the request type, handle default order-bys
+	switch r.RequestType {
+	case RequestTypeRaw, RequestTypeRawStream, RequestTypeTrace:
+		for idx := range r.CompositeQuery.Queries {
+			r.CompositeQuery.Queries[idx].UseDefaultOrderByForListQuery()
+		}
+	}
+
+}
+
+// UseDefaultOrderByForListQuery applies a default timestamp-descending order
+// for list/raw queries when no explicit order is specified. This is intended
+// for raw data listing endpoints (e.g. export, list views) where a sensible
+// default sort is needed, not for aggregation or timeseries queries.
+func (q *QueryEnvelope) UseDefaultOrderByForListQuery() {
+	if len(q.GetOrder()) > 0 {
+		return
+	}
+
+	switch q.Spec.(type) {
+	case QueryBuilderQuery[TraceAggregation],
+		QueryBuilderTraceOperator:
+		q.SetOrder(
+			[]OrderBy{
+				{
+					Key: OrderByKey{
+						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+							Name:          "timestamp",
+							Signal:        telemetrytypes.SignalTraces,
+							FieldContext:  telemetrytypes.FieldContextSpan,
+							FieldDataType: telemetrytypes.FieldDataTypeNumber,
+						},
+					},
+					Direction: OrderDirectionDesc,
+				},
+			},
+		)
+	case QueryBuilderQuery[LogAggregation]:
+		q.SetOrder(
+			[]OrderBy{
+				{
+					Key: OrderByKey{
+						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+							Name:          "timestamp",
+							Signal:        telemetrytypes.SignalLogs,
+							FieldContext:  telemetrytypes.FieldContextLog,
+							FieldDataType: telemetrytypes.FieldDataTypeNumber,
+						},
+					},
+					Direction: OrderDirectionDesc,
+				},
+				{
+					Key: OrderByKey{
+						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+							Name:          "id",
+							Signal:        telemetrytypes.SignalLogs,
+							FieldContext:  telemetrytypes.FieldContextLog,
+							FieldDataType: telemetrytypes.FieldDataTypeString,
+						},
+					},
+					Direction: OrderDirectionDesc,
+				},
+			},
+		)
+	}
+}
+
 func (r *QueryRangeRequest) FuncsForQuery(name string) []Function {
 	funcs := []Function{}
 	for _, query := range r.CompositeQuery.Queries {
@@ -437,6 +508,16 @@ func (r *QueryRangeRequest) IsAnomalyRequest() (*QueryBuilderQuery[MetricAggrega
 	return &q, hasAnomaly
 }

+func (r *QueryRangeRequest) TraceOperatorQueryIndex() int {
+	for idx, query := range r.CompositeQuery.Queries {
+		switch query.Spec.(type) {
+		case QueryBuilderTraceOperator:
+			return idx
+		}
+	}
+	return -1
+}
+
 // We do not support fill gaps for these queries. Maybe support in future?
 func (r *QueryRangeRequest) SkipFillGaps(name string) bool {
 	for _, query := range r.CompositeQuery.Queries {
--- a/pkg/types/querybuildertypes/querybuildertypesv5/req_getters.go
+++ b/pkg/types/querybuildertypes/querybuildertypesv5/req_getters.go
@@ -0,0 +1,379 @@
+package querybuildertypesv5
+
+import "github.com/SigNoz/signoz/pkg/types/telemetrytypes"
+
+// GetExpression returns the expression string.
+func (q *QueryEnvelope) GetExpression() string {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		return spec.Expression
+	case QueryBuilderFormula:
+		return spec.Expression
+	}
+	return ""
+}
+
+// GetReturnSpansFrom returns the return-spans-from value.
+func (q *QueryEnvelope) GetReturnSpansFrom() string {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		return spec.ReturnSpansFrom
+	}
+	return ""
+}
+
+// GetSignal returns the signal.
+func (q *QueryEnvelope) GetSignal() telemetrytypes.Signal {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderQuery[TraceAggregation]:
+		return spec.Signal
+	case QueryBuilderQuery[LogAggregation]:
+		return spec.Signal
+	case QueryBuilderQuery[MetricAggregation]:
+		return spec.Signal
+	}
+	return telemetrytypes.SignalUnspecified
+}
+
+// GetSource returns the source.
+func (q *QueryEnvelope) GetSource() telemetrytypes.Source {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderQuery[TraceAggregation]:
+		return spec.Source
+	case QueryBuilderQuery[LogAggregation]:
+		return spec.Source
+	case QueryBuilderQuery[MetricAggregation]:
+		return spec.Source
+	}
+	return telemetrytypes.SourceUnspecified
+}
+
+// GetQuery returns the raw query string.
+func (q *QueryEnvelope) GetQuery() string {
+	switch spec := q.Spec.(type) {
+	case PromQuery:
+		return spec.Query
+	case ClickHouseQuery:
+		return spec.Query
+	}
+	return ""
+}
+
+// GetStats returns the PromQL stats flag.
+func (q *QueryEnvelope) GetStats() bool {
+	switch spec := q.Spec.(type) {
+	case PromQuery:
+		return spec.Stats
+	}
+	return false
+}
+
+// GetLeft returns the left query reference of a join.
+func (q *QueryEnvelope) GetLeft() QueryRef {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderJoin:
+		return spec.Left
+	}
+	return QueryRef{}
+}
+
+// GetRight returns the right query reference of a join.
+func (q *QueryEnvelope) GetRight() QueryRef {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderJoin:
+		return spec.Right
+	}
+	return QueryRef{}
+}
+
+// GetJoinType returns the join type.
+func (q *QueryEnvelope) GetJoinType() JoinType {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderJoin:
+		return spec.Type
+	}
+	return JoinType{}
+}
+
+// GetOn returns the join ON condition.
+func (q *QueryEnvelope) GetOn() string {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderJoin:
+		return spec.On
+	}
+	return ""
+}
+
+// GetQueryName returns the name of the spec.
+func (q *QueryEnvelope) GetQueryName() string {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		return spec.Name
+	case QueryBuilderQuery[TraceAggregation]:
+		return spec.Name
+	case QueryBuilderQuery[LogAggregation]:
+		return spec.Name
+	case QueryBuilderQuery[MetricAggregation]:
+		return spec.Name
+	case QueryBuilderFormula:
+		return spec.Name
+	case QueryBuilderJoin:
+		return spec.Name
+	case PromQuery:
+		return spec.Name
+	case ClickHouseQuery:
+		return spec.Name
+	}
+	return ""
+}
+
+// IsDisabled returns whether the spec is disabled.
+func (q *QueryEnvelope) IsDisabled() bool {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		return spec.Disabled
+	case QueryBuilderQuery[TraceAggregation]:
+		return spec.Disabled
+	case QueryBuilderQuery[LogAggregation]:
+		return spec.Disabled
+	case QueryBuilderQuery[MetricAggregation]:
+		return spec.Disabled
+	case QueryBuilderFormula:
+		return spec.Disabled
+	case QueryBuilderJoin:
+		return spec.Disabled
+	case PromQuery:
+		return spec.Disabled
+	case ClickHouseQuery:
+		return spec.Disabled
+	}
+	return false
+}
+
+// GetLimit returns the row limit.
+func (q *QueryEnvelope) GetLimit() int {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		return spec.Limit
+	case QueryBuilderQuery[TraceAggregation]:
+		return spec.Limit
+	case QueryBuilderQuery[LogAggregation]:
+		return spec.Limit
+	case QueryBuilderQuery[MetricAggregation]:
+		return spec.Limit
+	case QueryBuilderFormula:
+		return spec.Limit
+	case QueryBuilderJoin:
+		return spec.Limit
+	}
+	return 0
+}
+
+// GetOffset returns the row offset.
+func (q *QueryEnvelope) GetOffset() int {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		return spec.Offset
+	case QueryBuilderQuery[TraceAggregation]:
+		return spec.Offset
+	case QueryBuilderQuery[LogAggregation]:
+		return spec.Offset
+	case QueryBuilderQuery[MetricAggregation]:
+		return spec.Offset
+	}
+	return 0
+}
+
+// GetType returns the QueryType of the envelope.
+func (q *QueryEnvelope) GetType() QueryType {
+	return q.Type
+}
+
+// GetOrder returns the order-by clauses.
+func (q *QueryEnvelope) GetOrder() []OrderBy {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		return spec.Order
+	case QueryBuilderQuery[TraceAggregation]:
+		return spec.Order
+	case QueryBuilderQuery[LogAggregation]:
+		return spec.Order
+	case QueryBuilderQuery[MetricAggregation]:
+		return spec.Order
+	case QueryBuilderFormula:
+		return spec.Order
+	case QueryBuilderJoin:
+		return spec.Order
+	}
+	return nil
+}
+
+// GetGroupBy returns the group-by keys.
+func (q *QueryEnvelope) GetGroupBy() []GroupByKey {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		return spec.GroupBy
+	case QueryBuilderQuery[TraceAggregation]:
+		return spec.GroupBy
+	case QueryBuilderQuery[LogAggregation]:
+		return spec.GroupBy
+	case QueryBuilderQuery[MetricAggregation]:
+		return spec.GroupBy
+	case QueryBuilderJoin:
+		return spec.GroupBy
+	}
+	return nil
+}
+
+// GetFilter returns the filter.
+func (q *QueryEnvelope) GetFilter() *Filter {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		return spec.Filter
+	case QueryBuilderQuery[TraceAggregation]:
+		return spec.Filter
+	case QueryBuilderQuery[LogAggregation]:
+		return spec.Filter
+	case QueryBuilderQuery[MetricAggregation]:
+		return spec.Filter
+	case QueryBuilderJoin:
+		return spec.Filter
+	}
+	return nil
+}
+
+// GetHaving returns the having clause.
+func (q *QueryEnvelope) GetHaving() *Having {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		return spec.Having
+	case QueryBuilderQuery[TraceAggregation]:
+		return spec.Having
+	case QueryBuilderQuery[LogAggregation]:
+		return spec.Having
+	case QueryBuilderQuery[MetricAggregation]:
+		return spec.Having
+	case QueryBuilderFormula:
+		return spec.Having
+	case QueryBuilderJoin:
+		return spec.Having
+	}
+	return nil
+}
+
+// GetFunctions returns the post-processing functions.
+func (q *QueryEnvelope) GetFunctions() []Function {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		return spec.Functions
+	case QueryBuilderQuery[TraceAggregation]:
+		return spec.Functions
+	case QueryBuilderQuery[LogAggregation]:
+		return spec.Functions
+	case QueryBuilderQuery[MetricAggregation]:
+		return spec.Functions
+	case QueryBuilderFormula:
+		return spec.Functions
+	case QueryBuilderJoin:
+		return spec.Functions
+	}
+	return nil
+}
+
+// GetSelectFields returns the selected fields.
+func (q *QueryEnvelope) GetSelectFields() []telemetrytypes.TelemetryFieldKey {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		return spec.SelectFields
+	case QueryBuilderQuery[TraceAggregation]:
+		return spec.SelectFields
+	case QueryBuilderQuery[LogAggregation]:
+		return spec.SelectFields
+	case QueryBuilderQuery[MetricAggregation]:
+		return spec.SelectFields
+	case QueryBuilderJoin:
+		return spec.SelectFields
+	}
+	return nil
+}
+
+// GetLegend returns the legend label.
+func (q *QueryEnvelope) GetLegend() string {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		return spec.Legend
+	case QueryBuilderQuery[TraceAggregation]:
+		return spec.Legend
+	case QueryBuilderQuery[LogAggregation]:
+		return spec.Legend
+	case QueryBuilderQuery[MetricAggregation]:
+		return spec.Legend
+	case QueryBuilderFormula:
+		return spec.Legend
+	case PromQuery:
+		return spec.Legend
+	case ClickHouseQuery:
+		return spec.Legend
+	}
+	return ""
+}
+
+// GetCursor returns the pagination cursor.
+func (q *QueryEnvelope) GetCursor() string {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		return spec.Cursor
+	case QueryBuilderQuery[TraceAggregation]:
+		return spec.Cursor
+	case QueryBuilderQuery[LogAggregation]:
+		return spec.Cursor
+	case QueryBuilderQuery[MetricAggregation]:
+		return spec.Cursor
+	}
+	return ""
+}
+
+// GetStepInterval returns the step interval.
+func (q *QueryEnvelope) GetStepInterval() Step {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		return spec.StepInterval
+	case QueryBuilderQuery[TraceAggregation]:
+		return spec.StepInterval
+	case QueryBuilderQuery[LogAggregation]:
+		return spec.StepInterval
+	case QueryBuilderQuery[MetricAggregation]:
+		return spec.StepInterval
+	case PromQuery:
+		return spec.Step
+	}
+	return Step{}
+}
+
+// GetSecondaryAggregations returns the secondary aggregations.
+func (q *QueryEnvelope) GetSecondaryAggregations() []SecondaryAggregation {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderQuery[TraceAggregation]:
+		return spec.SecondaryAggregations
+	case QueryBuilderQuery[LogAggregation]:
+		return spec.SecondaryAggregations
+	case QueryBuilderQuery[MetricAggregation]:
+		return spec.SecondaryAggregations
+	case QueryBuilderJoin:
+		return spec.SecondaryAggregations
+	}
+	return nil
+}
+
+// GetLimitBy returns the limit-by configuration.
+func (q *QueryEnvelope) GetLimitBy() *LimitBy {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderQuery[TraceAggregation]:
+		return spec.LimitBy
+	case QueryBuilderQuery[LogAggregation]:
+		return spec.LimitBy
+	case QueryBuilderQuery[MetricAggregation]:
+		return spec.LimitBy
+	}
+	return nil
+}
--- a/pkg/types/querybuildertypes/querybuildertypesv5/req_setters.go
+++ b/pkg/types/querybuildertypes/querybuildertypesv5/req_setters.go
@@ -0,0 +1,452 @@
+package querybuildertypesv5
+
+import "github.com/SigNoz/signoz/pkg/types/telemetrytypes"
+
+// SetExpression sets the expression string of the spec, if applicable.
+func (q *QueryEnvelope) SetExpression(expression string) {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		spec.Expression = expression
+		q.Spec = spec
+	case QueryBuilderFormula:
+		spec.Expression = expression
+		q.Spec = spec
+	}
+}
+
+// SetReturnSpansFrom sets the return-spans-from value, if applicable.
+func (q *QueryEnvelope) SetReturnSpansFrom(returnSpansFrom string) {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		spec.ReturnSpansFrom = returnSpansFrom
+		q.Spec = spec
+	}
+}
+
+// SetSignal sets the signal of the spec, if applicable.
+func (q *QueryEnvelope) SetSignal(signal telemetrytypes.Signal) {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderQuery[TraceAggregation]:
+		spec.Signal = signal
+		q.Spec = spec
+	case QueryBuilderQuery[LogAggregation]:
+		spec.Signal = signal
+		q.Spec = spec
+	case QueryBuilderQuery[MetricAggregation]:
+		spec.Signal = signal
+		q.Spec = spec
+	}
+}
+
+// SetSource sets the source of the spec, if applicable.
+func (q *QueryEnvelope) SetSource(source telemetrytypes.Source) {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderQuery[TraceAggregation]:
+		spec.Source = source
+		q.Spec = spec
+	case QueryBuilderQuery[LogAggregation]:
+		spec.Source = source
+		q.Spec = spec
+	case QueryBuilderQuery[MetricAggregation]:
+		spec.Source = source
+		q.Spec = spec
+	}
+}
+
+// SetQuery sets the raw query string of the spec, if applicable.
+func (q *QueryEnvelope) SetQuery(query string) {
+	switch spec := q.Spec.(type) {
+	case PromQuery:
+		spec.Query = query
+		q.Spec = spec
+	case ClickHouseQuery:
+		spec.Query = query
+		q.Spec = spec
+	}
+}
+
+// SetStats sets the PromQL stats flag, if applicable.
+func (q *QueryEnvelope) SetStats(stats bool) {
+	switch spec := q.Spec.(type) {
+	case PromQuery:
+		spec.Stats = stats
+		q.Spec = spec
+	}
+}
+
+// SetLeft sets the left query reference of a join, if applicable.
+func (q *QueryEnvelope) SetLeft(left QueryRef) {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderJoin:
+		spec.Left = left
+		q.Spec = spec
+	}
+}
+
+// SetRight sets the right query reference of a join, if applicable.
+func (q *QueryEnvelope) SetRight(right QueryRef) {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderJoin:
+		spec.Right = right
+		q.Spec = spec
+	}
+}
+
+// SetJoinType sets the join type, if applicable.
+func (q *QueryEnvelope) SetJoinType(joinType JoinType) {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderJoin:
+		spec.Type = joinType
+		q.Spec = spec
+	}
+}
+
+// SetOn sets the join ON condition, if applicable.
+func (q *QueryEnvelope) SetOn(on string) {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderJoin:
+		spec.On = on
+		q.Spec = spec
+	}
+}
+
+// SetQueryName sets the name of the spec, if applicable.
+func (q *QueryEnvelope) SetQueryName(name string) {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		spec.Name = name
+		q.Spec = spec
+	case QueryBuilderQuery[TraceAggregation]:
+		spec.Name = name
+		q.Spec = spec
+	case QueryBuilderQuery[LogAggregation]:
+		spec.Name = name
+		q.Spec = spec
+	case QueryBuilderQuery[MetricAggregation]:
+		spec.Name = name
+		q.Spec = spec
+	case QueryBuilderFormula:
+		spec.Name = name
+		q.Spec = spec
+	case QueryBuilderJoin:
+		spec.Name = name
+		q.Spec = spec
+	case PromQuery:
+		spec.Name = name
+		q.Spec = spec
+	case ClickHouseQuery:
+		spec.Name = name
+		q.Spec = spec
+	}
+}
+
+// SetDisabled sets the disabled flag of the spec, if applicable.
+func (q *QueryEnvelope) SetDisabled(disabled bool) {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		spec.Disabled = disabled
+		q.Spec = spec
+	case QueryBuilderQuery[TraceAggregation]:
+		spec.Disabled = disabled
+		q.Spec = spec
+	case QueryBuilderQuery[LogAggregation]:
+		spec.Disabled = disabled
+		q.Spec = spec
+	case QueryBuilderQuery[MetricAggregation]:
+		spec.Disabled = disabled
+		q.Spec = spec
+	case QueryBuilderFormula:
+		spec.Disabled = disabled
+		q.Spec = spec
+	case QueryBuilderJoin:
+		spec.Disabled = disabled
+		q.Spec = spec
+	case PromQuery:
+		spec.Disabled = disabled
+		q.Spec = spec
+	case ClickHouseQuery:
+		spec.Disabled = disabled
+		q.Spec = spec
+	}
+}
+
+// SetLimit sets the row limit of the spec, if applicable.
+func (q *QueryEnvelope) SetLimit(limit int) {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		spec.Limit = limit
+		q.Spec = spec
+	case QueryBuilderQuery[TraceAggregation]:
+		spec.Limit = limit
+		q.Spec = spec
+	case QueryBuilderQuery[LogAggregation]:
+		spec.Limit = limit
+		q.Spec = spec
+	case QueryBuilderQuery[MetricAggregation]:
+		spec.Limit = limit
+		q.Spec = spec
+	case QueryBuilderFormula:
+		spec.Limit = limit
+		q.Spec = spec
+	case QueryBuilderJoin:
+		spec.Limit = limit
+		q.Spec = spec
+	}
+}
+
+// SetOffset sets the row offset of the spec, if applicable.
+func (q *QueryEnvelope) SetOffset(offset int) {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		spec.Offset = offset
+		q.Spec = spec
+	case QueryBuilderQuery[TraceAggregation]:
+		spec.Offset = offset
+		q.Spec = spec
+	case QueryBuilderQuery[LogAggregation]:
+		spec.Offset = offset
+		q.Spec = spec
+	case QueryBuilderQuery[MetricAggregation]:
+		spec.Offset = offset
+		q.Spec = spec
+	}
+}
+
+// SetType sets the QueryType of the envelope.
+func (q *QueryEnvelope) SetType(t QueryType) {
+	q.Type = t
+}
+
+// SetOrder sets the order-by clauses of the spec, if applicable.
+func (q *QueryEnvelope) SetOrder(order []OrderBy) {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		spec.Order = order
+		q.Spec = spec
+	case QueryBuilderQuery[TraceAggregation]:
+		spec.Order = order
+		q.Spec = spec
+	case QueryBuilderQuery[LogAggregation]:
+		spec.Order = order
+		q.Spec = spec
+	case QueryBuilderQuery[MetricAggregation]:
+		spec.Order = order
+		q.Spec = spec
+	case QueryBuilderFormula:
+		spec.Order = order
+		q.Spec = spec
+	case QueryBuilderJoin:
+		spec.Order = order
+		q.Spec = spec
+	}
+}
+
+// SetGroupBy sets the group-by keys of the spec, if applicable.
+func (q *QueryEnvelope) SetGroupBy(groupBy []GroupByKey) {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		spec.GroupBy = groupBy
+		q.Spec = spec
+	case QueryBuilderQuery[TraceAggregation]:
+		spec.GroupBy = groupBy
+		q.Spec = spec
+	case QueryBuilderQuery[LogAggregation]:
+		spec.GroupBy = groupBy
+		q.Spec = spec
+	case QueryBuilderQuery[MetricAggregation]:
+		spec.GroupBy = groupBy
+		q.Spec = spec
+	case QueryBuilderJoin:
+		spec.GroupBy = groupBy
+		q.Spec = spec
+	}
+}
+
+// SetFilter sets the filter of the spec, if applicable.
+func (q *QueryEnvelope) SetFilter(filter *Filter) {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		spec.Filter = filter
+		q.Spec = spec
+	case QueryBuilderQuery[TraceAggregation]:
+		spec.Filter = filter
+		q.Spec = spec
+	case QueryBuilderQuery[LogAggregation]:
+		spec.Filter = filter
+		q.Spec = spec
+	case QueryBuilderQuery[MetricAggregation]:
+		spec.Filter = filter
+		q.Spec = spec
+	case QueryBuilderJoin:
+		spec.Filter = filter
+		q.Spec = spec
+	}
+}
+
+// SetHaving sets the having clause of the spec, if applicable.
+func (q *QueryEnvelope) SetHaving(having *Having) {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		spec.Having = having
+		q.Spec = spec
+	case QueryBuilderQuery[TraceAggregation]:
+		spec.Having = having
+		q.Spec = spec
+	case QueryBuilderQuery[LogAggregation]:
+		spec.Having = having
+		q.Spec = spec
+	case QueryBuilderQuery[MetricAggregation]:
+		spec.Having = having
+		q.Spec = spec
+	case QueryBuilderFormula:
+		spec.Having = having
+		q.Spec = spec
+	case QueryBuilderJoin:
+		spec.Having = having
+		q.Spec = spec
+	}
+}
+
+// SetFunctions sets the post-processing functions of the spec, if applicable.
+func (q *QueryEnvelope) SetFunctions(functions []Function) {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		spec.Functions = functions
+		q.Spec = spec
+	case QueryBuilderQuery[TraceAggregation]:
+		spec.Functions = functions
+		q.Spec = spec
+	case QueryBuilderQuery[LogAggregation]:
+		spec.Functions = functions
+		q.Spec = spec
+	case QueryBuilderQuery[MetricAggregation]:
+		spec.Functions = functions
+		q.Spec = spec
+	case QueryBuilderFormula:
+		spec.Functions = functions
+		q.Spec = spec
+	case QueryBuilderJoin:
+		spec.Functions = functions
+		q.Spec = spec
+	}
+}
+
+// SetSelectFields sets the selected fields of the spec, if applicable.
+func (q *QueryEnvelope) SetSelectFields(fields []telemetrytypes.TelemetryFieldKey) {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		spec.SelectFields = fields
+		q.Spec = spec
+	case QueryBuilderQuery[TraceAggregation]:
+		spec.SelectFields = fields
+		q.Spec = spec
+	case QueryBuilderQuery[LogAggregation]:
+		spec.SelectFields = fields
+		q.Spec = spec
+	case QueryBuilderQuery[MetricAggregation]:
+		spec.SelectFields = fields
+		q.Spec = spec
+	case QueryBuilderJoin:
+		spec.SelectFields = fields
+		q.Spec = spec
+	}
+}
+
+// SetLegend sets the legend label of the spec, if applicable.
+func (q *QueryEnvelope) SetLegend(legend string) {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		spec.Legend = legend
+		q.Spec = spec
+	case QueryBuilderQuery[TraceAggregation]:
+		spec.Legend = legend
+		q.Spec = spec
+	case QueryBuilderQuery[LogAggregation]:
+		spec.Legend = legend
+		q.Spec = spec
+	case QueryBuilderQuery[MetricAggregation]:
+		spec.Legend = legend
+		q.Spec = spec
+	case QueryBuilderFormula:
+		spec.Legend = legend
+		q.Spec = spec
+	case PromQuery:
+		spec.Legend = legend
+		q.Spec = spec
+	case ClickHouseQuery:
+		spec.Legend = legend
+		q.Spec = spec
+	}
+}
+
+// SetCursor sets the pagination cursor of the spec, if applicable.
+func (q *QueryEnvelope) SetCursor(cursor string) {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		spec.Cursor = cursor
+		q.Spec = spec
+	case QueryBuilderQuery[TraceAggregation]:
+		spec.Cursor = cursor
+		q.Spec = spec
+	case QueryBuilderQuery[LogAggregation]:
+		spec.Cursor = cursor
+		q.Spec = spec
+	case QueryBuilderQuery[MetricAggregation]:
+		spec.Cursor = cursor
+		q.Spec = spec
+	}
+}
+
+// SetStepInterval sets the step interval of the spec, if applicable.
+func (q *QueryEnvelope) SetStepInterval(step Step) {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderTraceOperator:
+		spec.StepInterval = step
+		q.Spec = spec
+	case QueryBuilderQuery[TraceAggregation]:
+		spec.StepInterval = step
+		q.Spec = spec
+	case QueryBuilderQuery[LogAggregation]:
+		spec.StepInterval = step
+		q.Spec = spec
+	case QueryBuilderQuery[MetricAggregation]:
+		spec.StepInterval = step
+		q.Spec = spec
+	case PromQuery:
+		spec.Step = step
+		q.Spec = spec
+	}
+}
+
+// SetSecondaryAggregations sets the secondary aggregations of the spec, if applicable.
+func (q *QueryEnvelope) SetSecondaryAggregations(secondaryAggregations []SecondaryAggregation) {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderQuery[TraceAggregation]:
+		spec.SecondaryAggregations = secondaryAggregations
+		q.Spec = spec
+	case QueryBuilderQuery[LogAggregation]:
+		spec.SecondaryAggregations = secondaryAggregations
+		q.Spec = spec
+	case QueryBuilderQuery[MetricAggregation]:
+		spec.SecondaryAggregations = secondaryAggregations
+		q.Spec = spec
+	case QueryBuilderJoin:
+		spec.SecondaryAggregations = secondaryAggregations
+		q.Spec = spec
+	}
+}
+
+// SetLimitBy sets the limit-by configuration of the spec, if applicable.
+func (q *QueryEnvelope) SetLimitBy(limitBy *LimitBy) {
+	switch spec := q.Spec.(type) {
+	case QueryBuilderQuery[TraceAggregation]:
+		spec.LimitBy = limitBy
+		q.Spec = spec
+	case QueryBuilderQuery[LogAggregation]:
+		spec.LimitBy = limitBy
+		q.Spec = spec
+	case QueryBuilderQuery[MetricAggregation]:
+		spec.LimitBy = limitBy
+		q.Spec = spec
+	}
+}
--- a/pkg/types/querybuildertypes/querybuildertypesv5/validation.go
+++ b/pkg/types/querybuildertypes/querybuildertypesv5/validation.go
@@ -10,55 +10,9 @@ import (
 	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
 )

-// queryName returns the name from any query envelope spec type.
-func (e QueryEnvelope) queryName() string {
-	switch spec := e.Spec.(type) {
-	case QueryBuilderQuery[TraceAggregation]:
-		return spec.Name
-	case QueryBuilderQuery[LogAggregation]:
-		return spec.Name
-	case QueryBuilderQuery[MetricAggregation]:
-		return spec.Name
-	case QueryBuilderFormula:
-		return spec.Name
-	case QueryBuilderTraceOperator:
-		return spec.Name
-	case QueryBuilderJoin:
-		return spec.Name
-	case PromQuery:
-		return spec.Name
-	case ClickHouseQuery:
-		return spec.Name
-	}
-	return ""
-}
-
-// isDisabled returns the disabled status from any query envelope spec type.
-func (e QueryEnvelope) isDisabled() bool {
-	switch spec := e.Spec.(type) {
-	case QueryBuilderQuery[TraceAggregation]:
-		return spec.Disabled
-	case QueryBuilderQuery[LogAggregation]:
-		return spec.Disabled
-	case QueryBuilderQuery[MetricAggregation]:
-		return spec.Disabled
-	case QueryBuilderFormula:
-		return spec.Disabled
-	case QueryBuilderTraceOperator:
-		return spec.Disabled
-	case QueryBuilderJoin:
-		return spec.Disabled
-	case PromQuery:
-		return spec.Disabled
-	case ClickHouseQuery:
-		return spec.Disabled
-	}
-	return false
-}
-
 // getQueryIdentifier returns a friendly identifier for a query based on its type and name/content
 func getQueryIdentifier(envelope QueryEnvelope, index int) string {
-	name := envelope.queryName()
+	name := envelope.GetQueryName()

 	var typeLabel string
 	switch envelope.Type {
@@ -89,50 +43,115 @@ const (
 	MaxQueryLimit = 10000
 )

-// Validate performs preliminary validation on QueryBuilderQuery
-func (q *QueryBuilderQuery[T]) Validate(requestType RequestType) error {
-	// Validate signal
+// ValidationOption is a functional option for configuring validation behaviour.
+type ValidationOption func(*validationConfig)
+
+type validationConfig struct {
+	skipLimitOffsetValidation bool
+	skipAggregationValidation bool
+	skipHavingValidation      bool
+	skipAggregationOrderBy    bool
+	skipSelectFieldValidation bool
+	skipGroupByValidation     bool
+}
+
+func applyValidationOptions(opts []ValidationOption) validationConfig {
+	cfg := validationConfig{}
+	for _, opt := range opts {
+		opt(&cfg)
+	}
+	return cfg
+}
+
+// SkipLimitOffsetValidation returns a ValidationOption that skips the limit and offset range checks.
+// Use this when the caller has already validated limits and offsets with different constraints.
+func WithSkipLimitOffsetValidation() ValidationOption {
+	return func(cfg *validationConfig) {
+		cfg.skipLimitOffsetValidation = true
+	}
+}
+
+// SkipAggregationValidation skips aggregation validation.
+// Used for raw/trace request types where aggregations are not required.
+func WithSkipAggregationValidation() ValidationOption {
+	return func(cfg *validationConfig) {
+		cfg.skipAggregationValidation = true
+	}
+}
+
+// SkipHavingValidation skips having-clause validation.
+// Used for raw/trace request types where having clauses do not apply.
+func WithSkipHavingValidation() ValidationOption {
+	return func(cfg *validationConfig) {
+		cfg.skipHavingValidation = true
+	}
+}
+
+// SkipAggregationOrderBy skips the aggregation-specific order-by key validation.
+// Used for raw/trace request types where order-by keys are not restricted to group-by or aggregation keys.
+func WithSkipAggregationOrderBy() ValidationOption {
+	return func(cfg *validationConfig) {
+		cfg.skipAggregationOrderBy = true
+	}
+}
+
+// SkipSelectFieldValidation skips select-field validation.
+// Used for aggregation request types where select fields do not apply.
+func WithSkipSelectFieldValidation() ValidationOption {
+	return func(cfg *validationConfig) {
+		cfg.skipSelectFieldValidation = true
+	}
+}
+
+// SkipGroupByValidation skips group-by validation.
+// Used for raw/trace request types where group-by does not apply.
+func WithSkipGroupByValidation() ValidationOption {
+	return func(cfg *validationConfig) {
+		cfg.skipGroupByValidation = true
+	}
+}
+
+// Validate performs preliminary validation on QueryBuilderQuery.
+func (q *QueryBuilderQuery[T]) Validate(opts ...ValidationOption) error {
+	cfg := applyValidationOptions(opts)
+
 	if err := q.validateSignal(); err != nil {
 		return err
 	}

-	if err := q.validateAggregations(requestType); err != nil {
+	if err := q.validateAggregations(cfg); err != nil {
 		return err
 	}

-	if err := q.validateGroupBy(requestType); err != nil {
+	if err := q.validateGroupBy(cfg); err != nil {
 		return err
 	}

-	// Validate limit and pagination
-	if err := q.validateLimitAndPagination(); err != nil {
+	if err := q.validateLimitAndPagination(cfg); err != nil {
 		return err
 	}

-	// Validate functions
 	if err := q.validateFunctions(); err != nil {
 		return err
 	}

-	// Validate secondary aggregations
 	if err := q.validateSecondaryAggregations(); err != nil {
 		return err
 	}

-	if err := q.validateOrderBy(requestType); err != nil {
+	if err := q.validateOrderBy(cfg); err != nil {
 		return err
 	}

-	if err := q.validateSelectFields(requestType); err != nil {
+	if err := q.validateSelectFields(cfg); err != nil {
 		return err
 	}

 	return nil
 }

-func (q *QueryBuilderQuery[T]) validateSelectFields(requestType RequestType) error {
-	// selectFields don't apply to aggregation queries, skip validation
-	if requestType.IsAggregation() {
+func (q *QueryBuilderQuery[T]) validateSelectFields(cfg validationConfig) error {
+	if cfg.skipSelectFieldValidation {
 		return nil
 	}

@@ -148,9 +167,8 @@ func (q *QueryBuilderQuery[T]) validateSelectFields(requestType RequestType) err
 	return nil
 }

-func (q *QueryBuilderQuery[T]) validateGroupBy(requestType RequestType) error {
-	// groupBy doesn't apply to non-aggregation queries, skip validation
-	if !requestType.IsAggregation() {
+func (q *QueryBuilderQuery[T]) validateGroupBy(cfg validationConfig) error {
+	if cfg.skipGroupByValidation {
 		return nil
 	}
 	for idx, item := range q.GroupBy {
@@ -183,9 +201,8 @@ func (q *QueryBuilderQuery[T]) validateSignal() error {
 	}
 }

-func (q *QueryBuilderQuery[T]) validateAggregations(requestType RequestType) error {
-	// aggregations don't apply to non-aggregation queries, skip validation
-	if !requestType.IsAggregation() {
+func (q *QueryBuilderQuery[T]) validateAggregations(cfg validationConfig) error {
+	if cfg.skipAggregationValidation {
 		return nil
 	}

@@ -272,8 +289,11 @@ func (q *QueryBuilderQuery[T]) validateAggregations(requestType RequestType) err
 	return nil
 }

-func (q *QueryBuilderQuery[T]) validateLimitAndPagination() error {
-	// Validate limit
+func (q *QueryBuilderQuery[T]) validateLimitAndPagination(cfg validationConfig) error {
+	if cfg.skipLimitOffsetValidation {
+		return nil
+	}
+
 	if q.Limit < 0 {
 		return errors.NewInvalidInputf(
 			errors.CodeInvalidInput,
@@ -336,7 +356,7 @@ func (q *QueryBuilderQuery[T]) validateSecondaryAggregations() error {
 	return nil
 }

-func (q *QueryBuilderQuery[T]) validateOrderBy(requestType RequestType) error {
+func (q *QueryBuilderQuery[T]) validateOrderBy(cfg validationConfig) error {
 	for i, order := range q.Order {
 		// Direction validation is handled by the OrderDirection type
 		if order.Direction != OrderDirectionAsc && order.Direction != OrderDirectionDesc {
@@ -355,8 +375,7 @@ func (q *QueryBuilderQuery[T]) validateOrderBy(requestType RequestType) error {
 		}
 	}

-	// aggregation-specific order key validation only applies to aggregation queries
-	if requestType.IsAggregation() {
+	if !cfg.skipAggregationOrderBy {
 		return q.validateOrderByForAggregation()
 	}

@@ -438,8 +457,8 @@ func (q *QueryBuilderQuery[T]) validateOrderByForAggregation() error {
 	return nil
 }

-// ValidateQueryRangeRequest validates the entire query range request
-func (r *QueryRangeRequest) Validate() error {
+// Validate validates the entire query range request.
+func (r *QueryRangeRequest) Validate(opts ...ValidationOption) error {
 	// Validate time range
 	if r.RequestType != RequestTypeRawStream && r.Start >= r.End {
 		return errors.NewInvalidInputf(
@@ -450,8 +469,8 @@ func (r *QueryRangeRequest) Validate() error {

 	// Validate request type
 	switch r.RequestType {
-	case RequestTypeRaw, RequestTypeRawStream, RequestTypeTimeSeries, RequestTypeScalar, RequestTypeTrace:
-		// Valid request types
+	case RequestTypeRaw, RequestTypeRawStream, RequestTypeTrace, RequestTypeTimeSeries, RequestTypeScalar:
+		opts = append(opts, GetValidationOptions(r.RequestType)...)
 	default:
 		return errors.NewInvalidInputf(
 			errors.CodeInvalidInput,
@@ -463,7 +482,7 @@ func (r *QueryRangeRequest) Validate() error {
 	}

 	// Validate composite query
-	if err := r.validateCompositeQuery(); err != nil {
+	if err := r.CompositeQuery.Validate(opts...); err != nil {
 		return err
 	}

@@ -478,7 +497,7 @@ func (r *QueryRangeRequest) Validate() error {
 // validateAllQueriesNotDisabled validates that at least one query in the composite query is enabled
 func (r *QueryRangeRequest) validateAllQueriesNotDisabled() error {
 	for _, envelope := range r.CompositeQuery.Queries {
-		if !envelope.isDisabled() {
+		if !envelope.IsDisabled() {
 			return nil
 		}
 	}
@@ -489,12 +508,8 @@ func (r *QueryRangeRequest) validateAllQueriesNotDisabled() error {
 	)
 }

-func (r *QueryRangeRequest) validateCompositeQuery() error {
-	return r.CompositeQuery.Validate(r.RequestType)
-}
-
 // Validate performs validation on CompositeQuery
-func (c *CompositeQuery) Validate(requestType RequestType) error {
+func (c *CompositeQuery) Validate(opts ...ValidationOption) error {
 	if len(c.Queries) == 0 {
 		return errors.NewInvalidInputf(
 			errors.CodeInvalidInput,
@@ -506,14 +521,14 @@ func (c *CompositeQuery) Validate(requestType RequestType) error {
 	queryNames := make(map[string]bool)

 	for i, envelope := range c.Queries {
-		if err := validateQueryEnvelope(envelope, requestType); err != nil {
+		if err := validateQueryEnvelope(envelope, opts...); err != nil {
 			queryId := getQueryIdentifier(envelope, i)
 			return wrapValidationError(err, queryId, "invalid %s: %s")
 		}

 		// Check name uniqueness for builder queries
 		if envelope.Type == QueryTypeBuilder || envelope.Type == QueryTypeSubQuery {
-			name := envelope.queryName()
+			name := envelope.GetQueryName()
 			if name != "" {
 				if queryNames[name] {
 					return errors.NewInvalidInputf(
@@ -530,16 +545,16 @@ func (c *CompositeQuery) Validate(requestType RequestType) error {
 	return nil
 }

-func validateQueryEnvelope(envelope QueryEnvelope, requestType RequestType) error {
+func validateQueryEnvelope(envelope QueryEnvelope, opts ...ValidationOption) error {
 	switch envelope.Type {
 	case QueryTypeBuilder, QueryTypeSubQuery:
 		switch spec := envelope.Spec.(type) {
 		case QueryBuilderQuery[TraceAggregation]:
-			return spec.Validate(requestType)
+			return spec.Validate(opts...)
 		case QueryBuilderQuery[LogAggregation]:
-			return spec.Validate(requestType)
+			return spec.Validate(opts...)
 		case QueryBuilderQuery[MetricAggregation]:
-			return spec.Validate(requestType)
+			return spec.Validate(opts...)
 		default:
 			return errors.NewInvalidInputf(
 				errors.CodeInvalidInput,
@@ -625,3 +640,14 @@ func validateQueryEnvelope(envelope QueryEnvelope, requestType RequestType) erro
 		)
 	}
 }
+
+func GetValidationOptions(requestType RequestType) []ValidationOption {
+	switch requestType {
+	case RequestTypeTimeSeries, RequestTypeScalar:
+		return []ValidationOption{WithSkipSelectFieldValidation()}
+	case RequestTypeRaw, RequestTypeRawStream, RequestTypeTrace:
+		return []ValidationOption{WithSkipAggregationValidation(), WithSkipHavingValidation(), WithSkipAggregationOrderBy(), WithSkipGroupByValidation()}
+	default:
+		return []ValidationOption{}
+	}
+}
--- a/pkg/types/querybuildertypes/querybuildertypesv5/validation_test.go
+++ b/pkg/types/querybuildertypes/querybuildertypesv5/validation_test.go
@@ -743,7 +743,7 @@ func TestValidateQueryEnvelope(t *testing.T) {

 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			err := validateQueryEnvelope(tt.envelope, tt.requestType)
+			err := validateQueryEnvelope(tt.envelope)
 			if tt.wantErr {
 				if err == nil {
 					t.Errorf("validateQueryEnvelope() expected error but got none")
@@ -816,7 +816,7 @@ func TestQueryEnvelope_Helpers(t *testing.T) {
 		}
 		for _, tt := range tests {
 			t.Run(tt.name, func(t *testing.T) {
-				got := tt.envelope.queryName()
+				got := tt.envelope.GetQueryName()
 				if got != tt.want {
 					t.Errorf("queryName() = %q, want %q", got, tt.want)
 				}
@@ -868,7 +868,7 @@ func TestQueryEnvelope_Helpers(t *testing.T) {
 		}
 		for _, tt := range tests {
 			t.Run(tt.name, func(t *testing.T) {
-				got := tt.envelope.isDisabled()
+				got := tt.envelope.IsDisabled()
 				if got != tt.want {
 					t.Errorf("isDisabled() = %v, want %v", got, tt.want)
 				}
@@ -1107,7 +1107,7 @@ func TestQueryRangeRequest_ValidateOrderByForAggregation(t *testing.T) {

 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			err := tt.query.Validate(RequestTypeTimeSeries)
+			err := tt.query.Validate(GetValidationOptions(RequestTypeTimeSeries)...)
 			if tt.wantErr {
 				if err == nil {
 					t.Errorf("validateOrderByForAggregation() expected error but got none")
@@ -1161,7 +1161,7 @@ func TestNonAggregationFieldsSkipped(t *testing.T) {
 				{TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{Name: "service.name"}},
 			},
 		}
-		err := query.Validate(RequestTypeRaw)
+		err := query.Validate(GetValidationOptions(RequestTypeRaw)...)
 		if err != nil {
 			t.Errorf("expected no error for groupBy with raw request type, got: %v", err)
 		}
@@ -1178,7 +1178,7 @@ func TestNonAggregationFieldsSkipped(t *testing.T) {
 				{TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{Name: ""}},
 			},
 		}
-		err := query.Validate(RequestTypeTimeSeries)
+		err := query.Validate(GetValidationOptions(RequestTypeTimeSeries)...)
 		if err == nil {
 			t.Errorf("expected error for empty groupBy key with timeseries request type")
 		}
@@ -1190,7 +1190,7 @@ func TestNonAggregationFieldsSkipped(t *testing.T) {
 			Signal: telemetrytypes.SignalLogs,
 			Having: &Having{Expression: "count() > 10"},
 		}
-		err := query.Validate(RequestTypeRaw)
+		err := query.Validate(GetValidationOptions(RequestTypeRaw)...)
 		if err != nil {
 			t.Errorf("expected no error for having with raw request type, got: %v", err)
 		}
@@ -1202,7 +1202,7 @@ func TestNonAggregationFieldsSkipped(t *testing.T) {
 			Signal: telemetrytypes.SignalTraces,
 			Having: &Having{Expression: "count() > 10"},
 		}
-		err := query.Validate(RequestTypeTrace)
+		err := query.Validate(GetValidationOptions(RequestTypeTrace)...)
 		if err != nil {
 			t.Errorf("expected no error for having with trace request type, got: %v", err)
 		}
@@ -1216,7 +1216,7 @@ func TestNonAggregationFieldsSkipped(t *testing.T) {
 				{Expression: "count()"},
 			},
 		}
-		err := query.Validate(RequestTypeRaw)
+		err := query.Validate(GetValidationOptions(RequestTypeRaw)...)
 		if err != nil {
 			t.Errorf("expected no error for aggregations with raw request type, got: %v", err)
 		}
@@ -1230,7 +1230,7 @@ func TestNonAggregationFieldsSkipped(t *testing.T) {
 				{Expression: "count()"},
 			},
 		}
-		err := query.Validate(RequestTypeRawStream)
+		err := query.Validate(GetValidationOptions(RequestTypeRawStream)...)
 		if err != nil {
 			t.Errorf("expected no error for aggregations with raw_stream request type, got: %v", err)
 		}
@@ -1248,12 +1248,12 @@ func TestNonAggregationFieldsSkipped(t *testing.T) {
 			},
 		}
 		// Should error for raw (selectFields are validated)
-		err := query.Validate(RequestTypeRaw)
+		err := query.Validate(GetValidationOptions(RequestTypeRaw)...)
 		if err == nil {
 			t.Errorf("expected error for isRoot in selectFields with raw request type")
 		}
 		// Should pass for timeseries (selectFields skipped)
-		err = query.Validate(RequestTypeTimeSeries)
+		err = query.Validate(GetValidationOptions(RequestTypeTimeSeries)...)
 		if err != nil {
 			t.Errorf("expected no error for isRoot in selectFields with timeseries request type, got: %v", err)
 		}
--- a/pkg/types/authtypes/legacy_role.go
+++ b/pkg/types/authtypes/legacy_role.go
@@ -1,4 +1,4 @@
-package authtypes
+package types

 import (
 	"encoding/json"
@@ -7,15 +7,15 @@ import (
 )

 // Do not take inspiration from this. This is a hack to avoid using valuer.String and use upper case strings.
-type LegacyRole string
+type Role string

 const (
-	RoleAdmin  LegacyRole = "ADMIN"
-	RoleEditor LegacyRole = "EDITOR"
-	RoleViewer LegacyRole = "VIEWER"
+	RoleAdmin  Role = "ADMIN"
+	RoleEditor Role = "EDITOR"
+	RoleViewer Role = "VIEWER"
 )

-func NewLegacyRole(role string) (LegacyRole, error) {
+func NewRole(role string) (Role, error) {
 	switch role {
 	case "ADMIN":
 		return RoleAdmin, nil
@@ -28,17 +28,17 @@ func NewLegacyRole(role string) (LegacyRole, error) {
 	return "", errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "invalid role: %s", role)
 }

-func (r LegacyRole) String() string {
+func (r Role) String() string {
 	return string(r)
 }

-func (r *LegacyRole) UnmarshalJSON(data []byte) error {
+func (r *Role) UnmarshalJSON(data []byte) error {
 	var s string
 	if err := json.Unmarshal(data, &s); err != nil {
 		return err
 	}

-	role, err := NewLegacyRole(s)
+	role, err := NewRole(s)
 	if err != nil {
 		return err
 	}
@@ -47,6 +47,6 @@ func (r *LegacyRole) UnmarshalJSON(data []byte) error {
 	return nil
 }

-func (r LegacyRole) MarshalJSON() ([]byte, error) {
+func (r Role) MarshalJSON() ([]byte, error) {
 	return json.Marshal(r.String())
 }
--- a/pkg/types/roletypes/role.go
+++ b/pkg/types/roletypes/role.go
@@ -1,13 +1,13 @@
-package authtypes
+package roletypes

 import (
-	"context"
 	"encoding/json"
 	"regexp"
 	"time"

 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	openfgav1 "github.com/openfga/api/proto/openfga/v1"
 	"github.com/uptrace/bun"
@@ -43,15 +43,15 @@ var (
 )

 var (
-	ExistingRoleToSigNozManagedRoleMap = map[LegacyRole]string{
-		RoleAdmin:  SigNozAdminRoleName,
-		RoleEditor: SigNozEditorRoleName,
-		RoleViewer: SigNozViewerRoleName,
+	ExistingRoleToSigNozManagedRoleMap = map[types.Role]string{
+		types.RoleAdmin:  SigNozAdminRoleName,
+		types.RoleEditor: SigNozEditorRoleName,
+		types.RoleViewer: SigNozViewerRoleName,
 	}
 )

 var (
-	TypeableResourcesRoles = MustNewTypeableMetaResources(MustNewName("roles"))
+	TypeableResourcesRoles = authtypes.MustNewTypeableMetaResources(authtypes.MustNewName("roles"))
 )

 type StorableRole struct {
@@ -194,20 +194,20 @@ func (role *PatchableRole) UnmarshalJSON(data []byte) error {
 	return nil
 }

-func GetAdditionTuples(name string, orgID valuer.UUID, relation Relation, additions []*Object) ([]*openfgav1.TupleKey, error) {
+func GetAdditionTuples(name string, orgID valuer.UUID, relation authtypes.Relation, additions []*authtypes.Object) ([]*openfgav1.TupleKey, error) {
 	tuples := make([]*openfgav1.TupleKey, 0)

 	for _, object := range additions {
-		typeable := MustNewTypeableFromType(object.Resource.Type, object.Resource.Name)
+		typeable := authtypes.MustNewTypeableFromType(object.Resource.Type, object.Resource.Name)
 		transactionTuples, err := typeable.Tuples(
-			MustNewSubject(
-				TypeableRole,
+			authtypes.MustNewSubject(
+				authtypes.TypeableRole,
 				name,
 				orgID,
-				&RelationAssignee,
+				&authtypes.RelationAssignee,
 			),
 			relation,
-			[]Selector{object.Selector},
+			[]authtypes.Selector{object.Selector},
 			orgID,
 		)
 		if err != nil {
@@ -220,20 +220,20 @@ func GetAdditionTuples(name string, orgID valuer.UUID, relation Relation, additi
 	return tuples, nil
 }

-func GetDeletionTuples(name string, orgID valuer.UUID, relation Relation, deletions []*Object) ([]*openfgav1.TupleKey, error) {
+func GetDeletionTuples(name string, orgID valuer.UUID, relation authtypes.Relation, deletions []*authtypes.Object) ([]*openfgav1.TupleKey, error) {
 	tuples := make([]*openfgav1.TupleKey, 0)

 	for _, object := range deletions {
-		typeable := MustNewTypeableFromType(object.Resource.Type, object.Resource.Name)
+		typeable := authtypes.MustNewTypeableFromType(object.Resource.Type, object.Resource.Name)
 		transactionTuples, err := typeable.Tuples(
-			MustNewSubject(
-				TypeableRole,
+			authtypes.MustNewSubject(
+				authtypes.TypeableRole,
 				name,
 				orgID,
-				&RelationAssignee,
+				&authtypes.RelationAssignee,
 			),
 			relation,
-			[]Selector{object.Selector},
+			[]authtypes.Selector{object.Selector},
 			orgID,
 		)
 		if err != nil {
@@ -246,7 +246,7 @@ func GetDeletionTuples(name string, orgID valuer.UUID, relation Relation, deleti
 	return tuples, nil
 }

-func MustGetSigNozManagedRoleFromExistingRole(role LegacyRole) string {
+func MustGetSigNozManagedRoleFromExistingRole(role types.Role) string {
 	managedRole, ok := ExistingRoleToSigNozManagedRoleMap[role]
 	if !ok {
 		panic(errors.Newf(errors.TypeInternal, errors.CodeInternal, "invalid role: %s", role.String()))
@@ -254,15 +254,3 @@ func MustGetSigNozManagedRoleFromExistingRole(role LegacyRole) string {

 	return managedRole
 }
-
-type RoleStore interface {
-	Create(context.Context, *StorableRole) error
-	Get(context.Context, valuer.UUID, valuer.UUID) (*StorableRole, error)
-	GetByOrgIDAndName(context.Context, valuer.UUID, string) (*StorableRole, error)
-	List(context.Context, valuer.UUID) ([]*StorableRole, error)
-	ListByOrgIDAndNames(context.Context, valuer.UUID, []string) ([]*StorableRole, error)
-	ListByOrgIDAndIDs(context.Context, valuer.UUID, []valuer.UUID) ([]*StorableRole, error)
-	Update(context.Context, valuer.UUID, *StorableRole) error
-	Delete(context.Context, valuer.UUID, valuer.UUID) error
-	RunInTx(context.Context, func(ctx context.Context) error) error
-}
--- a/pkg/types/roletypes/store.go
+++ b/pkg/types/roletypes/store.go
@@ -0,0 +1,19 @@
+package roletypes
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+type Store interface {
+	Create(context.Context, *StorableRole) error
+	Get(context.Context, valuer.UUID, valuer.UUID) (*StorableRole, error)
+	GetByOrgIDAndName(context.Context, valuer.UUID, string) (*StorableRole, error)
+	List(context.Context, valuer.UUID) ([]*StorableRole, error)
+	ListByOrgIDAndNames(context.Context, valuer.UUID, []string) ([]*StorableRole, error)
+	ListByOrgIDAndIDs(context.Context, valuer.UUID, []valuer.UUID) ([]*StorableRole, error)
+	Update(context.Context, valuer.UUID, *StorableRole) error
+	Delete(context.Context, valuer.UUID, valuer.UUID) error
+	RunInTx(context.Context, func(ctx context.Context) error) error
+}
--- a/pkg/types/serviceaccounttypes/service_acccount.go
+++ b/pkg/types/serviceaccounttypes/service_acccount.go
@@ -9,7 +9,7 @@ import (

 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/roletypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/uptrace/bun"
 )
@@ -102,10 +102,10 @@ func NewServiceAccountFromStorables(storableServiceAccount *StorableServiceAccou
 	}
 }

-func NewServiceAccountsFromRoles(storableServiceAccounts []*StorableServiceAccount, roles []*authtypes.Role, serviceAccountIDToRoleIDsMap map[string][]valuer.UUID) []*ServiceAccount {
+func NewServiceAccountsFromRoles(storableServiceAccounts []*StorableServiceAccount, roles []*roletypes.Role, serviceAccountIDToRoleIDsMap map[string][]valuer.UUID) []*ServiceAccount {
 	serviceAccounts := make([]*ServiceAccount, 0, len(storableServiceAccounts))

-	roleIDToRole := make(map[string]*authtypes.Role, len(roles))
+	roleIDToRole := make(map[string]*roletypes.Role, len(roles))
 	for _, role := range roles {
 		roleIDToRole[role.ID.String()] = role
 	}
--- a/pkg/types/serviceaccounttypes/service_account_role.go
+++ b/pkg/types/serviceaccounttypes/service_account_role.go
@@ -5,7 +5,7 @@ import (

 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/roletypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/uptrace/bun"
 )
@@ -19,7 +19,7 @@ type StorableServiceAccountRole struct {
 	RoleID           string `bun:"role_id"`
 }

-func NewStorableServiceAccountRoles(serviceAccountID valuer.UUID, roles []*authtypes.Role) []*StorableServiceAccountRole {
+func NewStorableServiceAccountRoles(serviceAccountID valuer.UUID, roles []*roletypes.Role) []*StorableServiceAccountRole {
 	storableServiceAccountRoles := make([]*StorableServiceAccountRole, len(roles))
 	for idx, role := range roles {
 		storableServiceAccountRoles[idx] = &StorableServiceAccountRole{
@@ -38,7 +38,7 @@ func NewStorableServiceAccountRoles(serviceAccountID valuer.UUID, roles []*autht
 	return storableServiceAccountRoles
 }

-func NewRolesFromStorableServiceAccountRoles(storable []*StorableServiceAccountRole, roles []*authtypes.Role) ([]string, error) {
+func NewRolesFromStorableServiceAccountRoles(storable []*StorableServiceAccountRole, roles []*roletypes.Role) ([]string, error) {
 	roleIDToName := make(map[string]string, len(roles))
 	for _, role := range roles {
 		roleIDToName[role.ID.String()] = role.Name
--- a/pkg/types/tracefunneltypes/tracefunnel.go
+++ b/pkg/types/tracefunneltypes/tracefunnel.go
@@ -4,7 +4,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/errors"
 	v3 "github.com/SigNoz/signoz/pkg/query-service/model/v3"
 	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/usertypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/uptrace/bun"
 )
@@ -19,12 +18,12 @@ type StorableFunnel struct {
 	types.TimeAuditable
 	types.UserAuditable
 	bun.BaseModel `bun:"table:trace_funnel"`
-	Name          string          `json:"funnel_name" bun:"name,type:text,notnull"`
-	Description   string          `json:"description" bun:"description,type:text"`
-	OrgID         valuer.UUID     `json:"org_id" bun:"org_id,type:varchar,notnull"`
-	Steps         []*FunnelStep   `json:"steps" bun:"steps,type:text,notnull"`
-	Tags          string          `json:"tags" bun:"tags,type:text"`
-	CreatedByUser *usertypes.User `json:"user" bun:"rel:belongs-to,join:created_by=id"`
+	Name          string        `json:"funnel_name" bun:"name,type:text,notnull"`
+	Description   string        `json:"description" bun:"description,type:text"`
+	OrgID         valuer.UUID   `json:"org_id" bun:"org_id,type:varchar,notnull"`
+	Steps         []*FunnelStep `json:"steps" bun:"steps,type:text,notnull"`
+	Tags          string        `json:"tags" bun:"tags,type:text"`
+	CreatedByUser *types.User   `json:"user" bun:"rel:belongs-to,join:created_by=id"`
 }

 type FunnelStep struct {
--- a/pkg/types/tracefunneltypes/utils_test.go
+++ b/pkg/types/tracefunneltypes/utils_test.go
@@ -6,7 +6,6 @@ import (

 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/usertypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/stretchr/testify/assert"
 )
@@ -444,7 +443,7 @@ func TestConstructFunnelResponse(t *testing.T) {
 				},
 				Name:  "test-funnel",
 				OrgID: orgID,
-				CreatedByUser: &usertypes.User{
+				CreatedByUser: &types.User{
 					Identifiable: types.Identifiable{
 						ID: userID,
 					},
--- a/pkg/types/usertypes/user.go
+++ b/pkg/types/usertypes/user.go
@@ -1,4 +1,4 @@
-package usertypes
+package types

 import (
 	"context"
@@ -7,8 +7,6 @@ import (
 	"time"

 	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/uptrace/bun"
 )
@@ -19,7 +17,7 @@ var (
 	ErrUserAlreadyExists                = errors.MustNewCode("user_already_exists")
 	ErrPasswordAlreadyExists            = errors.MustNewCode("password_already_exists")
 	ErrResetPasswordTokenAlreadyExists  = errors.MustNewCode("reset_password_token_already_exists")
-	ErrCodePasswordNotFound             = errors.MustNewCode("password_not_found")
+	ErrPasswordNotFound                 = errors.MustNewCode("password_not_found")
 	ErrResetPasswordTokenNotFound       = errors.MustNewCode("reset_password_token_not_found")
 	ErrAPIKeyAlreadyExists              = errors.MustNewCode("api_key_already_exists")
 	ErrAPIKeyNotFound                   = errors.MustNewCode("api_key_not_found")
@@ -40,15 +38,15 @@ type GettableUser = User
 type User struct {
 	bun.BaseModel `bun:"table:users"`

-	types.Identifiable
-	DisplayName string               `bun:"display_name" json:"displayName"`
-	Email       valuer.Email         `bun:"email" json:"email"`
-	Role        authtypes.LegacyRole `bun:"role" json:"role"`
-	OrgID       valuer.UUID          `bun:"org_id" json:"orgId"`
-	IsRoot      bool                 `bun:"is_root" json:"isRoot"`
-	Status      valuer.String        `bun:"status" json:"status"`
-	DeletedAt   time.Time            `bun:"deleted_at" json:"-"`
-	types.TimeAuditable
+	Identifiable
+	DisplayName string        `bun:"display_name" json:"displayName"`
+	Email       valuer.Email  `bun:"email" json:"email"`
+	Role        Role          `bun:"role" json:"role"`
+	OrgID       valuer.UUID   `bun:"org_id" json:"orgId"`
+	IsRoot      bool          `bun:"is_root" json:"isRoot"`
+	Status      valuer.String `bun:"status" json:"status"`
+	DeletedAt   time.Time     `bun:"deleted_at" json:"-"`
+	TimeAuditable
 }

 type PostableRegisterOrgAndAdmin struct {
@@ -59,7 +57,7 @@ type PostableRegisterOrgAndAdmin struct {
 	OrgName        string       `json:"orgName"`
 }

-func NewUser(displayName string, email valuer.Email, role authtypes.LegacyRole, orgID valuer.UUID, status valuer.String) (*User, error) {
+func NewUser(displayName string, email valuer.Email, role Role, orgID valuer.UUID, status valuer.String) (*User, error) {
 	if email.IsZero() {
 		return nil, errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "email is required")
 	}
@@ -77,7 +75,7 @@ func NewUser(displayName string, email valuer.Email, role authtypes.LegacyRole,
 	}

 	return &User{
-		Identifiable: types.Identifiable{
+		Identifiable: Identifiable{
 			ID: valuer.GenerateUUID(),
 		},
 		DisplayName: displayName,
@@ -86,7 +84,7 @@ func NewUser(displayName string, email valuer.Email, role authtypes.LegacyRole,
 		OrgID:       orgID,
 		IsRoot:      false,
 		Status:      status,
-		TimeAuditable: types.TimeAuditable{
+		TimeAuditable: TimeAuditable{
 			CreatedAt: time.Now(),
 			UpdatedAt: time.Now(),
 		},
@@ -103,16 +101,16 @@ func NewRootUser(displayName string, email valuer.Email, orgID valuer.UUID) (*Us
 	}

 	return &User{
-		Identifiable: types.Identifiable{
+		Identifiable: Identifiable{
 			ID: valuer.GenerateUUID(),
 		},
 		DisplayName: displayName,
 		Email:       email,
-		Role:        authtypes.RoleAdmin,
+		Role:        RoleAdmin,
 		OrgID:       orgID,
 		IsRoot:      true,
 		Status:      UserStatusActive,
-		TimeAuditable: types.TimeAuditable{
+		TimeAuditable: TimeAuditable{
 			CreatedAt: time.Now(),
 			UpdatedAt: time.Now(),
 		},
@@ -121,7 +119,7 @@ func NewRootUser(displayName string, email valuer.Email, orgID valuer.UUID) (*Us

 // Update applies mutable fields from the input to the user. Immutable fields
 // (email, is_root, org_id, id) are preserved. Only non-zero input fields are applied.
-func (u *User) Update(displayName string, role authtypes.LegacyRole) {
+func (u *User) Update(displayName string, role Role) {
 	if displayName != "" {
 		u.DisplayName = displayName
 	}
@@ -151,7 +149,7 @@ func (u *User) UpdateStatus(status valuer.String) error {
 // PromoteToRoot promotes the user to a root user with admin role.
 func (u *User) PromoteToRoot() {
 	u.IsRoot = true
-	u.Role = authtypes.RoleAdmin
+	u.Role = RoleAdmin
 	u.UpdatedAt = time.Now()
 }

@@ -232,7 +230,7 @@ type UserStore interface {
 	GetUsersByEmail(ctx context.Context, email valuer.Email) ([]*User, error)

 	// Get users by role and org.
-	GetActiveUsersByRoleAndOrgID(ctx context.Context, role authtypes.LegacyRole, orgID valuer.UUID) ([]*User, error)
+	GetActiveUsersByRoleAndOrgID(ctx context.Context, role Role, orgID valuer.UUID) ([]*User, error)

 	// List users by org.
 	ListUsersByOrgID(ctx context.Context, orgID valuer.UUID) ([]*User, error)
@@ -274,9 +272,6 @@ type UserStore interface {
 	// Get user by reset password token
 	GetUserByResetPasswordToken(ctx context.Context, token string) (*User, error)

-	// For AuthN - Get user and factor password by email and orgID.
-	GetActiveUserAndFactorPasswordByEmailAndOrgID(ctx context.Context, email string, orgID valuer.UUID) (*User, *FactorPassword, error)
-
 	// Transaction
 	RunInTx(ctx context.Context, cb func(ctx context.Context) error) error
 }
--- a/tests/integration/src/rawexportdata/01_logs.py
+++ b/tests/integration/src/rawexportdata/01_logs.py
@@ -0,0 +1,634 @@
+import csv
+import io
+import json
+from datetime import datetime, timedelta, timezone
+from http import HTTPStatus
+from typing import Callable, List
+from urllib.parse import urlencode
+
+import requests
+
+from fixtures import types
+from fixtures.auth import USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD
+from fixtures.logs import Logs
+
+
+def test_export_logs_csv(
+    signoz: types.SigNoz,
+    create_user_admin: None,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    insert_logs: Callable[[List[Logs]], None],
+) -> None:
+    """
+    Setup:
+    Insert 3 logs with different severity levels and attributes.
+
+    Tests:
+    1. Export logs as CSV format
+    2. Verify CSV structure and content
+    3. Validate headers are present
+    4. Check log data is correctly formatted
+    """
+    now = datetime.now(tz=timezone.utc).replace(second=0, microsecond=0)
+
+    insert_logs(
+        [
+            Logs(
+                timestamp=now - timedelta(seconds=10),
+                body="Application started successfully",
+                severity_text="INFO",
+                resources={
+                    "service.name": "api-service",
+                    "deployment.environment": "production",
+                    "host.name": "server-01",
+                },
+                attributes={
+                    "http.method": "GET",
+                    "http.status_code": 200,
+                    "user.id": "user123",
+                },
+            ),
+            Logs(
+                timestamp=now - timedelta(seconds=8),
+                body="Connection to database failed",
+                severity_text="ERROR",
+                resources={
+                    "service.name": "api-service",
+                    "deployment.environment": "production",
+                    "host.name": "server-01",
+                },
+                attributes={
+                    "error.type": "ConnectionError",
+                    "db.name": "production_db",
+                },
+            ),
+            Logs(
+                timestamp=now - timedelta(seconds=5),
+                body="Request processed",
+                severity_text="DEBUG",
+                resources={
+                    "service.name": "worker-service",
+                    "deployment.environment": "production",
+                    "host.name": "server-02",
+                },
+                attributes={
+                    "request.id": "req-456",
+                    "duration_ms": 150.5,
+                },
+            ),
+        ]
+    )
+
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    # Calculate timestamps in nanoseconds
+    start_ns = int((now - timedelta(minutes=5)).timestamp() * 1e9)
+    end_ns = int(now.timestamp() * 1e9)
+
+    params = {
+        "start": start_ns,
+        "end": end_ns,
+    }
+
+    # Export logs as CSV (default format, no source needed)
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(
+            f"/api/v1/export_raw_data?{urlencode(params)}"
+        ),
+        timeout=30,
+        headers={
+            "authorization": f"Bearer {token}",
+        },
+    )
+
+    assert response.status_code == HTTPStatus.OK
+    assert response.headers["Content-Type"] == "text/csv"
+    assert "attachment" in response.headers.get("Content-Disposition", "")
+
+    # Parse CSV content
+    csv_content = response.text
+    csv_reader = csv.DictReader(io.StringIO(csv_content))
+
+    rows = list(csv_reader)
+    assert len(rows) == 3, f"Expected 3 rows, got {len(rows)}"
+
+    # Verify log bodies are present in the exported data
+    bodies = [row.get("body") for row in rows]
+    assert "Application started successfully" in bodies
+    assert "Connection to database failed" in bodies
+    assert "Request processed" in bodies
+
+    # Verify severity levels
+    severities = [row.get("severity_text") for row in rows]
+    assert "INFO" in severities
+    assert "ERROR" in severities
+    assert "DEBUG" in severities
+
+
+def test_export_logs_jsonl(
+    signoz: types.SigNoz,
+    create_user_admin: None,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    insert_logs: Callable[[List[Logs]], None],
+) -> None:
+    """
+    Setup:
+    Insert 2 logs with different attributes.
+
+    Tests:
+    1. Export logs as JSONL format
+    2. Verify JSONL structure and content
+    3. Check each line is valid JSON
+    4. Validate log data is correctly formatted
+    """
+    now = datetime.now(tz=timezone.utc).replace(second=0, microsecond=0)
+
+    insert_logs(
+        [
+            Logs(
+                timestamp=now - timedelta(seconds=10),
+                body="User logged in",
+                severity_text="INFO",
+                resources={
+                    "service.name": "auth-service",
+                    "deployment.environment": "staging",
+                },
+                attributes={
+                    "user.email": "test@example.com",
+                    "session.id": "sess-789",
+                },
+            ),
+            Logs(
+                timestamp=now - timedelta(seconds=5),
+                body="Payment processed successfully",
+                severity_text="INFO",
+                resources={
+                    "service.name": "payment-service",
+                    "deployment.environment": "staging",
+                },
+                attributes={
+                    "transaction.id": "txn-123",
+                    "amount": 99.99,
+                },
+            ),
+        ]
+    )
+
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    # Calculate timestamps in nanoseconds
+    start_ns = int((now - timedelta(minutes=5)).timestamp() * 1e9)
+    end_ns = int(now.timestamp() * 1e9)
+
+    params = {
+        "start": start_ns,
+        "end": end_ns,
+        "format": "jsonl",
+        "source": "logs",
+    }
+
+    # Export logs as JSONL
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(
+            f"/api/v1/export_raw_data?{urlencode(params)}"
+        ),
+        timeout=10,
+        headers={
+            "authorization": f"Bearer {token}",
+        },
+    )
+
+    assert response.status_code == HTTPStatus.OK
+    assert response.headers["Content-Type"] == "application/x-ndjson"
+    assert "attachment" in response.headers.get("Content-Disposition", "")
+
+    # Parse JSONL content
+    jsonl_lines = response.text.strip().split("\n")
+    assert len(jsonl_lines) == 2, f"Expected 2 lines, got {len(jsonl_lines)}"
+
+    # Verify each line is valid JSON
+    json_objects = []
+    for line in jsonl_lines:
+        obj = json.loads(line)
+        json_objects.append(obj)
+        assert "id" in obj
+        assert "timestamp" in obj
+        assert "body" in obj
+        assert "severity_text" in obj
+
+    # Verify log bodies
+    bodies = [obj.get("body") for obj in json_objects]
+    assert "User logged in" in bodies
+    assert "Payment processed successfully" in bodies
+
+
+def test_export_logs_with_filter(
+    signoz: types.SigNoz,
+    create_user_admin: None,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    insert_logs: Callable[[List[Logs]], None],
+) -> None:
+    """
+    Setup:
+    Insert logs with different severity levels.
+
+    Tests:
+    1. Export logs with filter applied
+    2. Verify only filtered logs are returned
+    """
+    now = datetime.now(tz=timezone.utc).replace(second=0, microsecond=0)
+
+    insert_logs(
+        [
+            Logs(
+                timestamp=now - timedelta(seconds=10),
+                body="Info message",
+                severity_text="INFO",
+                resources={
+                    "service.name": "test-service",
+                },
+                attributes={},
+            ),
+            Logs(
+                timestamp=now - timedelta(seconds=8),
+                body="Error message",
+                severity_text="ERROR",
+                resources={
+                    "service.name": "test-service",
+                },
+                attributes={},
+            ),
+            Logs(
+                timestamp=now - timedelta(seconds=5),
+                body="Another error message",
+                severity_text="ERROR",
+                resources={
+                    "service.name": "test-service",
+                },
+                attributes={},
+            ),
+        ]
+    )
+
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    # Calculate timestamps in nanoseconds
+    start_ns = int((now - timedelta(minutes=5)).timestamp() * 1e9)
+    end_ns = int(now.timestamp() * 1e9)
+
+    params = {
+        "start": start_ns,
+        "end": end_ns,
+        "format": "jsonl",
+        "source": "logs",
+        "filter": "severity_text = 'ERROR'",
+    }
+
+    # Export logs with filter
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(
+            f"/api/v1/export_raw_data?{urlencode(params)}"
+        ),
+        timeout=10,
+        headers={
+            "authorization": f"Bearer {token}",
+        },
+    )
+
+    assert response.status_code == HTTPStatus.OK
+    assert response.headers["Content-Type"] == "application/x-ndjson"
+
+    # Parse JSONL content
+    jsonl_lines = response.text.strip().split("\n")
+    assert len(jsonl_lines) == 2, f"Expected 2 lines (filtered), got {len(jsonl_lines)}"
+
+    # Verify only ERROR logs are returned
+    for line in jsonl_lines:
+        obj = json.loads(line)
+        assert obj["severity_text"] == "ERROR"
+        assert "error message" in obj["body"].lower()
+
+
+def test_export_logs_with_limit(
+    signoz: types.SigNoz,
+    create_user_admin: None,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    insert_logs: Callable[[List[Logs]], None],
+) -> None:
+    """
+    Setup:
+    Insert 5 logs.
+
+    Tests:
+    1. Export logs with limit applied
+    2. Verify only limited number of logs are returned
+    """
+    now = datetime.now(tz=timezone.utc).replace(second=0, microsecond=0)
+
+    logs = []
+    for i in range(5):
+        logs.append(
+            Logs(
+                timestamp=now - timedelta(seconds=i),
+                body=f"Log message {i}",
+                severity_text="INFO",
+                resources={
+                    "service.name": "test-service",
+                },
+                attributes={
+                    "index": i,
+                },
+            )
+        )
+
+    insert_logs(logs)
+
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    # Calculate timestamps in nanoseconds
+    start_ns = int((now - timedelta(minutes=5)).timestamp() * 1e9)
+    end_ns = int(now.timestamp() * 1e9)
+
+    params = {
+        "start": start_ns,
+        "end": end_ns,
+        "format": "csv",
+        "source": "logs",
+        "limit": 3,
+    }
+
+    # Export logs with limit
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(
+            f"/api/v1/export_raw_data?{urlencode(params)}"
+        ),
+        timeout=10,
+        headers={
+            "authorization": f"Bearer {token}",
+        },
+    )
+
+    assert response.status_code == HTTPStatus.OK
+    assert response.headers["Content-Type"] == "text/csv"
+
+    # Parse CSV content
+    csv_content = response.text
+    csv_reader = csv.DictReader(io.StringIO(csv_content))
+
+    rows = list(csv_reader)
+    assert len(rows) == 3, f"Expected 3 rows (limited), got {len(rows)}"
+
+
+def test_export_logs_with_columns(
+    signoz: types.SigNoz,
+    create_user_admin: None,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    insert_logs: Callable[[List[Logs]], None],
+) -> None:
+    """
+    Setup:
+    Insert logs with various attributes.
+
+    Tests:
+    1. Export logs with specific columns
+    2. Verify only specified columns are returned
+    """
+    now = datetime.now(tz=timezone.utc).replace(second=0, microsecond=0)
+
+    insert_logs(
+        [
+            Logs(
+                timestamp=now - timedelta(seconds=10),
+                body="Test log message",
+                severity_text="INFO",
+                resources={
+                    "service.name": "test-service",
+                    "deployment.environment": "production",
+                },
+                attributes={
+                    "http.method": "GET",
+                    "http.status_code": 200,
+                },
+            ),
+        ]
+    )
+
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    # Calculate timestamps in nanoseconds
+    start_ns = int((now - timedelta(minutes=5)).timestamp() * 1e9)
+    end_ns = int(now.timestamp() * 1e9)
+
+    # Request only specific columns
+    params = {
+        "start": start_ns,
+        "end": end_ns,
+        "format": "csv",
+        "source": "logs",
+        "columns": ["timestamp", "severity_text", "body"],
+    }
+
+    # Export logs with specific columns
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(
+            f"/api/v1/export_raw_data?{urlencode(params, doseq=True)}"
+        ),
+        timeout=10,
+        headers={
+            "authorization": f"Bearer {token}",
+        },
+    )
+
+    assert response.status_code == HTTPStatus.OK
+    assert response.headers["Content-Type"] == "text/csv"
+
+    # Parse CSV content
+    csv_content = response.text
+    csv_reader = csv.DictReader(io.StringIO(csv_content))
+
+    rows = list(csv_reader)
+    assert len(rows) == 1
+
+    # Verify the specified columns are present
+    row = rows[0]
+    assert "timestamp" in row
+    assert "severity_text" in row
+    assert "body" in row
+    assert row["severity_text"] == "INFO"
+    assert row["body"] == "Test log message"
+
+
+def test_export_logs_with_order_by(
+    signoz: types.SigNoz,
+    create_user_admin: None,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    insert_logs: Callable[[List[Logs]], None],
+) -> None:
+    """
+    Setup:
+    Insert logs at different timestamps.
+
+    Tests:
+    1. Export logs with ascending timestamp order
+    2. Verify logs are returned in correct order
+    """
+    now = datetime.now(tz=timezone.utc).replace(second=0, microsecond=0)
+
+    insert_logs(
+        [
+            Logs(
+                timestamp=now - timedelta(seconds=10),
+                body="First log",
+                severity_text="INFO",
+                resources={
+                    "service.name": "test-service",
+                },
+                attributes={},
+            ),
+            Logs(
+                timestamp=now - timedelta(seconds=5),
+                body="Second log",
+                severity_text="INFO",
+                resources={
+                    "service.name": "test-service",
+                },
+                attributes={},
+            ),
+            Logs(
+                timestamp=now - timedelta(seconds=1),
+                body="Third log",
+                severity_text="INFO",
+                resources={
+                    "service.name": "test-service",
+                },
+                attributes={},
+            ),
+        ]
+    )
+
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    # Calculate timestamps in nanoseconds
+    start_ns = int((now - timedelta(minutes=5)).timestamp() * 1e9)
+    end_ns = int(now.timestamp() * 1e9)
+
+    params = {
+        "start": start_ns,
+        "end": end_ns,
+        "format": "jsonl",
+        "source": "logs",
+        "order_by": "timestamp:asc",
+    }
+
+    # Export logs with ascending order
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(
+            f"/api/v1/export_raw_data?{urlencode(params)}"
+        ),
+        timeout=10,
+        headers={
+            "authorization": f"Bearer {token}",
+        },
+    )
+
+    assert response.status_code == HTTPStatus.OK
+    assert response.headers["Content-Type"] == "application/x-ndjson"
+
+    # Parse JSONL content
+    jsonl_lines = response.text.strip().split("\n")
+    assert len(jsonl_lines) == 3
+
+    # Verify order - first log should be "First log" (oldest)
+    json_objects = [json.loads(line) for line in jsonl_lines]
+    assert json_objects[0]["body"] == "First log"
+    assert json_objects[1]["body"] == "Second log"
+    assert json_objects[2]["body"] == "Third log"
+
+
+def test_export_logs_with_complex_filter(
+    signoz: types.SigNoz,
+    create_user_admin: None,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    insert_logs: Callable[[List[Logs]], None],
+) -> None:
+    """
+    Setup:
+    Insert logs with various service names and severity levels.
+
+    Tests:
+    1. Export logs with complex filter (multiple conditions)
+    2. Verify only logs matching all conditions are returned
+    """
+    now = datetime.now(tz=timezone.utc).replace(second=0, microsecond=0)
+
+    insert_logs(
+        [
+            Logs(
+                timestamp=now - timedelta(seconds=10),
+                body="API error occurred",
+                severity_text="ERROR",
+                resources={
+                    "service.name": "api-service",
+                },
+                attributes={},
+            ),
+            Logs(
+                timestamp=now - timedelta(seconds=8),
+                body="Worker info message",
+                severity_text="INFO",
+                resources={
+                    "service.name": "worker-service",
+                },
+                attributes={},
+            ),
+            Logs(
+                timestamp=now - timedelta(seconds=5),
+                body="API info message",
+                severity_text="INFO",
+                resources={
+                    "service.name": "api-service",
+                },
+                attributes={},
+            ),
+        ]
+    )
+
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    # Calculate timestamps in nanoseconds
+    start_ns = int((now - timedelta(minutes=5)).timestamp() * 1e9)
+    end_ns = int(now.timestamp() * 1e9)
+
+    # Filter for api-service AND ERROR severity
+    params = {
+        "start": start_ns,
+        "end": end_ns,
+        "format": "jsonl",
+        "source": "logs",
+        "filter": "service.name = 'api-service' AND severity_text = 'ERROR'",
+    }
+
+    # Export logs with complex filter
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(
+            f"/api/v1/export_raw_data?{urlencode(params)}"
+        ),
+        timeout=10,
+        headers={
+            "authorization": f"Bearer {token}",
+        },
+    )
+
+    assert response.status_code == HTTPStatus.OK
+    assert response.headers["Content-Type"] == "application/x-ndjson"
+
+    # Parse JSONL content
+    jsonl_lines = response.text.strip().split("\n")
+    assert (
+        len(jsonl_lines) == 1
+    ), f"Expected 1 line (complex filter), got {len(jsonl_lines)}"
+
+    # Verify the filtered log
+    filtered_obj = json.loads(jsonl_lines[0])
+    assert filtered_obj["body"] == "API error occurred"
+    assert filtered_obj["severity_text"] == "ERROR"
--- a/tests/integration/src/rawexportdata/02_traces.py
+++ b/tests/integration/src/rawexportdata/02_traces.py
@@ -0,0 +1,782 @@
+import csv
+import io
+import json
+from datetime import datetime, timedelta, timezone
+from http import HTTPStatus
+from typing import Callable, List
+from urllib.parse import urlencode
+
+import requests
+
+from fixtures import types
+from fixtures.auth import USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD
+from fixtures.traces import TraceIdGenerator, Traces, TracesKind, TracesStatusCode
+
+
+def test_export_traces_csv(
+    signoz: types.SigNoz,
+    create_user_admin: None,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    insert_traces: Callable[[List[Traces]], None],
+) -> None:
+    """
+    Setup:
+    Insert 3 traces with different attributes.
+
+    Tests:
+    1. Export traces as CSV format
+    2. Verify CSV structure and content
+    3. Validate headers are present
+    4. Check trace data is correctly formatted
+    """
+    http_service_trace_id = TraceIdGenerator.trace_id()
+    http_service_span_id = TraceIdGenerator.span_id()
+    http_service_db_span_id = TraceIdGenerator.span_id()
+    topic_service_trace_id = TraceIdGenerator.trace_id()
+    topic_service_span_id = TraceIdGenerator.span_id()
+
+    now = datetime.now(tz=timezone.utc).replace(second=0, microsecond=0)
+
+    insert_traces(
+        [
+            Traces(
+                timestamp=now - timedelta(seconds=4),
+                duration=timedelta(seconds=3),
+                trace_id=http_service_trace_id,
+                span_id=http_service_span_id,
+                parent_span_id="",
+                name="POST /integration",
+                kind=TracesKind.SPAN_KIND_SERVER,
+                status_code=TracesStatusCode.STATUS_CODE_OK,
+                status_message="",
+                resources={
+                    "deployment.environment": "production",
+                    "service.name": "http-service",
+                    "os.type": "linux",
+                    "host.name": "linux-000",
+                },
+                attributes={
+                    "net.transport": "IP.TCP",
+                    "http.scheme": "http",
+                    "http.user_agent": "Integration Test",
+                    "http.request.method": "POST",
+                    "http.response.status_code": "200",
+                },
+            ),
+            Traces(
+                timestamp=now - timedelta(seconds=3.5),
+                duration=timedelta(seconds=0.5),
+                trace_id=http_service_trace_id,
+                span_id=http_service_db_span_id,
+                parent_span_id=http_service_span_id,
+                name="SELECT",
+                kind=TracesKind.SPAN_KIND_CLIENT,
+                status_code=TracesStatusCode.STATUS_CODE_OK,
+                status_message="",
+                resources={
+                    "deployment.environment": "production",
+                    "service.name": "http-service",
+                    "os.type": "linux",
+                    "host.name": "linux-000",
+                },
+                attributes={
+                    "db.name": "integration",
+                    "db.operation": "SELECT",
+                    "db.statement": "SELECT * FROM integration",
+                },
+            ),
+            Traces(
+                timestamp=now - timedelta(seconds=1),
+                duration=timedelta(seconds=2),
+                trace_id=topic_service_trace_id,
+                span_id=topic_service_span_id,
+                parent_span_id="",
+                name="topic publish",
+                kind=TracesKind.SPAN_KIND_PRODUCER,
+                status_code=TracesStatusCode.STATUS_CODE_OK,
+                status_message="",
+                resources={
+                    "deployment.environment": "production",
+                    "service.name": "topic-service",
+                    "os.type": "linux",
+                    "host.name": "linux-001",
+                },
+                attributes={
+                    "message.type": "SENT",
+                    "messaging.operation": "publish",
+                    "messaging.message.id": "001",
+                },
+            ),
+        ]
+    )
+
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    # Calculate timestamps in nanoseconds
+    start_ns = int((now - timedelta(minutes=5)).timestamp() * 1e9)
+    end_ns = int(now.timestamp() * 1e9)
+
+    params = {
+        "start": start_ns,
+        "end": end_ns,
+        "source": "traces",
+        "limit": 1000,
+    }
+
+    # Export traces as CSV (GET for simple queries)
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(
+            f"/api/v1/export_raw_data?{urlencode(params)}"
+        ),
+        timeout=30,
+        headers={
+            "authorization": f"Bearer {token}",
+        },
+    )
+
+    assert response.status_code == HTTPStatus.OK
+    assert response.headers["Content-Type"] == "text/csv"
+    assert "attachment" in response.headers.get("Content-Disposition", "")
+
+    # Parse CSV content
+    csv_content = response.text
+    csv_reader = csv.DictReader(io.StringIO(csv_content))
+
+    rows = list(csv_reader)
+    assert len(rows) == 3, f"Expected 3 rows, got {len(rows)}"
+
+    # Verify trace IDs are present in the exported data
+    trace_ids = [row.get("trace_id") for row in rows]
+    assert http_service_trace_id in trace_ids
+    assert topic_service_trace_id in trace_ids
+
+    # Verify span names are present
+    span_names = [row.get("name") for row in rows]
+    assert "POST /integration" in span_names
+    assert "SELECT" in span_names
+    assert "topic publish" in span_names
+
+
+def test_export_traces_jsonl(
+    signoz: types.SigNoz,
+    create_user_admin: None,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    insert_traces: Callable[[List[Traces]], None],
+) -> None:
+    """
+    Setup:
+    Insert 2 traces with different attributes.
+
+    Tests:
+    1. Export traces as JSONL format
+    2. Verify JSONL structure and content
+    3. Check each line is valid JSON
+    4. Validate trace data is correctly formatted
+    """
+    http_service_trace_id = TraceIdGenerator.trace_id()
+    http_service_span_id = TraceIdGenerator.span_id()
+    topic_service_trace_id = TraceIdGenerator.trace_id()
+    topic_service_span_id = TraceIdGenerator.span_id()
+
+    now = datetime.now(tz=timezone.utc).replace(second=0, microsecond=0)
+
+    insert_traces(
+        [
+            Traces(
+                timestamp=now - timedelta(seconds=4),
+                duration=timedelta(seconds=3),
+                trace_id=http_service_trace_id,
+                span_id=http_service_span_id,
+                parent_span_id="",
+                name="POST /api/test",
+                kind=TracesKind.SPAN_KIND_SERVER,
+                status_code=TracesStatusCode.STATUS_CODE_OK,
+                status_message="",
+                resources={
+                    "service.name": "api-service",
+                    "deployment.environment": "staging",
+                },
+                attributes={
+                    "http.request.method": "POST",
+                    "http.response.status_code": "201",
+                },
+            ),
+            Traces(
+                timestamp=now - timedelta(seconds=2),
+                duration=timedelta(seconds=1),
+                trace_id=topic_service_trace_id,
+                span_id=topic_service_span_id,
+                parent_span_id="",
+                name="queue.process",
+                kind=TracesKind.SPAN_KIND_CONSUMER,
+                status_code=TracesStatusCode.STATUS_CODE_OK,
+                status_message="",
+                resources={
+                    "service.name": "queue-service",
+                    "deployment.environment": "staging",
+                },
+                attributes={
+                    "messaging.operation": "process",
+                    "messaging.system": "rabbitmq",
+                },
+            ),
+        ]
+    )
+
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    # Calculate timestamps in nanoseconds
+    start_ns = int((now - timedelta(minutes=5)).timestamp() * 1e9)
+    end_ns = int(now.timestamp() * 1e9)
+
+    params = {
+        "start": start_ns,
+        "end": end_ns,
+        "format": "jsonl",
+        "source": "traces",
+        "limit": 1000,
+    }
+
+    # Export traces as JSONL (GET for simple queries)
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(
+            f"/api/v1/export_raw_data?{urlencode(params)}"
+        ),
+        timeout=10,
+        headers={
+            "authorization": f"Bearer {token}",
+        },
+    )
+
+    assert response.status_code == HTTPStatus.OK
+    assert response.headers["Content-Type"] == "application/x-ndjson"
+    assert "attachment" in response.headers.get("Content-Disposition", "")
+
+    # Parse JSONL content
+    jsonl_lines = response.text.strip().split("\n")
+    assert len(jsonl_lines) == 2, f"Expected 2 lines, got {len(jsonl_lines)}"
+
+    # Verify each line is valid JSON
+    json_objects = []
+    for line in jsonl_lines:
+        obj = json.loads(line)
+        json_objects.append(obj)
+        assert "trace_id" in obj
+        assert "span_id" in obj
+        assert "name" in obj
+
+    # Verify trace IDs are present
+    trace_ids = [obj.get("trace_id") for obj in json_objects]
+    assert http_service_trace_id in trace_ids
+    assert topic_service_trace_id in trace_ids
+
+    # Verify span names are present
+    span_names = [obj.get("name") for obj in json_objects]
+    assert "POST /api/test" in span_names
+    assert "queue.process" in span_names
+
+
+def test_export_traces_with_filter(
+    signoz: types.SigNoz,
+    create_user_admin: None,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    insert_traces: Callable[[List[Traces]], None],
+) -> None:
+    """
+    Setup:
+    Insert traces with different service names.
+
+    Tests:
+    1. Export traces with filter applied
+    2. Verify only filtered traces are returned
+    """
+    service_a_trace_id = TraceIdGenerator.trace_id()
+    service_a_span_id = TraceIdGenerator.span_id()
+    service_b_trace_id = TraceIdGenerator.trace_id()
+    service_b_span_id = TraceIdGenerator.span_id()
+
+    now = datetime.now(tz=timezone.utc).replace(second=0, microsecond=0)
+
+    insert_traces(
+        [
+            Traces(
+                timestamp=now - timedelta(seconds=4),
+                duration=timedelta(seconds=1),
+                trace_id=service_a_trace_id,
+                span_id=service_a_span_id,
+                parent_span_id="",
+                name="operation-a",
+                kind=TracesKind.SPAN_KIND_SERVER,
+                status_code=TracesStatusCode.STATUS_CODE_OK,
+                status_message="",
+                resources={
+                    "service.name": "service-a",
+                },
+                attributes={},
+            ),
+            Traces(
+                timestamp=now - timedelta(seconds=2),
+                duration=timedelta(seconds=1),
+                trace_id=service_b_trace_id,
+                span_id=service_b_span_id,
+                parent_span_id="",
+                name="operation-b",
+                kind=TracesKind.SPAN_KIND_SERVER,
+                status_code=TracesStatusCode.STATUS_CODE_OK,
+                status_message="",
+                resources={
+                    "service.name": "service-b",
+                },
+                attributes={},
+            ),
+        ]
+    )
+
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    # Calculate timestamps in nanoseconds
+    start_ns = int((now - timedelta(minutes=5)).timestamp() * 1e9)
+    end_ns = int(now.timestamp() * 1e9)
+
+    params = {
+        "start": start_ns,
+        "end": end_ns,
+        "format": "jsonl",
+        "source": "traces",
+        "limit": 1000,
+        "filter": "service.name = 'service-a'",
+    }
+
+    # Export traces with filter (GET supports filter param)
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(
+            f"/api/v1/export_raw_data?{urlencode(params)}"
+        ),
+        timeout=10,
+        headers={
+            "authorization": f"Bearer {token}",
+        },
+    )
+
+    assert response.status_code == HTTPStatus.OK
+    assert response.headers["Content-Type"] == "application/x-ndjson"
+
+    # Parse JSONL content
+    jsonl_lines = response.text.strip().split("\n")
+    assert len(jsonl_lines) == 1, f"Expected 1 line (filtered), got {len(jsonl_lines)}"
+
+    # Verify the filtered trace
+    filtered_obj = json.loads(jsonl_lines[0])
+    assert filtered_obj["trace_id"] == service_a_trace_id
+    assert filtered_obj["name"] == "operation-a"
+
+
+def test_export_traces_with_limit(
+    signoz: types.SigNoz,
+    create_user_admin: None,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    insert_traces: Callable[[List[Traces]], None],
+) -> None:
+    """
+    Setup:
+    Insert 5 traces.
+
+    Tests:
+    1. Export traces with limit applied
+    2. Verify only limited number of traces are returned
+    """
+    now = datetime.now(tz=timezone.utc).replace(second=0, microsecond=0)
+
+    traces = []
+    for i in range(5):
+        traces.append(
+            Traces(
+                timestamp=now - timedelta(seconds=i),
+                duration=timedelta(seconds=1),
+                trace_id=TraceIdGenerator.trace_id(),
+                span_id=TraceIdGenerator.span_id(),
+                parent_span_id="",
+                name=f"operation-{i}",
+                kind=TracesKind.SPAN_KIND_SERVER,
+                status_code=TracesStatusCode.STATUS_CODE_OK,
+                status_message="",
+                resources={
+                    "service.name": "test-service",
+                },
+                attributes={},
+            )
+        )
+
+    insert_traces(traces)
+
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    # Calculate timestamps in nanoseconds
+    start_ns = int((now - timedelta(minutes=5)).timestamp() * 1e9)
+    end_ns = int(now.timestamp() * 1e9)
+
+    params = {
+        "start": start_ns,
+        "end": end_ns,
+        "format": "csv",
+        "source": "traces",
+        "limit": 3,
+    }
+
+    # Export traces with limit (GET supports limit param)
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(
+            f"/api/v1/export_raw_data?{urlencode(params)}"
+        ),
+        timeout=10,
+        headers={
+            "authorization": f"Bearer {token}",
+        },
+    )
+
+    assert response.status_code == HTTPStatus.OK
+    assert response.headers["Content-Type"] == "text/csv"
+
+    # Parse CSV content
+    csv_content = response.text
+    csv_reader = csv.DictReader(io.StringIO(csv_content))
+
+    rows = list(csv_reader)
+    assert len(rows) == 3, f"Expected 3 rows (limited), got {len(rows)}"
+
+
+def test_export_traces_multiple_queries_rejected(
+    signoz: types.SigNoz,
+    create_user_admin: None,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+) -> None:
+    """
+    Tests:
+    1. POST with multiple builder queries but no trace operator is rejected
+    2. Verify 400 error is returned
+    """
+    now = datetime.now(tz=timezone.utc).replace(second=0, microsecond=0)
+    start_ns = int((now - timedelta(minutes=5)).timestamp() * 1e9)
+    end_ns = int(now.timestamp() * 1e9)
+
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    body = {
+        "start": start_ns,
+        "end": end_ns,
+        "compositeQuery": {
+            "queries": [
+                {
+                    "type": "builder_query",
+                    "spec": {
+                        "signal": "traces",
+                        "name": "A",
+                        "limit": 1000,
+                        "filter": {"expression": "service.name = 'service-a'"},
+                    },
+                },
+                {
+                    "type": "builder_query",
+                    "spec": {
+                        "signal": "traces",
+                        "name": "B",
+                        "limit": 1000,
+                        "filter": {"expression": "service.name = 'service-b'"},
+                    },
+                },
+            ]
+        },
+    }
+
+    url = signoz.self.host_configs["8080"].get("/api/v1/export_raw_data?format=jsonl")
+    response = requests.post(
+        url,
+        json=body,
+        timeout=10,
+        headers={
+            "authorization": f"Bearer {token}",
+            "Content-Type": "application/json",
+        },
+    )
+
+    assert response.status_code == HTTPStatus.BAD_REQUEST
+
+
+def test_export_traces_with_composite_query_trace_operator(
+    signoz: types.SigNoz,
+    create_user_admin: None,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    insert_traces: Callable[[List[Traces]], None],
+) -> None:
+    """
+    Setup:
+    Insert multiple traces with parent-child relationships.
+
+    Tests:
+    1. Export traces using trace operator in composite query (POST)
+    2. Verify trace operator query works correctly
+    """
+    parent_trace_id = TraceIdGenerator.trace_id()
+    parent_span_id = TraceIdGenerator.span_id()
+    child_span_id_1 = TraceIdGenerator.span_id()
+    child_span_id_2 = TraceIdGenerator.span_id()
+
+    now = datetime.now(tz=timezone.utc).replace(second=0, microsecond=0)
+
+    insert_traces(
+        [
+            Traces(
+                timestamp=now - timedelta(seconds=10),
+                duration=timedelta(seconds=5),
+                trace_id=parent_trace_id,
+                span_id=parent_span_id,
+                parent_span_id="",
+                name="parent-operation",
+                kind=TracesKind.SPAN_KIND_SERVER,
+                status_code=TracesStatusCode.STATUS_CODE_OK,
+                status_message="",
+                resources={
+                    "service.name": "parent-service",
+                },
+                attributes={
+                    "operation.type": "parent",
+                },
+            ),
+            Traces(
+                timestamp=now - timedelta(seconds=9),
+                duration=timedelta(seconds=2),
+                trace_id=parent_trace_id,
+                span_id=child_span_id_1,
+                parent_span_id=parent_span_id,
+                name="child-operation-1",
+                kind=TracesKind.SPAN_KIND_INTERNAL,
+                status_code=TracesStatusCode.STATUS_CODE_OK,
+                status_message="",
+                resources={
+                    "service.name": "parent-service",
+                },
+                attributes={
+                    "operation.type": "child",
+                },
+            ),
+            Traces(
+                timestamp=now - timedelta(seconds=7),
+                duration=timedelta(seconds=1),
+                trace_id=parent_trace_id,
+                span_id=child_span_id_2,
+                parent_span_id=parent_span_id,
+                name="child-operation-2",
+                kind=TracesKind.SPAN_KIND_INTERNAL,
+                status_code=TracesStatusCode.STATUS_CODE_OK,
+                status_message="",
+                resources={
+                    "service.name": "parent-service",
+                },
+                attributes={
+                    "operation.type": "child",
+                },
+            ),
+        ]
+    )
+
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    # Calculate timestamps in nanoseconds
+    start_ns = int((now - timedelta(minutes=5)).timestamp() * 1e9)
+    end_ns = int(now.timestamp() * 1e9)
+
+    # A: spans with operation.type = 'parent'
+    query_a = {
+        "type": "builder_query",
+        "spec": {
+            "signal": "traces",
+            "name": "A",
+            "limit": 1000,
+            "filter": {"expression": "operation.type = 'parent'"},
+        },
+    }
+
+    # B: spans with operation.type = 'child'
+    query_b = {
+        "type": "builder_query",
+        "spec": {
+            "signal": "traces",
+            "name": "B",
+            "limit": 1000,
+            "filter": {"expression": "operation.type = 'child'"},
+        },
+    }
+
+    # Trace operator: find traces where A has a direct descendant B
+    query_c = {
+        "type": "builder_trace_operator",
+        "spec": {
+            "name": "C",
+            "expression": "A => B",
+            "returnSpansFrom": "A",
+            "limit": 1000,
+            "order": [{"key": {"name": "timestamp"}, "direction": "desc"}],
+        },
+    }
+
+    body = {
+        "start": start_ns,
+        "end": end_ns,
+        "requestType": "raw",
+        "compositeQuery": {
+            "queries": [query_a, query_b, query_c],
+        },
+    }
+
+    url = signoz.self.host_configs["8080"].get("/api/v1/export_raw_data?format=jsonl")
+    response = requests.post(
+        url,
+        json=body,
+        timeout=10,
+        headers={
+            "authorization": f"Bearer {token}",
+            "Content-Type": "application/json",
+        },
+    )
+
+    print(response.text)
+    assert response.status_code == HTTPStatus.OK
+    assert response.headers["Content-Type"] == "application/x-ndjson"
+
+    # Parse JSONL content
+    jsonl_lines = response.text.strip().split("\n")
+    assert len(jsonl_lines) == 1, f"Expected at least 1 line, got {len(jsonl_lines)}"
+
+    # Verify all returned spans belong to the matched trace
+    json_objects = [json.loads(line) for line in jsonl_lines]
+    trace_ids = [obj.get("trace_id") for obj in json_objects]
+    assert all(tid == parent_trace_id for tid in trace_ids)
+
+    # Verify the parent span (returnSpansFrom = "A") is present
+    span_names = [obj.get("name") for obj in json_objects]
+    assert "parent-operation" in span_names
+
+
+def test_export_traces_with_select_fields(
+    signoz: types.SigNoz,
+    create_user_admin: None,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    insert_traces: Callable[[List[Traces]], None],
+) -> None:
+    """
+    Setup:
+    Insert traces with various attributes.
+
+    Tests:
+    1. Export traces with specific select fields via POST
+    2. Verify only specified fields are returned in the output
+    """
+    trace_id = TraceIdGenerator.trace_id()
+    span_id = TraceIdGenerator.span_id()
+
+    now = datetime.now(tz=timezone.utc).replace(second=0, microsecond=0)
+
+    insert_traces(
+        [
+            Traces(
+                timestamp=now - timedelta(seconds=10),
+                duration=timedelta(seconds=2),
+                trace_id=trace_id,
+                span_id=span_id,
+                parent_span_id="",
+                name="test-operation",
+                kind=TracesKind.SPAN_KIND_SERVER,
+                status_code=TracesStatusCode.STATUS_CODE_OK,
+                status_message="",
+                resources={
+                    "service.name": "test-service",
+                    "deployment.environment": "production",
+                    "host.name": "server-01",
+                },
+                attributes={
+                    "http.method": "POST",
+                    "http.status_code": "201",
+                    "user.id": "user123",
+                },
+            ),
+        ]
+    )
+
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    # Calculate timestamps in nanoseconds
+    start_ns = int((now - timedelta(minutes=5)).timestamp() * 1e9)
+    end_ns = int(now.timestamp() * 1e9)
+
+    body = {
+        "start": start_ns,
+        "end": end_ns,
+        "requestType": "raw",
+        "compositeQuery": {
+            "queries": [
+                {
+                    "type": "builder_query",
+                    "spec": {
+                        "signal": "traces",
+                        "name": "A",
+                        "limit": 1000,
+                        "selectFields": [
+                            {
+                                "name": "trace_id",
+                                "fieldDataType": "string",
+                                "fieldContext": "span",
+                                "signal": "traces",
+                            },
+                            {
+                                "name": "span_id",
+                                "fieldDataType": "string",
+                                "fieldContext": "span",
+                                "signal": "traces",
+                            },
+                            {
+                                "name": "name",
+                                "fieldDataType": "string",
+                                "fieldContext": "span",
+                                "signal": "traces",
+                            },
+                            {
+                                "name": "service.name",
+                                "fieldDataType": "string",
+                                "fieldContext": "resource",
+                                "signal": "traces",
+                            },
+                        ],
+                    },
+                }
+            ]
+        },
+    }
+
+    url = signoz.self.host_configs["8080"].get("/api/v1/export_raw_data?format=jsonl")
+    response = requests.post(
+        url,
+        json=body,
+        timeout=10,
+        headers={
+            "authorization": f"Bearer {token}",
+            "Content-Type": "application/json",
+        },
+    )
+
+    assert response.status_code == HTTPStatus.OK
+    assert response.headers["Content-Type"] == "application/x-ndjson"
+
+    # Parse JSONL content
+    jsonl_lines = response.text.strip().split("\n")
+    assert len(jsonl_lines) == 1
+
+    # Verify the selected fields are present
+    result = json.loads(jsonl_lines[0])
+    assert "trace_id" in result
+    assert "span_id" in result
+    assert "name" in result
+
+    # Verify values
+    assert result["trace_id"] == trace_id
+    assert result["span_id"] == span_id
+    assert result["name"] == "test-operation"
Author	SHA1	Message	Date
Tushar Vats	5a91b7b6c6	fix: added unit tests, renamed file, added validation	2026-03-16 19:40:00 +05:30
Tushar Vats	6e8c560d05	fix: better names for functions	2026-03-16 15:36:16 +05:30
Tushar Vats	12ac73e423	Merge branch 'main' into tvats-export-traces	2026-03-16 14:45:55 +05:30
Tushar Vats	d8598f906a	fix: typo	2026-03-16 14:41:32 +05:30
Tushar Vats	706538082c	fix: address comments	2026-03-15 20:25:24 +05:30
Srikanth Chekuri	7aa0eff6f4	Merge branch 'main' into tvats-export-traces	2026-02-27 15:23:28 +05:30
Tushar Vats	0e30a11231	fix: address comments	2026-02-27 03:39:08 +05:30
Srikanth Chekuri	5901074385	Merge branch 'main' into tvats-export-traces	2026-02-26 06:57:14 +05:30
Tushar Vats	5b27121530	fix: ran yarn generate:api	2026-02-26 02:56:37 +05:30
Tushar Vats	7090d1af17	fix: lint error	2026-02-26 02:39:43 +05:30
Tushar Vats	31152e01f5	fix: lint error	2026-02-25 21:54:25 +05:30
Tushar Vats	e19b37620d	Merge branch 'main' into tvats-export-traces	2026-02-25 21:46:49 +05:30
Tushar Vats	820f0723a5	fix: address comments	2026-02-25 21:44:32 +05:30
Tushar Vats	b8c101e95a	fix: renamed method	2026-02-19 10:53:33 +05:30
Tushar Vats	85c9daab12	fix: rebased main and ran generate cmd	2026-02-19 10:50:00 +05:30
Tushar Vats	4a80ef8f43	fix: go fmt	2026-02-19 10:47:33 +05:30
Tushar Vats	ac8600f5da	fix: removed nits	2026-02-19 10:47:33 +05:30
Tushar Vats	b2655634fe	fix: address comments	2026-02-19 10:47:25 +05:30
Tushar Vats	b2f20f7a64	feat: added trace export feat: added types for export feat: added support for complex queries fix: added correct open api spec fix: updated unit tests fix: type handling logic fix: improve order by feat: added integration tests fix: address comments	2026-02-19 10:44:45 +05:30