Merge branch 'main' into feat/cmd-click

.github/workflows/build-enterprise.yaml

@@ -70,7 +70,6 @@ jobs:
           echo 'PYLON_APP_ID="${{ secrets.PYLON_APP_ID }}"' >> frontend/.env
           echo 'APPCUES_APP_ID="${{ secrets.APPCUES_APP_ID }}"' >> frontend/.env
           echo 'PYLON_IDENTITY_SECRET="${{ secrets.PYLON_IDENTITY_SECRET }}"' >> frontend/.env
-          echo 'DOCS_BASE_URL="https://signoz.io"' >> frontend/.env
       - name: cache-dotenv
         uses: actions/cache@v4
         with:

.github/workflows/build-staging.yaml

@@ -69,7 +69,6 @@ jobs:
           echo 'PYLON_APP_ID="${{ secrets.NP_PYLON_APP_ID }}"' >> frontend/.env
           echo 'APPCUES_APP_ID="${{ secrets.NP_APPCUES_APP_ID }}"' >> frontend/.env
           echo 'PYLON_IDENTITY_SECRET="${{ secrets.NP_PYLON_IDENTITY_SECRET }}"' >> frontend/.env
-          echo 'DOCS_BASE_URL="https://staging.signoz.io"' >> frontend/.env
       - name: cache-dotenv
         uses: actions/cache@v4
         with:

.github/workflows/gor-signoz.yaml

@@ -3,8 +3,8 @@ name: gor-signoz
 on:
   push:
     tags:
-      - "v[0-9]+.[0-9]+.[0-9]+"
-      - "v[0-9]+.[0-9]+.[0-9]+-rc.[0-9]+"
+      - 'v[0-9]+.[0-9]+.[0-9]+'
+      - 'v[0-9]+.[0-9]+.[0-9]+-rc.[0-9]+'
 
 permissions:
   contents: write
@@ -36,9 +36,8 @@ jobs:
           echo 'PYLON_APP_ID="${{ secrets.PYLON_APP_ID }}"' >> .env
           echo 'APPCUES_APP_ID="${{ secrets.APPCUES_APP_ID }}"' >> .env
           echo 'PYLON_IDENTITY_SECRET="${{ secrets.PYLON_IDENTITY_SECRET }}"' >> .env
-          echo 'DOCS_BASE_URL="https://signoz.io"' >> .env
       - name: build-frontend
-        run: make js-build
+        run:  make js-build
       - name: upload-frontend-artifact
         uses: actions/upload-artifact@v4
         with:
@@ -105,7 +104,7 @@ jobs:
         uses: goreleaser/goreleaser-action@v6
         with:
           distribution: goreleaser-pro
-          version: "~> v2"
+          version: '~> v2'
           args: release --config ${{ env.CONFIG_PATH }} --clean --split
           workdir: .
         env:
@@ -162,7 +161,7 @@ jobs:
         if: steps.cache-linux.outputs.cache-hit == 'true' && steps.cache-darwin.outputs.cache-hit == 'true' # only run if caches hit
         with:
           distribution: goreleaser-pro
-          version: "~> v2"
+          version: '~> v2'
           args: continue --merge
           workdir: .
         env:

cmd/community/server.go

@@ -19,7 +19,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/modules/role"
-	"github.com/SigNoz/signoz/pkg/modules/role/implrole"
 	"github.com/SigNoz/signoz/pkg/querier"
 	"github.com/SigNoz/signoz/pkg/query-service/app"
 	"github.com/SigNoz/signoz/pkg/queryparser"
@@ -81,15 +80,12 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 		func(ctx context.Context, sqlstore sqlstore.SQLStore) factory.ProviderFactory[authz.AuthZ, authz.Config] {
 			return openfgaauthz.NewProviderFactory(sqlstore, openfgaschema.NewSchema().Get(ctx))
 		},
-		func(store sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, _ role.Setter, _ role.Granter, queryParser queryparser.QueryParser, _ querier.Querier, _ licensing.Licensing) dashboard.Module {
+		func(store sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, _ role.Module, queryParser queryparser.QueryParser, _ querier.Querier, _ licensing.Licensing) dashboard.Module {
 			return impldashboard.NewModule(impldashboard.NewStore(store), settings, analytics, orgGetter, queryParser)
 		},
 		func(_ licensing.Licensing) factory.ProviderFactory[gateway.Gateway, gateway.Config] {
 			return noopgateway.NewProviderFactory()
 		},
-		func(store sqlstore.SQLStore, authz authz.AuthZ, licensing licensing.Licensing, _ []role.RegisterTypeable) role.Setter {
-			return implrole.NewSetter(implrole.NewStore(store), authz)
-		},
 	)
 	if err != nil {
 		logger.ErrorContext(ctx, "failed to create signoz", "error", err)

cmd/enterprise/server.go

@@ -14,7 +14,6 @@ import (
 	enterpriselicensing "github.com/SigNoz/signoz/ee/licensing"
 	"github.com/SigNoz/signoz/ee/licensing/httplicensing"
 	"github.com/SigNoz/signoz/ee/modules/dashboard/impldashboard"
-	"github.com/SigNoz/signoz/ee/modules/role/implrole"
 	enterpriseapp "github.com/SigNoz/signoz/ee/query-service/app"
 	"github.com/SigNoz/signoz/ee/sqlschema/postgressqlschema"
 	"github.com/SigNoz/signoz/ee/sqlstore/postgressqlstore"
@@ -30,7 +29,6 @@ import (
 	pkgimpldashboard "github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/modules/role"
-	pkgimplrole "github.com/SigNoz/signoz/pkg/modules/role/implrole"
 	"github.com/SigNoz/signoz/pkg/querier"
 	"github.com/SigNoz/signoz/pkg/queryparser"
 	"github.com/SigNoz/signoz/pkg/signoz"
@@ -121,17 +119,13 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 		func(ctx context.Context, sqlstore sqlstore.SQLStore) factory.ProviderFactory[authz.AuthZ, authz.Config] {
 			return openfgaauthz.NewProviderFactory(sqlstore, openfgaschema.NewSchema().Get(ctx))
 		},
-		func(store sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, roleSetter role.Setter, granter role.Granter, queryParser queryparser.QueryParser, querier querier.Querier, licensing licensing.Licensing) dashboard.Module {
-			return impldashboard.NewModule(pkgimpldashboard.NewStore(store), settings, analytics, orgGetter, roleSetter, granter, queryParser, querier, licensing)
+		func(store sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, role role.Module, queryParser queryparser.QueryParser, querier querier.Querier, licensing licensing.Licensing) dashboard.Module {
+			return impldashboard.NewModule(pkgimpldashboard.NewStore(store), settings, analytics, orgGetter, role, queryParser, querier, licensing)
 		},
 		func(licensing licensing.Licensing) factory.ProviderFactory[gateway.Gateway, gateway.Config] {
 			return httpgateway.NewProviderFactory(licensing)
 		},
-		func(store sqlstore.SQLStore, authz authz.AuthZ, licensing licensing.Licensing, registry []role.RegisterTypeable) role.Setter {
-			return implrole.NewSetter(pkgimplrole.NewStore(store), authz, licensing, registry)
-		},
 	)
-
 	if err != nil {
 		logger.ErrorContext(ctx, "failed to create signoz", "error", err)
 		return err

docs/api/openapi.yml

@@ -209,7 +209,7 @@ paths:
   /api/v1/dashboards/{id}/public:
     delete:
       deprecated: false
-      description: This endpoint deletes the public sharing config and disables the
+      description: This endpoints deletes the public sharing config and disables the
         public sharing of a dashboard
       operationId: DeletePublicDashboard
       parameters:
@@ -253,7 +253,7 @@ paths:
       - dashboard
     get:
       deprecated: false
-      description: This endpoint returns public sharing config for a dashboard
+      description: This endpoints returns public sharing config for a dashboard
       operationId: GetPublicDashboard
       parameters:
       - in: path
@@ -301,7 +301,7 @@ paths:
       - dashboard
     post:
       deprecated: false
-      description: This endpoint creates public sharing config and enables public
+      description: This endpoints creates public sharing config and enables public
         sharing of the dashboard
       operationId: CreatePublicDashboard
       parameters:
@@ -355,7 +355,7 @@ paths:
       - dashboard
     put:
       deprecated: false
-      description: This endpoint updates the public sharing config for a dashboard
+      description: This endpoints updates the public sharing config for a dashboard
       operationId: UpdatePublicDashboard
       parameters:
       - in: path
@@ -671,7 +671,7 @@ paths:
   /api/v1/global/config:
     get:
       deprecated: false
-      description: This endpoint returns global config
+      description: This endpoints returns global config
       operationId: GetGlobalConfig
       responses:
         "200":
@@ -1447,7 +1447,8 @@ paths:
   /api/v1/public/dashboards/{id}:
     get:
       deprecated: false
-      description: This endpoint returns the sanitized dashboard data for public access
+      description: This endpoints returns the sanitized dashboard data for public
+        access
       operationId: GetPublicDashboardData
       parameters:
       - in: path
@@ -1578,228 +1579,6 @@ paths:
       summary: Reset password
       tags:
       - users
-  /api/v1/roles:
-    get:
-      deprecated: false
-      description: This endpoint lists all roles
-      operationId: ListRoles
-      responses:
-        "200":
-          content:
-            application/json:
-              schema:
-                properties:
-                  data:
-                    items:
-                      $ref: '#/components/schemas/RoletypesRole'
-                    type: array
-                  status:
-                    type: string
-                type: object
-          description: OK
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: List roles
-      tags:
-      - role
-    post:
-      deprecated: false
-      description: This endpoint creates a role
-      operationId: CreateRole
-      responses:
-        "201":
-          content:
-            application/json:
-              schema:
-                properties:
-                  data:
-                    $ref: '#/components/schemas/TypesIdentifiable'
-                  status:
-                    type: string
-                type: object
-          description: Created
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: Create role
-      tags:
-      - role
-  /api/v1/roles/{id}:
-    delete:
-      deprecated: false
-      description: This endpoint deletes a role
-      operationId: DeleteRole
-      parameters:
-      - in: path
-        name: id
-        required: true
-        schema:
-          type: string
-      responses:
-        "204":
-          content:
-            application/json:
-              schema:
-                type: string
-          description: No Content
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: Delete role
-      tags:
-      - role
-    get:
-      deprecated: false
-      description: This endpoint gets a role
-      operationId: GetRole
-      parameters:
-      - in: path
-        name: id
-        required: true
-        schema:
-          type: string
-      responses:
-        "200":
-          content:
-            application/json:
-              schema:
-                properties:
-                  data:
-                    $ref: '#/components/schemas/RoletypesRole'
-                  status:
-                    type: string
-                type: object
-          description: OK
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: Get role
-      tags:
-      - role
-    patch:
-      deprecated: false
-      description: This endpoint patches a role
-      operationId: PatchRole
-      parameters:
-      - in: path
-        name: id
-        required: true
-        schema:
-          type: string
-      responses:
-        "204":
-          content:
-            application/json:
-              schema:
-                type: string
-          description: No Content
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: Patch role
-      tags:
-      - role
   /api/v1/user:
     get:
       deprecated: false
@@ -4109,25 +3888,6 @@ components:
         status:
           type: string
       type: object
-    RoletypesRole:
-      properties:
-        createdAt:
-          format: date-time
-          type: string
-        description:
-          type: string
-        id:
-          type: string
-        name:
-          type: string
-        orgId:
-          type: string
-        type:
-          type: string
-        updatedAt:
-          format: date-time
-          type: string
-      type: object
     TypesChangePasswordRequest:
       properties:
         newPassword:

ee/authz/openfgaauthz/provider.go

@@ -47,7 +47,7 @@ func (provider *provider) Check(ctx context.Context, tuple *openfgav1.TupleKey)
 	return provider.pkgAuthzService.Check(ctx, tuple)
 }
 
-func (provider *provider) CheckWithTupleCreation(ctx context.Context, claims authtypes.Claims, orgID valuer.UUID, relation authtypes.Relation, typeable authtypes.Typeable, selectors []authtypes.Selector, _ []authtypes.Selector) error {
+func (provider *provider) CheckWithTupleCreation(ctx context.Context, claims authtypes.Claims, orgID valuer.UUID, relation authtypes.Relation, _ authtypes.Relation, typeable authtypes.Typeable, selectors []authtypes.Selector) error {
 	subject, err := authtypes.NewSubject(authtypes.TypeableUser, claims.UserID, orgID, nil)
 	if err != nil {
 		return err
@@ -66,7 +66,7 @@ func (provider *provider) CheckWithTupleCreation(ctx context.Context, claims aut
 	return nil
 }
 
-func (provider *provider) CheckWithTupleCreationWithoutClaims(ctx context.Context, orgID valuer.UUID, relation authtypes.Relation, typeable authtypes.Typeable, selectors []authtypes.Selector, _ []authtypes.Selector) error {
+func (provider *provider) CheckWithTupleCreationWithoutClaims(ctx context.Context, orgID valuer.UUID, relation authtypes.Relation, _ authtypes.Relation, typeable authtypes.Typeable, selectors []authtypes.Selector) error {
 	subject, err := authtypes.NewSubject(authtypes.TypeableAnonymous, authtypes.AnonymousUser.String(), orgID, nil)
 	if err != nil {
 		return err

ee/modules/dashboard/impldashboard/module.go

@@ -26,13 +26,12 @@ type module struct {
 	pkgDashboardModule dashboard.Module
 	store              dashboardtypes.Store
 	settings           factory.ScopedProviderSettings
-	roleSetter         role.Setter
-	granter            role.Granter
+	role               role.Module
 	querier            querier.Querier
 	licensing          licensing.Licensing
 }
 
-func NewModule(store dashboardtypes.Store, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, roleSetter role.Setter, granter role.Granter, queryParser queryparser.QueryParser, querier querier.Querier, licensing licensing.Licensing) dashboard.Module {
+func NewModule(store dashboardtypes.Store, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, role role.Module, queryParser queryparser.QueryParser, querier querier.Querier, licensing licensing.Licensing) dashboard.Module {
 	scopedProviderSettings := factory.NewScopedProviderSettings(settings, "github.com/SigNoz/signoz/ee/modules/dashboard/impldashboard")
 	pkgDashboardModule := pkgimpldashboard.NewModule(store, settings, analytics, orgGetter, queryParser)
 
@@ -40,8 +39,7 @@ func NewModule(store dashboardtypes.Store, settings factory.ProviderSettings, an
 		pkgDashboardModule: pkgDashboardModule,
 		store:              store,
 		settings:           scopedProviderSettings,
-		roleSetter:         roleSetter,
-		granter:            granter,
+		role:               role,
 		querier:            querier,
 		licensing:          licensing,
 	}
@@ -61,12 +59,12 @@ func (module *module) CreatePublic(ctx context.Context, orgID valuer.UUID, publi
 		return errors.Newf(errors.TypeAlreadyExists, dashboardtypes.ErrCodePublicDashboardAlreadyExists, "dashboard with id %s is already public", storablePublicDashboard.DashboardID)
 	}
 
-	role, err := module.roleSetter.GetOrCreate(ctx, orgID, roletypes.NewRole(roletypes.SigNozAnonymousRoleName, roletypes.SigNozAnonymousRoleDescription, roletypes.RoleTypeManaged, orgID))
+	role, err := module.role.GetOrCreate(ctx, roletypes.NewRole(roletypes.AnonymousUserRoleName, roletypes.AnonymousUserRoleDescription, roletypes.RoleTypeManaged.StringValue(), orgID))
 	if err != nil {
 		return err
 	}
 
-	err = module.granter.Grant(ctx, orgID, roletypes.SigNozAnonymousRoleName, authtypes.MustNewSubject(authtypes.TypeableAnonymous, authtypes.AnonymousUser.StringValue(), orgID, nil))
+	err = module.role.Assign(ctx, role.ID, orgID, authtypes.MustNewSubject(authtypes.TypeableAnonymous, authtypes.AnonymousUser.StringValue(), orgID, nil))
 	if err != nil {
 		return err
 	}
@@ -79,7 +77,7 @@ func (module *module) CreatePublic(ctx context.Context, orgID valuer.UUID, publi
 		authtypes.MustNewSelector(authtypes.TypeMetaResource, publicDashboard.ID.String()),
 	)
 
-	err = module.roleSetter.PatchObjects(ctx, orgID, role.ID, authtypes.RelationRead, []*authtypes.Object{additionObject}, nil)
+	err = module.role.PatchObjects(ctx, orgID, role.ID, authtypes.RelationRead, []*authtypes.Object{additionObject}, nil)
 	if err != nil {
 		return err
 	}
@@ -195,7 +193,7 @@ func (module *module) DeletePublic(ctx context.Context, orgID valuer.UUID, dashb
 		return err
 	}
 
-	role, err := module.roleSetter.GetOrCreate(ctx, orgID, roletypes.NewRole(roletypes.SigNozAnonymousRoleName, roletypes.SigNozAnonymousRoleDescription, roletypes.RoleTypeManaged, orgID))
+	role, err := module.role.GetOrCreate(ctx, roletypes.NewRole(roletypes.AnonymousUserRoleName, roletypes.AnonymousUserRoleDescription, roletypes.RoleTypeManaged.StringValue(), orgID))
 	if err != nil {
 		return err
 	}
@@ -208,7 +206,7 @@ func (module *module) DeletePublic(ctx context.Context, orgID valuer.UUID, dashb
 		authtypes.MustNewSelector(authtypes.TypeMetaResource, publicDashboard.ID.String()),
 	)
 
-	err = module.roleSetter.PatchObjects(ctx, orgID, role.ID, authtypes.RelationRead, nil, []*authtypes.Object{deletionObject})
+	err = module.role.PatchObjects(ctx, orgID, role.ID, authtypes.RelationRead, nil, []*authtypes.Object{deletionObject})
 	if err != nil {
 		return err
 	}
@@ -272,7 +270,7 @@ func (module *module) deletePublic(ctx context.Context, orgID valuer.UUID, dashb
 		return err
 	}
 
-	role, err := module.roleSetter.GetOrCreate(ctx, orgID, roletypes.NewRole(roletypes.SigNozAnonymousRoleName, roletypes.SigNozAnonymousRoleDescription, roletypes.RoleTypeManaged, orgID))
+	role, err := module.role.GetOrCreate(ctx, roletypes.NewRole(roletypes.AnonymousUserRoleName, roletypes.AnonymousUserRoleDescription, roletypes.RoleTypeManaged.StringValue(), orgID))
 	if err != nil {
 		return err
 	}
@@ -285,7 +283,7 @@ func (module *module) deletePublic(ctx context.Context, orgID valuer.UUID, dashb
 		authtypes.MustNewSelector(authtypes.TypeMetaResource, publicDashboard.ID.String()),
 	)
 
-	err = module.roleSetter.PatchObjects(ctx, orgID, role.ID, authtypes.RelationRead, nil, []*authtypes.Object{deletionObject})
+	err = module.role.PatchObjects(ctx, orgID, role.ID, authtypes.RelationRead, nil, []*authtypes.Object{deletionObject})
 	if err != nil {
 		return err
 	}

ee/modules/role/implrole/setter.go

@@ -1,165 +0,0 @@
-package implrole
-
-import (
-	"context"
-	"slices"
-
-	"github.com/SigNoz/signoz/pkg/authz"
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/licensing"
-	"github.com/SigNoz/signoz/pkg/modules/role"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/roletypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type setter struct {
-	store     roletypes.Store
-	authz     authz.AuthZ
-	licensing licensing.Licensing
-	registry  []role.RegisterTypeable
-}
-
-func NewSetter(store roletypes.Store, authz authz.AuthZ, licensing licensing.Licensing, registry []role.RegisterTypeable) role.Setter {
-	return &setter{
-		store:     store,
-		authz:     authz,
-		licensing: licensing,
-		registry:  registry,
-	}
-}
-
-func (setter *setter) Create(ctx context.Context, orgID valuer.UUID, role *roletypes.Role) error {
-	_, err := setter.licensing.GetActive(ctx, orgID)
-	if err != nil {
-		return errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
-	}
-
-	return setter.store.Create(ctx, roletypes.NewStorableRoleFromRole(role))
-}
-
-func (setter *setter) GetOrCreate(ctx context.Context, orgID valuer.UUID, role *roletypes.Role) (*roletypes.Role, error) {
-	_, err := setter.licensing.GetActive(ctx, orgID)
-	if err != nil {
-		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
-	}
-
-	existingRole, err := setter.store.GetByOrgIDAndName(ctx, role.OrgID, role.Name)
-	if err != nil {
-		if !errors.Ast(err, errors.TypeNotFound) {
-			return nil, err
-		}
-	}
-
-	if existingRole != nil {
-		return roletypes.NewRoleFromStorableRole(existingRole), nil
-	}
-
-	err = setter.store.Create(ctx, roletypes.NewStorableRoleFromRole(role))
-	if err != nil {
-		return nil, err
-	}
-
-	return role, nil
-}
-
-func (setter *setter) GetResources(_ context.Context) []*authtypes.Resource {
-	typeables := make([]authtypes.Typeable, 0)
-	for _, register := range setter.registry {
-		typeables = append(typeables, register.MustGetTypeables()...)
-	}
-	// role module cannot self register itself!
-	typeables = append(typeables, setter.MustGetTypeables()...)
-
-	resources := make([]*authtypes.Resource, 0)
-	for _, typeable := range typeables {
-		resources = append(resources, &authtypes.Resource{Name: typeable.Name(), Type: typeable.Type()})
-	}
-
-	return resources
-}
-
-func (setter *setter) GetObjects(ctx context.Context, orgID valuer.UUID, id valuer.UUID, relation authtypes.Relation) ([]*authtypes.Object, error) {
-	storableRole, err := setter.store.Get(ctx, orgID, id)
-	if err != nil {
-		return nil, err
-	}
-
-	objects := make([]*authtypes.Object, 0)
-	for _, resource := range setter.GetResources(ctx) {
-		if slices.Contains(authtypes.TypeableRelations[resource.Type], relation) {
-			resourceObjects, err := setter.
-				authz.
-				ListObjects(
-					ctx,
-					authtypes.MustNewSubject(authtypes.TypeableRole, storableRole.ID.String(), orgID, &authtypes.RelationAssignee),
-					relation,
-					authtypes.MustNewTypeableFromType(resource.Type, resource.Name),
-				)
-			if err != nil {
-				return nil, err
-			}
-
-			objects = append(objects, resourceObjects...)
-		}
-	}
-
-	return objects, nil
-}
-
-func (setter *setter) Patch(ctx context.Context, orgID valuer.UUID, role *roletypes.Role) error {
-	_, err := setter.licensing.GetActive(ctx, orgID)
-	if err != nil {
-		return errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
-	}
-
-	return setter.store.Update(ctx, orgID, roletypes.NewStorableRoleFromRole(role))
-}
-
-func (setter *setter) PatchObjects(ctx context.Context, orgID valuer.UUID, id valuer.UUID, relation authtypes.Relation, additions, deletions []*authtypes.Object) error {
-	_, err := setter.licensing.GetActive(ctx, orgID)
-	if err != nil {
-		return errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
-	}
-
-	additionTuples, err := roletypes.GetAdditionTuples(id, orgID, relation, additions)
-	if err != nil {
-		return err
-	}
-
-	deletionTuples, err := roletypes.GetDeletionTuples(id, orgID, relation, deletions)
-	if err != nil {
-		return err
-	}
-
-	err = setter.authz.Write(ctx, additionTuples, deletionTuples)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (setter *setter) Delete(ctx context.Context, orgID valuer.UUID, id valuer.UUID) error {
-	_, err := setter.licensing.GetActive(ctx, orgID)
-	if err != nil {
-		return errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
-	}
-
-	storableRole, err := setter.store.Get(ctx, orgID, id)
-	if err != nil {
-		return err
-	}
-
-	role := roletypes.NewRoleFromStorableRole(storableRole)
-	err = role.CanEditDelete()
-	if err != nil {
-		return err
-	}
-
-	return setter.store.Delete(ctx, orgID, id)
-}
-
-func (setter *setter) MustGetTypeables() []authtypes.Typeable {
-	return []authtypes.Typeable{authtypes.TypeableRole, roletypes.TypeableResourcesRoles}
-}

ee/query-service/app/server.go

@@ -211,7 +211,7 @@ func (s Server) HealthCheckStatus() chan healthcheck.Status {
 
 func (s *Server) createPublicServer(apiHandler *api.APIHandler, web web.Web) (*http.Server, error) {
 	r := baseapp.NewRouter()
-	am := middleware.NewAuthZ(s.signoz.Instrumentation.Logger(), s.signoz.Modules.OrgGetter, s.signoz.Authz, s.signoz.Modules.RoleGetter)
+	am := middleware.NewAuthZ(s.signoz.Instrumentation.Logger(), s.signoz.Modules.OrgGetter, s.signoz.Authz)
 
 	r.Use(otelmux.Middleware(
 		"apiserver",

frontend/src/components/LogDetail/index.tsx

@@ -47,6 +47,7 @@ import { AppState } from 'store/reducers';
 import { Query, TagFilter } from 'types/api/queryBuilder/queryBuilderData';
 import { DataSource, StringOperators } from 'types/common/queryBuilder';
 import { GlobalReducer } from 'types/reducer/globalTime';
+import { isCtrlOrMMetaKey } from 'utils/isCtrlOrMMetaKey';
 
 import { RESOURCE_KEYS, VIEW_TYPES, VIEWS } from './constants';
 import { LogDetailInnerProps, LogDetailProps } from './LogDetail.interfaces';
@@ -135,7 +136,7 @@ function LogDetailInner({
 	};
 
 	// Go to logs explorer page with the log data
-	const handleOpenInExplorer = (): void => {
+	const handleOpenInExplorer = (event: React.MouseEvent): void => {
 		const queryParams = {
 			[QueryParams.activeLogId]: `"${log?.id}"`,
 			[QueryParams.startTime]: minTime?.toString() || '',
@@ -148,7 +149,16 @@ function LogDetailInner({
 				),
 			),
 		};
-		safeNavigate(`${ROUTES.LOGS_EXPLORER}?${createQueryParams(queryParams)}`);
+
+		if (isCtrlOrMMetaKey(event)) {
+			window.open(
+				`${ROUTES.LOGS_EXPLORER}?${createQueryParams(queryParams)}`,
+				'_blank',
+				'noopener,noreferrer',
+			);
+		} else {
+			safeNavigate(`${ROUTES.LOGS_EXPLORER}?${createQueryParams(queryParams)}`);
+		}
 	};
 
 	const handleQueryExpressionChange = useCallback(

frontend/src/components/NewSelect/CustomMultiSelect.tsx

@@ -28,6 +28,7 @@ import React, {
 	useState,
 } from 'react';
 import { Virtuoso } from 'react-virtuoso';
+import { isCtrlOrMMetaKey } from 'utils/isCtrlOrMMetaKey';
 import { popupContainer } from 'utils/selectPopupContainer';
 
 import { CustomMultiSelectProps, CustomTagProps, OptionData } from './types';
@@ -922,7 +923,7 @@ const CustomMultiSelect: React.FC<CustomMultiSelectProps> = ({
 			const lastVisibleChipIndex = getLastVisibleChipIndex();
 
 			// Handle special keyboard combinations
-			const isCtrlOrCmd = e.ctrlKey || e.metaKey;
+			const isCtrlOrCmd = isCtrlOrMMetaKey(e);
 
 			// Handle Ctrl+A (select all)
 			if (isCtrlOrCmd && e.key === 'a') {

frontend/src/container/AllAlertChannels/AlertChannels.tsx

@@ -5,12 +5,12 @@ import { ResizeTable } from 'components/ResizeTable';
 import ROUTES from 'constants/routes';
 import useComponentPermission from 'hooks/useComponentPermission';
 import { useNotifications } from 'hooks/useNotifications';
-import history from 'lib/history';
 import { useAppContext } from 'providers/App/App';
 import { useCallback } from 'react';
 import { useTranslation } from 'react-i18next';
 import { generatePath } from 'react-router-dom';
 import { Channels } from 'types/api/channels/getAll';
+import { genericNavigate } from 'utils/genericNavigate';
 
 import Delete from './Delete';
 
@@ -20,13 +20,15 @@ function AlertChannels({ allChannels }: AlertChannelsProps): JSX.Element {
 	const { user } = useAppContext();
 	const [action] = useComponentPermission(['new_alert_action'], user.role);
 
-	const onClickEditHandler = useCallback((id: string) => {
-		history.push(
-			generatePath(ROUTES.CHANNELS_EDIT, {
-				channelId: id,
-			}),
-		);
-	}, []);
+	const onClickEditHandler = useCallback(
+		(id: string, event: React.MouseEvent): void => {
+			genericNavigate(
+				generatePath(ROUTES.CHANNELS_EDIT, { channelId: id }),
+				event,
+			);
+		},
+		[],
+	);
 
 	const columns: ColumnsType<Channels> = [
 		{
@@ -52,7 +54,10 @@ function AlertChannels({ allChannels }: AlertChannelsProps): JSX.Element {
 			width: 80,
 			render: (id: string): JSX.Element => (
 				<>
-					<Button onClick={(): void => onClickEditHandler(id)} type="link">
+					<Button
+						onClick={(event: React.MouseEvent): void => onClickEditHandler(id, event)}
+						type="link"
+					>
 						{t('column_channel_edit')}
 					</Button>
 					<Delete id={id} notifications={notifications} />

frontend/src/container/AllAlertChannels/index.tsx

@@ -8,7 +8,6 @@ import Spinner from 'components/Spinner';
 import TextToolTip from 'components/TextToolTip';
 import ROUTES from 'constants/routes';
 import useComponentPermission from 'hooks/useComponentPermission';
-import history from 'lib/history';
 import { isUndefined } from 'lodash-es';
 import { useAppContext } from 'providers/App/App';
 import { useCallback, useEffect } from 'react';
@@ -17,6 +16,7 @@ import { useQuery } from 'react-query';
 import { SuccessResponseV2 } from 'types/api';
 import { Channels } from 'types/api/channels/getAll';
 import APIError from 'types/api/error';
+import { genericNavigate } from 'utils/genericNavigate';
 
 import AlertChannelsComponent from './AlertChannels';
 import { Button, ButtonContainer, RightActionContainer } from './styles';
@@ -30,8 +30,8 @@ function AlertChannels(): JSX.Element {
 		['add_new_channel'],
 		user.role,
 	);
-	const onToggleHandler = useCallback(() => {
-		history.push(ROUTES.CHANNELS_NEW);
+	const onToggleHandler = useCallback((event: React.MouseEvent) => {
+		genericNavigate(ROUTES.CHANNELS_NEW, event);
 	}, []);
 
 	const { isLoading, data, error } = useQuery<
@@ -78,7 +78,7 @@ function AlertChannels(): JSX.Element {
 						}
 					>
 						<Button
-							onClick={onToggleHandler}
+							onClick={(event: React.MouseEvent): void => onToggleHandler(event)}
 							icon={<PlusOutlined />}
 							disabled={!addNewChannelPermission}
 						>

frontend/src/container/ApiMonitoring/Explorer/Domains/DomainList.tsx

@@ -26,7 +26,6 @@ import { ApiMonitoringHardcodedAttributeKeys } from '../../constants';
 import { DEFAULT_PARAMS, useApiMonitoringParams } from '../../queryParams';
 import { columnsConfig, formatDataForTable } from '../../utils';
 import DomainDetails from './DomainDetails/DomainDetails';
-import DOCLINKS from 'utils/docLinks';
 
 function DomainList(): JSX.Element {
 	const [params, setParams] = useApiMonitoringParams();
@@ -146,17 +145,7 @@ function DomainList(): JSX.Element {
 									/>
 
 									<Typography.Text className="no-filtered-domains-message">
-										No External API calls detected. To automatically detect them, ensure
-										Client spans are being sent with required attributes.
-										<br />
-										Read more about <span> </span>
-										<a
-											href={DOCLINKS.EXTERNAL_API_MONITORING}
-											target="_blank"
-											rel="noreferrer"
-										>
-											configuring External API monitoring.
-										</a>
+										This query had no results. Edit your query and try again!
 									</Typography.Text>
 								</div>
 							</div>

frontend/src/container/ErrorDetails/index.tsx

@@ -18,6 +18,7 @@ import { useTranslation } from 'react-i18next';
 import { useQuery } from 'react-query';
 import { useLocation } from 'react-router-dom';
 import { PayloadProps as GetByErrorTypeAndServicePayload } from 'types/api/errors/getByErrorTypeAndService';
+import { genericNavigate } from 'utils/genericNavigate';
 
 import { keyToExclude } from './config';
 import { DashedContainer, EditorContainer, EventContainer } from './styles';
@@ -111,14 +112,18 @@ function ErrorDetails(props: ErrorDetailsProps): JSX.Element {
 			value: errorDetail[key as keyof GetByErrorTypeAndServicePayload],
 		}));
 
-	const onClickTraceHandler = (): void => {
+	const onClickTraceHandler = (event: React.MouseEvent): void => {
 		logEvent('Exception: Navigate to trace detail page', {
 			groupId: errorDetail?.groupID,
 			spanId: errorDetail.spanID,
 			traceId: errorDetail.traceID,
 			exceptionId: errorDetail?.errorId,
 		});
-		history.push(`/trace/${errorDetail.traceID}?spanId=${errorDetail.spanID}`);
+
+		genericNavigate(
+			`/trace/${errorDetail.traceID}?spanId=${errorDetail.spanID}`,
+			event,
+		);
 	};
 
 	const logEventCalledRef = useRef(false);
@@ -185,7 +190,10 @@ function ErrorDetails(props: ErrorDetailsProps): JSX.Element {
 
 			<DashedContainer>
 				<Typography>{t('see_trace_graph')}</Typography>
-				<Button onClick={onClickTraceHandler} type="primary">
+				<Button
+					onClick={(event: React.MouseEvent): void => onClickTraceHandler(event)}
+					type="primary"
+				>
 					{t('see_error_in_trace_graph')}
 				</Button>
 			</DashedContainer>

frontend/src/container/ExplorerOptions/ExplorerOptions.tsx

@@ -73,6 +73,7 @@ import { ViewProps } from 'types/api/saveViews/types';
 import { DataSource, StringOperators } from 'types/common/queryBuilder';
 import { USER_ROLES } from 'types/roles';
 import { panelTypeToExplorerView } from 'utils/explorerUtils';
+import { genericNavigate } from 'utils/genericNavigate';
 
 import { PreservedViewsTypes } from './constants';
 import ExplorerOptionsHideArea from './ExplorerOptionsHideArea';
@@ -192,7 +193,7 @@ function ExplorerOptions({
 	);
 
 	const onCreateAlertsHandler = useCallback(
-		(defaultQuery: Query | null) => {
+		(defaultQuery: Query | null, event?: React.MouseEvent) => {
 			if (sourcepage === DataSource.TRACES) {
 				logEvent('Traces Explorer: Create alert', {
 					panelType,
@@ -211,10 +212,11 @@ function ExplorerOptions({
 
 			const stringifiedQuery = handleConditionalQueryModification(defaultQuery);
 
-			history.push(
+			genericNavigate(
 				`${ROUTES.ALERTS_NEW}?${QueryParams.compositeQuery}=${encodeURIComponent(
 					stringifiedQuery,
 				)}`,
+				event,
 			);
 		},
 		// eslint-disable-next-line react-hooks/exhaustive-deps
@@ -749,7 +751,9 @@ function ExplorerOptions({
 			<Button
 				disabled={disabled}
 				shape="round"
-				onClick={(): void => onCreateAlertsHandler(query)}
+				onClick={(event: React.MouseEvent): void =>
+					onCreateAlertsHandler(query, event)
+				}
 				icon={<ConciergeBell size={16} />}
 			>
 				Create an Alert

frontend/src/container/Home/AlertRules/AlertRules.tsx

@@ -3,7 +3,6 @@ import getAll from 'api/alerts/getAll';
 import logEvent from 'api/common/logEvent';
 import { QueryParams } from 'constants/query';
 import ROUTES from 'constants/routes';
-import history from 'lib/history';
 import { mapQueryDataFromApi } from 'lib/newQueryBuilder/queryBuilderMappers/mapQueryDataFromApi';
 import { ArrowRight, ArrowUpRight, Plus } from 'lucide-react';
 import Card from 'periscope/components/Card/Card';
@@ -13,6 +12,7 @@ import { useQuery } from 'react-query';
 import { Link, useLocation } from 'react-router-dom';
 import { GettableAlert } from 'types/api/alerts/get';
 import { USER_ROLES } from 'types/roles';
+import { genericNavigate } from 'utils/genericNavigate';
 
 export default function AlertRules({
 	onUpdateChecklistDoneItem,
@@ -118,7 +118,10 @@ export default function AlertRules({
 		</div>
 	);
 
-	const onEditHandler = (record: GettableAlert) => (): void => {
+	const onEditHandler = (
+		record: GettableAlert,
+		event?: React.MouseEvent | React.KeyboardEvent,
+	): void => {
 		logEvent('Homepage: Alert clicked', {
 			ruleId: record.id,
 			ruleName: record.alert,
@@ -135,7 +138,7 @@ export default function AlertRules({
 
 		params.set(QueryParams.ruleId, record.id.toString());
 
-		history.push(`${ROUTES.ALERT_OVERVIEW}?${params.toString()}`);
+		genericNavigate(`${ROUTES.ALERT_OVERVIEW}?${params.toString()}`, event);
 	};
 
 	const renderAlertRules = (): JSX.Element => (
@@ -147,10 +150,10 @@ export default function AlertRules({
 						tabIndex={0}
 						className="alert-rule-item home-data-item"
 						key={rule.id}
-						onClick={onEditHandler(rule)}
+						onClick={(event: React.MouseEvent): void => onEditHandler(rule, event)}
 						onKeyDown={(e): void => {
 							if (e.key === 'Enter') {
-								onEditHandler(rule);
+								onEditHandler(rule, e);
 							}
 						}}
 					>

frontend/src/container/Home/DataSourceInfo/DataSourceInfo.tsx

@@ -1,4 +1,5 @@
 /* eslint-disable sonarjs/no-identical-functions */
+/* eslint-disable sonarjs/cognitive-complexity */
 import { Button, Skeleton, Tag, Typography } from 'antd';
 import logEvent from 'api/common/logEvent';
 import ROUTES from 'constants/routes';
@@ -9,6 +10,7 @@ import Card from 'periscope/components/Card/Card';
 import { useAppContext } from 'providers/App/App';
 import { useEffect, useState } from 'react';
 import { LicensePlatform } from 'types/api/licensesV3/getActive';
+import { genericNavigate } from 'utils/genericNavigate';
 
 import { DOCS_LINKS } from '../constants';
 
@@ -84,16 +86,16 @@ function DataSourceInfo({
 								icon={<img src="/Icons/container-plus.svg" alt="plus" />}
 								role="button"
 								tabIndex={0}
-								onClick={(): void => {
+								onClick={(event: React.MouseEvent): void => {
 									logEvent('Homepage: Connect dataSource clicked', {});
 
 									if (
 										activeLicense &&
 										activeLicense.platform === LicensePlatform.CLOUD
 									) {
-										history.push(ROUTES.GET_STARTED_WITH_CLOUD);
+										genericNavigate(ROUTES.GET_STARTED_WITH_CLOUD, event);
 									} else {
-										window?.open(
+										window.open(
 											DOCS_LINKS.ADD_DATA_SOURCE,
 											'_blank',
 											'noopener noreferrer',

frontend/src/container/Home/Home.tsx

@@ -30,6 +30,7 @@ import { UserPreference } from 'types/api/preferences/preference';
 import { DataSource } from 'types/common/queryBuilder';
 import { USER_ROLES } from 'types/roles';
 import { isIngestionActive } from 'utils/app';
+import { genericNavigate } from 'utils/genericNavigate';
 import { popupContainer } from 'utils/selectPopupContainer';
 
 import AlertRules from './AlertRules/AlertRules';
@@ -550,11 +551,11 @@ export default function Home(): JSX.Element {
 												type="default"
 												className="periscope-btn secondary"
 												icon={<Wrench size={14} />}
-												onClick={(): void => {
+												onClick={(event: React.MouseEvent): void => {
 													logEvent('Homepage: Explore clicked', {
 														source: 'Logs',
 													});
-													history.push(ROUTES.LOGS_EXPLORER);
+													genericNavigate(ROUTES.LOGS_EXPLORER, event);
 												}}
 											>
 												Open Logs Explorer
@@ -564,11 +565,11 @@ export default function Home(): JSX.Element {
 												type="default"
 												className="periscope-btn secondary"
 												icon={<Wrench size={14} />}
-												onClick={(): void => {
+												onClick={(event: React.MouseEvent): void => {
 													logEvent('Homepage: Explore clicked', {
 														source: 'Traces',
 													});
-													history.push(ROUTES.TRACES_EXPLORER);
+													genericNavigate(ROUTES.TRACES_EXPLORER, event);
 												}}
 											>
 												Open Traces Explorer
@@ -578,11 +579,11 @@ export default function Home(): JSX.Element {
 												type="default"
 												className="periscope-btn secondary"
 												icon={<Wrench size={14} />}
-												onClick={(): void => {
+												onClick={(event: React.MouseEvent): void => {
 													logEvent('Homepage: Explore clicked', {
 														source: 'Metrics',
 													});
-													history.push(ROUTES.METRICS_EXPLORER_EXPLORER);
+													genericNavigate(ROUTES.METRICS_EXPLORER_EXPLORER, event);
 												}}
 											>
 												Open Metrics Explorer
@@ -619,11 +620,11 @@ export default function Home(): JSX.Element {
 												type="default"
 												className="periscope-btn secondary"
 												icon={<Plus size={14} />}
-												onClick={(): void => {
+												onClick={(event: React.MouseEvent): void => {
 													logEvent('Homepage: Explore clicked', {
 														source: 'Dashboards',
 													});
-													history.push(ROUTES.ALL_DASHBOARD);
+													genericNavigate(ROUTES.ALL_DASHBOARD, event);
 												}}
 											>
 												Create dashboard
@@ -661,11 +662,11 @@ export default function Home(): JSX.Element {
 												type="default"
 												className="periscope-btn secondary"
 												icon={<Plus size={14} />}
-												onClick={(): void => {
+												onClick={(event: React.MouseEvent): void => {
 													logEvent('Homepage: Explore clicked', {
 														source: 'Alerts',
 													});
-													history.push(ROUTES.ALERTS_NEW);
+													genericNavigate(ROUTES.ALERTS_NEW, event);
 												}}
 											>
 												Create an alert

frontend/src/container/Home/HomeChecklist/HomeChecklist.tsx

@@ -4,12 +4,12 @@ import './HomeChecklist.styles.scss';
 import { Button } from 'antd';
 import logEvent from 'api/common/logEvent';
 import ROUTES from 'constants/routes';
-import history from 'lib/history';
 import { ArrowRight, ArrowRightToLine, BookOpenText } from 'lucide-react';
 import { useAppContext } from 'providers/App/App';
 import { useEffect, useState } from 'react';
 import { LicensePlatform } from 'types/api/licensesV3/getActive';
 import { USER_ROLES } from 'types/roles';
+import { genericNavigate } from 'utils/genericNavigate';
 
 export type ChecklistItem = {
 	id: string;
@@ -86,18 +86,22 @@ function HomeChecklist({
 												<Button
 													type="default"
 													className="periscope-btn secondary"
-													onClick={(): void => {
+													onClick={(event: React.MouseEvent): void => {
 														logEvent('Welcome Checklist: Get started clicked', {
 															step: item.id,
 														});
 
+														const checkForNewTabAndNavigate = (): void => {
+															genericNavigate(item.toRoute || '', event);
+														};
+
 														if (item.toRoute !== ROUTES.GET_STARTED_WITH_CLOUD) {
-															history.push(item.toRoute || '');
+															checkForNewTabAndNavigate();
 														} else if (
 															activeLicense &&
 															activeLicense.platform === LicensePlatform.CLOUD
 														) {
-															history.push(item.toRoute || '');
+															checkForNewTabAndNavigate();
 														} else {
 															window?.open(
 																item.docsLink || '',

frontend/src/container/Home/Services/ServiceMetrics.tsx

@@ -11,7 +11,6 @@ import useGetTopLevelOperations from 'hooks/useGetTopLevelOperations';
 import useResourceAttribute from 'hooks/useResourceAttribute';
 import { convertRawQueriesToTraceSelectedTags } from 'hooks/useResourceAttribute/utils';
 import { useSafeNavigate } from 'hooks/useSafeNavigate';
-import history from 'lib/history';
 import { ArrowRight, ArrowUpRight } from 'lucide-react';
 import Card from 'periscope/components/Card/Card';
 import { useAppContext } from 'providers/App/App';
@@ -29,6 +28,8 @@ import { ServicesList } from 'types/api/metrics/getService';
 import { GlobalReducer } from 'types/reducer/globalTime';
 import { Tags } from 'types/reducer/trace';
 import { USER_ROLES } from 'types/roles';
+import { genericNavigate } from 'utils/genericNavigate';
+import { isCtrlOrMMetaKey } from 'utils/isCtrlOrMMetaKey';
 
 import { FeatureKeys } from '../../../constants/features';
 import { DOCS_LINKS } from '../constants';
@@ -64,7 +65,7 @@ const EmptyState = memo(
 						<Button
 							type="default"
 							className="periscope-btn secondary"
-							onClick={(): void => {
+							onClick={(event: React.MouseEvent): void => {
 								logEvent('Homepage: Get Started clicked', {
 									source: 'Service Metrics',
 								});
@@ -73,7 +74,7 @@ const EmptyState = memo(
 									activeLicenseV3 &&
 									activeLicenseV3.platform === LicensePlatform.CLOUD
 								) {
-									history.push(ROUTES.GET_STARTED_WITH_CLOUD);
+									genericNavigate(ROUTES.GET_STARTED_WITH_CLOUD, event);
 								} else {
 									window?.open(
 										DOCS_LINKS.ADD_DATA_SOURCE,
@@ -116,7 +117,7 @@ const ServicesListTable = memo(
 		onRowClick,
 	}: {
 		services: ServicesList[];
-		onRowClick: (record: ServicesList) => void;
+		onRowClick: (record: ServicesList, event: React.MouseEvent) => void;
 	}): JSX.Element => (
 		<div className="services-list-container home-data-item-container metrics-services-list">
 			<div className="services-list">
@@ -125,8 +126,8 @@ const ServicesListTable = memo(
 					dataSource={services}
 					pagination={false}
 					className="services-table"
-					onRow={(record): { onClick: () => void } => ({
-						onClick: (): void => onRowClick(record),
+					onRow={(record): { onClick: (event: React.MouseEvent) => void } => ({
+						onClick: (event: React.MouseEvent): void => onRowClick(record, event),
 					})}
 				/>
 			</div>
@@ -284,11 +285,19 @@ function ServiceMetrics({
 	}, [onUpdateChecklistDoneItem, loadingUserPreferences, servicesExist]);
 
 	const handleRowClick = useCallback(
-		(record: ServicesList) => {
+		(record: ServicesList, event: React.MouseEvent) => {
 			logEvent('Homepage: Service clicked', {
 				serviceName: record.serviceName,
 			});
-			safeNavigate(`${ROUTES.APPLICATION}/${record.serviceName}`);
+			if (event && isCtrlOrMMetaKey(event)) {
+				window.open(
+					`${ROUTES.APPLICATION}/${record.serviceName}`,
+					'_blank',
+					'noopener,noreferrer',
+				);
+			} else {
+				safeNavigate(`${ROUTES.APPLICATION}/${record.serviceName}`);
+			}
 		},
 		[safeNavigate],
 	);

frontend/src/container/Home/Services/ServiceTraces.tsx

@@ -3,7 +3,6 @@ import logEvent from 'api/common/logEvent';
 import ROUTES from 'constants/routes';
 import { useQueryService } from 'hooks/useQueryService';
 import { useSafeNavigate } from 'hooks/useSafeNavigate';
-import history from 'lib/history';
 import { ArrowRight, ArrowUpRight } from 'lucide-react';
 import Card from 'periscope/components/Card/Card';
 import { useAppContext } from 'providers/App/App';
@@ -15,6 +14,8 @@ import { LicensePlatform } from 'types/api/licensesV3/getActive';
 import { ServicesList } from 'types/api/metrics/getService';
 import { GlobalReducer } from 'types/reducer/globalTime';
 import { USER_ROLES } from 'types/roles';
+import { genericNavigate } from 'utils/genericNavigate';
+import { isCtrlOrMMetaKey } from 'utils/isCtrlOrMMetaKey';
 
 import { DOCS_LINKS } from '../constants';
 import { columns, TIME_PICKER_OPTIONS } from './constants';
@@ -118,7 +119,7 @@ export default function ServiceTraces({
 							<Button
 								type="default"
 								className="periscope-btn secondary"
-								onClick={(): void => {
+								onClick={(event: React.MouseEvent): void => {
 									logEvent('Homepage: Get Started clicked', {
 										source: 'Service Traces',
 									});
@@ -127,7 +128,7 @@ export default function ServiceTraces({
 										activeLicense &&
 										activeLicense.platform === LicensePlatform.CLOUD
 									) {
-										history.push(ROUTES.GET_STARTED_WITH_CLOUD);
+										genericNavigate(ROUTES.GET_STARTED_WITH_CLOUD, event);
 									} else {
 										window?.open(
 											DOCS_LINKS.ADD_DATA_SOURCE,
@@ -172,13 +173,21 @@ export default function ServiceTraces({
 						dataSource={top5Services}
 						pagination={false}
 						className="services-table"
-						onRow={(record): { onClick: () => void } => ({
-							onClick: (): void => {
+						onRow={(record): { onClick: (event: React.MouseEvent) => void } => ({
+							onClick: (event: React.MouseEvent): void => {
 								logEvent('Homepage: Service clicked', {
 									serviceName: record.serviceName,
 								});
 
-								safeNavigate(`${ROUTES.APPLICATION}/${record.serviceName}`);
+								if (event && isCtrlOrMMetaKey(event)) {
+									window.open(
+										`${ROUTES.APPLICATION}/${record.serviceName}`,
+										'_blank',
+										'noopener,noreferrer',
+									);
+								} else {
+									safeNavigate(`${ROUTES.APPLICATION}/${record.serviceName}`);
+								}
 							},
 						})}
 					/>

frontend/src/container/ListAlertRules/AlertsEmptyState/AlertsEmptyState.tsx

@@ -5,10 +5,10 @@ import { Button, Divider, Typography } from 'antd';
 import logEvent from 'api/common/logEvent';
 import ROUTES from 'constants/routes';
 import useComponentPermission from 'hooks/useComponentPermission';
-import history from 'lib/history';
 import { useAppContext } from 'providers/App/App';
 import { useCallback, useState } from 'react';
 import { DataSource } from 'types/common/queryBuilder';
+import { genericNavigate } from 'utils/genericNavigate';
 
 import AlertInfoCard from './AlertInfoCard';
 import { ALERT_CARDS, ALERT_INFO_LINKS } from './alertLinks';
@@ -36,9 +36,9 @@ export function AlertsEmptyState(): JSX.Element {
 
 	const [loading, setLoading] = useState(false);
 
-	const onClickNewAlertHandler = useCallback(() => {
+	const onClickNewAlertHandler = useCallback((event: React.MouseEvent): void => {
 		setLoading(false);
-		history.push(ROUTES.ALERTS_NEW);
+		genericNavigate(ROUTES.ALERTS_NEW, event);
 	}, []);
 
 	return (
@@ -70,7 +70,9 @@ export function AlertsEmptyState(): JSX.Element {
 						<div className="action-container">
 							<Button
 								className="add-alert-btn"
-								onClick={onClickNewAlertHandler}
+								onClick={(event: React.MouseEvent): void =>
+									onClickNewAlertHandler(event)
+								}
 								icon={<PlusOutlined />}
 								disabled={!addNewAlert}
 								loading={loading}

frontend/src/container/ListAlertRules/ListAlert.tsx

@@ -31,6 +31,7 @@ import { UseQueryResult } from 'react-query';
 import { ErrorResponse, SuccessResponse } from 'types/api';
 import { AlertTypes } from 'types/api/alerts/alertTypes';
 import { GettableAlert } from 'types/api/alerts/get';
+import { isCtrlOrMMetaKey } from 'utils/isCtrlOrMMetaKey';
 
 import DeleteAlert from './DeleteAlert';
 import { ColumnButton, SearchContainer } from './styles';
@@ -266,7 +267,7 @@ function ListAlert({ allAlertRules, refetch }: ListAlertProps): JSX.Element {
 				const onClickHandler = (e: React.MouseEvent<HTMLElement>): void => {
 					e.stopPropagation();
 					e.preventDefault();
-					onEditHandler(record, e.metaKey || e.ctrlKey);
+					onEditHandler(record, isCtrlOrMMetaKey(e));
 				};
 
 				return <Typography.Link onClick={onClickHandler}>{value}</Typography.Link>;

frontend/src/container/ListOfDashboard/DashboardTemplates/DashboardTemplatesModal.tsx

@@ -118,7 +118,7 @@ const templatesList: DashboardTemplate[] = [
 
 interface DashboardTemplatesModalProps {
 	showNewDashboardTemplatesModal: boolean;
-	onCreateNewDashboard: () => void;
+	onCreateNewDashboard: (event: React.MouseEvent) => void;
 	onCancel: () => void;
 }
 
@@ -204,7 +204,9 @@ export default function DashboardTemplatesModal({
 									type="primary"
 									className="periscope-btn primary"
 									icon={<Plus size={14} />}
-									onClick={onCreateNewDashboard}
+									onClick={(event: React.MouseEvent): void =>
+										onCreateNewDashboard(event)
+									}
 								>
 									New dashboard
 								</Button>

frontend/src/container/ListOfDashboard/DashboardsList.tsx

@@ -86,6 +86,7 @@ import {
 	Widgets,
 } from 'types/api/dashboard/getAll';
 import APIError from 'types/api/error';
+import { isCtrlOrMMetaKey } from 'utils/isCtrlOrMMetaKey';
 
 import DashboardTemplatesModal from './DashboardTemplates/DashboardTemplatesModal';
 import ImportJSON from './ImportJSON';
@@ -284,35 +285,48 @@ function DashboardsList(): JSX.Element {
 			refetchDashboardList,
 		})) || [];
 
-	const onNewDashboardHandler = useCallback(async () => {
-		try {
-			logEvent('Dashboard List: Create dashboard clicked', {});
-			setNewDashboardState({
-				...newDashboardState,
-				loading: true,
-			});
-			const response = await createDashboard({
-				title: t('new_dashboard_title', {
-					ns: 'dashboard',
-				}),
-				uploadedGrafana: false,
-				version: ENTITY_VERSION_V5,
-			});
+	const onNewDashboardHandler = useCallback(
+		async (event: React.MouseEvent): Promise<void> => {
+			try {
+				logEvent('Dashboard List: Create dashboard clicked', {});
+				setNewDashboardState({
+					...newDashboardState,
+					loading: true,
+				});
+				const response = await createDashboard({
+					title: t('new_dashboard_title', {
+						ns: 'dashboard',
+					}),
+					uploadedGrafana: false,
+					version: ENTITY_VERSION_V5,
+				});
 
-			safeNavigate(
-				generatePath(ROUTES.DASHBOARD, {
-					dashboardId: response.data.id,
-				}),
-			);
-		} catch (error) {
-			showErrorModal(error as APIError);
-			setNewDashboardState({
-				...newDashboardState,
-				error: true,
-				errorMessage: (error as AxiosError).toString() || 'Something went Wrong',
-			});
-		}
-	}, [newDashboardState, safeNavigate, showErrorModal, t]);
+				if (event && isCtrlOrMMetaKey(event)) {
+					window.open(
+						generatePath(ROUTES.DASHBOARD, {
+							dashboardId: response.data.id,
+						}),
+						'_blank',
+						'noopener,noreferrer',
+					);
+				} else {
+					safeNavigate(
+						generatePath(ROUTES.DASHBOARD, {
+							dashboardId: response.data.id,
+						}),
+					);
+				}
+			} catch (error) {
+				showErrorModal(error as APIError);
+				setNewDashboardState({
+					...newDashboardState,
+					error: true,
+					errorMessage: (error as AxiosError).toString() || 'Something went Wrong',
+				});
+			}
+		},
+		[newDashboardState, safeNavigate, showErrorModal, t],
+	);
 
 	const onModalHandler = (uploadedGrafana: boolean): void => {
 		logEvent('Dashboard List: Import JSON clicked', {});
@@ -414,8 +428,8 @@ function DashboardsList(): JSX.Element {
 
 				const onClickHandler = (event: React.MouseEvent<HTMLElement>): void => {
 					event.stopPropagation();
-					if (event.metaKey || event.ctrlKey) {
-						window.open(getLink(), '_blank');
+					if (isCtrlOrMMetaKey(event)) {
+						window.open(getLink(), '_blank', 'noopener,noreferrer');
 					} else {
 						safeNavigate(getLink());
 					}
@@ -641,8 +655,8 @@ function DashboardsList(): JSX.Element {
 				label: (
 					<div
 						className="create-dashboard-menu-item"
-						onClick={(): void => {
-							onNewDashboardHandler();
+						onClick={(event: React.MouseEvent): void => {
+							onNewDashboardHandler(event);
 						}}
 					>
 						<LayoutGrid size={14} /> Create dashboard
@@ -929,7 +943,9 @@ function DashboardsList(): JSX.Element {
 
 				<DashboardTemplatesModal
 					showNewDashboardTemplatesModal={showNewDashboardTemplatesModal}
-					onCreateNewDashboard={onNewDashboardHandler}
+					onCreateNewDashboard={(event: React.MouseEvent): Promise<void> =>
+						onNewDashboardHandler(event)
+					}
 					onCancel={(): void => {
 						setShowNewDashboardTemplatesModal(false);
 					}}

frontend/src/container/ListOfDashboard/TableComponents/Name.tsx

@@ -1,6 +1,6 @@
 import { LockFilled } from '@ant-design/icons';
 import ROUTES from 'constants/routes';
-import history from 'lib/history';
+import { genericNavigate } from 'utils/genericNavigate';
 
 import { Data } from '../DashboardsList';
 import { TableLinkText } from './styles';
@@ -11,11 +11,7 @@ function Name(name: Data['name'], data: Data): JSX.Element {
 	const getLink = (): string => `${ROUTES.ALL_DASHBOARD}/${DashboardId}`;
 
 	const onClickHandler = (event: React.MouseEvent<HTMLElement>): void => {
-		if (event.metaKey || event.ctrlKey) {
-			window.open(getLink(), '_blank');
-		} else {
-			history.push(getLink());
-		}
+		genericNavigate(getLink(), event);
 	};
 
 	return (

frontend/src/container/MetricsApplication/Tabs/DBCall.tsx

@@ -1,3 +1,4 @@
+/* eslint-disable sonarjs/no-identical-functions */
 import { Col } from 'antd';
 import logEvent from 'api/common/logEvent';
 import { ENTITY_VERSION_V4 } from 'constants/app';
@@ -179,14 +180,17 @@ function DBCall(): JSX.Element {
 					type="default"
 					size="small"
 					id="database_call_rps_button"
-					onClick={onViewTracePopupClick({
-						servicename,
-						selectedTraceTags,
-						timestamp: selectedTimeStamp,
-						apmToTraceQuery,
-						stepInterval,
-						safeNavigate,
-					})}
+					onClick={(event): void =>
+						onViewTracePopupClick({
+							servicename,
+							selectedTraceTags,
+							timestamp: selectedTimeStamp,
+							apmToTraceQuery,
+							stepInterval,
+							safeNavigate,
+							event,
+						})
+					}
 				>
 					View Traces
 				</Button>
@@ -215,14 +219,17 @@ function DBCall(): JSX.Element {
 					type="default"
 					size="small"
 					id="database_call_avg_duration_button"
-					onClick={onViewTracePopupClick({
-						servicename,
-						selectedTraceTags,
-						timestamp: selectedTimeStamp,
-						apmToTraceQuery,
-						stepInterval,
-						safeNavigate,
-					})}
+					onClick={(event): void =>
+						onViewTracePopupClick({
+							servicename,
+							selectedTraceTags,
+							timestamp: selectedTimeStamp,
+							apmToTraceQuery,
+							stepInterval,
+							safeNavigate,
+							event,
+						})
+					}
 				>
 					View Traces
 				</Button>

frontend/src/container/MetricsApplication/Tabs/External.tsx

@@ -1,3 +1,4 @@
+/* eslint-disable sonarjs/no-identical-functions */
 import { Col } from 'antd';
 import logEvent from 'api/common/logEvent';
 import { ENTITY_VERSION_V4 } from 'constants/app';
@@ -244,22 +245,28 @@ function External(): JSX.Element {
 				<Col span={12}>
 					<GraphControlsPanel
 						id="external_call_error_percentage_button"
-						onViewTracesClick={onViewTracePopupClick({
-							servicename,
-							selectedTraceTags,
-							timestamp: selectedTimeStamp,
-							apmToTraceQuery: errorApmToTraceQuery,
-							stepInterval,
-							safeNavigate,
-						})}
-						onViewAPIMonitoringClick={onViewAPIMonitoringPopupClick({
-							servicename,
-							timestamp: selectedTimeStamp,
-							domainName: selectedData?.address || '',
-							isError: true,
-							stepInterval: 300,
-							safeNavigate,
-						})}
+						onViewTracesClick={(event: React.MouseEvent): void =>
+							onViewTracePopupClick({
+								servicename,
+								selectedTraceTags,
+								timestamp: selectedTimeStamp,
+								apmToTraceQuery: errorApmToTraceQuery,
+								stepInterval,
+								safeNavigate,
+								event,
+							})
+						}
+						onViewAPIMonitoringClick={(event: React.MouseEvent): void =>
+							onViewAPIMonitoringPopupClick({
+								servicename,
+								timestamp: selectedTimeStamp,
+								domainName: selectedData?.address || '',
+								isError: true,
+								stepInterval: 300,
+								safeNavigate,
+								event,
+							})
+						}
 					/>
 					<Card data-testid="external_call_error_percentage">
 						<GraphContainer>
@@ -286,22 +293,28 @@ function External(): JSX.Element {
 				<Col span={12}>
 					<GraphControlsPanel
 						id="external_call_duration_button"
-						onViewTracesClick={onViewTracePopupClick({
-							servicename,
-							selectedTraceTags,
-							timestamp: selectedTimeStamp,
-							apmToTraceQuery,
-							stepInterval,
-							safeNavigate,
-						})}
-						onViewAPIMonitoringClick={onViewAPIMonitoringPopupClick({
-							servicename,
-							timestamp: selectedTimeStamp,
-							domainName: selectedData?.address,
-							isError: false,
-							stepInterval: 300,
-							safeNavigate,
-						})}
+						onViewTracesClick={(event: React.MouseEvent): void =>
+							onViewTracePopupClick({
+								servicename,
+								selectedTraceTags,
+								timestamp: selectedTimeStamp,
+								apmToTraceQuery,
+								stepInterval,
+								safeNavigate,
+								event,
+							})
+						}
+						onViewAPIMonitoringClick={(event: React.MouseEvent): void =>
+							onViewAPIMonitoringPopupClick({
+								servicename,
+								timestamp: selectedTimeStamp,
+								domainName: selectedData?.address,
+								isError: false,
+								stepInterval: 300,
+								safeNavigate,
+								event,
+							})
+						}
 					/>
 
 					<Card data-testid="external_call_duration">
@@ -331,22 +344,28 @@ function External(): JSX.Element {
 				<Col span={12}>
 					<GraphControlsPanel
 						id="external_call_rps_by_address_button"
-						onViewTracesClick={onViewTracePopupClick({
-							servicename,
-							selectedTraceTags,
-							timestamp: selectedTimeStamp,
-							apmToTraceQuery,
-							stepInterval,
-							safeNavigate,
-						})}
-						onViewAPIMonitoringClick={onViewAPIMonitoringPopupClick({
-							servicename,
-							timestamp: selectedTimeStamp,
-							domainName: selectedData?.address,
-							isError: false,
-							stepInterval: 300,
-							safeNavigate,
-						})}
+						onViewTracesClick={(event: React.MouseEvent): void =>
+							onViewTracePopupClick({
+								servicename,
+								selectedTraceTags,
+								timestamp: selectedTimeStamp,
+								apmToTraceQuery,
+								stepInterval,
+								safeNavigate,
+								event,
+							})
+						}
+						onViewAPIMonitoringClick={(event: React.MouseEvent): void =>
+							onViewAPIMonitoringPopupClick({
+								servicename,
+								timestamp: selectedTimeStamp,
+								domainName: selectedData?.address,
+								isError: false,
+								stepInterval: 300,
+								safeNavigate,
+								event,
+							})
+						}
 					/>
 					<Card data-testid="external_call_rps_by_address">
 						<GraphContainer>
@@ -373,22 +392,28 @@ function External(): JSX.Element {
 				<Col span={12}>
 					<GraphControlsPanel
 						id="external_call_duration_by_address_button"
-						onViewTracesClick={onViewTracePopupClick({
-							servicename,
-							selectedTraceTags,
-							timestamp: selectedTimeStamp,
-							apmToTraceQuery,
-							stepInterval,
-							safeNavigate,
-						})}
-						onViewAPIMonitoringClick={onViewAPIMonitoringPopupClick({
-							servicename,
-							timestamp: selectedTimeStamp,
-							domainName: selectedData?.address,
-							isError: false,
-							stepInterval: 300,
-							safeNavigate,
-						})}
+						onViewTracesClick={(event: React.MouseEvent): void =>
+							onViewTracePopupClick({
+								servicename,
+								selectedTraceTags,
+								timestamp: selectedTimeStamp,
+								apmToTraceQuery,
+								stepInterval,
+								safeNavigate,
+								event,
+							})
+						}
+						onViewAPIMonitoringClick={(event: React.MouseEvent): void =>
+							onViewAPIMonitoringPopupClick({
+								servicename,
+								timestamp: selectedTimeStamp,
+								domainName: selectedData?.address,
+								isError: false,
+								stepInterval: 300,
+								safeNavigate,
+								event,
+							})
+						}
 					/>
 
 					<Card data-testid="external_call_duration_by_address">

frontend/src/container/MetricsApplication/Tabs/Overview.tsx

@@ -1,3 +1,4 @@
+/* eslint-disable sonarjs/no-identical-functions */
 import logEvent from 'api/common/logEvent';
 import getTopLevelOperations, {
 	ServiceDataProps,
@@ -31,6 +32,7 @@ import { DataTypes } from 'types/api/queryBuilder/queryAutocompleteResponse';
 import { Query } from 'types/api/queryBuilder/queryBuilderData';
 import { EQueryType } from 'types/common/dashboard';
 import { GlobalReducer } from 'types/reducer/globalTime';
+import { genericNavigate } from 'utils/genericNavigate';
 import { secondsToMilliseconds } from 'utils/timeUtils';
 import { v4 as uuid } from 'uuid';
 
@@ -228,14 +230,16 @@ function Application(): JSX.Element {
 	 * @param timestamp - The timestamp in seconds
 	 * @param apmToTraceQuery - query object
 	 * @param isViewLogsClicked - Whether this is for viewing logs vs traces
+	 * @param event - Click event to handle opening in new tab
 	 * @returns A callback function that handles the navigation when executed
 	 */
 	const onErrorTrackHandler = useCallback(
 		(
 			timestamp: number,
 			apmToTraceQuery: Query,
+			event: React.MouseEvent,
 			isViewLogsClicked?: boolean,
-		): (() => void) => (): void => {
+		): void => {
 			const endTime = secondsToMilliseconds(timestamp);
 			const startTime = secondsToMilliseconds(timestamp - stepInterval);
 
@@ -259,7 +263,7 @@ function Application(): JSX.Element {
 				queryString,
 			);
 
-			history.push(newPath);
+			genericNavigate(newPath, event);
 		},
 		// eslint-disable-next-line react-hooks/exhaustive-deps
 		[stepInterval],
@@ -319,14 +323,17 @@ function Application(): JSX.Element {
 						type="default"
 						size="small"
 						id="Rate_button"
-						onClick={onViewTracePopupClick({
-							servicename,
-							selectedTraceTags,
-							timestamp: selectedTimeStamp,
-							apmToTraceQuery,
-							stepInterval,
-							safeNavigate,
-						})}
+						onClick={(event: React.MouseEvent): void =>
+							onViewTracePopupClick({
+								servicename,
+								selectedTraceTags,
+								timestamp: selectedTimeStamp,
+								apmToTraceQuery,
+								stepInterval,
+								safeNavigate,
+								event,
+							})
+						}
 					>
 						View Traces
 					</Button>
@@ -349,14 +356,17 @@ function Application(): JSX.Element {
 							type="default"
 							size="small"
 							id="ApDex_button"
-							onClick={onViewTracePopupClick({
-								servicename,
-								selectedTraceTags,
-								timestamp: selectedTimeStamp,
-								apmToTraceQuery,
-								stepInterval,
-								safeNavigate,
-							})}
+							onClick={(event: React.MouseEvent): void =>
+								onViewTracePopupClick({
+									servicename,
+									selectedTraceTags,
+									timestamp: selectedTimeStamp,
+									apmToTraceQuery,
+									stepInterval,
+									safeNavigate,
+									event,
+								})
+							}
 						>
 							View Traces
 						</Button>
@@ -370,15 +380,12 @@ function Application(): JSX.Element {
 					<ColErrorContainer>
 						<GraphControlsPanel
 							id="Error_button"
-							onViewLogsClick={onErrorTrackHandler(
-								selectedTimeStamp,
-								logErrorQuery,
-								true,
-							)}
-							onViewTracesClick={onErrorTrackHandler(
-								selectedTimeStamp,
-								errorTrackQuery,
-							)}
+							onViewLogsClick={(event: React.MouseEvent): void =>
+								onErrorTrackHandler(selectedTimeStamp, logErrorQuery, event, true)
+							}
+							onViewTracesClick={(event: React.MouseEvent): void =>
+								onErrorTrackHandler(selectedTimeStamp, errorTrackQuery, event)
+							}
 						/>
 
 						<TopLevelOperation

frontend/src/container/MetricsApplication/Tabs/Overview/GraphControlsPanel/GraphControlsPanel.tsx

@@ -6,9 +6,9 @@ import { Binoculars, DraftingCompass, ScrollText } from 'lucide-react';
 
 interface GraphControlsPanelProps {
 	id: string;
-	onViewLogsClick?: () => void;
-	onViewTracesClick: () => void;
-	onViewAPIMonitoringClick?: () => void;
+	onViewLogsClick?: (event: React.MouseEvent) => void;
+	onViewTracesClick: (event: React.MouseEvent) => void;
+	onViewAPIMonitoringClick?: (event: React.MouseEvent) => void;
 }
 
 function GraphControlsPanel({
@@ -23,7 +23,7 @@ function GraphControlsPanel({
 				type="link"
 				icon={<DraftingCompass size={14} />}
 				size="small"
-				onClick={onViewTracesClick}
+				onClick={(event: React.MouseEvent): void => onViewTracesClick(event)}
 				style={{ color: Color.BG_VANILLA_100 }}
 			>
 				View traces
@@ -33,7 +33,7 @@ function GraphControlsPanel({
 					type="link"
 					icon={<ScrollText size={14} />}
 					size="small"
-					onClick={onViewLogsClick}
+					onClick={(event: React.MouseEvent): void => onViewLogsClick(event)}
 					style={{ color: Color.BG_VANILLA_100 }}
 				>
 					View logs
@@ -44,7 +44,9 @@ function GraphControlsPanel({
 					type="link"
 					icon={<Binoculars size={14} />}
 					size="small"
-					onClick={onViewAPIMonitoringClick}
+					onClick={(event: React.MouseEvent): void =>
+						onViewAPIMonitoringClick(event)
+					}
 					style={{ color: Color.BG_VANILLA_100 }}
 				>
 					View External APIs

frontend/src/container/MetricsApplication/Tabs/Overview/ServiceOverview.tsx

@@ -103,23 +103,29 @@ function ServiceOverview({
 		<>
 			<GraphControlsPanel
 				id="Service_button"
-				onViewLogsClick={onViewTracePopupClick({
-					servicename,
-					selectedTraceTags,
-					timestamp: selectedTimeStamp,
-					apmToTraceQuery: apmToLogQuery,
-					isViewLogsClicked: true,
-					stepInterval,
-					safeNavigate,
-				})}
-				onViewTracesClick={onViewTracePopupClick({
-					servicename,
-					selectedTraceTags,
-					timestamp: selectedTimeStamp,
-					apmToTraceQuery,
-					stepInterval,
-					safeNavigate,
-				})}
+				onViewLogsClick={(event: React.MouseEvent): void =>
+					onViewTracePopupClick({
+						servicename,
+						selectedTraceTags,
+						timestamp: selectedTimeStamp,
+						apmToTraceQuery: apmToLogQuery,
+						isViewLogsClicked: true,
+						stepInterval,
+						safeNavigate,
+						event,
+					})
+				}
+				onViewTracesClick={(event: React.MouseEvent): void =>
+					onViewTracePopupClick({
+						servicename,
+						selectedTraceTags,
+						timestamp: selectedTimeStamp,
+						apmToTraceQuery,
+						stepInterval,
+						safeNavigate,
+						event,
+					})
+				}
 			/>
 			<Card data-testid="service_latency">
 				<GraphContainer>

frontend/src/container/MetricsApplication/Tabs/Overview/TableRenderer/ColumnWithLink.tsx

@@ -3,6 +3,7 @@ import { navigateToTrace } from 'container/MetricsApplication/utils';
 import { useSafeNavigate } from 'hooks/useSafeNavigate';
 import { RowData } from 'lib/query/createTableColumnsFromQuery';
 import { DataTypes } from 'types/api/queryBuilder/queryAutocompleteResponse';
+import { isCtrlOrMMetaKey } from 'utils/isCtrlOrMMetaKey';
 import { v4 as uuid } from 'uuid';
 
 import { useGetAPMToTracesQueries } from '../../util';
@@ -50,7 +51,7 @@ function ColumnWithLink({
 	return (
 		<Tooltip placement="topLeft" title={text}>
 			<Typography.Link
-				onClick={(e): void => handleOnClick(text, e.metaKey || e.ctrlKey)}
+				onClick={(e): void => handleOnClick(text, isCtrlOrMMetaKey(e))}
 			>
 				{text}
 			</Typography.Link>

frontend/src/container/MetricsApplication/Tabs/util.ts

@@ -22,6 +22,7 @@ import {
 } from 'types/api/queryBuilder/queryBuilderData';
 import { DataSource } from 'types/common/queryBuilder';
 import { Tags } from 'types/reducer/trace';
+import { isCtrlOrMMetaKey } from 'utils/isCtrlOrMMetaKey';
 import { secondsToMilliseconds } from 'utils/timeUtils';
 import { v4 as uuid } from 'uuid';
 
@@ -43,6 +44,7 @@ interface OnViewTracePopupClickProps {
 	isViewLogsClicked?: boolean;
 	stepInterval?: number;
 	safeNavigate: (url: string) => void;
+	event: React.MouseEvent;
 }
 
 interface OnViewAPIMonitoringPopupClickProps {
@@ -53,6 +55,7 @@ interface OnViewAPIMonitoringPopupClickProps {
 	isError: boolean;
 
 	safeNavigate: (url: string) => void;
+	event: React.MouseEvent;
 }
 
 export function generateExplorerPath(
@@ -83,7 +86,7 @@ export function generateExplorerPath(
  * @param isViewLogsClicked - Whether this is for viewing logs vs traces
  * @param stepInterval - Time interval in seconds
  * @param safeNavigate - Navigation function
- 
+ * @param event - Click event to handle opening in new tab
  */
 export function onViewTracePopupClick({
 	selectedTraceTags,
@@ -93,33 +96,34 @@ export function onViewTracePopupClick({
 	isViewLogsClicked,
 	stepInterval,
 	safeNavigate,
-}: OnViewTracePopupClickProps): VoidFunction {
-	return (): void => {
-		const endTime = secondsToMilliseconds(timestamp);
-		const startTime = secondsToMilliseconds(timestamp - (stepInterval || 60));
+	event,
+}: OnViewTracePopupClickProps): void {
+	const endTime = secondsToMilliseconds(timestamp);
+	const startTime = secondsToMilliseconds(timestamp - (stepInterval || 60));
 
-		const urlParams = new URLSearchParams(window.location.search);
-		urlParams.set(QueryParams.startTime, startTime.toString());
-		urlParams.set(QueryParams.endTime, endTime.toString());
-		urlParams.delete(QueryParams.relativeTime);
-		const avialableParams = routeConfig[ROUTES.TRACE];
-		const queryString = getQueryString(avialableParams, urlParams);
+	const urlParams = new URLSearchParams(window.location.search);
+	urlParams.set(QueryParams.startTime, startTime.toString());
+	urlParams.set(QueryParams.endTime, endTime.toString());
+	urlParams.delete(QueryParams.relativeTime);
+	const avialableParams = routeConfig[ROUTES.TRACE];
+	const queryString = getQueryString(avialableParams, urlParams);
 
-		const JSONCompositeQuery = encodeURIComponent(
-			JSON.stringify(apmToTraceQuery),
-		);
+	const JSONCompositeQuery = encodeURIComponent(JSON.stringify(apmToTraceQuery));
 
-		const newPath = generateExplorerPath(
-			isViewLogsClicked,
-			urlParams,
-			servicename,
-			selectedTraceTags,
-			JSONCompositeQuery,
-			queryString,
-		);
+	const newPath = generateExplorerPath(
+		isViewLogsClicked,
+		urlParams,
+		servicename,
+		selectedTraceTags,
+		JSONCompositeQuery,
+		queryString,
+	);
 
+	if (event && isCtrlOrMMetaKey(event)) {
+		window.open(newPath, '_blank', 'noopener,noreferrer');
+	} else {
 		safeNavigate(newPath);
-	};
+	}
 }
 
 const generateAPIMonitoringPath = (
@@ -149,49 +153,52 @@ export function onViewAPIMonitoringPopupClick({
 	isError,
 	stepInterval,
 	safeNavigate,
-}: OnViewAPIMonitoringPopupClickProps): VoidFunction {
-	return (): void => {
-		const endTime = timestamp + (stepInterval || 60);
-		const startTime = timestamp - (stepInterval || 60);
-		const filters = {
-			items: [
-				...(isError
-					? [
-							{
-								id: uuid().slice(0, 8),
-								key: {
-									key: 'hasError',
-									dataType: DataTypes.bool,
-									type: 'tag',
-									id: 'hasError--bool--tag--true',
-								},
-								op: 'in',
-								value: ['true'],
+	event,
+}: OnViewAPIMonitoringPopupClickProps): void {
+	const endTime = timestamp + (stepInterval || 60);
+	const startTime = timestamp - (stepInterval || 60);
+	const filters = {
+		items: [
+			...(isError
+				? [
+						{
+							id: uuid().slice(0, 8),
+							key: {
+								key: 'hasError',
+								dataType: DataTypes.bool,
+								type: 'tag',
+								id: 'hasError--bool--tag--true',
 							},
-					  ]
-					: []),
-				{
-					id: uuid().slice(0, 8),
-					key: {
-						key: 'service.name',
-						dataType: DataTypes.String,
-						type: 'resource',
-					},
-					op: '=',
-					value: servicename,
+							op: 'in',
+							value: ['true'],
+						},
+				  ]
+				: []),
+			{
+				id: uuid().slice(0, 8),
+				key: {
+					key: 'service.name',
+					dataType: DataTypes.String,
+					type: 'resource',
 				},
-			],
-			op: 'AND',
-		};
-		const newPath = generateAPIMonitoringPath(
-			domainName,
-			startTime,
-			endTime,
-			filters,
-		);
-
-		safeNavigate(newPath);
+				op: '=',
+				value: servicename,
+			},
+		],
+		op: 'AND',
 	};
+	const newPath = generateAPIMonitoringPath(
+		domainName,
+		startTime,
+		endTime,
+		filters,
+	);
+
+	if (event && isCtrlOrMMetaKey(event)) {
+		window.open(newPath, '_blank', 'noopener,noreferrer');
+	} else {
+		safeNavigate(newPath);
+	}
 }
 
 export function useGraphClickHandler(

frontend/src/container/MetricsApplication/TopOperationsTable.tsx

@@ -17,6 +17,7 @@ import { AppState } from 'store/reducers';
 import { DataTypes } from 'types/api/queryBuilder/queryAutocompleteResponse';
 import { Query, TagFilterItem } from 'types/api/queryBuilder/queryBuilderData';
 import { GlobalReducer } from 'types/reducer/globalTime';
+import { isCtrlOrMMetaKey } from 'utils/isCtrlOrMMetaKey';
 import { v4 as uuid } from 'uuid';
 
 import { IServiceName } from './Tabs/types';
@@ -115,7 +116,7 @@ function TopOperationsTable({
 						e.stopPropagation();
 						e.preventDefault();
 
-						if (e.metaKey || e.ctrlKey) {
+						if (isCtrlOrMMetaKey(e)) {
 							handleOnClick(text, true); // open in new tab
 						} else {
 							handleOnClick(text, false); // open in current tab

frontend/src/container/NoLogs/NoLogs.tsx

@@ -1,13 +1,14 @@
+/* eslint-disable sonarjs/cognitive-complexity */
 import './NoLogs.styles.scss';
 
 import { Typography } from 'antd';
 import logEvent from 'api/common/logEvent';
 import ROUTES from 'constants/routes';
 import { useGetTenantLicense } from 'hooks/useGetTenantLicense';
-import history from 'lib/history';
 import { ArrowUpRight } from 'lucide-react';
 import { DataSource } from 'types/common/queryBuilder';
 import DOCLINKS from 'utils/docLinks';
+import { genericNavigate } from 'utils/genericNavigate';
 
 export default function NoLogs({
 	dataSource,
@@ -16,6 +17,8 @@ export default function NoLogs({
 }): JSX.Element {
 	const { isCloudUser: isCloudUserVal } = useGetTenantLicense();
 
+	const REL_NOOPENER_NOREFERRER = 'noopener,noreferrer';
+
 	const handleLinkClick = (
 		e: React.MouseEvent<HTMLAnchorElement, MouseEvent>,
 	): void => {
@@ -38,13 +41,25 @@ export default function NoLogs({
 			} else {
 				link = ROUTES.GET_STARTED_LOGS_MANAGEMENT;
 			}
-			history.push(link);
+			genericNavigate(link, e);
 		} else if (dataSource === 'traces') {
-			window.open(DOCLINKS.TRACES_EXPLORER_EMPTY_STATE, '_blank');
+			window.open(
+				DOCLINKS.TRACES_EXPLORER_EMPTY_STATE,
+				'_blank',
+				REL_NOOPENER_NOREFERRER,
+			);
 		} else if (dataSource === DataSource.METRICS) {
-			window.open(DOCLINKS.METRICS_EXPLORER_EMPTY_STATE, '_blank');
+			window.open(
+				DOCLINKS.METRICS_EXPLORER_EMPTY_STATE,
+				'_blank',
+				REL_NOOPENER_NOREFERRER,
+			);
 		} else {
-			window.open(`${DOCLINKS.USER_GUIDE}${dataSource}/`, '_blank');
+			window.open(
+				`${DOCLINKS.USER_GUIDE}${dataSource}/`,
+				'_blank',
+				REL_NOOPENER_NOREFERRER,
+			);
 		}
 	};
 	return (
@@ -59,7 +74,12 @@ export default function NoLogs({
 					</span>
 				</Typography>
 
-				<Typography.Link className="send-logs-link" onClick={handleLinkClick}>
+				<Typography.Link
+					className="send-logs-link"
+					onClick={(e: React.MouseEvent<HTMLAnchorElement, MouseEvent>): void =>
+						handleLinkClick(e)
+					}
+				>
 					Sending {dataSource} to SigNoz <ArrowUpRight size={16} />
 				</Typography.Link>
 			</div>

frontend/src/container/QueryBuilder/filters/QueryBuilderSearch/index.tsx

@@ -48,6 +48,7 @@ import {
 } from 'types/api/queryBuilder/queryBuilderData';
 import { DataSource } from 'types/common/queryBuilder';
 import { getUserOperatingSystem, UserOperatingSystem } from 'utils/getUserOS';
+import { isCtrlOrMMetaKey } from 'utils/isCtrlOrMMetaKey';
 import { popupContainer } from 'utils/selectPopupContainer';
 import { v4 as uuid } from 'uuid';
 
@@ -225,7 +226,7 @@ function QueryBuilderSearch({
 
 		if (
 			!disableNavigationShortcuts &&
-			(event.ctrlKey || event.metaKey) &&
+			isCtrlOrMMetaKey(event) &&
 			event.key === 'Enter'
 		) {
 			event.preventDefault();
@@ -236,7 +237,7 @@ function QueryBuilderSearch({
 
 		if (
 			!disableNavigationShortcuts &&
-			(event.ctrlKey || event.metaKey) &&
+			isCtrlOrMMetaKey(event) &&
 			event.key === '/'
 		) {
 			event.preventDefault();

frontend/src/container/QueryBuilder/filters/QueryBuilderSearchV2/QueryBuilderSearchV2.tsx

@@ -52,6 +52,7 @@ import {
 	TagFilter,
 } from 'types/api/queryBuilder/queryBuilderData';
 import { DataSource } from 'types/common/queryBuilder';
+import { isCtrlOrMMetaKey } from 'utils/isCtrlOrMMetaKey';
 import { popupContainer } from 'utils/selectPopupContainer';
 import { v4 as uuid } from 'uuid';
 
@@ -456,12 +457,12 @@ function QueryBuilderSearchV2(
 				setTags((prev) => prev.slice(0, -1));
 			}
 
-			if ((event.ctrlKey || event.metaKey) && event.key === '/') {
+			if (isCtrlOrMMetaKey(event) && event.key === '/') {
 				event.preventDefault();
 				event.stopPropagation();
 				setShowAllFilters((prev) => !prev);
 			}
-			if ((event.ctrlKey || event.metaKey) && event.key === 'Enter') {
+			if (isCtrlOrMMetaKey(event) && event.key === 'Enter') {
 				event.preventDefault();
 				event.stopPropagation();
 				handleRunQuery();

frontend/src/container/SideNav/SideNav.tsx

@@ -67,6 +67,8 @@ import AppReducer from 'types/reducer/app';
 import { USER_ROLES } from 'types/roles';
 import { checkVersionState } from 'utils/app';
 import { showErrorNotification } from 'utils/error';
+import { genericNavigate } from 'utils/genericNavigate';
+import { isCtrlOrMMetaKey } from 'utils/isCtrlOrMMetaKey';
 
 import { useCmdK } from '../../providers/cmdKProvider';
 import { routeConfig } from './config';
@@ -292,8 +294,6 @@ function SideNav({ isPinned }: { isPinned: boolean }): JSX.Element {
 		icon: <Cog size={16} />,
 	};
 
-	const isCtrlMetaKey = (e: MouseEvent): boolean => e.ctrlKey || e.metaKey;
-
 	const isLatestVersion = checkVersionState(currentVersion, latestVersion);
 
 	const [
@@ -411,7 +411,7 @@ function SideNav({ isPinned }: { isPinned: boolean }): JSX.Element {
 	const isWorkspaceBlocked = trialInfo?.workSpaceBlock || false;
 
 	const openInNewTab = (path: string): void => {
-		window.open(path, '_blank');
+		window.open(path, '_blank', 'noopener,noreferrer');
 	};
 
 	const onClickGetStarted = (event: MouseEvent): void => {
@@ -424,7 +424,7 @@ function SideNav({ isPinned }: { isPinned: boolean }): JSX.Element {
 			? ROUTES.GET_STARTED_WITH_CLOUD
 			: ROUTES.GET_STARTED;
 
-		if (isCtrlMetaKey(event)) {
+		if (isCtrlOrMMetaKey(event)) {
 			openInNewTab(onboaringRoute);
 		} else {
 			history.push(onboaringRoute);
@@ -439,7 +439,7 @@ function SideNav({ isPinned }: { isPinned: boolean }): JSX.Element {
 			const queryString = getQueryString(availableParams || [], params);
 
 			if (pathname !== key) {
-				if (event && isCtrlMetaKey(event)) {
+				if (event && isCtrlOrMMetaKey(event)) {
 					openInNewTab(`${key}?${queryString.join('&')}`);
 				} else {
 					history.push(`${key}?${queryString.join('&')}`, {
@@ -634,11 +634,7 @@ function SideNav({ isPinned }: { isPinned: boolean }): JSX.Element {
 
 	const handleMenuItemClick = (event: MouseEvent, item: SidebarItem): void => {
 		if (item.key === ROUTES.SETTINGS) {
-			if (isCtrlMetaKey(event)) {
-				openInNewTab(settingsRoute);
-			} else {
-				history.push(settingsRoute);
-			}
+			genericNavigate(settingsRoute, event);
 		} else if (item.key === 'quick-search') {
 			openCmdK();
 		} else if (item) {
@@ -809,7 +805,7 @@ function SideNav({ isPinned }: { isPinned: boolean }): JSX.Element {
 		);
 
 		if (item && !('type' in item) && item.isExternal && item.url) {
-			window.open(item.url, '_blank');
+			window.open(item.url, '_blank', 'noopener,noreferrer');
 		}
 
 		if (item && !('type' in item)) {

frontend/src/container/Trace/TraceTable/index.tsx

@@ -10,9 +10,7 @@ import {
 import { formUrlParams } from 'container/TraceDetail/utils';
 import dayjs from 'dayjs';
 import duration from 'dayjs/plugin/duration';
-import history from 'lib/history';
 import omit from 'lodash-es/omit';
-import { HTMLAttributes } from 'react';
 import { useDispatch, useSelector } from 'react-redux';
 import { Dispatch } from 'redux';
 import { updateURL } from 'store/actions/trace/util';
@@ -25,6 +23,7 @@ import {
 	UPDATE_SPANS_AGGREGATE_PAGE_SIZE,
 } from 'types/actions/trace';
 import { TraceReducer } from 'types/reducer/trace';
+import { genericNavigate } from 'utils/genericNavigate';
 import { v4 } from 'uuid';
 
 dayjs.extend(duration);
@@ -203,15 +202,13 @@ function TraceTable(): JSX.Element {
 			style={{
 				cursor: 'pointer',
 			}}
-			onRow={(record: TableType): HTMLAttributes<TableType> => ({
-				onClick: (event): void => {
+			onRow={(
+				record: TableType,
+			): { onClick: (event: React.MouseEvent) => void } => ({
+				onClick: (event: React.MouseEvent): void => {
 					event.preventDefault();
 					event.stopPropagation();
-					if (event.metaKey || event.ctrlKey) {
-						window.open(getLink(record), '_blank');
-					} else {
-						history.push(getLink(record));
-					}
+					genericNavigate(getLink(record), event);
 				},
 			})}
 			pagination={{

frontend/src/container/TracesTableComponent/TracesTableComponent.tsx

@@ -84,8 +84,8 @@ function TracesTableComponent({
 			onClick: (event): void => {
 				event.preventDefault();
 				event.stopPropagation();
-				if (event.metaKey || event.ctrlKey) {
-					window.open(getTraceLink(record), '_blank');
+				if (event.ctrlKey || event.metaKey) {
+					window.open(getTraceLink(record), '_blank', 'noopener,noreferrer');
 				} else {
 					history.push(getTraceLink(record));
 				}

frontend/src/pages/TracesExplorer/__test__/TracesExplorer.test.tsx

@@ -27,6 +27,7 @@ import {
 	within,
 } from 'tests/test-utils';
 import { QueryRangePayloadV5 } from 'types/api/v5/queryRange';
+import * as genericNavigate from 'utils/genericNavigate';
 
 import TracesExplorer from '..';
 import { Filter } from '../Filter/Filter';
@@ -772,6 +773,12 @@ describe('TracesExplorer - ', () => {
 	});
 
 	it('create an alert btn assert', async () => {
+		const historyPush = jest.fn();
+
+		jest.spyOn(genericNavigate, 'genericNavigate').mockImplementation((link) => {
+			historyPush(link);
+		});
+
 		const { getByText } = renderWithTracesExplorerRouter(<TracesExplorer />, [
 			'/traces-explorer/?panelType=list&selectedExplorerView=list',
 		]);

frontend/src/utils/docLinks.ts

@@ -6,8 +6,6 @@ const DOCLINKS = {
 		'https://signoz.io/docs/product-features/trace-explorer/?utm_source=product&utm_medium=traces-explorer-trace-tab#traces-view',
 	METRICS_EXPLORER_EMPTY_STATE:
 		'https://signoz.io/docs/userguide/send-metrics-cloud/',
-	EXTERNAL_API_MONITORING:
-		'https://signoz.io/docs/external-api-monitoring/overview/',
 };
 
 export default DOCLINKS;

frontend/src/utils/genericNavigate.ts

@@ -0,0 +1,18 @@
+import history from 'lib/history';
+import { KeyboardEvent, MouseEvent } from 'react';
+import { isCtrlOrMMetaKey } from 'utils/isCtrlOrMMetaKey';
+
+export const genericNavigate = (
+	link: string,
+	event?:
+		| MouseEvent
+		| KeyboardEvent
+		| globalThis.MouseEvent
+		| globalThis.KeyboardEvent,
+): void => {
+	if (event && isCtrlOrMMetaKey(event)) {
+		window.open(link, '_blank', 'noopener,noreferrer');
+	} else {
+		history.push(link);
+	}
+};

frontend/src/utils/isCtrlOrMMetaKey.ts

@@ -0,0 +1,9 @@
+import { KeyboardEvent, MouseEvent } from 'react';
+
+export const isCtrlOrMMetaKey = (
+	event:
+		| MouseEvent
+		| KeyboardEvent
+		| globalThis.MouseEvent
+		| globalThis.KeyboardEvent,
+): boolean => event.metaKey || event.ctrlKey;

pkg/apiserver/signozapiserver/dashboard.go

@@ -17,7 +17,7 @@ func (provider *provider) addDashboardRoutes(router *mux.Router) error {
 		ID:                  "CreatePublicDashboard",
 		Tags:                []string{"dashboard"},
 		Summary:             "Create public dashboard",
-		Description:         "This endpoint creates public sharing config and enables public sharing of the dashboard",
+		Description:         "This endpoints creates public sharing config and enables public sharing of the dashboard",
 		Request:             new(dashboardtypes.PostablePublicDashboard),
 		RequestContentType:  "",
 		Response:            new(types.Identifiable),
@@ -34,7 +34,7 @@ func (provider *provider) addDashboardRoutes(router *mux.Router) error {
 		ID:                  "GetPublicDashboard",
 		Tags:                []string{"dashboard"},
 		Summary:             "Get public dashboard",
-		Description:         "This endpoint returns public sharing config for a dashboard",
+		Description:         "This endpoints returns public sharing config for a dashboard",
 		Request:             nil,
 		RequestContentType:  "",
 		Response:            new(dashboardtypes.GettablePublicDasbhboard),
@@ -51,7 +51,7 @@ func (provider *provider) addDashboardRoutes(router *mux.Router) error {
 		ID:                  "UpdatePublicDashboard",
 		Tags:                []string{"dashboard"},
 		Summary:             "Update public dashboard",
-		Description:         "This endpoint updates the public sharing config for a dashboard",
+		Description:         "This endpoints updates the public sharing config for a dashboard",
 		Request:             new(dashboardtypes.UpdatablePublicDashboard),
 		RequestContentType:  "",
 		Response:            nil,
@@ -68,7 +68,7 @@ func (provider *provider) addDashboardRoutes(router *mux.Router) error {
 		ID:                  "DeletePublicDashboard",
 		Tags:                []string{"dashboard"},
 		Summary:             "Delete public dashboard",
-		Description:         "This endpoint deletes the public sharing config and disables the public sharing of a dashboard",
+		Description:         "This endpoints deletes the public sharing config and disables the public sharing of a dashboard",
 		Request:             nil,
 		RequestContentType:  "",
 		Response:            nil,
@@ -83,7 +83,7 @@ func (provider *provider) addDashboardRoutes(router *mux.Router) error {
 
 	if err := router.Handle("/api/v1/public/dashboards/{id}", handler.New(provider.authZ.CheckWithoutClaims(
 		provider.dashboardHandler.GetPublicData,
-		authtypes.RelationRead,
+		authtypes.RelationRead, authtypes.RelationRead,
 		dashboardtypes.TypeableMetaResourcePublicDashboard,
 		func(req *http.Request, orgs []*types.Organization) ([]authtypes.Selector, valuer.UUID, error) {
 			id, err := valuer.NewUUID(mux.Vars(req)["id"])
@@ -92,11 +92,11 @@ func (provider *provider) addDashboardRoutes(router *mux.Router) error {
 			}
 
 			return provider.dashboardModule.GetPublicDashboardSelectorsAndOrg(req.Context(), id, orgs)
-		}, []string{}), handler.OpenAPIDef{
+		}), handler.OpenAPIDef{
 		ID:                  "GetPublicDashboardData",
 		Tags:                []string{"dashboard"},
 		Summary:             "Get public dashboard data",
-		Description:         "This endpoint returns the sanitized dashboard data for public access",
+		Description:         "This endpoints returns the sanitized dashboard data for public access",
 		Request:             nil,
 		RequestContentType:  "",
 		Response:            new(dashboardtypes.GettablePublicDashboardData),
@@ -111,7 +111,7 @@ func (provider *provider) addDashboardRoutes(router *mux.Router) error {
 
 	if err := router.Handle("/api/v1/public/dashboards/{id}/widgets/{idx}/query_range", handler.New(provider.authZ.CheckWithoutClaims(
 		provider.dashboardHandler.GetPublicWidgetQueryRange,
-		authtypes.RelationRead,
+		authtypes.RelationRead, authtypes.RelationRead,
 		dashboardtypes.TypeableMetaResourcePublicDashboard,
 		func(req *http.Request, orgs []*types.Organization) ([]authtypes.Selector, valuer.UUID, error) {
 			id, err := valuer.NewUUID(mux.Vars(req)["id"])
@@ -120,7 +120,7 @@ func (provider *provider) addDashboardRoutes(router *mux.Router) error {
 			}
 
 			return provider.dashboardModule.GetPublicDashboardSelectorsAndOrg(req.Context(), id, orgs)
-		}, []string{}), handler.OpenAPIDef{
+		}), handler.OpenAPIDef{
 		ID:                  "GetPublicDashboardWidgetQueryRange",
 		Tags:                []string{"dashboard"},
 		Summary:             "Get query range result",

pkg/apiserver/signozapiserver/global.go

@@ -13,7 +13,7 @@ func (provider *provider) addGlobalRoutes(router *mux.Router) error {
 		ID:                  "GetGlobalConfig",
 		Tags:                []string{"global"},
 		Summary:             "Get global config",
-		Description:         "This endpoint returns global config",
+		Description:         "This endpoints returns global config",
 		Request:             nil,
 		RequestContentType:  "",
 		Response:            new(types.GettableGlobalConfig),

pkg/apiserver/signozapiserver/provider.go

@@ -17,7 +17,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/modules/preference"
 	"github.com/SigNoz/signoz/pkg/modules/promote"
-	"github.com/SigNoz/signoz/pkg/modules/role"
 	"github.com/SigNoz/signoz/pkg/modules/session"
 	"github.com/SigNoz/signoz/pkg/modules/user"
 	"github.com/SigNoz/signoz/pkg/types"
@@ -42,8 +41,6 @@ type provider struct {
 	dashboardHandler       dashboard.Handler
 	metricsExplorerHandler metricsexplorer.Handler
 	gatewayHandler         gateway.Handler
-	roleGetter             role.Getter
-	roleHandler            role.Handler
 }
 
 func NewFactory(
@@ -61,11 +58,9 @@ func NewFactory(
 	dashboardHandler dashboard.Handler,
 	metricsExplorerHandler metricsexplorer.Handler,
 	gatewayHandler gateway.Handler,
-	roleGetter role.Getter,
-	roleHandler role.Handler,
 ) factory.ProviderFactory[apiserver.APIServer, apiserver.Config] {
 	return factory.NewProviderFactory(factory.MustNewName("signoz"), func(ctx context.Context, providerSettings factory.ProviderSettings, config apiserver.Config) (apiserver.APIServer, error) {
-		return newProvider(ctx, providerSettings, config, orgGetter, authz, orgHandler, userHandler, sessionHandler, authDomainHandler, preferenceHandler, globalHandler, promoteHandler, flaggerHandler, dashboardModule, dashboardHandler, metricsExplorerHandler, gatewayHandler, roleGetter, roleHandler)
+		return newProvider(ctx, providerSettings, config, orgGetter, authz, orgHandler, userHandler, sessionHandler, authDomainHandler, preferenceHandler, globalHandler, promoteHandler, flaggerHandler, dashboardModule, dashboardHandler, metricsExplorerHandler, gatewayHandler)
 	})
 }
 
@@ -87,8 +82,6 @@ func newProvider(
 	dashboardHandler dashboard.Handler,
 	metricsExplorerHandler metricsexplorer.Handler,
 	gatewayHandler gateway.Handler,
-	roleGetter role.Getter,
-	roleHandler role.Handler,
 ) (apiserver.APIServer, error) {
 	settings := factory.NewScopedProviderSettings(providerSettings, "github.com/SigNoz/signoz/pkg/apiserver/signozapiserver")
 	router := mux.NewRouter().UseEncodedPath()
@@ -109,11 +102,9 @@ func newProvider(
 		dashboardHandler:       dashboardHandler,
 		metricsExplorerHandler: metricsExplorerHandler,
 		gatewayHandler:         gatewayHandler,
-		roleGetter:             roleGetter,
-		roleHandler:            roleHandler,
 	}
 
-	provider.authZ = middleware.NewAuthZ(settings.Logger(), orgGetter, authz, roleGetter)
+	provider.authZ = middleware.NewAuthZ(settings.Logger(), orgGetter, authz)
 
 	if err := provider.AddToRouter(router); err != nil {
 		return nil, err
@@ -171,10 +162,6 @@ func (provider *provider) AddToRouter(router *mux.Router) error {
 		return err
 	}
 
-	if err := provider.addRoleRoutes(router); err != nil {
-		return err
-	}
-
 	return nil
 }
 

pkg/apiserver/signozapiserver/role.go

@@ -1,99 +0,0 @@
-package signozapiserver
-
-import (
-	"net/http"
-
-	"github.com/SigNoz/signoz/pkg/http/handler"
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/roletypes"
-	"github.com/gorilla/mux"
-)
-
-func (provider *provider) addRoleRoutes(router *mux.Router) error {
-	if err := router.Handle("/api/v1/roles", handler.New(provider.authZ.AdminAccess(provider.roleHandler.Create), handler.OpenAPIDef{
-		ID:                  "CreateRole",
-		Tags:                []string{"role"},
-		Summary:             "Create role",
-		Description:         "This endpoint creates a role",
-		Request:             nil,
-		RequestContentType:  "",
-		Response:            new(types.Identifiable),
-		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusCreated,
-		ErrorStatusCodes:    []int{},
-		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
-	})).Methods(http.MethodPost).GetError(); err != nil {
-		return err
-	}
-
-	if err := router.Handle("/api/v1/roles", handler.New(provider.authZ.AdminAccess(provider.roleHandler.List), handler.OpenAPIDef{
-		ID:                  "ListRoles",
-		Tags:                []string{"role"},
-		Summary:             "List roles",
-		Description:         "This endpoint lists all roles",
-		Request:             nil,
-		RequestContentType:  "",
-		Response:            make([]*roletypes.Role, 0),
-		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusOK,
-		ErrorStatusCodes:    []int{},
-		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
-	})).Methods(http.MethodGet).GetError(); err != nil {
-		return err
-	}
-
-	if err := router.Handle("/api/v1/roles/{id}", handler.New(provider.authZ.AdminAccess(provider.roleHandler.Get), handler.OpenAPIDef{
-		ID:                  "GetRole",
-		Tags:                []string{"role"},
-		Summary:             "Get role",
-		Description:         "This endpoint gets a role",
-		Request:             nil,
-		RequestContentType:  "",
-		Response:            new(roletypes.Role),
-		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusOK,
-		ErrorStatusCodes:    []int{},
-		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
-	})).Methods(http.MethodGet).GetError(); err != nil {
-		return err
-	}
-
-	if err := router.Handle("/api/v1/roles/{id}", handler.New(provider.authZ.AdminAccess(provider.roleHandler.Patch), handler.OpenAPIDef{
-		ID:                  "PatchRole",
-		Tags:                []string{"role"},
-		Summary:             "Patch role",
-		Description:         "This endpoint patches a role",
-		Request:             nil,
-		RequestContentType:  "",
-		Response:            nil,
-		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusNoContent,
-		ErrorStatusCodes:    []int{},
-		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
-	})).Methods(http.MethodPatch).GetError(); err != nil {
-		return err
-	}
-
-	if err := router.Handle("/api/v1/roles/{id}", handler.New(provider.authZ.AdminAccess(provider.roleHandler.Delete), handler.OpenAPIDef{
-		ID:                  "DeleteRole",
-		Tags:                []string{"role"},
-		Summary:             "Delete role",
-		Description:         "This endpoint deletes a role",
-		Request:             nil,
-		RequestContentType:  "",
-		Response:            nil,
-		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusNoContent,
-		ErrorStatusCodes:    []int{},
-		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
-	})).Methods(http.MethodDelete).GetError(); err != nil {
-		return err
-	}
-
-	return nil
-}

pkg/authz/authz.go

@@ -16,10 +16,9 @@ type AuthZ interface {
 	Check(context.Context, *openfgav1.TupleKey) error
 
 	// CheckWithTupleCreation takes upon the responsibility for generating the tuples alongside everything Check does.
-	CheckWithTupleCreation(context.Context, authtypes.Claims, valuer.UUID, authtypes.Relation, authtypes.Typeable, []authtypes.Selector, []authtypes.Selector) error
+	CheckWithTupleCreation(context.Context, authtypes.Claims, valuer.UUID, authtypes.Relation, authtypes.Relation, authtypes.Typeable, []authtypes.Selector) error
 
-	// CheckWithTupleCreationWithoutClaims checks permissions for anonymous users.
-	CheckWithTupleCreationWithoutClaims(context.Context, valuer.UUID, authtypes.Relation, authtypes.Typeable, []authtypes.Selector, []authtypes.Selector) error
+	CheckWithTupleCreationWithoutClaims(context.Context, valuer.UUID, authtypes.Relation, authtypes.Relation, authtypes.Typeable, []authtypes.Selector) error
 
 	// Batch Check returns error when the upstream authorization server is unavailable or for all the tuples of subject (s) doesn't have relation (r) on object (o).
 	BatchCheck(context.Context, []*openfgav1.TupleKey) error

pkg/authz/openfgaauthz/provider.go

@@ -152,17 +152,17 @@ func (provider *provider) BatchCheck(ctx context.Context, tupleReq []*openfgav1.
 		}
 	}
 
-	return errors.Newf(errors.TypeForbidden, authtypes.ErrCodeAuthZForbidden, "none of the subjects are allowed for requested access")
+	return errors.New(errors.TypeForbidden, authtypes.ErrCodeAuthZForbidden, "")
 
 }
 
-func (provider *provider) CheckWithTupleCreation(ctx context.Context, claims authtypes.Claims, orgID valuer.UUID, _ authtypes.Relation, _ authtypes.Typeable, _ []authtypes.Selector, roleSelectors []authtypes.Selector) error {
+func (provider *provider) CheckWithTupleCreation(ctx context.Context, claims authtypes.Claims, orgID valuer.UUID, _ authtypes.Relation, translation authtypes.Relation, _ authtypes.Typeable, _ []authtypes.Selector) error {
 	subject, err := authtypes.NewSubject(authtypes.TypeableUser, claims.UserID, orgID, nil)
 	if err != nil {
 		return err
 	}
 
-	tuples, err := authtypes.TypeableRole.Tuples(subject, authtypes.RelationAssignee, roleSelectors, orgID)
+	tuples, err := authtypes.TypeableOrganization.Tuples(subject, translation, []authtypes.Selector{authtypes.MustNewSelector(authtypes.TypeOrganization, orgID.StringValue())}, orgID)
 	if err != nil {
 		return err
 	}
@@ -175,13 +175,13 @@ func (provider *provider) CheckWithTupleCreation(ctx context.Context, claims aut
 	return nil
 }
 
-func (provider *provider) CheckWithTupleCreationWithoutClaims(ctx context.Context, orgID valuer.UUID, _ authtypes.Relation, _ authtypes.Typeable, _ []authtypes.Selector, roleSelectors []authtypes.Selector) error {
+func (provider *provider) CheckWithTupleCreationWithoutClaims(ctx context.Context, orgID valuer.UUID, _ authtypes.Relation, translation authtypes.Relation, _ authtypes.Typeable, _ []authtypes.Selector) error {
 	subject, err := authtypes.NewSubject(authtypes.TypeableAnonymous, authtypes.AnonymousUser.String(), orgID, nil)
 	if err != nil {
 		return err
 	}
 
-	tuples, err := authtypes.TypeableRole.Tuples(subject, authtypes.RelationAssignee, roleSelectors, orgID)
+	tuples, err := authtypes.TypeableOrganization.Tuples(subject, translation, []authtypes.Selector{authtypes.MustNewSelector(authtypes.TypeOrganization, orgID.StringValue())}, orgID)
 	if err != nil {
 		return err
 	}
@@ -195,10 +195,6 @@ func (provider *provider) CheckWithTupleCreationWithoutClaims(ctx context.Contex
 }
 
 func (provider *provider) Write(ctx context.Context, additions []*openfgav1.TupleKey, deletions []*openfgav1.TupleKey) error {
-	if len(additions) == 0 && len(deletions) == 0 {
-		return nil
-	}
-
 	storeID, modelID := provider.getStoreIDandModelID()
 	deletionTuplesWithoutCondition := make([]*openfgav1.TupleKeyWithoutCondition, len(deletions))
 	for idx, tuple := range deletions {

pkg/authz/openfgaauthz/provider_test.go

@@ -34,11 +34,11 @@ func TestProviderStartStop(t *testing.T) {
 	sqlstore.Mock().ExpectQuery("SELECT authorization_model_id, schema_version, type, type_definition, serialized_protobuf FROM authorization_model WHERE authorization_model_id = (.+)  AND store = (.+)").WithArgs("01K44QQKXR6F729W160NFCJT58", "01K3V0NTN47MPTMEV1PD5ST6ZC").WillReturnRows(modelRows)
 
 	sqlstore.Mock().ExpectExec("INSERT INTO authorization_model (.+) VALUES (.+)").WillReturnResult(sqlmock.NewResult(1, 1))
-
 	go func() {
 		err := provider.Start(context.Background())
 		require.NoError(t, err)
 	}()
+
 	// wait for the service to start
 	time.Sleep(time.Second * 2)
 

pkg/http/middleware/authz.go

@@ -7,7 +7,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/authz"
 	"github.com/SigNoz/signoz/pkg/http/render"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
-	"github.com/SigNoz/signoz/pkg/modules/role"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/gorilla/mux"
@@ -21,15 +20,14 @@ type AuthZ struct {
 	logger       *slog.Logger
 	orgGetter    organization.Getter
 	authzService authz.AuthZ
-	roleGetter   role.Getter
 }
 
-func NewAuthZ(logger *slog.Logger, orgGetter organization.Getter, authzService authz.AuthZ, roleGetter role.Getter) *AuthZ {
+func NewAuthZ(logger *slog.Logger, orgGetter organization.Getter, authzService authz.AuthZ) *AuthZ {
 	if logger == nil {
 		panic("cannot build authz middleware, logger is empty")
 	}
 
-	return &AuthZ{logger: logger, orgGetter: orgGetter, authzService: authzService, roleGetter: roleGetter}
+	return &AuthZ{logger: logger, orgGetter: orgGetter, authzService: authzService}
 }
 
 func (middleware *AuthZ) ViewAccess(next http.HandlerFunc) http.HandlerFunc {
@@ -111,10 +109,9 @@ func (middleware *AuthZ) OpenAccess(next http.HandlerFunc) http.HandlerFunc {
 	})
 }
 
-func (middleware *AuthZ) Check(next http.HandlerFunc, relation authtypes.Relation, typeable authtypes.Typeable, cb authtypes.SelectorCallbackWithClaimsFn, roles []string) http.HandlerFunc {
+func (middleware *AuthZ) Check(next http.HandlerFunc, relation authtypes.Relation, translation authtypes.Relation, typeable authtypes.Typeable, cb authtypes.SelectorCallbackWithClaimsFn) http.HandlerFunc {
 	return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
-		ctx := req.Context()
-		claims, err := authtypes.ClaimsFromContext(ctx)
+		claims, err := authtypes.ClaimsFromContext(req.Context())
 		if err != nil {
 			render.Error(rw, err)
 			return
@@ -132,18 +129,7 @@ func (middleware *AuthZ) Check(next http.HandlerFunc, relation authtypes.Relatio
 			return
 		}
 
-		roles, err := middleware.roleGetter.ListByOrgIDAndNames(req.Context(), orgId, roles)
-		if err != nil {
-			render.Error(rw, err)
-			return
-		}
-
-		roleSelectors := []authtypes.Selector{}
-		for _, role := range roles {
-			selectors = append(selectors, authtypes.MustNewSelector(authtypes.TypeRole, role.ID.String()))
-		}
-
-		err = middleware.authzService.CheckWithTupleCreation(ctx, claims, orgId, relation, typeable, selectors, roleSelectors)
+		err = middleware.authzService.CheckWithTupleCreation(req.Context(), claims, orgId, relation, translation, typeable, selectors)
 		if err != nil {
 			render.Error(rw, err)
 			return
@@ -153,7 +139,7 @@ func (middleware *AuthZ) Check(next http.HandlerFunc, relation authtypes.Relatio
 	})
 }
 
-func (middleware *AuthZ) CheckWithoutClaims(next http.HandlerFunc, relation authtypes.Relation, typeable authtypes.Typeable, cb authtypes.SelectorCallbackWithoutClaimsFn, roles []string) http.HandlerFunc {
+func (middleware *AuthZ) CheckWithoutClaims(next http.HandlerFunc, relation authtypes.Relation, translation authtypes.Relation, typeable authtypes.Typeable, cb authtypes.SelectorCallbackWithoutClaimsFn) http.HandlerFunc {
 	return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
 		ctx := req.Context()
 		orgs, err := middleware.orgGetter.ListByOwnedKeyRange(ctx)
@@ -168,7 +154,7 @@ func (middleware *AuthZ) CheckWithoutClaims(next http.HandlerFunc, relation auth
 			return
 		}
 
-		err = middleware.authzService.CheckWithTupleCreationWithoutClaims(ctx, orgID, relation, typeable, selectors, selectors)
+		err = middleware.authzService.CheckWithTupleCreationWithoutClaims(ctx, orgID, relation, translation, typeable, selectors)
 		if err != nil {
 			render.Error(rw, err)
 			return

pkg/modules/role/implrole/getter.go

@@ -1,63 +0,0 @@
-package implrole
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/modules/role"
-	"github.com/SigNoz/signoz/pkg/types/roletypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type getter struct {
-	store roletypes.Store
-}
-
-func NewGetter(store roletypes.Store) role.Getter {
-	return &getter{store: store}
-}
-
-func (getter *getter) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*roletypes.Role, error) {
-	storableRole, err := getter.store.Get(ctx, orgID, id)
-	if err != nil {
-		return nil, err
-	}
-
-	return roletypes.NewRoleFromStorableRole(storableRole), nil
-}
-
-func (getter *getter) GetByOrgIDAndName(ctx context.Context, orgID valuer.UUID, name string) (*roletypes.Role, error) {
-	storableRole, err := getter.store.GetByOrgIDAndName(ctx, orgID, name)
-	if err != nil {
-		return nil, err
-	}
-
-	return roletypes.NewRoleFromStorableRole(storableRole), nil
-}
-
-func (getter *getter) List(ctx context.Context, orgID valuer.UUID) ([]*roletypes.Role, error) {
-	storableRoles, err := getter.store.List(ctx, orgID)
-	if err != nil {
-		return nil, err
-	}
-
-	roles := make([]*roletypes.Role, len(storableRoles))
-	for idx, storableRole := range storableRoles {
-		roles[idx] = roletypes.NewRoleFromStorableRole(storableRole)
-	}
-
-	return roles, nil
-}
-
-func (getter *getter) ListByOrgIDAndNames(ctx context.Context, orgID valuer.UUID, names []string) ([]*roletypes.Role, error) {
-	storableRoles, err := getter.store.ListByOrgIDAndNames(ctx, orgID, names)
-	if err != nil {
-		return nil, err
-	}
-
-	roles := make([]*roletypes.Role, len(storableRoles))
-	for idx, storable := range storableRoles {
-		roles[idx] = roletypes.NewRoleFromStorableRole(storable)
-	}
-
-	return roles, nil
-}

pkg/modules/role/implrole/granter.go

@@ -1,108 +0,0 @@
-package implrole
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/authz"
-	"github.com/SigNoz/signoz/pkg/modules/role"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/roletypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type granter struct {
-	store roletypes.Store
-	authz authz.AuthZ
-}
-
-func NewGranter(store roletypes.Store, authz authz.AuthZ) role.Granter {
-	return &granter{store: store, authz: authz}
-}
-
-func (granter *granter) Grant(ctx context.Context, orgID valuer.UUID, name string, subject string) error {
-	role, err := granter.store.GetByOrgIDAndName(ctx, orgID, name)
-	if err != nil {
-		return err
-	}
-
-	tuples, err := authtypes.TypeableRole.Tuples(
-		subject,
-		authtypes.RelationAssignee,
-		[]authtypes.Selector{
-			authtypes.MustNewSelector(authtypes.TypeRole, role.ID.StringValue()),
-		},
-		orgID,
-	)
-	if err != nil {
-		return err
-	}
-	return granter.authz.Write(ctx, tuples, nil)
-}
-
-func (granter *granter) GrantByID(ctx context.Context, orgID valuer.UUID, id valuer.UUID, subject string) error {
-	tuples, err := authtypes.TypeableRole.Tuples(
-		subject,
-		authtypes.RelationAssignee,
-		[]authtypes.Selector{
-			authtypes.MustNewSelector(authtypes.TypeRole, id.StringValue()),
-		},
-		orgID,
-	)
-	if err != nil {
-		return err
-	}
-	return granter.authz.Write(ctx, tuples, nil)
-}
-
-func (granter *granter) ModifyGrant(ctx context.Context, orgID valuer.UUID, existingRoleName string, updatedRoleName string, subject string) error {
-	err := granter.Revoke(ctx, orgID, existingRoleName, subject)
-	if err != nil {
-		return err
-	}
-
-	err = granter.Grant(ctx, orgID, updatedRoleName, subject)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (granter *granter) Revoke(ctx context.Context, orgID valuer.UUID, name string, subject string) error {
-	role, err := granter.store.GetByOrgIDAndName(ctx, orgID, name)
-	if err != nil {
-		return err
-	}
-
-	tuples, err := authtypes.TypeableRole.Tuples(
-		subject,
-		authtypes.RelationAssignee,
-		[]authtypes.Selector{
-			authtypes.MustNewSelector(authtypes.TypeRole, role.ID.StringValue()),
-		},
-		orgID,
-	)
-	if err != nil {
-		return err
-	}
-	return granter.authz.Write(ctx, nil, tuples)
-}
-
-func (granter *granter) CreateManagedRoles(ctx context.Context, _ valuer.UUID, managedRoles []*roletypes.Role) error {
-	err := granter.store.RunInTx(ctx, func(ctx context.Context) error {
-		for _, role := range managedRoles {
-			err := granter.store.Create(ctx, roletypes.NewStorableRoleFromRole(role))
-			if err != nil {
-				return err
-			}
-		}
-
-		return nil
-	})
-
-	if err != nil {
-		return err
-	}
-
-	return nil
-}

pkg/modules/role/implrole/handler.go

@@ -14,12 +14,11 @@ import (
 )
 
 type handler struct {
-	setter role.Setter
-	getter role.Getter
+	module role.Module
 }
 
-func NewHandler(setter role.Setter, getter role.Getter) role.Handler {
-	return &handler{setter: setter, getter: getter}
+func NewHandler(module role.Module) role.Handler {
+	return &handler{module: module}
 }
 
 func (handler *handler) Create(rw http.ResponseWriter, r *http.Request) {
@@ -36,7 +35,7 @@ func (handler *handler) Create(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	err = handler.setter.Create(ctx, valuer.MustNewUUID(claims.OrgID), roletypes.NewRole(req.Name, req.Description, roletypes.RoleTypeCustom, valuer.MustNewUUID(claims.OrgID)))
+	err = handler.module.Create(ctx, roletypes.NewRole(req.Name, req.Description, roletypes.RoleTypeCustom.StringValue(), valuer.MustNewUUID(claims.OrgID)))
 	if err != nil {
 		render.Error(rw, err)
 		return
@@ -64,7 +63,7 @@ func (handler *handler) Get(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	role, err := handler.getter.Get(ctx, valuer.MustNewUUID(claims.OrgID), roleID)
+	role, err := handler.module.Get(ctx, valuer.MustNewUUID(claims.OrgID), roleID)
 	if err != nil {
 		render.Error(rw, err)
 		return
@@ -103,7 +102,7 @@ func (handler *handler) GetObjects(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	objects, err := handler.setter.GetObjects(ctx, valuer.MustNewUUID(claims.OrgID), roleID, relation)
+	objects, err := handler.module.GetObjects(ctx, valuer.MustNewUUID(claims.OrgID), roleID, relation)
 	if err != nil {
 		render.Error(rw, err)
 		return
@@ -114,7 +113,7 @@ func (handler *handler) GetObjects(rw http.ResponseWriter, r *http.Request) {
 
 func (handler *handler) GetResources(rw http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
-	resources := handler.setter.GetResources(ctx)
+	resources := handler.module.GetResources(ctx)
 
 	var resourceRelations = struct {
 		Resources []*authtypes.Resource                   `json:"resources"`
@@ -134,7 +133,7 @@ func (handler *handler) List(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	roles, err := handler.getter.List(ctx, valuer.MustNewUUID(claims.OrgID))
+	roles, err := handler.module.List(ctx, valuer.MustNewUUID(claims.OrgID))
 	if err != nil {
 		render.Error(rw, err)
 		return
@@ -163,19 +162,14 @@ func (handler *handler) Patch(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	role, err := handler.getter.Get(ctx, valuer.MustNewUUID(claims.OrgID), id)
+	role, err := handler.module.Get(ctx, valuer.MustNewUUID(claims.OrgID), id)
 	if err != nil {
 		render.Error(rw, err)
 		return
 	}
 
-	err = role.PatchMetadata(req.Name, req.Description)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	err = handler.setter.Patch(ctx, valuer.MustNewUUID(claims.OrgID), role)
+	role.PatchMetadata(req.Name, req.Description)
+	err = handler.module.Patch(ctx, valuer.MustNewUUID(claims.OrgID), role)
 	if err != nil {
 		render.Error(rw, err)
 		return
@@ -210,19 +204,13 @@ func (handler *handler) PatchObjects(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	role, err := handler.getter.Get(ctx, valuer.MustNewUUID(claims.OrgID), id)
+	patchableObjects, err := roletypes.NewPatchableObjects(req.Additions, req.Deletions, relation)
 	if err != nil {
 		render.Error(rw, err)
 		return
 	}
 
-	patchableObjects, err := role.NewPatchableObjects(req.Additions, req.Deletions, relation)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	err = handler.setter.PatchObjects(ctx, valuer.MustNewUUID(claims.OrgID), id, relation, patchableObjects.Additions, patchableObjects.Deletions)
+	err = handler.module.PatchObjects(ctx, valuer.MustNewUUID(claims.OrgID), id, relation, patchableObjects.Additions, patchableObjects.Deletions)
 	if err != nil {
 		render.Error(rw, err)
 		return
@@ -245,7 +233,7 @@ func (handler *handler) Delete(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	err = handler.setter.Delete(ctx, valuer.MustNewUUID(claims.OrgID), id)
+	err = handler.module.Delete(ctx, valuer.MustNewUUID(claims.OrgID), id)
 	if err != nil {
 		render.Error(rw, err)
 		return

pkg/modules/role/implrole/module.go

@@ -0,0 +1,164 @@
+package implrole
+
+import (
+	"context"
+	"slices"
+
+	"github.com/SigNoz/signoz/pkg/authz"
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/modules/role"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/roletypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+type module struct {
+	store    roletypes.Store
+	registry []role.RegisterTypeable
+	authz    authz.AuthZ
+}
+
+func NewModule(store roletypes.Store, authz authz.AuthZ, registry []role.RegisterTypeable) role.Module {
+	return &module{
+		store:    store,
+		authz:    authz,
+		registry: registry,
+	}
+}
+
+func (module *module) Create(ctx context.Context, role *roletypes.Role) error {
+	return module.store.Create(ctx, roletypes.NewStorableRoleFromRole(role))
+}
+
+func (module *module) GetOrCreate(ctx context.Context, role *roletypes.Role) (*roletypes.Role, error) {
+	existingRole, err := module.store.GetByNameAndOrgID(ctx, role.Name, role.OrgID)
+	if err != nil {
+		if !errors.Ast(err, errors.TypeNotFound) {
+			return nil, err
+		}
+	}
+
+	if existingRole != nil {
+		return roletypes.NewRoleFromStorableRole(existingRole), nil
+	}
+
+	err = module.store.Create(ctx, roletypes.NewStorableRoleFromRole(role))
+	if err != nil {
+		return nil, err
+	}
+
+	return role, nil
+}
+
+func (module *module) GetResources(_ context.Context) []*authtypes.Resource {
+	typeables := make([]authtypes.Typeable, 0)
+	for _, register := range module.registry {
+		typeables = append(typeables, register.MustGetTypeables()...)
+	}
+	// role module cannot self register itself!
+	typeables = append(typeables, module.MustGetTypeables()...)
+
+	resources := make([]*authtypes.Resource, 0)
+	for _, typeable := range typeables {
+		resources = append(resources, &authtypes.Resource{Name: typeable.Name(), Type: typeable.Type()})
+	}
+
+	return resources
+}
+
+func (module *module) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*roletypes.Role, error) {
+	storableRole, err := module.store.Get(ctx, orgID, id)
+	if err != nil {
+		return nil, err
+	}
+
+	return roletypes.NewRoleFromStorableRole(storableRole), nil
+}
+
+func (module *module) GetObjects(ctx context.Context, orgID valuer.UUID, id valuer.UUID, relation authtypes.Relation) ([]*authtypes.Object, error) {
+	storableRole, err := module.store.Get(ctx, orgID, id)
+	if err != nil {
+		return nil, err
+	}
+
+	objects := make([]*authtypes.Object, 0)
+	for _, resource := range module.GetResources(ctx) {
+		if slices.Contains(authtypes.TypeableRelations[resource.Type], relation) {
+			resourceObjects, err := module.
+				authz.
+				ListObjects(
+					ctx,
+					authtypes.MustNewSubject(authtypes.TypeableRole, storableRole.ID.String(), orgID, &authtypes.RelationAssignee),
+					relation,
+					authtypes.MustNewTypeableFromType(resource.Type, resource.Name),
+				)
+			if err != nil {
+				return nil, err
+			}
+
+			objects = append(objects, resourceObjects...)
+		}
+	}
+
+	return objects, nil
+}
+
+func (module *module) List(ctx context.Context, orgID valuer.UUID) ([]*roletypes.Role, error) {
+	storableRoles, err := module.store.List(ctx, orgID)
+	if err != nil {
+		return nil, err
+	}
+
+	roles := make([]*roletypes.Role, len(storableRoles))
+	for idx, storableRole := range storableRoles {
+		roles[idx] = roletypes.NewRoleFromStorableRole(storableRole)
+	}
+
+	return roles, nil
+}
+
+func (module *module) Patch(ctx context.Context, orgID valuer.UUID, role *roletypes.Role) error {
+	return module.store.Update(ctx, orgID, roletypes.NewStorableRoleFromRole(role))
+}
+
+func (module *module) PatchObjects(ctx context.Context, orgID valuer.UUID, id valuer.UUID, relation authtypes.Relation, additions, deletions []*authtypes.Object) error {
+	additionTuples, err := roletypes.GetAdditionTuples(id, orgID, relation, additions)
+	if err != nil {
+		return err
+	}
+
+	deletionTuples, err := roletypes.GetDeletionTuples(id, orgID, relation, deletions)
+	if err != nil {
+		return err
+	}
+
+	err = module.authz.Write(ctx, additionTuples, deletionTuples)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (module *module) Assign(ctx context.Context, id valuer.UUID, orgID valuer.UUID, subject string) error {
+	tuples, err := authtypes.TypeableRole.Tuples(
+		subject,
+		authtypes.RelationAssignee,
+		[]authtypes.Selector{
+			authtypes.MustNewSelector(authtypes.TypeRole, id.StringValue()),
+		},
+		orgID,
+	)
+	if err != nil {
+		return err
+	}
+	return module.authz.Write(ctx, tuples, nil)
+}
+
+func (module *module) Delete(ctx context.Context, orgID valuer.UUID, id valuer.UUID) error {
+	return module.store.Delete(ctx, orgID, id)
+}
+
+func (module *module) MustGetTypeables() []authtypes.Typeable {
+	return []authtypes.Typeable{authtypes.TypeableRole, roletypes.TypeableResourcesRoles}
+}

pkg/modules/role/implrole/setter.go

@@ -1,53 +0,0 @@
-package implrole
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/authz"
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/modules/role"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/roletypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type setter struct {
-	store roletypes.Store
-	authz authz.AuthZ
-}
-
-func NewSetter(store roletypes.Store, authz authz.AuthZ) role.Setter {
-	return &setter{store: store, authz: authz}
-}
-
-func (setter *setter) Create(_ context.Context, _ valuer.UUID, _ *roletypes.Role) error {
-	return errors.Newf(errors.TypeUnsupported, roletypes.ErrCodeRoleUnsupported, "not implemented")
-}
-
-func (setter *setter) GetOrCreate(_ context.Context, _ valuer.UUID, _ *roletypes.Role) (*roletypes.Role, error) {
-	return nil, errors.Newf(errors.TypeUnsupported, roletypes.ErrCodeRoleUnsupported, "not implemented")
-}
-
-func (setter *setter) GetResources(_ context.Context) []*authtypes.Resource {
-	return nil
-}
-
-func (setter *setter) GetObjects(ctx context.Context, orgID valuer.UUID, id valuer.UUID, relation authtypes.Relation) ([]*authtypes.Object, error) {
-	return nil, errors.Newf(errors.TypeUnsupported, roletypes.ErrCodeRoleUnsupported, "not implemented")
-}
-
-func (setter *setter) Patch(_ context.Context, _ valuer.UUID, _ *roletypes.Role) error {
-	return errors.Newf(errors.TypeUnsupported, roletypes.ErrCodeRoleUnsupported, "not implemented")
-}
-
-func (setter *setter) PatchObjects(_ context.Context, _ valuer.UUID, _ valuer.UUID, _ authtypes.Relation, _, _ []*authtypes.Object) error {
-	return errors.Newf(errors.TypeUnsupported, roletypes.ErrCodeRoleUnsupported, "not implemented")
-}
-
-func (setter *setter) Delete(_ context.Context, _ valuer.UUID, _ valuer.UUID) error {
-	return errors.Newf(errors.TypeUnsupported, roletypes.ErrCodeRoleUnsupported, "not implemented")
-}
-
-func (setter *setter) MustGetTypeables() []authtypes.Typeable {
-	return nil
-}

pkg/modules/role/implrole/store.go

@@ -7,7 +7,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/sqlstore"
 	"github.com/SigNoz/signoz/pkg/types/roletypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
-	"github.com/uptrace/bun"
 )
 
 type store struct {
@@ -21,7 +20,7 @@ func NewStore(sqlstore sqlstore.SQLStore) roletypes.Store {
 func (store *store) Create(ctx context.Context, role *roletypes.StorableRole) error {
 	_, err := store.
 		sqlstore.
-		BunDBCtx(ctx).
+		BunDB().
 		NewInsert().
 		Model(role).
 		Exec(ctx)
@@ -36,7 +35,7 @@ func (store *store) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID)
 	role := new(roletypes.StorableRole)
 	err := store.
 		sqlstore.
-		BunDBCtx(ctx).
+		BunDB().
 		NewSelect().
 		Model(role).
 		Where("org_id = ?", orgID).
@@ -49,11 +48,11 @@ func (store *store) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID)
 	return role, nil
 }
 
-func (store *store) GetByOrgIDAndName(ctx context.Context, orgID valuer.UUID, name string) (*roletypes.StorableRole, error) {
+func (store *store) GetByNameAndOrgID(ctx context.Context, name string, orgID valuer.UUID) (*roletypes.StorableRole, error) {
 	role := new(roletypes.StorableRole)
 	err := store.
 		sqlstore.
-		BunDBCtx(ctx).
+		BunDB().
 		NewSelect().
 		Model(role).
 		Where("org_id = ?", orgID).
@@ -70,30 +69,13 @@ func (store *store) List(ctx context.Context, orgID valuer.UUID) ([]*roletypes.S
 	roles := make([]*roletypes.StorableRole, 0)
 	err := store.
 		sqlstore.
-		BunDBCtx(ctx).
+		BunDB().
 		NewSelect().
 		Model(&roles).
 		Where("org_id = ?", orgID).
 		Scan(ctx)
 	if err != nil {
-		return nil, err
-	}
-
-	return roles, nil
-}
-
-func (store *store) ListByOrgIDAndNames(ctx context.Context, orgID valuer.UUID, names []string) ([]*roletypes.StorableRole, error) {
-	roles := make([]*roletypes.StorableRole, 0)
-	err := store.
-		sqlstore.
-		BunDBCtx(ctx).
-		NewSelect().
-		Model(&roles).
-		Where("org_id = ?", orgID).
-		Where("name IN (?)", bun.In(names)).
-		Scan(ctx)
-	if err != nil {
-		return nil, err
+		return nil, store.sqlstore.WrapNotFoundErrf(err, roletypes.ErrCodeRoleNotFound, "no roles found in org_id: %s", orgID)
 	}
 
 	return roles, nil
@@ -102,7 +84,7 @@ func (store *store) ListByOrgIDAndNames(ctx context.Context, orgID valuer.UUID,
 func (store *store) Update(ctx context.Context, orgID valuer.UUID, role *roletypes.StorableRole) error {
 	_, err := store.
 		sqlstore.
-		BunDBCtx(ctx).
+		BunDB().
 		NewUpdate().
 		Model(role).
 		WherePK().
@@ -118,7 +100,7 @@ func (store *store) Update(ctx context.Context, orgID valuer.UUID, role *roletyp
 func (store *store) Delete(ctx context.Context, orgID valuer.UUID, id valuer.UUID) error {
 	_, err := store.
 		sqlstore.
-		BunDBCtx(ctx).
+		BunDB().
 		NewDelete().
 		Model(new(roletypes.StorableRole)).
 		Where("org_id = ?", orgID).

pkg/modules/role/role.go

@@ -9,16 +9,22 @@ import (
 	"github.com/SigNoz/signoz/pkg/valuer"
 )
 
-type Setter interface {
+type Module interface {
 	// Creates the role.
-	Create(context.Context, valuer.UUID, *roletypes.Role) error
+	Create(context.Context, *roletypes.Role) error
 
 	// Gets the role if it exists or creates one.
-	GetOrCreate(context.Context, valuer.UUID, *roletypes.Role) (*roletypes.Role, error)
+	GetOrCreate(context.Context, *roletypes.Role) (*roletypes.Role, error)
+
+	// Gets the role
+	Get(context.Context, valuer.UUID, valuer.UUID) (*roletypes.Role, error)
 
 	// Gets the objects associated with the given role and relation.
 	GetObjects(context.Context, valuer.UUID, valuer.UUID, authtypes.Relation) ([]*authtypes.Object, error)
 
+	// Lists all the roles for the organization.
+	List(context.Context, valuer.UUID) ([]*roletypes.Role, error)
+
 	// Gets all the typeable resources registered from role registry.
 	GetResources(context.Context) []*authtypes.Resource
 
@@ -31,40 +37,12 @@ type Setter interface {
 	// Deletes the role and tuples in authorization server.
 	Delete(context.Context, valuer.UUID, valuer.UUID) error
 
+	// Assigns role to the given subject.
+	Assign(context.Context, valuer.UUID, valuer.UUID, string) error
+
 	RegisterTypeable
 }
 
-type Getter interface {
-	// Gets the role
-	Get(context.Context, valuer.UUID, valuer.UUID) (*roletypes.Role, error)
-
-	// Gets the role by org_id and name
-	GetByOrgIDAndName(context.Context, valuer.UUID, string) (*roletypes.Role, error)
-
-	// Lists all the roles for the organization.
-	List(context.Context, valuer.UUID) ([]*roletypes.Role, error)
-
-	//  Lists all the roles for the organization filtered by name
-	ListByOrgIDAndNames(context.Context, valuer.UUID, []string) ([]*roletypes.Role, error)
-}
-
-type Granter interface {
-	// Grants a role to the subject based on role name.
-	Grant(context.Context, valuer.UUID, string, string) error
-
-	// Grants a role to the subject based on role id.
-	GrantByID(context.Context, valuer.UUID, valuer.UUID, string) error
-
-	// Revokes a granted role from the subject based on role name.
-	Revoke(context.Context, valuer.UUID, string, string) error
-
-	// Changes the granted role for the subject based on role name.
-	ModifyGrant(context.Context, valuer.UUID, string, string, string) error
-
-	// Bootstrap the managed roles.
-	CreateManagedRoles(context.Context, valuer.UUID, []*roletypes.Role) error
-}
-
 type RegisterTypeable interface {
 	MustGetTypeables() []authtypes.Typeable
 }

pkg/modules/user/impluser/module.go

@@ -12,7 +12,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
-	"github.com/SigNoz/signoz/pkg/modules/role"
 	"github.com/SigNoz/signoz/pkg/modules/user"
 	root "github.com/SigNoz/signoz/pkg/modules/user"
 	"github.com/SigNoz/signoz/pkg/tokenizer"
@@ -30,13 +29,12 @@ type Module struct {
 	emailing  emailing.Emailing
 	settings  factory.ScopedProviderSettings
 	orgSetter organization.Setter
-	granter   role.Granter
 	analytics analytics.Analytics
 	config    user.Config
 }
 
 // This module is a WIP, don't take inspiration from this.
-func NewModule(store types.UserStore, tokenizer tokenizer.Tokenizer, emailing emailing.Emailing, providerSettings factory.ProviderSettings, orgSetter organization.Setter, granter role.Granter, analytics analytics.Analytics, config user.Config) root.Module {
+func NewModule(store types.UserStore, tokenizer tokenizer.Tokenizer, emailing emailing.Emailing, providerSettings factory.ProviderSettings, orgSetter organization.Setter, analytics analytics.Analytics, config user.Config) root.Module {
 	settings := factory.NewScopedProviderSettings(providerSettings, "github.com/SigNoz/signoz/pkg/modules/user/impluser")
 	return &Module{
 		store:     store,
@@ -45,7 +43,6 @@ func NewModule(store types.UserStore, tokenizer tokenizer.Tokenizer, emailing em
 		settings:  settings,
 		orgSetter: orgSetter,
 		analytics: analytics,
-		granter:   granter,
 		config:    config,
 	}
 }
@@ -230,6 +227,7 @@ func (m *Module) UpdateUser(ctx context.Context, orgID valuer.UUID, id string, u
 	}
 
 	user.UpdatedAt = time.Now()
+
 	updatedUser, err := m.store.UpdateUser(ctx, orgID, id, user)
 	if err != nil {
 		return nil, err
@@ -260,8 +258,8 @@ func (m *Module) UpdateUser(ctx context.Context, orgID valuer.UUID, id string, u
 	return updatedUser, nil
 }
 
-func (module *Module) DeleteUser(ctx context.Context, orgID valuer.UUID, id string, deletedBy string) error {
-	user, err := module.store.GetUser(ctx, valuer.MustNewUUID(id))
+func (m *Module) DeleteUser(ctx context.Context, orgID valuer.UUID, id string, deletedBy string) error {
+	user, err := m.store.GetUser(ctx, valuer.MustNewUUID(id))
 	if err != nil {
 		return err
 	}
@@ -271,7 +269,7 @@ func (module *Module) DeleteUser(ctx context.Context, orgID valuer.UUID, id stri
 	}
 
 	// don't allow to delete the last admin user
-	adminUsers, err := module.store.GetUsersByRoleAndOrgID(ctx, types.RoleAdmin, orgID)
+	adminUsers, err := m.store.GetUsersByRoleAndOrgID(ctx, types.RoleAdmin, orgID)
 	if err != nil {
 		return err
 	}
@@ -280,11 +278,11 @@ func (module *Module) DeleteUser(ctx context.Context, orgID valuer.UUID, id stri
 		return errors.New(errors.TypeForbidden, errors.CodeForbidden, "cannot delete the last admin")
 	}
 
-	if err := module.store.DeleteUser(ctx, orgID.String(), user.ID.StringValue()); err != nil {
+	if err := m.store.DeleteUser(ctx, orgID.String(), user.ID.StringValue()); err != nil {
 		return err
 	}
 
-	module.analytics.TrackUser(ctx, user.OrgID.String(), user.ID.String(), "User Deleted", map[string]any{
+	m.analytics.TrackUser(ctx, user.OrgID.String(), user.ID.String(), "User Deleted", map[string]any{
 		"deleted_by": deletedBy,
 	})
 
@@ -478,7 +476,7 @@ func (module *Module) CreateFirstUser(ctx context.Context, organization *types.O
 	}
 
 	if err = module.store.RunInTx(ctx, func(ctx context.Context) error {
-		err = module.orgSetter.Create(ctx, organization)
+		err := module.orgSetter.Create(ctx, organization)
 		if err != nil {
 			return err
 		}

pkg/query-service/app/server.go

@@ -209,7 +209,7 @@ func (s *Server) createPublicServer(api *APIHandler, web web.Web) (*http.Server,
 	r.Use(middleware.NewLogging(s.signoz.Instrumentation.Logger(), s.config.APIServer.Logging.ExcludedRoutes).Wrap)
 	r.Use(middleware.NewComment().Wrap)
 
-	am := middleware.NewAuthZ(s.signoz.Instrumentation.Logger(), s.signoz.Modules.OrgGetter, s.signoz.Authz, s.signoz.Modules.RoleGetter)
+	am := middleware.NewAuthZ(s.signoz.Instrumentation.Logger(), s.signoz.Modules.OrgGetter, s.signoz.Authz)
 
 	api.RegisterRoutes(r, am)
 	api.RegisterLogsRoutes(r, am)

pkg/signoz/handler.go

@@ -17,8 +17,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/quickfilter/implquickfilter"
 	"github.com/SigNoz/signoz/pkg/modules/rawdataexport"
 	"github.com/SigNoz/signoz/pkg/modules/rawdataexport/implrawdataexport"
-	"github.com/SigNoz/signoz/pkg/modules/role"
-	"github.com/SigNoz/signoz/pkg/modules/role/implrole"
 	"github.com/SigNoz/signoz/pkg/modules/savedview"
 	"github.com/SigNoz/signoz/pkg/modules/savedview/implsavedview"
 	"github.com/SigNoz/signoz/pkg/modules/services"
@@ -43,7 +41,6 @@ type Handlers struct {
 	Global          global.Handler
 	FlaggerHandler  flagger.Handler
 	GatewayHandler  gateway.Handler
-	Role            role.Handler
 }
 
 func NewHandlers(modules Modules, providerSettings factory.ProviderSettings, querier querier.Querier, licensing licensing.Licensing, global global.Global, flaggerService flagger.Flagger, gatewayService gateway.Gateway) Handlers {
@@ -60,6 +57,5 @@ func NewHandlers(modules Modules, providerSettings factory.ProviderSettings, que
 		Global:          signozglobal.NewHandler(global),
 		FlaggerHandler:  flagger.NewHandler(flaggerService),
 		GatewayHandler:  gateway.NewHandler(gatewayService),
-		Role:            implrole.NewHandler(modules.RoleSetter, modules.RoleGetter),
 	}
 }

pkg/signoz/handler_test.go

@@ -13,7 +13,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/factory/factorytest"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization/implorganization"
-	"github.com/SigNoz/signoz/pkg/modules/role/implrole"
 	"github.com/SigNoz/signoz/pkg/queryparser"
 	"github.com/SigNoz/signoz/pkg/sharder"
 	"github.com/SigNoz/signoz/pkg/sharder/noopsharder"
@@ -41,10 +40,7 @@ func TestNewHandlers(t *testing.T) {
 	queryParser := queryparser.New(providerSettings)
 	require.NoError(t, err)
 	dashboardModule := impldashboard.NewModule(impldashboard.NewStore(sqlstore), providerSettings, nil, orgGetter, queryParser)
-	roleSetter := implrole.NewSetter(implrole.NewStore(sqlstore), nil)
-	roleGetter := implrole.NewGetter(implrole.NewStore(sqlstore))
-	grantModule := implrole.NewGranter(implrole.NewStore(sqlstore), nil)
-	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, nil, nil, nil, nil, nil, nil, nil, queryParser, Config{}, dashboardModule, roleSetter, roleGetter, grantModule)
+	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, nil, nil, nil, nil, nil, nil, nil, queryParser, Config{}, dashboardModule)
 
 	handlers := NewHandlers(modules, providerSettings, nil, nil, nil, nil, nil)
 

pkg/signoz/module.go

@@ -25,7 +25,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/quickfilter/implquickfilter"
 	"github.com/SigNoz/signoz/pkg/modules/rawdataexport"
 	"github.com/SigNoz/signoz/pkg/modules/rawdataexport/implrawdataexport"
-	"github.com/SigNoz/signoz/pkg/modules/role"
 	"github.com/SigNoz/signoz/pkg/modules/savedview"
 	"github.com/SigNoz/signoz/pkg/modules/savedview/implsavedview"
 	"github.com/SigNoz/signoz/pkg/modules/services"
@@ -67,9 +66,6 @@ type Modules struct {
 	SpanPercentile  spanpercentile.Module
 	MetricsExplorer metricsexplorer.Module
 	Promote         promote.Module
-	RoleSetter      role.Setter
-	RoleGetter      role.Getter
-	Granter         role.Granter
 }
 
 func NewModules(
@@ -89,13 +85,10 @@ func NewModules(
 	queryParser queryparser.QueryParser,
 	config Config,
 	dashboard dashboard.Module,
-	roleSetter role.Setter,
-	roleGetter role.Getter,
-	granter role.Granter,
 ) Modules {
 	quickfilter := implquickfilter.NewModule(implquickfilter.NewStore(sqlstore))
 	orgSetter := implorganization.NewSetter(implorganization.NewStore(sqlstore), alertmanager, quickfilter)
-	user := impluser.NewModule(impluser.NewStore(sqlstore, providerSettings), tokenizer, emailing, providerSettings, orgSetter, granter, analytics, config.User)
+	user := impluser.NewModule(impluser.NewStore(sqlstore, providerSettings), tokenizer, emailing, providerSettings, orgSetter, analytics, config.User)
 	userGetter := impluser.NewGetter(impluser.NewStore(sqlstore, providerSettings))
 	ruleStore := sqlrulestore.NewRuleStore(sqlstore, queryParser, providerSettings)
 
@@ -117,8 +110,5 @@ func NewModules(
 		Services:        implservices.NewModule(querier, telemetryStore),
 		MetricsExplorer: implmetricsexplorer.NewModule(telemetryStore, telemetryMetadataStore, cache, ruleStore, dashboard, providerSettings, config.MetricsExplorer),
 		Promote:         implpromote.NewModule(telemetryMetadataStore, telemetryStore),
-		RoleSetter:      roleSetter,
-		RoleGetter:      roleGetter,
-		Granter:         granter,
 	}
 }

pkg/signoz/module_test.go

@@ -13,7 +13,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/factory/factorytest"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization/implorganization"
-	"github.com/SigNoz/signoz/pkg/modules/role/implrole"
 	"github.com/SigNoz/signoz/pkg/queryparser"
 	"github.com/SigNoz/signoz/pkg/sharder"
 	"github.com/SigNoz/signoz/pkg/sharder/noopsharder"
@@ -41,10 +40,7 @@ func TestNewModules(t *testing.T) {
 	queryParser := queryparser.New(providerSettings)
 	require.NoError(t, err)
 	dashboardModule := impldashboard.NewModule(impldashboard.NewStore(sqlstore), providerSettings, nil, orgGetter, queryParser)
-	roleSetter := implrole.NewSetter(implrole.NewStore(sqlstore), nil)
-	roleGetter := implrole.NewGetter(implrole.NewStore(sqlstore))
-	grantModule := implrole.NewGranter(implrole.NewStore(sqlstore), nil)
-	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, nil, nil, nil, nil, nil, nil, nil, queryParser, Config{}, dashboardModule, roleSetter, roleGetter, grantModule)
+	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, nil, nil, nil, nil, nil, nil, nil, queryParser, Config{}, dashboardModule)
 
 	reflectVal := reflect.ValueOf(modules)
 	for i := 0; i < reflectVal.NumField(); i++ {

pkg/signoz/openapi.go

@@ -19,7 +19,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/modules/preference"
 	"github.com/SigNoz/signoz/pkg/modules/promote"
-	"github.com/SigNoz/signoz/pkg/modules/role"
 	"github.com/SigNoz/signoz/pkg/modules/session"
 	"github.com/SigNoz/signoz/pkg/modules/user"
 	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
@@ -50,8 +49,6 @@ func NewOpenAPI(ctx context.Context, instrumentation instrumentation.Instrumenta
 		struct{ dashboard.Handler }{},
 		struct{ metricsexplorer.Handler }{},
 		struct{ gateway.Handler }{},
-		struct{ role.Getter }{},
-		struct{ role.Handler }{},
 	).New(ctx, instrumentation.ToProviderSettings(), apiserver.Config{})
 	if err != nil {
 		return nil, err

pkg/signoz/provider.go

@@ -243,8 +243,6 @@ func NewAPIServerProviderFactories(orgGetter organization.Getter, authz authz.Au
 			handlers.Dashboard,
 			handlers.MetricsExplorer,
 			handlers.GatewayHandler,
-			modules.RoleGetter,
-			handlers.Role,
 		),
 	)
 }

pkg/signoz/signoz.go

@@ -90,9 +90,8 @@ func New(
 	telemetrystoreProviderFactories factory.NamedMap[factory.ProviderFactory[telemetrystore.TelemetryStore, telemetrystore.Config]],
 	authNsCallback func(ctx context.Context, providerSettings factory.ProviderSettings, store authtypes.AuthNStore, licensing licensing.Licensing) (map[authtypes.AuthNProvider]authn.AuthN, error),
 	authzCallback func(context.Context, sqlstore.SQLStore) factory.ProviderFactory[authz.AuthZ, authz.Config],
-	dashboardModuleCallback func(sqlstore.SQLStore, factory.ProviderSettings, analytics.Analytics, organization.Getter, role.Setter, role.Granter, queryparser.QueryParser, querier.Querier, licensing.Licensing) dashboard.Module,
+	dashboardModuleCallback func(sqlstore.SQLStore, factory.ProviderSettings, analytics.Analytics, organization.Getter, role.Module, queryparser.QueryParser, querier.Querier, licensing.Licensing) dashboard.Module,
 	gatewayProviderFactory func(licensing.Licensing) factory.ProviderFactory[gateway.Gateway, gateway.Config],
-	roleSetterCallback func(sqlstore.SQLStore, authz.AuthZ, licensing.Licensing, []role.RegisterTypeable) role.Setter,
 ) (*SigNoz, error) {
 	// Initialize instrumentation
 	instrumentation, err := instrumentation.New(ctx, config.Instrumentation, version.Info, "signoz")
@@ -281,12 +280,6 @@ func New(
 		return nil, err
 	}
 
-	// Initialize user getter
-	userGetter := impluser.NewGetter(impluser.NewStore(sqlstore, providerSettings))
-
-	// Initialize the role getter
-	roleGetter := implrole.NewGetter(implrole.NewStore(sqlstore))
-
 	// Initialize authz
 	authzProviderFactory := authzCallback(ctx, sqlstore)
 	authz, err := authzProviderFactory.New(ctx, providerSettings, authz.Config{})
@@ -294,6 +287,9 @@ func New(
 		return nil, err
 	}
 
+	// Initialize user getter
+	userGetter := impluser.NewGetter(impluser.NewStore(sqlstore, providerSettings))
+
 	// Initialize notification manager from the available notification manager provider factories
 	nfManager, err := factory.NewProviderFromNamedMap(
 		ctx,
@@ -390,10 +386,9 @@ func New(
 	}
 
 	// Initialize all modules
-	roleSetter := roleSetterCallback(sqlstore, authz, licensing, nil)
-	granter := implrole.NewGranter(implrole.NewStore(sqlstore), authz)
-	dashboard := dashboardModuleCallback(sqlstore, providerSettings, analytics, orgGetter, roleSetter, granter, queryParser, querier, licensing)
-	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, analytics, querier, telemetrystore, telemetryMetadataStore, authNs, authz, cache, queryParser, config, dashboard, roleSetter, roleGetter, granter)
+	roleModule := implrole.NewModule(implrole.NewStore(sqlstore), authz, nil)
+	dashboardModule := dashboardModuleCallback(sqlstore, providerSettings, analytics, orgGetter, roleModule, queryParser, querier, licensing)
+	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, analytics, querier, telemetrystore, telemetryMetadataStore, authNs, authz, cache, queryParser, config, dashboardModule)
 
 	// Initialize all handlers for the modules
 	handlers := NewHandlers(modules, providerSettings, querier, licensing, global, flagger, gateway)

pkg/types/authtypes/selector.go

@@ -24,7 +24,7 @@ var (
 	typeRoleSelectorRegex         = regexp.MustCompile(`^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$`)
 	typeAnonymousSelectorRegex    = regexp.MustCompile(`^\*$`)
 	typeOrganizationSelectorRegex = regexp.MustCompile(`^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$`)
-	typeMetaResourceSelectorRegex = regexp.MustCompile(`^(^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$|\*)$`)
+	typeMetaResourceSelectorRegex = regexp.MustCompile(`^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$`)
 	// metaresources selectors are used to select either all or none
 	typeMetaResourcesSelectorRegex = regexp.MustCompile(`^\*$`)
 )

pkg/types/roletypes/role.go

@@ -20,7 +20,6 @@ var (
 	ErrCodeInvalidTypeRelation              = errors.MustNewCode("role_invalid_type_relation")
 	ErrCodeRoleNotFound                     = errors.MustNewCode("role_not_found")
 	ErrCodeRoleFailedTransactionsFromString = errors.MustNewCode("role_failed_transactions_from_string")
-	ErrCodeRoleUnsupported                  = errors.MustNewCode("role_unsupported")
 )
 
 var (
@@ -33,22 +32,8 @@ var (
 )
 
 var (
-	SigNozAnonymousRoleName        = "signoz-anonymous"
-	SigNozAnonymousRoleDescription = "Role assigned to anonymous users for access to public resources."
-	SigNozAdminRoleName            = "signoz-admin"
-	SigNozAdminRoleDescription     = "Role assigned to users who have full administrative access to SigNoz resources."
-	SigNozEditorRoleName           = "signoz-editor"
-	SigNozEditorRoleDescription    = "Role assigned to users who can create, edit, and manage SigNoz resources but do not have full administrative privileges."
-	SigNozViewerRoleName           = "signoz-viewer"
-	SigNozViewerRoleDescription    = "Role assigned to users who have read-only access to SigNoz resources."
-)
-
-var (
-	ExistingRoleToSigNozManagedRoleMap = map[types.Role]string{
-		types.RoleAdmin:  SigNozAdminRoleName,
-		types.RoleEditor: SigNozEditorRoleName,
-		types.RoleViewer: SigNozViewerRoleName,
-	}
+	AnonymousUserRoleName        = "signoz-anonymous"
+	AnonymousUserRoleDescription = "Role assigned to anonymous users for access to public resources."
 )
 
 var (
@@ -69,10 +54,10 @@ type StorableRole struct {
 type Role struct {
 	types.Identifiable
 	types.TimeAuditable
-	Name        string        `json:"name"`
-	Description string        `json:"description"`
-	Type        valuer.String `json:"type"`
-	OrgID       valuer.UUID   `json:"orgId"`
+	Name        string      `json:"name"`
+	Description string      `json:"description"`
+	Type        string      `json:"type"`
+	OrgID       valuer.UUID `json:"org_id"`
 }
 
 type PostableRole struct {
@@ -96,7 +81,7 @@ func NewStorableRoleFromRole(role *Role) *StorableRole {
 		TimeAuditable: role.TimeAuditable,
 		Name:          role.Name,
 		Description:   role.Description,
-		Type:          role.Type.String(),
+		Type:          role.Type,
 		OrgID:         role.OrgID.StringValue(),
 	}
 }
@@ -107,12 +92,12 @@ func NewRoleFromStorableRole(storableRole *StorableRole) *Role {
 		TimeAuditable: storableRole.TimeAuditable,
 		Name:          storableRole.Name,
 		Description:   storableRole.Description,
-		Type:          valuer.NewString(storableRole.Type),
+		Type:          storableRole.Type,
 		OrgID:         valuer.MustNewUUID(storableRole.OrgID),
 	}
 }
 
-func NewRole(name, description string, roleType valuer.String, orgID valuer.UUID) *Role {
+func NewRole(name, description string, roleType string, orgID valuer.UUID) *Role {
 	return &Role{
 		Identifiable: types.Identifiable{
 			ID: valuer.GenerateUUID(),
@@ -128,38 +113,7 @@ func NewRole(name, description string, roleType valuer.String, orgID valuer.UUID
 	}
 }
 
-func NewManagedRoles(orgID valuer.UUID) []*Role {
-	return []*Role{
-		NewRole(SigNozAdminRoleName, SigNozAdminRoleDescription, RoleTypeManaged, orgID),
-		NewRole(SigNozEditorRoleName, SigNozEditorRoleDescription, RoleTypeManaged, orgID),
-		NewRole(SigNozViewerRoleName, SigNozViewerRoleDescription, RoleTypeManaged, orgID),
-		NewRole(SigNozAnonymousRoleName, SigNozAnonymousRoleDescription, RoleTypeManaged, orgID),
-	}
-
-}
-
-func (role *Role) PatchMetadata(name, description *string) error {
-	err := role.CanEditDelete()
-	if err != nil {
-		return err
-	}
-
-	if name != nil {
-		role.Name = *name
-	}
-	if description != nil {
-		role.Description = *description
-	}
-	role.UpdatedAt = time.Now()
-	return nil
-}
-
-func (role *Role) NewPatchableObjects(additions []*authtypes.Object, deletions []*authtypes.Object, relation authtypes.Relation) (*PatchableObjects, error) {
-	err := role.CanEditDelete()
-	if err != nil {
-		return nil, err
-	}
-
+func NewPatchableObjects(additions []*authtypes.Object, deletions []*authtypes.Object, relation authtypes.Relation) (*PatchableObjects, error) {
 	if len(additions) == 0 && len(deletions) == 0 {
 		return nil, errors.New(errors.TypeInvalidInput, ErrCodeRoleEmptyPatch, "empty object patch request received, at least one of additions or deletions must be present")
 	}
@@ -179,12 +133,14 @@ func (role *Role) NewPatchableObjects(additions []*authtypes.Object, deletions [
 	return &PatchableObjects{Additions: additions, Deletions: deletions}, nil
 }
 
-func (role *Role) CanEditDelete() error {
-	if role.Type == RoleTypeManaged {
-		return errors.Newf(errors.TypeInvalidInput, ErrCodeRoleInvalidInput, "cannot edit/delete managed role: %s", role.Name)
+func (role *Role) PatchMetadata(name, description *string) {
+	if name != nil {
+		role.Name = *name
 	}
-
-	return nil
+	if description != nil {
+		role.Description = *description
+	}
+	role.UpdatedAt = time.Now()
 }
 
 func (role *PostableRole) UnmarshalJSON(data []byte) error {
@@ -290,12 +246,3 @@ func GetDeletionTuples(id valuer.UUID, orgID valuer.UUID, relation authtypes.Rel
 
 	return tuples, nil
 }
-
-func MustGetSigNozManagedRoleFromExistingRole(role types.Role) string {
-	managedRole, ok := ExistingRoleToSigNozManagedRoleMap[role]
-	if !ok {
-		panic(errors.Newf(errors.TypeInternal, errors.CodeInternal, "invalid role: %s", role.String()))
-	}
-
-	return managedRole
-}

pkg/types/roletypes/store.go

@@ -9,9 +9,8 @@ import (
 type Store interface {
 	Create(context.Context, *StorableRole) error
 	Get(context.Context, valuer.UUID, valuer.UUID) (*StorableRole, error)
-	GetByOrgIDAndName(context.Context, valuer.UUID, string) (*StorableRole, error)
+	GetByNameAndOrgID(context.Context, string, valuer.UUID) (*StorableRole, error)
 	List(context.Context, valuer.UUID) ([]*StorableRole, error)
-	ListByOrgIDAndNames(context.Context, valuer.UUID, []string) ([]*StorableRole, error)
 	Update(context.Context, valuer.UUID, *StorableRole) error
 	Delete(context.Context, valuer.UUID, valuer.UUID) error
 	RunInTx(context.Context, func(ctx context.Context) error) error

tests/integration/fixtures/auth.py

@@ -20,10 +20,6 @@ USER_ADMIN_NAME = "admin"
 USER_ADMIN_EMAIL = "admin@integration.test"
 USER_ADMIN_PASSWORD = "password123Z$"
 
-USER_EDITOR_NAME = 'editor'
-USER_EDITOR_EMAIL = 'editor@integration.test'
-USER_EDITOR_PASSWORD = 'password123Z$'
-
 
 @pytest.fixture(name="create_user_admin", scope="package")
 def create_user_admin(