fix: test files

deploy/docker-swarm/docker-compose.ha.yaml

@@ -190,7 +190,7 @@ services:
       # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
   signoz:
     !!merge <<: *db-depend
-    image: signoz/signoz:v0.122.0
+    image: signoz/signoz:v0.123.0
     ports:
       - "8080:8080" # signoz port
     #   - "6060:6060"     # pprof port

deploy/docker-swarm/docker-compose.yaml

@@ -117,7 +117,7 @@ services:
       # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
   signoz:
     !!merge <<: *db-depend
-    image: signoz/signoz:v0.122.0
+    image: signoz/signoz:v0.123.0
     ports:
       - "8080:8080" # signoz port
     volumes:

deploy/docker/docker-compose.ha.yaml

@@ -181,7 +181,7 @@ services:
       # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
   signoz:
     !!merge <<: *db-depend
-    image: signoz/signoz:${VERSION:-v0.122.0}
+    image: signoz/signoz:${VERSION:-v0.123.0}
     container_name: signoz
     ports:
       - "8080:8080" # signoz port

deploy/docker/docker-compose.yaml

@@ -109,7 +109,7 @@ services:
       # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
   signoz:
     !!merge <<: *db-depend
-    image: signoz/signoz:${VERSION:-v0.122.0}
+    image: signoz/signoz:${VERSION:-v0.123.0}
     container_name: signoz
     ports:
       - "8080:8080" # signoz port

ee/query-service/app/server.go

@@ -114,7 +114,7 @@ func NewServer(config signoz.Config, signoz *signoz.SigNoz) (*Server, error) {
 	// initiate agent config handler
 	agentConfMgr, err := agentConf.Initiate(&agentConf.ManagerOptions{
 		Store:         signoz.SQLStore,
-		AgentFeatures: []agentConf.AgentFeature{logParsingPipelineController},
+		AgentFeatures: []agentConf.AgentFeature{logParsingPipelineController, signoz.Modules.LLMPricingRule},
 	})
 	if err != nil {
 		return nil, err

frontend/src/components/EditMemberDrawer/EditMemberDrawer.tsx

@@ -103,7 +103,7 @@ function EditMemberDrawer({
 	const { user: currentUser } = useAppContext();
 
 	const [localDisplayName, setLocalDisplayName] = useState('');
-	const [localRoles, setLocalRoles] = useState<string[]>([]);
+	const [localRole, setLocalRole] = useState('');
 	const [isSaving, setIsSaving] = useState(false);
 	const [saveErrors, setSaveErrors] = useState<SaveError[]>([]);
 	const [showDeleteConfirm, setShowDeleteConfirm] = useState(false);
@@ -141,7 +141,7 @@ function EditMemberDrawer({
 	} = useRoles();
 
 	const {
-		currentRoles: currentMemberRoles,
+		fetchedRoleIds,
 		isLoading: isMemberRolesLoading,
 		applyDiff,
 	} = useMemberRoleManager(member?.id ?? '', open && !!member?.id);
@@ -188,24 +188,16 @@ function EditMemberDrawer({
 		if (!member?.id) {
 			roleSessionRef.current = null;
 		} else if (member.id !== roleSessionRef.current && !isMemberRolesLoading) {
-			setLocalRoles(
-				currentMemberRoles.map((r) => r.id).filter(Boolean) as string[],
-			);
+			setLocalRole(fetchedRoleIds[0] ?? '');
 			roleSessionRef.current = member.id;
 		}
-	}, [member?.id, currentMemberRoles, isMemberRolesLoading]);
+	}, [member?.id, fetchedRoleIds, isMemberRolesLoading]);
 
 	const isDirty =
 		member !== null &&
 		fetchedUser != null &&
 		(localDisplayName !== fetchedDisplayName ||
-			JSON.stringify([...localRoles].sort()) !==
-				JSON.stringify(
-					currentMemberRoles
-						.map((r) => r.id)
-						.filter(Boolean)
-						.sort(),
-				));
+			localRole !== (fetchedRoleIds[0] ?? ''));
 
 	const { mutateAsync: updateMyUser } = useUpdateMyUserV2();
 	const { mutateAsync: updateUser } = useUpdateUser();
@@ -280,14 +272,7 @@ function EditMemberDrawer({
 		setIsSaving(true);
 		try {
 			const nameChanged = localDisplayName !== fetchedDisplayName;
-			const rolesChanged =
-				JSON.stringify([...localRoles].sort()) !==
-				JSON.stringify(
-					currentMemberRoles
-						.map((r) => r.id)
-						.filter(Boolean)
-						.sort(),
-				);
+			const rolesChanged = localRole !== (fetchedRoleIds[0] ?? '');
 
 			const namePromise = nameChanged
 				? isSelf
@@ -301,7 +286,7 @@ function EditMemberDrawer({
 			const [nameResult, rolesResult] = await Promise.allSettled([
 				namePromise,
 				rolesChanged
-					? applyDiff([...localRoles], availableRoles)
+					? applyDiff([localRole].filter(Boolean), availableRoles)
 					: Promise.resolve([]),
 			]);
 
@@ -320,7 +305,10 @@ function EditMemberDrawer({
 					context: 'Roles update',
 					apiError: toSaveApiError(rolesResult.reason),
 					onRetry: async (): Promise<void> => {
-						const failures = await applyDiff([...localRoles], availableRoles);
+						const failures = await applyDiff(
+							[localRole].filter(Boolean),
+							availableRoles,
+						);
 						setSaveErrors((prev) => {
 							const rest = prev.filter((e) => e.context !== 'Roles update');
 							return [
@@ -365,9 +353,9 @@ function EditMemberDrawer({
 		isDirty,
 		isSelf,
 		localDisplayName,
-		localRoles,
+		localRole,
 		fetchedDisplayName,
-		currentMemberRoles,
+		fetchedRoleIds,
 		updateMyUser,
 		updateUser,
 		applyDiff,
@@ -515,15 +503,10 @@ function EditMemberDrawer({
 					>
 						<div className="edit-member-drawer__input-wrapper edit-member-drawer__input-wrapper--disabled">
 							<div className="edit-member-drawer__disabled-roles">
-								{localRoles.length > 0 ? (
-									localRoles.map((roleId) => {
-										const role = availableRoles.find((r) => r.id === roleId);
-										return (
-											<Badge key={roleId} color="vanilla">
-												{role?.name ?? roleId}
-											</Badge>
-										);
-									})
+								{localRole ? (
+									<Badge color="vanilla">
+										{availableRoles.find((r) => r.id === localRole)?.name ?? localRole}
+									</Badge>
 								) : (
 									<span className="edit-member-drawer__email-text">—</span>
 								)}
@@ -534,15 +517,14 @@ function EditMemberDrawer({
 				) : (
 					<RolesSelect
 						id="member-role"
-						mode="multiple"
 						roles={availableRoles}
 						loading={rolesLoading}
 						isError={rolesError}
 						error={rolesErrorObj}
 						onRefetch={refetchRoles}
-						value={localRoles}
-						onChange={(roles): void => {
-							setLocalRoles(roles);
+						value={localRole}
+						onChange={(role): void => {
+							setLocalRole(role ?? '');
 							setSaveErrors((prev) =>
 								prev.filter(
 									(err) =>
@@ -550,7 +532,8 @@ function EditMemberDrawer({
 								),
 							);
 						}}
-						placeholder="Select roles"
+						placeholder="Select role"
+						allowClear={false}
 					/>
 				)}
 			</div>

frontend/src/components/EditMemberDrawer/__tests__/EditMemberDrawer.test.tsx

@@ -5,9 +5,7 @@ import {
 	useCreateResetPasswordToken,
 	useDeleteUser,
 	useGetResetPasswordToken,
-	useGetRolesByUserID,
 	useGetUser,
-	useRemoveUserRoleByUserIDAndRoleID,
 	useSetRoleByUserID,
 	useUpdateMyUserV2,
 	useUpdateUser,
@@ -25,16 +23,11 @@ import EditMemberDrawer, { EditMemberDrawerProps } from '../EditMemberDrawer';
 jest.mock('api/generated/services/users', () => ({
 	useDeleteUser: jest.fn(),
 	useGetUser: jest.fn(),
-	useGetRolesByUserID: jest.fn(),
-	useRemoveUserRoleByUserIDAndRoleID: jest.fn(),
 	useUpdateUser: jest.fn(),
 	useUpdateMyUserV2: jest.fn(),
 	useSetRoleByUserID: jest.fn(),
 	useGetResetPasswordToken: jest.fn(),
 	useCreateResetPasswordToken: jest.fn(),
-	getGetRolesByUserIDQueryKey: ({ id }: { id: string }): string[] => [
-		`/api/v2/users/${id}/roles`,
-	],
 }));
 
 jest.mock('api/ErrorResponseHandlerForGeneratedAPIs', () => ({
@@ -105,7 +98,6 @@ jest.mock('react-use', () => ({
 const ROLES_ENDPOINT = '*/api/v1/roles';
 
 const mockDeleteMutate = jest.fn();
-const mockRemoveMutateAsync = jest.fn();
 const mockCreateTokenMutateAsync = jest.fn();
 
 const showErrorModal = jest.fn();
@@ -194,14 +186,6 @@ describe('EditMemberDrawer', () => {
 			isLoading: false,
 			refetch: jest.fn(),
 		});
-		(useGetRolesByUserID as jest.Mock).mockReturnValue({
-			data: { data: [managedRoles[0]] },
-			isLoading: false,
-		});
-		(useRemoveUserRoleByUserIDAndRoleID as jest.Mock).mockReturnValue({
-			mutateAsync: mockRemoveMutateAsync.mockResolvedValue({}),
-			isLoading: false,
-		});
 		(useUpdateUser as jest.Mock).mockReturnValue({
 			mutateAsync: jest.fn().mockResolvedValue({}),
 			isLoading: false,
@@ -312,7 +296,7 @@ describe('EditMemberDrawer', () => {
 		expect(onClose).not.toHaveBeenCalled();
 	});
 
-	it('adding a new role calls setRole without removing existing ones', async () => {
+	it('selecting a different role calls setRole with the new role name', async () => {
 		const onComplete = jest.fn();
 		const user = userEvent.setup({ pointerEventsCheck: 0 });
 		const mockSet = jest.fn().mockResolvedValue({});
@@ -324,7 +308,7 @@ describe('EditMemberDrawer', () => {
 
 		renderDrawer({ onComplete });
 
-		// signoz-admin is already selected; add signoz-editor on top
+		// Open the roles dropdown and select signoz-editor
 		await user.click(screen.getByLabelText('Roles'));
 		await user.click(await screen.findByTitle('signoz-editor'));
 
@@ -337,31 +321,34 @@ describe('EditMemberDrawer', () => {
 				pathParams: { id: 'user-1' },
 				data: { name: 'signoz-editor' },
 			});
-			expect(mockRemoveMutateAsync).not.toHaveBeenCalled();
 			expect(onComplete).toHaveBeenCalled();
 		});
 	});
 
-	it('deselecting a role calls removeRole with the role id', async () => {
+	it('does not call removeRole when the role is changed', async () => {
 		const onComplete = jest.fn();
 		const user = userEvent.setup({ pointerEventsCheck: 0 });
+		const mockSet = jest.fn().mockResolvedValue({});
+
+		(useSetRoleByUserID as jest.Mock).mockReturnValue({
+			mutateAsync: mockSet,
+			isLoading: false,
+		});
 
 		renderDrawer({ onComplete });
 
-		// signoz-admin appears as a selected tag — click its remove button to deselect
-		const adminTag = await screen.findByTitle('signoz-admin');
-		const removeBtn = adminTag.querySelector(
-			'.ant-select-selection-item-remove',
-		) as Element;
-		await user.click(removeBtn);
+		// Switch from signoz-admin to signoz-viewer using single-select
+		await user.click(screen.getByLabelText('Roles'));
+		await user.click(await screen.findByTitle('signoz-viewer'));
 
 		const saveBtn = screen.getByRole('button', { name: /save member details/i });
 		await waitFor(() => expect(saveBtn).not.toBeDisabled());
 		await user.click(saveBtn);
 
 		await waitFor(() => {
-			expect(mockRemoveMutateAsync).toHaveBeenCalledWith({
-				pathParams: { id: 'user-1', roleId: managedRoles[0].id },
+			expect(mockSet).toHaveBeenCalledWith({
+				pathParams: { id: 'user-1' },
+				data: { name: 'signoz-viewer' },
 			});
 			expect(onComplete).toHaveBeenCalled();
 		});

frontend/src/hooks/member/useMemberRoleManager.ts

@@ -1,19 +1,8 @@
 import { useCallback, useMemo } from 'react';
-import { useQueryClient } from 'react-query';
 import type { AuthtypesRoleDTO } from 'api/generated/services/sigNoz.schemas';
-import {
-	getGetRolesByUserIDQueryKey,
-	useGetRolesByUserID,
-	useRemoveUserRoleByUserIDAndRoleID,
-	useSetRoleByUserID,
-} from 'api/generated/services/users';
+import { useGetUser, useSetRoleByUserID } from 'api/generated/services/users';
 import { retryOn429 } from 'utils/errorUtils';
 
-const enum PromiseStatus {
-	Fulfilled = 'fulfilled',
-	Rejected = 'rejected',
-}
-
 export interface MemberRoleUpdateFailure {
 	roleName: string;
 	error: unknown;
@@ -21,7 +10,7 @@ export interface MemberRoleUpdateFailure {
 }
 
 interface UseMemberRoleManagerResult {
-	currentRoles: AuthtypesRoleDTO[];
+	fetchedRoleIds: string[];
 	isLoading: boolean;
 	applyDiff: (
 		localRoleIds: string[],
@@ -33,96 +22,66 @@ export function useMemberRoleManager(
 	userId: string,
 	enabled: boolean,
 ): UseMemberRoleManagerResult {
-	const queryClient = useQueryClient();
-
-	const { data, isLoading } = useGetRolesByUserID(
+	const { data: fetchedUser, isLoading } = useGetUser(
 		{ id: userId },
 		{ query: { enabled: !!userId && enabled } },
 	);
 
-	const currentRoles = useMemo<AuthtypesRoleDTO[]>(
-		() => data?.data ?? [],
-		[data?.data],
+	const currentUserRoles = useMemo(
+		() => fetchedUser?.data?.userRoles ?? [],
+		[fetchedUser],
+	);
+
+	const fetchedRoleIds = useMemo(
+		() =>
+			currentUserRoles
+				.map((ur) => ur.role?.id ?? ur.roleId)
+				.filter((id): id is string => Boolean(id)),
+		[currentUserRoles],
 	);
 
 	const { mutateAsync: setRole } = useSetRoleByUserID({
 		mutation: { retry: retryOn429 },
 	});
-	const { mutateAsync: removeRole } = useRemoveUserRoleByUserIDAndRoleID({
-		mutation: { retry: retryOn429 },
-	});
-
-	const invalidateRoles = useCallback(
-		() =>
-			queryClient.invalidateQueries(getGetRolesByUserIDQueryKey({ id: userId })),
-		[userId, queryClient],
-	);
 
 	const applyDiff = useCallback(
 		async (
 			localRoleIds: string[],
 			availableRoles: AuthtypesRoleDTO[],
 		): Promise<MemberRoleUpdateFailure[]> => {
-			const currentRoleIds = new Set(
-				currentRoles.map((r) => r.id).filter(Boolean),
-			);
-			const desiredRoleIds = new Set(
-				localRoleIds.filter((id) => id != null && id !== ''),
+			const currentRoleIdSet = new Set(fetchedRoleIds);
+			const desiredRoleIdSet = new Set(localRoleIds.filter(Boolean));
+
+			const toAdd = availableRoles.filter(
+				(r) => r.id && desiredRoleIdSet.has(r.id) && !currentRoleIdSet.has(r.id),
 			);
 
-			const addedRoles = availableRoles.filter(
-				(r) => r.id && desiredRoleIds.has(r.id) && !currentRoleIds.has(r.id),
-			);
-			const removedRoles = currentRoles.filter(
-				(r) => r.id && !desiredRoleIds.has(r.id),
-			);
-
-			const allOperations = [
-				...addedRoles.map((role) => ({
-					role,
+			/// TODO: re-enable deletes once BE for this is streamlined
+			const allOps = [
+				...toAdd.map((role) => ({
+					roleName: role.name ?? 'unknown',
 					run: (): ReturnType<typeof setRole> =>
 						setRole({
 							pathParams: { id: userId },
 							data: { name: role.name ?? '' },
 						}),
 				})),
-				...removedRoles.map((role) => ({
-					role,
-					run: (): ReturnType<typeof removeRole> =>
-						removeRole({ pathParams: { id: userId, roleId: role.id ?? '' } }),
-				})),
 			];
 
-			const results = await Promise.allSettled(
-				allOperations.map((op) => op.run()),
-			);
-
-			const successCount = results.filter(
-				(r) => r.status === PromiseStatus.Fulfilled,
-			).length;
-			if (successCount > 0) {
-				await invalidateRoles();
-			}
+			const results = await Promise.allSettled(allOps.map((op) => op.run()));
 
 			const failures: MemberRoleUpdateFailure[] = [];
-			results.forEach((result, index) => {
-				if (result.status === PromiseStatus.Rejected) {
-					const { role, run } = allOperations[index];
-					failures.push({
-						roleName: role.name ?? 'unknown',
-						error: result.reason,
-						onRetry: async (): Promise<void> => {
-							await run();
-							await invalidateRoles();
-						},
-					});
+			results.forEach((result, i) => {
+				if (result.status === 'rejected') {
+					const { roleName, run } = allOps[i];
+					failures.push({ roleName, error: result.reason, onRetry: run });
 				}
 			});
 
 			return failures;
 		},
-		[userId, currentRoles, setRole, removeRole, invalidateRoles],
+		[userId, fetchedRoleIds, setRole],
 	);
 
-	return { currentRoles, isLoading, applyDiff };
+	return { fetchedRoleIds, isLoading, applyDiff };
 }

pkg/modules/user/impluser/setter.go

@@ -874,22 +874,45 @@ func (module *setter) AddUserRole(ctx context.Context, orgID, userID valuer.UUID
 		return errors.NewInvalidInputf(errors.CodeInvalidInput, "role name not found: %s", roleName)
 	}
 
-	// grant via authz (additive, idempotent — OpenFGA uses OnDuplicate: "ignore")
-	if err := module.authz.Grant(
+	// check if user already has this role
+	existingUserRoles, err := module.getter.GetRolesByUserID(ctx, existingUser.ID)
+	if err != nil {
+		return err
+	}
+
+	existingRoles := make([]string, len(existingUserRoles))
+	for idx, role := range existingUserRoles {
+		existingRoles[idx] = role.Role.Name
+	}
+
+	// grant via authz (idempotent)
+	if err := module.authz.ModifyGrant(
 		ctx,
 		orgID,
+		existingRoles,
 		[]string{roleName},
 		authtypes.MustNewSubject(coretypes.NewResourceUser(), existingUser.ID.StringValue(), existingUser.OrgID, nil),
 	); err != nil {
 		return err
 	}
 
-	// create user_role entry (swallow AlreadyExists for idempotency — DB has unique constraint on user_id+role_id)
+	// create user_role entry
 	userRoles := authtypes.NewUserRoles(userID, foundRoles)
-	if err := module.userRoleStore.CreateUserRoles(ctx, userRoles); err != nil {
-		if !errors.Ast(err, errors.TypeAlreadyExists) {
+	err = module.store.RunInTx(ctx, func(ctx context.Context) error {
+		err = module.userRoleStore.DeleteUserRoles(ctx, existingUser.ID)
+		if err != nil {
 			return err
 		}
+
+		err := module.userRoleStore.CreateUserRoles(ctx, userRoles)
+		if err != nil {
+			return err
+		}
+
+		return nil
+	})
+	if err != nil {
+		return err
 	}
 
 	return module.tokenizer.DeleteIdentity(ctx, userID)

pkg/query-service/app/server.go

@@ -135,6 +135,7 @@ func NewServer(config signoz.Config, signoz *signoz.SigNoz) (*Server, error) {
 			Store: signoz.SQLStore,
 			AgentFeatures: []agentConf.AgentFeature{
 				logParsingPipelineController,
+				signoz.Modules.LLMPricingRule,
 			},
 		},
 	)

pkg/types/llmpricingruletypes/processorconfig.go

@@ -26,9 +26,8 @@ type LLMPricingRuleProcessorAttrs struct {
 	CacheWrite string `yaml:"cache_write" json:"cache_write"`
 }
 
-// LLMPricingRuleProcessorDefaultPricing holds the pricing unit and the list of model-specific rules.
+// LLMPricingRuleProcessorDefaultPricing holds the list of model-specific rules.
 type LLMPricingRuleProcessorDefaultPricing struct {
-	Unit  string                    `yaml:"unit" json:"unit"`
 	Rules []LLMPricingRuleProcessor `yaml:"rules" json:"rules"`
 }
 
@@ -87,7 +86,6 @@ func buildProcessorConfig(rules []*LLMPricingRule) *LLMPricingRuleProcessorConfi
 			CacheWrite: GenAIUsageCacheCreationInputTokens,
 		},
 		DefaultPricing: LLMPricingRuleProcessorDefaultPricing{
-			Unit:  UnitPerMillionTokens.StringValue(),
 			Rules: pricingRules,
 		},
 		OutputAttrs: LLMPricingRuleProcessorOutputAttrs{

pkg/types/llmpricingruletypes/testdata/collector_baseline.yaml

@@ -11,7 +11,6 @@ processors:
       cache_read: gen_ai.usage.cache_read.input_tokens
       cache_write: gen_ai.usage.cache_creation.input_tokens
     default_pricing:
-      unit: per_million_tokens
       rules: []
     output_attrs:
       in: _signoz.gen_ai.cost_input

pkg/types/llmpricingruletypes/testdata/collector_no_rules.yaml

@@ -11,7 +11,6 @@ processors:
             cache_read: gen_ai.usage.cache_read.input_tokens
             cache_write: gen_ai.usage.cache_creation.input_tokens
         default_pricing:
-            unit: per_million_tokens
             rules: []
         output_attrs:
             in: _signoz.gen_ai.cost_input

pkg/types/llmpricingruletypes/testdata/collector_with_rule.yaml

@@ -11,7 +11,6 @@ processors:
             cache_read: gen_ai.usage.cache_read.input_tokens
             cache_write: gen_ai.usage.cache_creation.input_tokens
         default_pricing:
-            unit: per_million_tokens
             rules:
                 - name: gpt-4o
                   pattern:

tests/integration/tests/passwordauthn/04_role.py

@@ -129,11 +129,11 @@ def test_get_user_roles(
         assert "type" in role
 
 
-def test_assign_role_is_additive(
+def test_assign_role_replaces_previous(
     signoz: types.SigNoz,
     get_token: Callable[[str, str], str],
 ):
-    """Verify POST /api/v2/users/{id}/roles ADDS a role alongside existing ones and is idempotent."""
+    """Verify POST /api/v2/users/{id}/roles replaces existing role."""
     admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
     response = requests.get(
         signoz.self.host_configs["8080"].get("/api/v2/users/me"),
@@ -144,8 +144,6 @@ def test_assign_role_is_additive(
     me = response.json()["data"]
     user_id = me["id"]
 
-    # User currently has signoz-admin from test_change_role.
-    # Assign signoz-editor — should be additive, admin stays.
     response = requests.post(
         signoz.self.host_configs["8080"].get(f"/api/v2/users/{user_id}/roles"),
         json={"name": "signoz-editor"},
@@ -162,29 +160,8 @@ def test_assign_role_is_additive(
     assert response.status_code == HTTPStatus.OK
     roles = response.json()["data"]
     names = {r["name"] for r in roles}
-    assert len(names) == 2
     assert "signoz-editor" in names
-    assert "signoz-admin" in names
-
-    # Idempotency: assigning the same role again succeeds without duplicates
-    response = requests.post(
-        signoz.self.host_configs["8080"].get(f"/api/v2/users/{user_id}/roles"),
-        json={"name": "signoz-editor"},
-        headers={"Authorization": f"Bearer {admin_token}"},
-        timeout=5,
-    )
-    assert response.status_code == HTTPStatus.OK
-
-    response = requests.get(
-        signoz.self.host_configs["8080"].get(f"/api/v2/users/{user_id}/roles"),
-        headers={"Authorization": f"Bearer {admin_token}"},
-        timeout=5,
-    )
-    assert response.status_code == HTTPStatus.OK
-    roles = response.json()["data"]
-    editor_count = sum(1 for r in roles if r["name"] == "signoz-editor")
-    assert editor_count == 1
-    assert len(roles) == 2
+    assert "signoz-admin" not in names
 
 
 def test_get_users_by_role(
@@ -225,7 +202,7 @@ def test_remove_role(
     signoz: types.SigNoz,
     get_token: Callable[[str, str], str],
 ):
-    """Verify DELETE /api/v2/users/{id}/roles/{roleId} removes only the specified role."""
+    """Verify DELETE /api/v2/users/{id}/roles/{roleId} removes the role."""
     admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
     response = requests.get(
         signoz.self.host_configs["8080"].get("/api/v2/users/me"),
@@ -260,10 +237,7 @@ def test_remove_role(
     )
     assert response.status_code == HTTPStatus.OK
     roles_after = response.json()["data"]
-    names_after = {r["name"] for r in roles_after}
-    assert len(roles_after) == 1
-    assert "signoz-editor" not in names_after
-    assert "signoz-admin" in names_after
+    assert len(roles_after) == 0
 
 
 def test_user_with_roles_reflects_change(
@@ -288,8 +262,7 @@ def test_user_with_roles_reflects_change(
     assert response.status_code == HTTPStatus.OK
     data = response.json()["data"]
     role_names = {ur["role"]["name"] for ur in data["userRoles"]}
-    assert len(role_names) == 1
-    assert "signoz-admin" in role_names
+    assert len(role_names) == 0
 
 
 def test_admin_cannot_assign_role_to_self(