fix: added event propogation on enter press

* chore: remove dashboard provider from the root

* chore: fix tests

* chore: fix tests

* chore: remove dashboardId from provider

* chore: remove old instances of dashboard provider

* chore: separate dashboard widget fully

* chore: fix tests

* chore: resolve self comments

docs/api/openapi.yml

@@ -1768,19 +1768,19 @@ components:
         createdAt:
           format: date-time
           type: string
-        expires_at:
+        expiresAt:
           minimum: 0
           type: integer
         id:
           type: string
         key:
           type: string
-        last_used:
+        lastObservedAt:
           format: date-time
           type: string
         name:
           type: string
-        service_account_id:
+        serviceAccountId:
           type: string
         updatedAt:
           format: date-time
@@ -1788,9 +1788,9 @@ components:
       required:
       - id
       - key
-      - expires_at
-      - last_used
-      - service_account_id
+      - expiresAt
+      - lastObservedAt
+      - serviceAccountId
       type: object
     ServiceaccounttypesGettableFactorAPIKeyWithKey:
       properties:
@@ -1804,14 +1804,14 @@ components:
       type: object
     ServiceaccounttypesPostableFactorAPIKey:
       properties:
-        expires_at:
+        expiresAt:
           minimum: 0
           type: integer
         name:
           type: string
       required:
       - name
-      - expires_at
+      - expiresAt
       type: object
     ServiceaccounttypesPostableServiceAccount:
       properties:
@@ -1833,13 +1833,16 @@ components:
         createdAt:
           format: date-time
           type: string
+        deletedAt:
+          format: date-time
+          type: string
         email:
           type: string
         id:
           type: string
         name:
           type: string
-        orgID:
+        orgId:
           type: string
         roles:
           items:
@@ -1856,18 +1859,19 @@ components:
       - email
       - roles
       - status
-      - orgID
+      - orgId
+      - deletedAt
       type: object
     ServiceaccounttypesUpdatableFactorAPIKey:
       properties:
-        expires_at:
+        expiresAt:
           minimum: 0
           type: integer
         name:
           type: string
       required:
       - name
-      - expires_at
+      - expiresAt
       type: object
     ServiceaccounttypesUpdatableServiceAccount:
       properties:

ee/authz/openfgaschema/base.fga

@@ -2,39 +2,45 @@ module base
 
 type organisation 
   relations
-    define read: [user, role#assignee]
-    define update: [user, role#assignee]
+    define read: [user, serviceaccount, role#assignee]
+    define update: [user, serviceaccount, role#assignee]
 
 type user
   relations
-    define read: [user, role#assignee]
-    define update: [user, role#assignee]
-    define delete: [user, role#assignee]
+    define read: [user, serviceaccount, role#assignee]
+    define update: [user, serviceaccount, role#assignee]
+    define delete: [user, serviceaccount, role#assignee]
+
+type serviceaccount 
+  relations
+    define read: [user, serviceaccount, role#assignee]
+    define update: [user, serviceaccount, role#assignee]
+    define delete: [user, serviceaccount, role#assignee]  
 
 type anonymous
 
 type role 
   relations
-    define assignee: [user, anonymous]
+    define assignee: [user, serviceaccount, anonymous]
 
-    define read: [user, role#assignee]
-    define update: [user, role#assignee]
-    define delete: [user, role#assignee]
+    define read: [user, serviceaccount, role#assignee]
+    define update: [user, serviceaccount, role#assignee]
+    define delete: [user, serviceaccount, role#assignee]
 
 type metaresources
   relations
-    define create: [user, role#assignee]
-    define list: [user, role#assignee]
+    define create: [user, serviceaccount, role#assignee]
+    define list: [user, serviceaccount, role#assignee]
 
 type metaresource
   relations
-      define read: [user, anonymous, role#assignee]
-      define update: [user, role#assignee]
-      define delete: [user, role#assignee]
+      define read: [user, serviceaccount, anonymous, role#assignee]
+      define update: [user, serviceaccount, role#assignee]
+      define delete: [user, serviceaccount, role#assignee]
 
-      define block: [user, role#assignee]
+      define block: [user, serviceaccount, role#assignee]
 
 
 type telemetryresource
   relations
-      define read: [user, role#assignee]
+      define read: [user, serviceaccount, role#assignee]

ee/query-service/rules/manager_test.go

@@ -80,21 +80,6 @@ func TestManager_TestNotification_SendUnmatched_ThresholdRule(t *testing.T) {
 					alertDataRows := cmock.NewRows(cols, tc.Values)
 
 					mock := telemetryStore.Mock()
-					// Mock metadata queries for FetchTemporalityAndTypeMulti
-					// First query: fetchMetricsTemporalityAndType (from signoz_metrics time series table)
-					metadataCols := []cmock.ColumnType{
-						{Name: "metric_name", Type: "String"},
-						{Name: "temporality", Type: "String"},
-						{Name: "type", Type: "String"},
-						{Name: "is_monotonic", Type: "Bool"},
-					}
-					metadataRows := cmock.NewRows(metadataCols, [][]any{
-						{"probe_success", metrictypes.Unspecified, metrictypes.GaugeType, false},
-					})
-					mock.ExpectQuery("*distributed_time_series_v4*").WithArgs(nil, nil, nil).WillReturnRows(metadataRows)
-					// Second query: fetchMeterSourceMetricsTemporalityAndType (from signoz_meter table)
-					emptyMetadataRows := cmock.NewRows(metadataCols, [][]any{})
-					mock.ExpectQuery("*meter*").WithArgs(nil).WillReturnRows(emptyMetadataRows)
 
 					// Generate query arguments for the metric query
 					evalTime := time.Now().UTC()

frontend/src/AppRoutes/Private.tsx

@@ -128,6 +128,7 @@ function PrivateRoute({ children }: PrivateRouteProps): JSX.Element {
 			isAdmin &&
 			(path === ROUTES.SETTINGS ||
 				path === ROUTES.ORG_SETTINGS ||
+				path === ROUTES.MEMBERS_SETTINGS ||
 				path === ROUTES.BILLING ||
 				path === ROUTES.MY_SETTINGS);
 

frontend/src/AppRoutes/index.tsx

@@ -29,7 +29,6 @@ import posthog from 'posthog-js';
 import { useAppContext } from 'providers/App/App';
 import { IUser } from 'providers/App/types';
 import { CmdKProvider } from 'providers/cmdKProvider';
-import { DashboardProvider } from 'providers/Dashboard/Dashboard';
 import { ErrorModalProvider } from 'providers/ErrorModalProvider';
 import { PreferenceContextProvider } from 'providers/preferences/context/PreferenceContextProvider';
 import { QueryBuilderProvider } from 'providers/QueryBuilder';
@@ -321,6 +320,19 @@ function App(): JSX.Element {
 					// Session Replay
 					replaysSessionSampleRate: 0.1, // This sets the sample rate at 10%. You may want to change it to 100% while in development and then sample at a lower rate in production.
 					replaysOnErrorSampleRate: 1.0, // If you're not already sampling the entire session, change the sample rate to 100% when sampling sessions where errors occur.
+					beforeSend(event) {
+						const sessionReplayUrl = posthog.get_session_replay_url?.({
+							withTimestamp: true,
+						});
+						if (sessionReplayUrl) {
+							// eslint-disable-next-line no-param-reassign
+							event.contexts = {
+								...event.contexts,
+								posthog: { session_replay_url: sessionReplayUrl },
+							};
+						}
+						return event;
+					},
 				});
 
 				setIsSentryInitialized(true);
@@ -371,28 +383,26 @@ function App(): JSX.Element {
 									<PrivateRoute>
 										<ResourceProvider>
 											<QueryBuilderProvider>
-												<DashboardProvider>
-													<KeyboardHotkeysProvider>
-														<AppLayout>
-															<PreferenceContextProvider>
-																<Suspense fallback={<Spinner size="large" tip="Loading..." />}>
-																	<Switch>
-																		{routes.map(({ path, component, exact }) => (
-																			<Route
-																				key={`${path}`}
-																				exact={exact}
-																				path={path}
-																				component={component}
-																			/>
-																		))}
-																		<Route exact path="/" component={Home} />
-																		<Route path="*" component={NotFound} />
-																	</Switch>
-																</Suspense>
-															</PreferenceContextProvider>
-														</AppLayout>
-													</KeyboardHotkeysProvider>
-												</DashboardProvider>
+												<KeyboardHotkeysProvider>
+													<AppLayout>
+														<PreferenceContextProvider>
+															<Suspense fallback={<Spinner size="large" tip="Loading..." />}>
+																<Switch>
+																	{routes.map(({ path, component, exact }) => (
+																		<Route
+																			key={`${path}`}
+																			exact={exact}
+																			path={path}
+																			component={component}
+																		/>
+																	))}
+																	<Route exact path="/" component={Home} />
+																	<Route path="*" component={NotFound} />
+																</Switch>
+															</Suspense>
+														</PreferenceContextProvider>
+													</AppLayout>
+												</KeyboardHotkeysProvider>
 											</QueryBuilderProvider>
 										</ResourceProvider>
 									</PrivateRoute>

frontend/src/api/generated/services/sigNoz.schemas.ts

@@ -2100,7 +2100,7 @@ export interface ServiceaccounttypesFactorAPIKeyDTO {
 	 * @type integer
 	 * @minimum 0
 	 */
-	expires_at: number;
+	expiresAt: number;
 	/**
 	 * @type string
 	 */
@@ -2113,7 +2113,7 @@ export interface ServiceaccounttypesFactorAPIKeyDTO {
 	 * @type string
 	 * @format date-time
 	 */
-	last_used: Date;
+	lastObservedAt: Date;
 	/**
 	 * @type string
 	 */
@@ -2121,7 +2121,7 @@ export interface ServiceaccounttypesFactorAPIKeyDTO {
 	/**
 	 * @type string
 	 */
-	service_account_id: string;
+	serviceAccountId: string;
 	/**
 	 * @type string
 	 * @format date-time
@@ -2145,7 +2145,7 @@ export interface ServiceaccounttypesPostableFactorAPIKeyDTO {
 	 * @type integer
 	 * @minimum 0
 	 */
-	expires_at: number;
+	expiresAt: number;
 	/**
 	 * @type string
 	 */
@@ -2173,6 +2173,11 @@ export interface ServiceaccounttypesServiceAccountDTO {
 	 * @format date-time
 	 */
 	createdAt?: Date;
+	/**
+	 * @type string
+	 * @format date-time
+	 */
+	deletedAt: Date;
 	/**
 	 * @type string
 	 */
@@ -2188,7 +2193,7 @@ export interface ServiceaccounttypesServiceAccountDTO {
 	/**
 	 * @type string
 	 */
-	orgID: string;
+	orgId: string;
 	/**
 	 * @type array
 	 */
@@ -2209,7 +2214,7 @@ export interface ServiceaccounttypesUpdatableFactorAPIKeyDTO {
 	 * @type integer
 	 * @minimum 0
 	 */
-	expires_at: number;
+	expiresAt: number;
 	/**
 	 * @type string
 	 */

frontend/src/components/CustomTimePicker/CustomTimePicker.tsx

@@ -297,7 +297,12 @@ function CustomTimePicker({
 		resetErrorStatus();
 	};
 
-	const handleInputPressEnter = (): void => {
+	const handleInputPressEnter = (
+		event?: React.KeyboardEvent<HTMLInputElement>,
+	): void => {
+		event?.preventDefault();
+		event?.stopPropagation();
+
 		// check if the entered time is in the format of 1m, 2h, 3d, 4w
 		const isTimeDurationShortHandFormat = /^(\d+)([mhdw])$/.test(inputValue);
 

frontend/src/container/CustomDomainSettings/CustomDomainEditModal.tsx

@@ -30,14 +30,15 @@ export default function CustomDomainEditModal({
 	onClearError,
 	onSubmit,
 }: CustomDomainEditModalProps): JSX.Element {
-	const [value, setValue] = useState(customDomainSubdomain ?? '');
+	const initialSubdomain = customDomainSubdomain ?? '';
+	const [value, setValue] = useState(initialSubdomain);
 	const [validationError, setValidationError] = useState<string | null>(null);
 
 	useEffect(() => {
 		if (isOpen) {
-			setValue(customDomainSubdomain ?? '');
+			setValue(initialSubdomain);
 		}
-	}, [isOpen, customDomainSubdomain]);
+	}, [isOpen, initialSubdomain]);
 
 	const handleClose = (): void => {
 		setValidationError(null);
@@ -58,6 +59,11 @@ export default function CustomDomainEditModal({
 	};
 
 	const handleSubmit = (): void => {
+		if (value === initialSubdomain) {
+			setValidationError('Input is unchanged');
+			return;
+		}
+
 		if (!value) {
 			setValidationError('This field is required');
 			return;
@@ -84,7 +90,7 @@ export default function CustomDomainEditModal({
 
 	const hasError = Boolean(errorMessage);
 
-	const statusIcon = ((): JSX.Element => {
+	const statusIcon = ((): JSX.Element | null => {
 		if (isLoading) {
 			return (
 				<LoaderCircle size={16} className="animate-spin edit-modal-status-icon" />
@@ -95,7 +101,9 @@ export default function CustomDomainEditModal({
 			return <CircleAlert size={16} color={Color.BG_CHERRY_500} />;
 		}
 
-		return <CircleCheck size={16} color={Color.BG_FOREST_500} />;
+		return value && value.length >= 3 ? (
+			<CircleCheck size={16} color={Color.BG_FOREST_500} />
+		) : null;
 	})();
 
 	return (
@@ -189,7 +197,7 @@ export default function CustomDomainEditModal({
 							color="primary"
 							className="edit-modal-apply-btn"
 							onClick={handleSubmit}
-							disabled={isLoading}
+							disabled={isLoading || value === initialSubdomain}
 							loading={isLoading}
 						>
 							Apply Changes

frontend/src/container/CustomDomainSettings/CustomDomainSettings.styles.scss

@@ -81,6 +81,10 @@
 		padding-left: 26px;
 	}
 
+	.custom-domain-card-meta-row.workspace-name-hidden {
+		padding-left: 0;
+	}
+
 	.custom-domain-card-meta-timezone {
 		display: inline-flex;
 		align-items: center;
@@ -117,32 +121,6 @@
 		background: var(--l2-border);
 		margin: 0;
 	}
-
-	.custom-domain-card-bottom {
-		display: flex;
-		align-items: center;
-		gap: var(--spacing-5);
-		padding: var(--padding-3);
-	}
-
-	.custom-domain-card-license {
-		color: var(--l1-foreground);
-		font-size: var(--paragraph-base-400-font-size);
-		line-height: var(--line-height-20);
-		letter-spacing: -0.07px;
-	}
-
-	.custom-domain-plan-badge {
-		display: inline-flex;
-		align-items: center;
-		padding: 0 2px;
-		border-radius: 2px;
-		background: var(--l2-background);
-		color: var(--l2-foreground);
-		font-family: 'SF Mono', 'Fira Code', monospace;
-		font-size: var(--paragraph-base-400-font-size);
-		line-height: var(--line-height-20);
-	}
 }
 
 .workspace-url-trigger {

frontend/src/container/CustomDomainSettings/CustomDomainSettings.tsx

@@ -69,8 +69,9 @@ function DomainUpdateToast({
 }
 
 export default function CustomDomainSettings(): JSX.Element {
-	const { org, activeLicense } = useAppContext();
+	const { org } = useAppContext();
 	const { timezone } = useTimezone();
+
 	const [isEditModalOpen, setIsEditModalOpen] = useState(false);
 	const [isPollingEnabled, setIsPollingEnabled] = useState(false);
 	const [hosts, setHosts] = useState<ZeustypesHostDTO[] | null>(null);
@@ -175,7 +176,8 @@ export default function CustomDomainSettings(): JSX.Element {
 		[hosts, activeHost],
 	);
 
-	const planName = activeLicense?.plan?.name;
+	const workspaceName =
+		org?.[0]?.displayName || customDomainSubdomain || activeHost?.name;
 
 	if (isLoadingHosts) {
 		return (
@@ -191,106 +193,98 @@ export default function CustomDomainSettings(): JSX.Element {
 
 	return (
 		<>
-			<div className="custom-domain-card">
-				<div className="custom-domain-card-top">
-					<div className="custom-domain-card-info">
+			<div className="custom-domain-card-top">
+				<div className="custom-domain-card-info">
+					{!!workspaceName && (
 						<div className="custom-domain-card-name-row">
 							<span className="beacon" />
-							<span className="custom-domain-card-org-name">
-								{org?.[0]?.displayName ? org?.[0]?.displayName : customDomainSubdomain}
-							</span>
+							<span className="custom-domain-card-org-name">{workspaceName}</span>
 						</div>
+					)}
 
-						<div className="custom-domain-card-meta-row">
-							<Dropdown
-								trigger={['click']}
-								dropdownRender={(): JSX.Element => (
-									<div className="workspace-url-dropdown">
-										<span className="workspace-url-dropdown-header">
-											All Workspace URLs
-										</span>
-										<div className="workspace-url-dropdown-divider" />
-										{sortedHosts.map((host) => {
-											const isActive = host.name === activeHost?.name;
-											return (
-												<a
-													key={host.name}
-													href={host.url}
-													target="_blank"
-													rel="noopener noreferrer"
-													className={`workspace-url-dropdown-item${
-														isActive ? ' workspace-url-dropdown-item--active' : ''
-													}`}
-												>
-													<span className="workspace-url-dropdown-item-label">
-														{stripProtocol(host.url ?? '')}
-													</span>
-													{isActive ? (
-														<Check size={14} className="workspace-url-dropdown-item-check" />
-													) : (
-														<ExternalLink
-															size={12}
-															className="workspace-url-dropdown-item-external"
-														/>
-													)}
-												</a>
-											);
-										})}
-									</div>
-								)}
-							>
-								<Button
-									type="button"
-									size="xs"
-									className="workspace-url-trigger"
-									disabled={isFetchingHosts}
-								>
-									<Link2 size={12} />
-									<span>{stripProtocol(activeHost?.url ?? '')}</span>
-									<ChevronDown size={12} />
-								</Button>
-							</Dropdown>
-							<span className="custom-domain-card-meta-timezone">
-								<Clock size={11} />
-								{timezone.offset}
-							</span>
-						</div>
-					</div>
-
-					<Button
-						variant="solid"
-						size="sm"
-						className="custom-domain-edit-button"
-						prefixIcon={<FilePenLine size={12} />}
-						disabled={isFetchingHosts || isPollingEnabled}
-						onClick={(): void => setIsEditModalOpen(true)}
+					<div
+						className={`custom-domain-card-meta-row ${
+							!workspaceName ? 'workspace-name-hidden' : ''
+						}`}
 					>
-						Edit workspace link
-					</Button>
+						<Dropdown
+							trigger={['click']}
+							dropdownRender={(): JSX.Element => (
+								<div className="workspace-url-dropdown">
+									<span className="workspace-url-dropdown-header">
+										All Workspace URLs
+									</span>
+									<div className="workspace-url-dropdown-divider" />
+									{sortedHosts.map((host) => {
+										const isActive = host.name === activeHost?.name;
+										return (
+											<a
+												key={host.name}
+												href={host.url}
+												target="_blank"
+												rel="noopener noreferrer"
+												className={`workspace-url-dropdown-item${
+													isActive ? ' workspace-url-dropdown-item--active' : ''
+												}`}
+											>
+												<span className="workspace-url-dropdown-item-label">
+													{stripProtocol(host.url ?? '')}
+												</span>
+												{isActive ? (
+													<Check size={14} className="workspace-url-dropdown-item-check" />
+												) : (
+													<ExternalLink
+														size={12}
+														className="workspace-url-dropdown-item-external"
+													/>
+												)}
+											</a>
+										);
+									})}
+								</div>
+							)}
+						>
+							<Button
+								type="button"
+								size="xs"
+								className="workspace-url-trigger"
+								disabled={isFetchingHosts}
+							>
+								<Link2 size={12} />
+								<span>{stripProtocol(activeHost?.url ?? '')}</span>
+								<ChevronDown size={12} />
+							</Button>
+						</Dropdown>
+						<span className="custom-domain-card-meta-timezone">
+							<Clock size={11} />
+							{timezone.offset}
+						</span>
+					</div>
 				</div>
 
-				{isPollingEnabled && (
-					<Callout
-						type="info"
-						showIcon
-						className="custom-domain-callout"
-						size="small"
-						icon={<SolidAlertCircle size={13} color="primary" />}
-						message={`Updating your URL to ⎯ ${customDomainSubdomain}.${dnsSuffix}. This may take a few mins.`}
-					/>
-				)}
-
-				<div className="custom-domain-card-divider" />
-
-				<div className="custom-domain-card-bottom">
-					<span className="beacon" />
-					<span className="custom-domain-card-license">
-						{planName && <code className="custom-domain-plan-badge">{planName}</code>}{' '}
-						license is currently active
-					</span>
-				</div>
+				<Button
+					variant="solid"
+					size="sm"
+					className="custom-domain-edit-button"
+					prefixIcon={<FilePenLine size={12} />}
+					disabled={isFetchingHosts || isPollingEnabled}
+					onClick={(): void => setIsEditModalOpen(true)}
+				>
+					Edit workspace link
+				</Button>
 			</div>
 
+			{isPollingEnabled && (
+				<Callout
+					type="info"
+					showIcon
+					className="custom-domain-callout"
+					size="small"
+					icon={<SolidAlertCircle size={13} color="primary" />}
+					message={`Updating your URL to ⎯ ${customDomainSubdomain}.${dnsSuffix}. This may take a few mins.`}
+				/>
+			)}
+
 			<CustomDomainEditModal
 				isOpen={isEditModalOpen}
 				onClose={(): void => setIsEditModalOpen(false)}

frontend/src/container/CustomDomainSettings/__tests__/CustomDomainSettings.test.tsx

@@ -239,4 +239,87 @@ describe('CustomDomainSettings', () => {
 		const { container } = render(toastRenderer('test-id'));
 		expect(container).toHaveTextContent(/myteam\.test\.cloud/i);
 	});
+
+	describe('Workspace Name rendering', () => {
+		it('renders org displayName when available from appContext', async () => {
+			server.use(
+				rest.get(ZEUS_HOSTS_ENDPOINT, (_, res, ctx) =>
+					res(ctx.status(200), ctx.json(mockHostsResponse)),
+				),
+			);
+
+			render(<CustomDomainSettings />, undefined, {
+				appContextOverrides: {
+					org: [{ id: 'xyz', displayName: 'My Org Name', createdAt: 0 }],
+				},
+			});
+
+			expect(await screen.findByText('My Org Name')).toBeInTheDocument();
+		});
+
+		it('falls back to customDomainSubdomain when org displayName is missing', async () => {
+			server.use(
+				rest.get(ZEUS_HOSTS_ENDPOINT, (_, res, ctx) =>
+					res(ctx.status(200), ctx.json(mockHostsResponse)),
+				),
+			);
+
+			render(<CustomDomainSettings />, undefined, {
+				appContextOverrides: { org: [] },
+			});
+
+			expect(await screen.findByText('custom-host')).toBeInTheDocument();
+		});
+
+		it('falls back to activeHost.name when neither org name nor custom domain exists', async () => {
+			const onlyDefaultHostResponse = {
+				...mockHostsResponse,
+				data: {
+					...mockHostsResponse.data,
+					hosts: mockHostsResponse.data.hosts
+						? [mockHostsResponse.data.hosts[0]]
+						: [],
+				},
+			};
+
+			server.use(
+				rest.get(ZEUS_HOSTS_ENDPOINT, (_, res, ctx) =>
+					res(ctx.status(200), ctx.json(onlyDefaultHostResponse)),
+				),
+			);
+
+			render(<CustomDomainSettings />, undefined, {
+				appContextOverrides: { org: [] },
+			});
+
+			// 'accepted-starfish' is the default host's name
+			expect(await screen.findByText('accepted-starfish')).toBeInTheDocument();
+		});
+
+		it('does not render the card name row if workspaceName is totally falsy', async () => {
+			const emptyHostsResponse = {
+				...mockHostsResponse,
+				data: {
+					...mockHostsResponse.data,
+					hosts: [],
+				},
+			};
+
+			server.use(
+				rest.get(ZEUS_HOSTS_ENDPOINT, (_, res, ctx) =>
+					res(ctx.status(200), ctx.json(emptyHostsResponse)),
+				),
+			);
+
+			const { container } = render(<CustomDomainSettings />, undefined, {
+				appContextOverrides: { org: [] },
+			});
+
+			await screen.findByRole('button', { name: /edit workspace link/i });
+
+			expect(
+				container.querySelector('.custom-domain-card-name-row'),
+			).not.toBeInTheDocument();
+		});
+	});
 });

frontend/src/container/DashboardContainer/DashboardDescription/__tests__/DashboardDescription.test.tsx

@@ -34,11 +34,6 @@ const mockSafeNavigate = jest.fn();
 jest.mock('react-router-dom', () => ({
 	...jest.requireActual('react-router-dom'),
 	useLocation: jest.fn(),
-	useRouteMatch: jest.fn().mockReturnValue({
-		params: {
-			dashboardId: 4,
-		},
-	}),
 }));
 
 jest.mock(
@@ -69,7 +64,7 @@ describe('Dashboard landing page actions header tests', () => {
 		(useLocation as jest.Mock).mockReturnValue(mockLocation);
 		const { getByTestId } = render(
 			<MemoryRouter initialEntries={[DASHBOARD_PATH]}>
-				<DashboardProvider>
+				<DashboardProvider dashboardId="4">
 					<DashboardDescription
 						handle={{
 							active: false,
@@ -110,7 +105,7 @@ describe('Dashboard landing page actions header tests', () => {
 		);
 		const { getByTestId } = render(
 			<MemoryRouter initialEntries={[DASHBOARD_PATH]}>
-				<DashboardProvider>
+				<DashboardProvider dashboardId="4">
 					<DashboardDescription
 						handle={{
 							active: false,
@@ -149,7 +144,7 @@ describe('Dashboard landing page actions header tests', () => {
 
 		const { getByText } = render(
 			<MemoryRouter initialEntries={[DASHBOARD_PATH]}>
-				<DashboardProvider>
+				<DashboardProvider dashboardId="4">
 					<DashboardDescription
 						handle={{
 							active: false,

frontend/src/container/GeneralSettings/GeneralSettings.tsx

@@ -10,6 +10,7 @@ import setRetentionApi from 'api/settings/setRetention';
 import setRetentionApiV2 from 'api/settings/setRetentionV2';
 import TextToolTip from 'components/TextToolTip';
 import CustomDomainSettings from 'container/CustomDomainSettings';
+import LicenseKeyRow from 'container/GeneralSettings/LicenseKeyRow/LicenseKeyRow';
 import GeneralSettingsCloud from 'container/GeneralSettingsCloud';
 import useComponentPermission from 'hooks/useComponentPermission';
 import { useGetTenantLicense } from 'hooks/useGetTenantLicense';
@@ -81,7 +82,7 @@ function GeneralSettings({
 		logsTtlValuesPayload,
 	);
 
-	const { user } = useAppContext();
+	const { user, activeLicense } = useAppContext();
 
 	const [setRetentionPermission] = useComponentPermission(
 		['set_retention_period'],
@@ -680,7 +681,15 @@ function GeneralSettings({
 				</span>
 			</div>
 
-			{showCustomDomainSettings && <CustomDomainSettings />}
+			{(showCustomDomainSettings || activeLicense?.key) && (
+				<div className="custom-domain-card">
+					{showCustomDomainSettings && <CustomDomainSettings />}
+					{showCustomDomainSettings && activeLicense?.key && (
+						<div className="custom-domain-card-divider" />
+					)}
+					{activeLicense?.key && <LicenseKeyRow />}
+				</div>
+			)}
 
 			<div className="retention-controls-container">
 				<div className="retention-controls-header">

frontend/src/container/GeneralSettings/LicenseKeyRow/LicenseKeyRow.styles.scss

@@ -0,0 +1,65 @@
+.license-key-row {
+	display: flex;
+	align-items: center;
+	justify-content: space-between;
+	padding: var(--padding-2) var(--padding-3);
+	gap: var(--spacing-5);
+
+	&__left {
+		display: inline-flex;
+		align-items: center;
+		gap: 12px;
+		color: var(--l2-foreground);
+
+		svg {
+			flex-shrink: 0;
+		}
+	}
+
+	&__label {
+		color: var(--l2-foreground);
+		font-size: var(--paragraph-base-400-font-size);
+		line-height: var(--line-height-20);
+		letter-spacing: -0.07px;
+		flex-shrink: 0;
+	}
+
+	&__value {
+		display: inline-flex;
+		align-items: stretch;
+	}
+
+	&__code {
+		display: inline-flex;
+		align-items: center;
+		padding: 1px 2px;
+		border-radius: 2px 0 0 2px;
+		background: var(--l3-background);
+		border: 1px solid var(--l2-border);
+		color: var(--l2-foreground);
+		font-family: 'SF Mono', 'Fira Code', 'Fira Mono', monospace;
+		font-size: var(--paragraph-base-400-font-size);
+		line-height: var(--line-height-20);
+		white-space: nowrap;
+		margin-right: -1px;
+	}
+
+	&__copy-btn {
+		display: inline-flex;
+		align-items: center;
+		justify-content: center;
+		width: 26px;
+		padding: 1px 2px;
+		border-radius: 0 2px 2px 0;
+		background: var(--l3-background);
+		border: 1px solid var(--l2-border);
+		color: var(--l2-foreground);
+		cursor: pointer;
+		flex-shrink: 0;
+		height: 24px;
+
+		&:hover {
+			background: var(--l3-background-hover);
+		}
+	}
+}

frontend/src/container/GeneralSettings/LicenseKeyRow/LicenseKeyRow.tsx

@@ -0,0 +1,48 @@
+import { useCopyToClipboard } from 'react-use';
+import { Button } from '@signozhq/button';
+import { Copy, KeyRound } from '@signozhq/icons';
+import { toast } from '@signozhq/sonner';
+import { useAppContext } from 'providers/App/App';
+import { getMaskedKey } from 'utils/maskedKey';
+
+import './LicenseKeyRow.styles.scss';
+
+function LicenseKeyRow(): JSX.Element | null {
+	const { activeLicense } = useAppContext();
+	const [, copyToClipboard] = useCopyToClipboard();
+
+	if (!activeLicense?.key) {
+		return null;
+	}
+
+	const handleCopyLicenseKey = (text: string): void => {
+		copyToClipboard(text);
+		toast.success('License key copied to clipboard.', { richColors: true });
+	};
+
+	return (
+		<div className="license-key-row">
+			<span className="license-key-row__left">
+				<KeyRound size={14} />
+				<span className="license-key-row__label">SigNoz License Key</span>
+			</span>
+			<span className="license-key-row__value">
+				<code className="license-key-row__code">
+					{getMaskedKey(activeLicense.key)}
+				</code>
+				<Button
+					type="button"
+					size="xs"
+					aria-label="Copy license key"
+					data-testid="license-key-row-copy-btn"
+					className="license-key-row__copy-btn"
+					onClick={(): void => handleCopyLicenseKey(activeLicense.key)}
+				>
+					<Copy size={12} />
+				</Button>
+			</span>
+		</div>
+	);
+}
+
+export default LicenseKeyRow;

frontend/src/container/GeneralSettings/LicenseKeyRow/__tests__/LicenseKeyRow.test.tsx

@@ -0,0 +1,61 @@
+import { render, screen, userEvent, waitFor } from 'tests/test-utils';
+
+import LicenseKeyRow from '../LicenseKeyRow';
+
+const mockCopyToClipboard = jest.fn();
+
+jest.mock('react-use', () => ({
+	__esModule: true,
+	useCopyToClipboard: (): [unknown, jest.Mock] => [null, mockCopyToClipboard],
+}));
+
+const mockToastSuccess = jest.fn();
+
+jest.mock('@signozhq/sonner', () => ({
+	toast: {
+		success: (...args: unknown[]): unknown => mockToastSuccess(...args),
+	},
+}));
+
+describe('LicenseKeyRow', () => {
+	afterEach(() => {
+		jest.clearAllMocks();
+	});
+
+	it('renders nothing when activeLicense key is absent', () => {
+		const { container } = render(<LicenseKeyRow />, undefined, {
+			appContextOverrides: { activeLicense: null },
+		});
+
+		expect(container).toBeEmptyDOMElement();
+	});
+
+	it('renders label and masked key when activeLicense key exists', () => {
+		render(<LicenseKeyRow />, undefined, {
+			appContextOverrides: {
+				activeLicense: { key: 'abcdefghij' } as any,
+			},
+		});
+
+		expect(screen.getByText('SigNoz License Key')).toBeInTheDocument();
+		expect(screen.getByText('ab·······ij')).toBeInTheDocument();
+	});
+
+	it('calls copyToClipboard and shows success toast when clipboard is available', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
+		render(<LicenseKeyRow />);
+
+		await user.click(screen.getByRole('button', { name: /copy license key/i }));
+
+		await waitFor(() => {
+			expect(mockCopyToClipboard).toHaveBeenCalledWith('test-key');
+			expect(mockToastSuccess).toHaveBeenCalledWith(
+				'License key copied to clipboard.',
+				{
+					richColors: true,
+				},
+			);
+		});
+	});
+});

frontend/src/container/LogsPanelTable/__tests__/LogsPanelComponent.test.tsx

@@ -5,7 +5,6 @@ import NewWidget from 'container/NewWidget';
 import { logsPaginationQueryRangeSuccessResponse } from 'mocks-server/__mockdata__/logs_query_range';
 import { server } from 'mocks-server/server';
 import { rest } from 'msw';
-import { DashboardProvider } from 'providers/Dashboard/Dashboard';
 import { PreferenceContextProvider } from 'providers/preferences/context/PreferenceContextProvider';
 import i18n from 'ReactI18';
 import { act, fireEvent, render, screen, waitFor } from 'tests/test-utils';
@@ -104,15 +103,13 @@ describe('LogsPanelComponent', () => {
 	const renderComponent = async (): Promise<void> => {
 		render(
 			<I18nextProvider i18n={i18n}>
-				<DashboardProvider>
-					<PreferenceContextProvider>
-						<NewWidget
-							selectedGraph={PANEL_TYPES.LIST}
-							fillSpans={undefined}
-							yAxisUnit={undefined}
-						/>
-					</PreferenceContextProvider>
-				</DashboardProvider>
+				<PreferenceContextProvider>
+					<NewWidget
+						dashboardId=""
+						selectedDashboard={undefined}
+						selectedGraph={PANEL_TYPES.LIST}
+					/>
+				</PreferenceContextProvider>
 			</I18nextProvider>,
 		);
 

frontend/src/container/MySettings/LicenseSection/LicenseSection.tsx

@@ -4,6 +4,7 @@ import { Typography } from 'antd';
 import { useNotifications } from 'hooks/useNotifications';
 import { Copy } from 'lucide-react';
 import { useAppContext } from 'providers/App/App';
+import { getMaskedKey } from 'utils/maskedKey';
 
 import './LicenseSection.styles.scss';
 
@@ -12,15 +13,6 @@ function LicenseSection(): JSX.Element | null {
 	const { notifications } = useNotifications();
 	const [, handleCopyToClipboard] = useCopyToClipboard();
 
-	const getMaskedKey = (key: string): string => {
-		if (!key || key.length < 4) {
-			return key || 'N/A';
-		}
-		return `${key.substring(0, 2)}********${key
-			.substring(key.length - 2)
-			.trim()}`;
-	};
-
 	const handleCopyKey = (text: string): void => {
 		handleCopyToClipboard(text);
 		notifications.success({

frontend/src/container/MySettings/__tests__/MySettings.test.tsx

@@ -271,7 +271,7 @@ describe('MySettings Flows', () => {
 				},
 			});
 
-			expect(within(container).getByText('ab********cd')).toBeInTheDocument();
+			expect(within(container).getByText('ab·······cd')).toBeInTheDocument();
 		});
 
 		it('Should not mask license key if it is too short', () => {

frontend/src/container/NewWidget/LeftContainer/QuerySection/index.tsx

@@ -8,28 +8,15 @@ import { QueryBuilderV2 } from 'components/QueryBuilderV2/QueryBuilderV2';
 import TextToolTip from 'components/TextToolTip';
 import { PANEL_TYPES } from 'constants/queryBuilder';
 import { QBShortcuts } from 'constants/shortcuts/QBShortcuts';
-import {
-	getDefaultWidgetData,
-	PANEL_TYPE_TO_QUERY_TYPES,
-} from 'container/NewWidget/utils';
+import { PANEL_TYPE_TO_QUERY_TYPES } from 'container/NewWidget/utils';
 import RunQueryBtn from 'container/QueryBuilder/components/RunQueryBtn/RunQueryBtn';
-// import { QueryBuilder } from 'container/QueryBuilder';
 import { QueryBuilderProps } from 'container/QueryBuilder/QueryBuilder.interfaces';
 import { useKeyboardHotkeys } from 'hooks/hotkeys/useKeyboardHotkeys';
 import { useQueryBuilder } from 'hooks/queryBuilder/useQueryBuilder';
 import { useShareBuilderUrl } from 'hooks/queryBuilder/useShareBuilderUrl';
 import { useIsDarkMode } from 'hooks/useDarkMode';
-import useUrlQuery from 'hooks/useUrlQuery';
-import { defaultTo, isUndefined } from 'lodash-es';
 import { Atom, Terminal } from 'lucide-react';
-import { useDashboard } from 'providers/Dashboard/Dashboard';
-import {
-	getNextWidgets,
-	getPreviousWidgets,
-	getSelectedWidgetIndex,
-} from 'providers/Dashboard/util';
 import { Widgets } from 'types/api/dashboard/getAll';
-import { Query } from 'types/api/queryBuilder/queryBuilderData';
 import { EQueryType } from 'types/common/dashboard';
 
 import ClickHouseQueryContainer from './QueryBuilder/clickHouse';
@@ -40,77 +27,25 @@ function QuerySection({
 	selectedGraph,
 	queryRangeKey,
 	isLoadingQueries,
+	selectedWidget,
+	dashboardVersion,
+	dashboardId,
+	dashboardName,
+	isNewPanel,
 }: QueryProps): JSX.Element {
 	const {
 		currentQuery,
 		handleRunQuery: handleRunQueryFromQueryBuilder,
 		redirectWithQueryBuilderData,
 	} = useQueryBuilder();
-	const urlQuery = useUrlQuery();
 	const { registerShortcut, deregisterShortcut } = useKeyboardHotkeys();
 
-	const { selectedDashboard, setSelectedDashboard } = useDashboard();
-
 	const isDarkMode = useIsDarkMode();
 
-	const { widgets } = selectedDashboard?.data || {};
-
-	const getWidget = useCallback(() => {
-		const widgetId = urlQuery.get('widgetId');
-		return defaultTo(
-			widgets?.find((e) => e.id === widgetId),
-			getDefaultWidgetData(widgetId || '', selectedGraph),
-		);
-	}, [urlQuery, widgets, selectedGraph]);
-
-	const selectedWidget = getWidget() as Widgets;
-
 	const { query } = selectedWidget;
 
 	useShareBuilderUrl({ defaultValue: query });
 
-	const handleStageQuery = useCallback(
-		(query: Query): void => {
-			if (selectedDashboard === undefined) {
-				return;
-			}
-
-			const selectedWidgetIndex = getSelectedWidgetIndex(
-				selectedDashboard,
-				selectedWidget.id,
-			);
-
-			const previousWidgets = getPreviousWidgets(
-				selectedDashboard,
-				selectedWidgetIndex,
-			);
-
-			const nextWidgets = getNextWidgets(selectedDashboard, selectedWidgetIndex);
-
-			setSelectedDashboard({
-				...selectedDashboard,
-				data: {
-					...selectedDashboard?.data,
-					widgets: [
-						...previousWidgets,
-						{
-							...selectedWidget,
-							query,
-						},
-						...nextWidgets,
-					],
-				},
-			});
-			handleRunQueryFromQueryBuilder();
-		},
-		[
-			selectedDashboard,
-			selectedWidget,
-			setSelectedDashboard,
-			handleRunQueryFromQueryBuilder,
-		],
-	);
-
 	const handleQueryCategoryChange = useCallback(
 		(qCategory: string): void => {
 			const currentQueryType = qCategory as EQueryType;
@@ -123,19 +58,16 @@ function QuerySection({
 	);
 
 	const handleRunQuery = (): void => {
-		const widgetId = urlQuery.get('widgetId');
-		const isNewPanel = isUndefined(widgets?.find((e) => e.id === widgetId));
-
 		logEvent('Panel Edit: Stage and run query', {
 			dataSource: currentQuery.builder?.queryData?.[0]?.dataSource,
 			panelType: selectedWidget.panelTypes,
 			queryType: currentQuery.queryType,
 			widgetId: selectedWidget.id,
-			dashboardId: selectedDashboard?.id,
-			dashboardName: selectedDashboard?.data.title,
+			dashboardId,
+			dashboardName,
 			isNewPanel,
 		});
-		handleStageQuery(currentQuery);
+		handleRunQueryFromQueryBuilder();
 	};
 
 	const filterConfigs: QueryBuilderProps['filterConfigs'] = useMemo(() => {
@@ -164,7 +96,7 @@ function QuerySection({
 							panelType={selectedGraph}
 							filterConfigs={filterConfigs}
 							showTraceOperator={selectedGraph !== PANEL_TYPES.LIST}
-							version={selectedDashboard?.data?.version || 'v3'}
+							version={dashboardVersion || 'v3'}
 							isListViewPanel={selectedGraph === PANEL_TYPES.LIST}
 							queryComponents={queryComponents}
 							signalSourceChangeEnabled
@@ -204,7 +136,7 @@ function QuerySection({
 		queryComponents,
 		selectedGraph,
 		filterConfigs,
-		selectedDashboard?.data?.version,
+		dashboardVersion,
 		isDarkMode,
 	]);
 
@@ -261,6 +193,11 @@ interface QueryProps {
 	selectedGraph: PANEL_TYPES;
 	queryRangeKey?: QueryKey;
 	isLoadingQueries?: boolean;
+	selectedWidget: Widgets;
+	dashboardVersion?: string;
+	dashboardId?: string;
+	dashboardName?: string;
+	isNewPanel?: boolean;
 }
 
 export default QuerySection;

frontend/src/container/NewWidget/LeftContainer/index.tsx

@@ -30,6 +30,8 @@ function LeftContainer({
 	setRequestData,
 	setQueryResponse,
 	enableDrillDown = false,
+	selectedDashboard,
+	isNewPanel = false,
 }: WidgetGraphProps): JSX.Element {
 	const { stagedQuery } = useQueryBuilder();
 
@@ -75,6 +77,11 @@ function LeftContainer({
 					selectedGraph={selectedGraph}
 					queryRangeKey={queryRangeKey}
 					isLoadingQueries={queryResponse.isFetching}
+					selectedWidget={selectedWidget}
+					dashboardVersion={ENTITY_VERSION_V5}
+					dashboardId={selectedDashboard?.id}
+					dashboardName={selectedDashboard?.data.title}
+					isNewPanel={isNewPanel}
 				/>
 				{selectedGraph === PANEL_TYPES.LIST && (
 					<ExplorerColumnsRenderer

frontend/src/container/NewWidget/RightContainer/__tests__/RightContainer.test.tsx

@@ -8,7 +8,6 @@ import userEvent from '@testing-library/user-event';
 import { PANEL_TYPES } from 'constants/queryBuilder';
 import { AppContext } from 'providers/App/App';
 import { IAppContext } from 'providers/App/types';
-import { DashboardProvider } from 'providers/Dashboard/Dashboard';
 import { ErrorModalProvider } from 'providers/ErrorModalProvider';
 import { QueryBuilderProvider } from 'providers/QueryBuilder';
 import configureStore from 'redux-mock-store';
@@ -96,9 +95,7 @@ const render = (ui: React.ReactElement): ReturnType<typeof rtlRender> =>
 				<Provider store={createMockStore()}>
 					<AppContext.Provider value={createMockAppContext() as IAppContext}>
 						<ErrorModalProvider>
-							<DashboardProvider>
-								<QueryBuilderProvider>{ui}</QueryBuilderProvider>
-							</DashboardProvider>
+							<QueryBuilderProvider>{ui}</QueryBuilderProvider>
 						</ErrorModalProvider>
 					</AppContext.Provider>
 				</Provider>

frontend/src/container/NewWidget/__test__/NewWidget.test.tsx

@@ -310,12 +310,12 @@ describe('Stacking bar in new panel', () => {
 
 		const { container, getByText } = render(
 			<I18nextProvider i18n={i18n}>
-				<DashboardProvider>
+				<DashboardProvider dashboardId="">
 					<PreferenceContextProvider>
 						<NewWidget
+							dashboardId=""
+							selectedDashboard={undefined}
 							selectedGraph={PANEL_TYPES.BAR}
-							fillSpans={undefined}
-							yAxisUnit={undefined}
 						/>
 					</PreferenceContextProvider>
 				</DashboardProvider>
@@ -356,11 +356,11 @@ describe('when switching to BAR panel type', () => {
 
 	it('should preserve saved stacking value of true', async () => {
 		const { getByTestId, getByText, container } = render(
-			<DashboardProvider>
+			<DashboardProvider dashboardId="">
 				<NewWidget
+					dashboardId=""
+					selectedDashboard={undefined}
 					selectedGraph={PANEL_TYPES.BAR}
-					fillSpans={undefined}
-					yAxisUnit={undefined}
 				/>
 			</DashboardProvider>,
 		);

frontend/src/container/NewWidget/index.tsx

@@ -4,7 +4,7 @@ import { useTranslation } from 'react-i18next';
 import { UseQueryResult } from 'react-query';
 // eslint-disable-next-line no-restricted-imports
 import { useSelector } from 'react-redux';
-import { generatePath, useParams } from 'react-router-dom';
+import { generatePath } from 'react-router-dom';
 import { WarningOutlined } from '@ant-design/icons';
 import { Button, Flex, Modal, Space, Typography } from 'antd';
 import logEvent from 'api/common/logEvent';
@@ -32,8 +32,6 @@ import { GetQueryResultsProps } from 'lib/dashboard/getQueryResults';
 import { getDashboardVariables } from 'lib/dashboardVariables/getDashboardVariables';
 import { cloneDeep, defaultTo, isEmpty, isUndefined } from 'lodash-es';
 import { Check, X } from 'lucide-react';
-import { DashboardWidgetPageParams } from 'pages/DashboardWidget';
-import { useDashboard } from 'providers/Dashboard/Dashboard';
 import { useScrollToWidgetIdStore } from 'providers/Dashboard/helpers/scrollToWidgetIdHelper';
 import {
 	clearSelectedRowWidgetId,
@@ -83,6 +81,8 @@ import {
 import './NewWidget.styles.scss';
 
 function NewWidget({
+	selectedDashboard,
+	dashboardId,
 	selectedGraph,
 	enableDrillDown = false,
 }: NewWidgetProps): JSX.Element {
@@ -90,11 +90,6 @@ function NewWidget({
 	const setToScrollWidgetId = useScrollToWidgetIdStore(
 		(s) => s.setToScrollWidgetId,
 	);
-	const {
-		selectedDashboard,
-		setSelectedDashboard,
-		columnWidths,
-	} = useDashboard();
 
 	const { dashboardVariables } = useDashboardVariables();
 
@@ -139,8 +134,6 @@ function NewWidget({
 
 	const query = useUrlQuery();
 
-	const { dashboardId } = useParams<DashboardWidgetPageParams>();
-
 	const [isNewDashboard, setIsNewDashboard] = useState<boolean>(false);
 
 	const logEventCalledRef = useRef(false);
@@ -286,11 +279,10 @@ function NewWidget({
 				isLogScale,
 				legendPosition,
 				customLegendColors,
-				columnWidths: columnWidths?.[selectedWidget?.id],
+				columnWidths: selectedWidget.columnWidths,
 				contextLinks,
 			};
 		});
-		// eslint-disable-next-line react-hooks/exhaustive-deps
 	}, [
 		columnUnits,
 		currentQuery,
@@ -313,8 +305,8 @@ function NewWidget({
 		isLogScale,
 		legendPosition,
 		customLegendColors,
-		columnWidths,
 		contextLinks,
+		selectedWidget.columnWidths,
 	]);
 
 	const closeModal = (): void => {
@@ -560,8 +552,7 @@ function NewWidget({
 		};
 
 		updateDashboardMutation.mutateAsync(dashboard, {
-			onSuccess: (updatedDashboard) => {
-				setSelectedDashboard(updatedDashboard.data);
+			onSuccess: () => {
 				setToScrollWidgetId(selectedWidget?.id || '');
 				safeNavigate({
 					pathname: generatePath(ROUTES.DASHBOARD, { dashboardId }),
@@ -580,7 +571,6 @@ function NewWidget({
 		preWidgets,
 		updateDashboardMutation,
 		widgets,
-		setSelectedDashboard,
 		setToScrollWidgetId,
 		safeNavigate,
 		dashboardId,
@@ -630,22 +620,25 @@ function NewWidget({
 		// eslint-disable-next-line react-hooks/exhaustive-deps
 	}, [query]);
 
-	const onSaveDashboard = useCallback((): void => {
+	const isNewPanel = useMemo(() => {
 		const widgetId = query.get('widgetId');
-		const selectWidget = widgets?.find((e) => e.id === widgetId);
+		const selectedWidget = widgets?.find((e) => e.id === widgetId);
+		return isUndefined(selectedWidget);
+	}, [query, widgets]);
 
+	const onSaveDashboard = useCallback((): void => {
 		logEvent('Panel Edit: Save changes', {
 			panelType: selectedWidget.panelTypes,
 			dashboardId: selectedDashboard?.id,
 			widgetId: selectedWidget.id,
 			dashboardName: selectedDashboard?.data.title,
 			queryType: currentQuery.queryType,
-			isNewPanel: isUndefined(selectWidget),
+			isNewPanel,
 			dataSource: currentQuery?.builder?.queryData?.[0]?.dataSource,
 		});
 		setSaveModal(true);
 		// eslint-disable-next-line react-hooks/exhaustive-deps
-	}, []);
+	}, [isNewPanel]);
 
 	const isNewTraceLogsAvailable =
 		currentQuery.queryType === EQueryType.QUERY_BUILDER &&
@@ -821,6 +814,8 @@ function NewWidget({
 								isLoadingPanelData={isLoadingPanelData}
 								setQueryResponse={setQueryResponse}
 								enableDrillDown={enableDrillDown}
+								selectedDashboard={selectedDashboard}
+								isNewPanel={isNewPanel}
 							/>
 						)}
 					</OverlayScrollbar>

frontend/src/container/NewWidget/types.ts

@@ -2,6 +2,7 @@ import { Dispatch, SetStateAction } from 'react';
 import { UseQueryResult } from 'react-query';
 import { PANEL_TYPES } from 'constants/queryBuilder';
 import { GetQueryResultsProps } from 'lib/dashboard/getQueryResults';
+import { IDashboardContext } from 'providers/Dashboard/types';
 import { SuccessResponse, Warning } from 'types/api';
 import { Widgets } from 'types/api/dashboard/getAll';
 import { MetricRangePayloadProps } from 'types/api/metrics/getQueryRange';
@@ -9,9 +10,9 @@ import { MetricRangePayloadProps } from 'types/api/metrics/getQueryRange';
 import { timePreferance } from './RightContainer/timeItems';
 
 export interface NewWidgetProps {
+	dashboardId: string;
+	selectedDashboard: IDashboardContext['selectedDashboard'];
 	selectedGraph: PANEL_TYPES;
-	yAxisUnit: Widgets['yAxisUnit'];
-	fillSpans: Widgets['fillSpans'];
 	enableDrillDown?: boolean;
 }
 
@@ -34,6 +35,8 @@ export interface WidgetGraphProps {
 		>
 	>;
 	enableDrillDown?: boolean;
+	selectedDashboard: IDashboardContext['selectedDashboard'];
+	isNewPanel?: boolean;
 }
 
 export type WidgetGraphContainerProps = {

frontend/src/container/SideNav/config.ts

@@ -38,6 +38,7 @@ export const routeConfig: Record<string, QueryParams[]> = {
 	[ROUTES.MY_SETTINGS]: [QueryParams.resourceAttributes],
 	[ROUTES.NOT_FOUND]: [QueryParams.resourceAttributes],
 	[ROUTES.ORG_SETTINGS]: [QueryParams.resourceAttributes],
+	[ROUTES.MEMBERS_SETTINGS]: [QueryParams.resourceAttributes],
 	[ROUTES.PASSWORD_RESET]: [QueryParams.resourceAttributes],
 	[ROUTES.SETTINGS]: [QueryParams.resourceAttributes],
 	[ROUTES.SIGN_UP]: [QueryParams.resourceAttributes],

frontend/src/hooks/queryBuilder/useCreateAlerts.tsx

@@ -107,7 +107,6 @@ const useCreateAlerts = (widget?: Widgets, caller?: string): VoidFunction => {
 		queryRangeMutation,
 		dashboardVariables,
 		dashboardDynamicVariables,
-		selectedDashboard?.data.version,
 		widget,
 	]);
 };

frontend/src/hooks/useAuthZ/permissions.type.ts

@@ -23,10 +23,10 @@ export default {
 		relations: {
 			assignee: ['role'],
 			create: ['metaresources'],
-			delete: ['user', 'role', 'organization', 'metaresource'],
+			delete: ['user', 'serviceaccount', 'role', 'organization', 'metaresource'],
 			list: ['metaresources'],
-			read: ['user', 'role', 'organization', 'metaresource'],
-			update: ['user', 'role', 'organization', 'metaresource'],
+			read: ['user', 'serviceaccount', 'role', 'organization', 'metaresource'],
+			update: ['user', 'serviceaccount', 'role', 'organization', 'metaresource'],
 		},
 	},
 } as const;

frontend/src/pages/DashboardPage/index.tsx

@@ -1,3 +1,16 @@
+import { useParams } from 'react-router-dom';
+import { DashboardProvider } from 'providers/Dashboard/Dashboard';
+
 import DashboardPage from './DashboardPage';
 
-export default DashboardPage;
+function DashboardPageWithProvider(): JSX.Element {
+	const { dashboardId } = useParams<{ dashboardId: string }>();
+
+	return (
+		<DashboardProvider dashboardId={dashboardId}>
+			<DashboardPage />
+		</DashboardProvider>
+	);
+}
+
+export default DashboardPageWithProvider;

frontend/src/pages/DashboardWidget/index.tsx

@@ -1,50 +1,91 @@
-import { useEffect, useState } from 'react';
-import { generatePath, useLocation, useParams } from 'react-router-dom';
+import { useEffect, useMemo } from 'react';
+import { useQuery } from 'react-query';
+import { generatePath, useParams } from 'react-router-dom';
 import { Card, Typography } from 'antd';
+import getDashboard from 'api/v1/dashboards/id/get';
 import Spinner from 'components/Spinner';
 import { SOMETHING_WENT_WRONG } from 'constants/api';
 import { PANEL_TYPES } from 'constants/queryBuilder';
+import { DASHBOARD_CACHE_TIME } from 'constants/queryCacheTime';
+import { REACT_QUERY_KEY } from 'constants/reactQueryKeys';
 import ROUTES from 'constants/routes';
 import NewWidget from 'container/NewWidget';
 import { isDrilldownEnabled } from 'container/QueryTable/Drilldown/drilldownUtils';
 import { useSafeNavigate } from 'hooks/useSafeNavigate';
-import useUrlQuery from 'hooks/useUrlQuery';
-import { useDashboard } from 'providers/Dashboard/Dashboard';
-import { Widgets } from 'types/api/dashboard/getAll';
+import { parseAsStringEnum, useQueryState } from 'nuqs';
+import { setDashboardVariablesStore } from 'providers/Dashboard/store/dashboardVariables/dashboardVariablesStore';
 
 function DashboardWidget(): JSX.Element | null {
-	const { search } = useLocation();
-	const { dashboardId } = useParams<DashboardWidgetPageParams>();
+	const { dashboardId } = useParams<{
+		dashboardId: string;
+	}>();
+	const [widgetId] = useQueryState('widgetId');
+	const [graphType] = useQueryState(
+		'graphType',
+		parseAsStringEnum<PANEL_TYPES>(Object.values(PANEL_TYPES)),
+	);
+
 	const { safeNavigate } = useSafeNavigate();
 
-	const [selectedGraph, setSelectedGraph] = useState<PANEL_TYPES>();
-
-	const { selectedDashboard, dashboardResponse } = useDashboard();
-
-	const params = useUrlQuery();
-
-	const widgetId = params.get('widgetId');
-	const { data } = selectedDashboard || {};
-	const { widgets } = data || {};
-
-	const selectedWidget = widgets?.find((e) => e.id === widgetId) as Widgets;
-
 	useEffect(() => {
-		const params = new URLSearchParams(search);
-		const graphType = params.get('graphType') as PANEL_TYPES | null;
-
-		if (graphType === null) {
+		if (!graphType || !widgetId) {
 			safeNavigate(generatePath(ROUTES.DASHBOARD, { dashboardId }));
-		} else {
-			setSelectedGraph(graphType);
+		} else if (!dashboardId) {
+			safeNavigate(ROUTES.HOME);
 		}
-	}, [dashboardId, safeNavigate, search]);
+	}, [graphType, widgetId, dashboardId, safeNavigate]);
 
-	if (selectedGraph === undefined || dashboardResponse.isLoading) {
+	if (!widgetId || !graphType) {
+		return null;
+	}
+
+	return (
+		<DashboardWidgetInternal
+			dashboardId={dashboardId}
+			widgetId={widgetId}
+			graphType={graphType}
+		/>
+	);
+}
+
+function DashboardWidgetInternal({
+	dashboardId,
+	widgetId,
+	graphType,
+}: {
+	dashboardId: string;
+	widgetId: string;
+	graphType: PANEL_TYPES;
+}): JSX.Element | null {
+	const {
+		data: dashboardResponse,
+		isFetching: isFetchingDashboardResponse,
+		isError: isErrorDashboardResponse,
+	} = useQuery([REACT_QUERY_KEY.DASHBOARD_BY_ID, dashboardId, widgetId], {
+		enabled: true,
+		queryFn: async () =>
+			await getDashboard({
+				id: dashboardId,
+			}),
+		refetchOnWindowFocus: false,
+		cacheTime: DASHBOARD_CACHE_TIME,
+		onSuccess: (response) => {
+			setDashboardVariablesStore({
+				dashboardId,
+				variables: response.data.data.variables,
+			});
+		},
+	});
+
+	const selectedDashboard = useMemo(() => dashboardResponse?.data, [
+		dashboardResponse?.data,
+	]);
+
+	if (isFetchingDashboardResponse) {
 		return <Spinner tip="Loading.." />;
 	}
 
-	if (dashboardResponse.isError) {
+	if (isErrorDashboardResponse) {
 		return (
 			<Card>
 				<Typography>{SOMETHING_WENT_WRONG}</Typography>
@@ -54,16 +95,11 @@ function DashboardWidget(): JSX.Element | null {
 
 	return (
 		<NewWidget
-			yAxisUnit={selectedWidget?.yAxisUnit}
-			selectedGraph={selectedGraph}
-			fillSpans={selectedWidget?.fillSpans}
+			dashboardId={dashboardId}
+			selectedGraph={graphType}
 			enableDrillDown={isDrilldownEnabled()}
+			selectedDashboard={selectedDashboard}
 		/>
 	);
 }
-
-export interface DashboardWidgetPageParams {
-	dashboardId: string;
-}
-
 export default DashboardWidget;

frontend/src/pages/DashboardsListPage/__tests__/DashboardListPage.test.tsx

@@ -8,7 +8,6 @@ import {
 } from 'mocks-server/__mockdata__/dashboards';
 import { server } from 'mocks-server/server';
 import { rest } from 'msw';
-import { DashboardProvider } from 'providers/Dashboard/Dashboard';
 import { fireEvent, render, waitFor } from 'tests/test-utils';
 
 jest.mock('container/DashboardContainer/DashboardDescription/utils', () => ({
@@ -19,11 +18,6 @@ jest.mock('container/DashboardContainer/DashboardDescription/utils', () => ({
 jest.mock('react-router-dom', () => ({
 	...jest.requireActual('react-router-dom'),
 	useLocation: jest.fn(),
-	useRouteMatch: jest.fn().mockReturnValue({
-		params: {
-			dashboardId: 4,
-		},
-	}),
 }));
 
 const mockWindowOpen = jest.fn();
@@ -47,9 +41,7 @@ describe('dashboard list page', () => {
 			<MemoryRouter
 				initialEntries={['/dashbords?columnKey=asgard&order=stones&page=1']}
 			>
-				<DashboardProvider>
-					<DashboardsList />
-				</DashboardProvider>
+				<DashboardsList />
 			</MemoryRouter>,
 		);
 
@@ -71,9 +63,7 @@ describe('dashboard list page', () => {
 			<MemoryRouter
 				initialEntries={['/dashbords?columnKey=createdAt&order=descend&page=1']}
 			>
-				<DashboardProvider>
-					<DashboardsList />
-				</DashboardProvider>
+				<DashboardsList />
 			</MemoryRouter>,
 		);
 
@@ -92,9 +82,7 @@ describe('dashboard list page', () => {
 					'/dashbords?columnKey=createdAt&order=descend&page=1&search=tho',
 				]}
 			>
-				<DashboardProvider>
-					<DashboardsList />
-				</DashboardProvider>
+				<DashboardsList />
 			</MemoryRouter>,
 		);
 
@@ -135,9 +123,7 @@ describe('dashboard list page', () => {
 					'/dashbords?columnKey=createdAt&order=descend&page=1&search=tho',
 				]}
 			>
-				<DashboardProvider>
-					<DashboardsList />
-				</DashboardProvider>
+				<DashboardsList />
 			</MemoryRouter>,
 		);
 
@@ -164,9 +150,7 @@ describe('dashboard list page', () => {
 					'/dashbords?columnKey=createdAt&order=descend&page=1&search=tho',
 				]}
 			>
-				<DashboardProvider>
-					<DashboardsList />
-				</DashboardProvider>
+				<DashboardsList />
 			</MemoryRouter>,
 		);
 
@@ -196,9 +180,7 @@ describe('dashboard list page', () => {
 					'/dashbords?columnKey=createdAt&order=descend&page=1&search=tho',
 				]}
 			>
-				<DashboardProvider>
-					<DashboardsList />
-				</DashboardProvider>
+				<DashboardsList />
 			</MemoryRouter>,
 		);
 

frontend/src/pages/Settings/Settings.tsx

@@ -63,6 +63,7 @@ function SettingsPage(): JSX.Element {
 						isAdmin &&
 						(item.key === ROUTES.BILLING ||
 							item.key === ROUTES.ORG_SETTINGS ||
+							item.key === ROUTES.MEMBERS_SETTINGS ||
 							item.key === ROUTES.MY_SETTINGS ||
 							item.key === ROUTES.SHORTCUTS)
 					),

frontend/src/pages/Settings/utils.ts

@@ -36,6 +36,7 @@ export const getRoutes = (
 	if (isWorkspaceBlocked && isAdmin) {
 		settings.push(
 			...organizationSettings(t),
+			...membersSettings(t),
 			...mySettings(t),
 			...billingSettings(t),
 			...keyboardShortcuts(t),

frontend/src/providers/Dashboard/Dashboard.tsx

@@ -14,13 +14,11 @@ import { useTranslation } from 'react-i18next';
 import { useMutation, useQuery, UseQueryResult } from 'react-query';
 // eslint-disable-next-line no-restricted-imports
 import { useDispatch, useSelector } from 'react-redux';
-import { useRouteMatch } from 'react-router-dom';
 import { Modal } from 'antd';
 import getDashboard from 'api/v1/dashboards/id/get';
 import locked from 'api/v1/dashboards/id/lock';
 import { ALL_SELECTED_VALUE } from 'components/NewSelect/utils';
 import { REACT_QUERY_KEY } from 'constants/reactQueryKeys';
-import ROUTES from 'constants/routes';
 import dayjs, { Dayjs } from 'dayjs';
 import { useDashboardVariablesFromLocalStorage } from 'hooks/dashboard/useDashboardFromLocalStorage';
 import useVariablesFromUrl from 'hooks/dashboard/useVariablesFromUrl';
@@ -83,14 +81,11 @@ export const DashboardContext = createContext<IDashboardContext>({
 	setColumnWidths: () => {},
 });
 
-interface Props {
-	dashboardId: string;
-}
-
 // eslint-disable-next-line sonarjs/cognitive-complexity
 export function DashboardProvider({
 	children,
-}: PropsWithChildren): JSX.Element {
+	dashboardId,
+}: PropsWithChildren<{ dashboardId: string }>): JSX.Element {
 	const [isDashboardSliderOpen, setIsDashboardSlider] = useState<boolean>(false);
 
 	const [isDashboardLocked, setIsDashboardLocked] = useState<boolean>(false);
@@ -100,11 +95,6 @@ export function DashboardProvider({
 		setDashboardQueryRangeCalled,
 	] = useState<boolean>(false);
 
-	const isDashboardPage = useRouteMatch<Props>({
-		path: ROUTES.DASHBOARD,
-		exact: true,
-	});
-
 	const { showErrorModal } = useErrorModal();
 
 	const dispatch = useDispatch<Dispatch<AppActions>>();
@@ -115,11 +105,6 @@ export function DashboardProvider({
 
 	const [onModal, Content] = Modal.useModal();
 
-	const isDashboardWidgetPage = useRouteMatch<Props>({
-		path: ROUTES.DASHBOARD_WIDGET,
-		exact: true,
-	});
-
 	const [layouts, setLayouts] = useState<Layout[]>([]);
 
 	const [panelMap, setPanelMap] = useState<
@@ -128,11 +113,6 @@ export function DashboardProvider({
 
 	const { isLoggedIn } = useAppContext();
 
-	const dashboardId =
-		(isDashboardPage
-			? isDashboardPage.params.dashboardId
-			: isDashboardWidgetPage?.params.dashboardId) || '';
-
 	const [selectedDashboard, setSelectedDashboard] = useState<Dashboard>();
 	const dashboardVariables = useDashboardVariablesSelector((s) => s.variables);
 	const savedDashboardId = useDashboardVariablesSelector((s) => s.dashboardId);
@@ -267,12 +247,11 @@ export function DashboardProvider({
 	const dashboardResponse = useQuery(
 		[
 			REACT_QUERY_KEY.DASHBOARD_BY_ID,
-			isDashboardPage?.params,
 			dashboardId,
 			globalTime.isAutoRefreshDisabled,
 		],
 		{
-			enabled: (!!isDashboardPage || !!isDashboardWidgetPage) && isLoggedIn,
+			enabled: !!dashboardId && isLoggedIn,
 			queryFn: async () => {
 				setIsDashboardFetching(true);
 				try {
@@ -392,11 +371,7 @@ export function DashboardProvider({
 
 	useEffect(() => {
 		// make the call on tab visibility only if the user is on dashboard / widget page
-		if (
-			isVisible &&
-			updatedTimeRef.current &&
-			(!!isDashboardPage || !!isDashboardWidgetPage)
-		) {
+		if (isVisible && updatedTimeRef.current && !!dashboardId) {
 			dashboardResponse.refetch();
 		}
 		// eslint-disable-next-line react-hooks/exhaustive-deps

frontend/src/providers/Dashboard/__tests__/Dashboard.test.tsx

@@ -2,11 +2,10 @@ import { QueryClient, QueryClientProvider } from 'react-query';
 // eslint-disable-next-line no-restricted-imports
 import { useSelector } from 'react-redux';
 import { MemoryRouter } from 'react-router-dom';
-import { render, screen, waitFor } from '@testing-library/react';
+import { render, RenderResult, screen, waitFor } from '@testing-library/react';
 import getDashboard from 'api/v1/dashboards/id/get';
 import { DASHBOARD_CACHE_TIME_ON_REFRESH_ENABLED } from 'constants/queryCacheTime';
 import { REACT_QUERY_KEY } from 'constants/reactQueryKeys';
-import ROUTES from 'constants/routes';
 import { DashboardProvider, useDashboard } from 'providers/Dashboard/Dashboard';
 import { IDashboardVariable } from 'types/api/dashboard/getAll';
 
@@ -19,30 +18,28 @@ jest.mock('api/v1/dashboards/id/get');
 jest.mock('api/v1/dashboards/id/lock');
 const mockGetDashboard = jest.mocked(getDashboard);
 
-// Mock useRouteMatch to simulate different route scenarios
-const mockUseRouteMatch = jest.fn();
-jest.mock('react-router-dom', () => ({
-	...jest.requireActual('react-router-dom'),
-	useRouteMatch: (): any => mockUseRouteMatch(),
-}));
-
 // Mock other dependencies
 jest.mock('hooks/useSafeNavigate', () => ({
-	useSafeNavigate: (): any => ({
+	useSafeNavigate: (): { safeNavigate: jest.Mock } => ({
 		safeNavigate: jest.fn(),
 	}),
 }));
 
 // Mock only the essential dependencies for Dashboard provider
 jest.mock('providers/App/App', () => ({
-	useAppContext: (): any => ({
+	useAppContext: (): {
+		isLoggedIn: boolean;
+		user: { email: string; role: string };
+	} => ({
 		isLoggedIn: true,
 		user: { email: 'test@example.com', role: 'ADMIN' },
 	}),
 }));
 
 jest.mock('providers/ErrorModalProvider', () => ({
-	useErrorModal: (): any => ({ showErrorModal: jest.fn() }),
+	useErrorModal: (): { showErrorModal: jest.Mock } => ({
+		showErrorModal: jest.fn(),
+	}),
 }));
 
 jest.mock('react-redux', () => ({
@@ -60,11 +57,10 @@ jest.mock('uuid', () => ({ v4: jest.fn(() => 'mock-uuid') }));
 function TestComponent(): JSX.Element {
 	const { dashboardResponse, selectedDashboard } = useDashboard();
 	const { dashboardVariables } = useDashboardVariables();
-	const dashboardId = selectedDashboard?.id;
 
 	return (
 		<div>
-			<div data-testid="dashboard-id">{dashboardId}</div>
+			<div data-testid="dashboard-id">{selectedDashboard?.id}</div>
 			<div data-testid="query-status">{dashboardResponse.status}</div>
 			<div data-testid="is-loading">{dashboardResponse.isLoading.toString()}</div>
 			<div data-testid="is-fetching">
@@ -94,27 +90,15 @@ function createTestQueryClient(): QueryClient {
 
 // Helper to render with dashboard provider
 function renderWithDashboardProvider(
-	initialRoute = '/dashboard/test-dashboard-id',
-	routeMatchParams?: { dashboardId: string } | null,
-): any {
+	dashboardId = 'test-dashboard-id',
+): RenderResult {
 	const queryClient = createTestQueryClient();
-
-	// Mock the route match
-	mockUseRouteMatch.mockReturnValue(
-		routeMatchParams
-			? {
-					path: ROUTES.DASHBOARD,
-					url: `/dashboard/${routeMatchParams.dashboardId}`,
-					isExact: true,
-					params: routeMatchParams,
-			  }
-			: null,
-	);
+	const initialRoute = dashboardId ? `/dashboard/${dashboardId}` : '/dashboard';
 
 	return render(
 		<QueryClientProvider client={queryClient}>
 			<MemoryRouter initialEntries={[initialRoute]}>
-				<DashboardProvider>
+				<DashboardProvider dashboardId={dashboardId}>
 					<TestComponent />
 				</DashboardProvider>
 			</MemoryRouter>
@@ -188,7 +172,7 @@ describe('Dashboard Provider - Query Key with Route Params', () => {
 	describe('Query Key Behavior', () => {
 		it('should include route params in query key when on dashboard page', async () => {
 			const dashboardId = 'test-dashboard-id';
-			renderWithDashboardProvider(`/dashboard/${dashboardId}`, { dashboardId });
+			renderWithDashboardProvider(dashboardId);
 
 			await waitFor(() => {
 				expect(mockGetDashboard).toHaveBeenCalledWith({ id: dashboardId });
@@ -203,30 +187,17 @@ describe('Dashboard Provider - Query Key with Route Params', () => {
 			const newDashboardId = 'new-dashboard-id';
 
 			// First render with initial dashboard ID
-			const { rerender } = renderWithDashboardProvider(
-				`/dashboard/${initialDashboardId}`,
-				{
-					dashboardId: initialDashboardId,
-				},
-			);
+			const { rerender } = renderWithDashboardProvider(initialDashboardId);
 
 			await waitFor(() => {
 				expect(mockGetDashboard).toHaveBeenCalledWith({ id: initialDashboardId });
 			});
 
-			// Change route params to simulate navigation
-			mockUseRouteMatch.mockReturnValue({
-				path: ROUTES.DASHBOARD,
-				url: `/dashboard/${newDashboardId}`,
-				isExact: true,
-				params: { dashboardId: newDashboardId },
-			});
-
-			// Rerender with new route
+			// Rerender with new dashboard ID prop
 			rerender(
 				<QueryClientProvider client={createTestQueryClient()}>
 					<MemoryRouter initialEntries={[`/dashboard/${newDashboardId}`]}>
-						<DashboardProvider>
+						<DashboardProvider dashboardId={newDashboardId}>
 							<TestComponent />
 						</DashboardProvider>
 					</MemoryRouter>
@@ -241,50 +212,24 @@ describe('Dashboard Provider - Query Key with Route Params', () => {
 			expect(mockGetDashboard).toHaveBeenCalledTimes(2);
 		});
 
-		it('should not fetch when not on dashboard page', () => {
-			// Mock no route match (not on dashboard page)
-			mockUseRouteMatch.mockReturnValue(null);
-
-			renderWithDashboardProvider('/some-other-page', null);
+		it('should not fetch when no dashboardId is provided', () => {
+			renderWithDashboardProvider('');
 
 			// Should not call the API
 			expect(mockGetDashboard).not.toHaveBeenCalled();
 		});
-
-		it('should handle undefined route params gracefully', async () => {
-			// Mock route match with undefined params
-			mockUseRouteMatch.mockReturnValue({
-				path: ROUTES.DASHBOARD,
-				url: '/dashboard/undefined',
-				isExact: true,
-				params: undefined,
-			});
-
-			renderWithDashboardProvider('/dashboard/undefined');
-
-			// Should not call API when params are undefined
-			expect(mockGetDashboard).not.toHaveBeenCalled();
-		});
 	});
 
 	describe('Cache Behavior', () => {
-		it('should create separate cache entries for different route params', async () => {
+		it('should create separate cache entries for different dashboardIds', async () => {
 			const queryClient = createTestQueryClient();
 			const dashboardId1 = 'dashboard-1';
 			const dashboardId2 = 'dashboard-2';
 
-			// First dashboard
-			mockUseRouteMatch.mockReturnValue({
-				path: ROUTES.DASHBOARD,
-				url: `/dashboard/${dashboardId1}`,
-				isExact: true,
-				params: { dashboardId: dashboardId1 },
-			});
-
 			const { rerender } = render(
 				<QueryClientProvider client={queryClient}>
 					<MemoryRouter initialEntries={[`/dashboard/${dashboardId1}`]}>
-						<DashboardProvider>
+						<DashboardProvider dashboardId={dashboardId1}>
 							<TestComponent />
 						</DashboardProvider>
 					</MemoryRouter>
@@ -295,18 +240,10 @@ describe('Dashboard Provider - Query Key with Route Params', () => {
 				expect(mockGetDashboard).toHaveBeenCalledWith({ id: dashboardId1 });
 			});
 
-			// Second dashboard
-			mockUseRouteMatch.mockReturnValue({
-				path: ROUTES.DASHBOARD,
-				url: `/dashboard/${dashboardId2}`,
-				isExact: true,
-				params: { dashboardId: dashboardId2 },
-			});
-
 			rerender(
 				<QueryClientProvider client={queryClient}>
 					<MemoryRouter initialEntries={[`/dashboard/${dashboardId2}`]}>
-						<DashboardProvider>
+						<DashboardProvider dashboardId={dashboardId2}>
 							<TestComponent />
 						</DashboardProvider>
 					</MemoryRouter>
@@ -325,13 +262,11 @@ describe('Dashboard Provider - Query Key with Route Params', () => {
 			expect(cacheKeys).toHaveLength(2);
 			expect(cacheKeys[0]).toEqual([
 				REACT_QUERY_KEY.DASHBOARD_BY_ID,
-				{ dashboardId: dashboardId1 },
 				dashboardId1,
 				true, // globalTime.isAutoRefreshDisabled
 			]);
 			expect(cacheKeys[1]).toEqual([
 				REACT_QUERY_KEY.DASHBOARD_BY_ID,
-				{ dashboardId: dashboardId2 },
 				dashboardId2,
 				true, // globalTime.isAutoRefreshDisabled
 			]);
@@ -348,17 +283,10 @@ describe('Dashboard Provider - Query Key with Route Params', () => {
 			const queryClient = createTestQueryClient();
 			const dashboardId = 'auto-refresh-dashboard';
 
-			mockUseRouteMatch.mockReturnValue({
-				path: ROUTES.DASHBOARD,
-				url: `/dashboard/${dashboardId}`,
-				isExact: true,
-				params: { dashboardId },
-			});
-
 			render(
 				<QueryClientProvider client={queryClient}>
 					<MemoryRouter initialEntries={[`/dashboard/${dashboardId}`]}>
-						<DashboardProvider>
+						<DashboardProvider dashboardId={dashboardId}>
 							<TestComponent />
 						</DashboardProvider>
 					</MemoryRouter>
@@ -375,7 +303,7 @@ describe('Dashboard Provider - Query Key with Route Params', () => {
 				.find(
 					(query) =>
 						query.queryKey[0] === REACT_QUERY_KEY.DASHBOARD_BY_ID &&
-						query.queryKey[3] === false,
+						query.queryKey[2] === false,
 				);
 			expect(dashboardQuery).toBeDefined();
 			expect((dashboardQuery as { cacheTime: number }).cacheTime).toBe(
@@ -437,9 +365,7 @@ describe('Dashboard Provider - URL Variables Integration', () => {
 			// Empty URL variables - tests initialization flow
 			mockGetUrlVariables.mockReturnValue({});
 
-			renderWithDashboardProvider(`/dashboard/${DASHBOARD_ID}`, {
-				dashboardId: DASHBOARD_ID,
-			});
+			renderWithDashboardProvider(DASHBOARD_ID);
 
 			await waitFor(() => {
 				expect(mockGetDashboard).toHaveBeenCalledWith({ id: DASHBOARD_ID });
@@ -493,9 +419,7 @@ describe('Dashboard Provider - URL Variables Integration', () => {
 				.mockReturnValueOnce('development')
 				.mockReturnValueOnce(['db', 'cache']);
 
-			renderWithDashboardProvider(`/dashboard/${DASHBOARD_ID}`, {
-				dashboardId: DASHBOARD_ID,
-			});
+			renderWithDashboardProvider(DASHBOARD_ID);
 
 			await waitFor(() => {
 				expect(mockGetDashboard).toHaveBeenCalledWith({ id: DASHBOARD_ID });
@@ -555,9 +479,7 @@ describe('Dashboard Provider - URL Variables Integration', () => {
 
 			mockGetUrlVariables.mockReturnValue(urlVariables);
 
-			renderWithDashboardProvider(`/dashboard/${DASHBOARD_ID}`, {
-				dashboardId: DASHBOARD_ID,
-			});
+			renderWithDashboardProvider(DASHBOARD_ID);
 
 			await waitFor(() => {
 				expect(mockGetDashboard).toHaveBeenCalledWith({ id: DASHBOARD_ID });
@@ -593,9 +515,7 @@ describe('Dashboard Provider - URL Variables Integration', () => {
 				.mockReturnValueOnce('development')
 				.mockReturnValueOnce(['api']);
 
-			renderWithDashboardProvider(`/dashboard/${DASHBOARD_ID}`, {
-				dashboardId: DASHBOARD_ID,
-			});
+			renderWithDashboardProvider(DASHBOARD_ID);
 
 			await waitFor(() => {
 				// Verify normalization was called with the specific values and variable configs
@@ -662,9 +582,7 @@ describe('Dashboard Provider - Textbox Variable Backward Compatibility', () => {
 			} as any);
 			/* eslint-enable @typescript-eslint/no-explicit-any */
 
-			renderWithDashboardProvider(`/dashboard/${DASHBOARD_ID}`, {
-				dashboardId: DASHBOARD_ID,
-			});
+			renderWithDashboardProvider(DASHBOARD_ID);
 
 			await waitFor(() => {
 				expect(mockGetDashboard).toHaveBeenCalledWith({ id: DASHBOARD_ID });
@@ -706,9 +624,7 @@ describe('Dashboard Provider - Textbox Variable Backward Compatibility', () => {
 			} as any);
 			/* eslint-enable @typescript-eslint/no-explicit-any */
 
-			renderWithDashboardProvider(`/dashboard/${DASHBOARD_ID}`, {
-				dashboardId: DASHBOARD_ID,
-			});
+			renderWithDashboardProvider(DASHBOARD_ID);
 
 			await waitFor(() => {
 				expect(mockGetDashboard).toHaveBeenCalledWith({ id: DASHBOARD_ID });
@@ -751,9 +667,7 @@ describe('Dashboard Provider - Textbox Variable Backward Compatibility', () => {
 			} as any);
 			/* eslint-enable @typescript-eslint/no-explicit-any */
 
-			renderWithDashboardProvider(`/dashboard/${DASHBOARD_ID}`, {
-				dashboardId: DASHBOARD_ID,
-			});
+			renderWithDashboardProvider(DASHBOARD_ID);
 
 			await waitFor(() => {
 				expect(mockGetDashboard).toHaveBeenCalledWith({ id: DASHBOARD_ID });
@@ -795,9 +709,7 @@ describe('Dashboard Provider - Textbox Variable Backward Compatibility', () => {
 			} as any);
 			/* eslint-enable @typescript-eslint/no-explicit-any */
 
-			renderWithDashboardProvider(`/dashboard/${DASHBOARD_ID}`, {
-				dashboardId: DASHBOARD_ID,
-			});
+			renderWithDashboardProvider(DASHBOARD_ID);
 
 			await waitFor(() => {
 				expect(mockGetDashboard).toHaveBeenCalledWith({ id: DASHBOARD_ID });

frontend/src/utils/maskedKey.ts

@@ -0,0 +1,9 @@
+/**
+ * Masks a key string, showing only the first 2 and last 2 characters.
+ */
+export function getMaskedKey(key: string): string {
+	if (!key || key.length < 4) {
+		return key || 'N/A';
+	}
+	return `${key.substring(0, 2)}·······${key.slice(-2).trim()}`;
+}

pkg/alertmanager/service.go

@@ -72,7 +72,7 @@ func (service *Service) SyncServers(ctx context.Context) error {
 
 	service.serversMtx.Lock()
 	for _, org := range orgs {
-		config, err := service.getConfig(ctx, org.ID.StringValue())
+		config, _, err := service.getConfig(ctx, org.ID.StringValue())
 		if err != nil {
 			service.settings.Logger().ErrorContext(ctx, "failed to get alertmanager config for org", "org_id", org.ID.StringValue(), "error", err)
 			continue
@@ -171,7 +171,7 @@ func (service *Service) Stop(ctx context.Context) error {
 }
 
 func (service *Service) newServer(ctx context.Context, orgID string) (*alertmanagerserver.Server, error) {
-	config, err := service.getConfig(ctx, orgID)
+	config, storedHash, err := service.getConfig(ctx, orgID)
 	if err != nil {
 		return nil, err
 	}
@@ -181,13 +181,16 @@ func (service *Service) newServer(ctx context.Context, orgID string) (*alertmana
 		return nil, err
 	}
 
-	beforeCompareAndSelectHash := config.StoreableConfig().Hash
 	config, err = service.compareAndSelectConfig(ctx, config)
 	if err != nil {
 		return nil, err
 	}
 
-	if beforeCompareAndSelectHash == config.StoreableConfig().Hash {
+	// compare against the hash of the config stored in the DB (before overlays
+	// were applied by getConfig). This ensures that overlay changes (e.g. new
+	// defaults from an upstream upgrade or something similar) trigger a DB update
+	// so that other code paths reading directly from the store see the up-to-date config.
+	if storedHash == config.StoreableConfig().Hash {
 		service.settings.Logger().DebugContext(ctx, "skipping config store update for org", "org_id", orgID, "hash", config.StoreableConfig().Hash)
 		return server, nil
 	}
@@ -200,27 +203,33 @@ func (service *Service) newServer(ctx context.Context, orgID string) (*alertmana
 	return server, nil
 }
 
-func (service *Service) getConfig(ctx context.Context, orgID string) (*alertmanagertypes.Config, error) {
+// getConfig returns the config for the given orgID with overlays applied, along
+// with the hash that was stored in the DB before overlays. When no config exists
+// in the store yet the stored hash is empty.
+func (service *Service) getConfig(ctx context.Context, orgID string) (*alertmanagertypes.Config, string, error) {
 	config, err := service.configStore.Get(ctx, orgID)
+	var storedHash string
 	if err != nil {
 		if !errors.Ast(err, errors.TypeNotFound) {
-			return nil, err
+			return nil, "", err
 		}
 
 		config, err = alertmanagertypes.NewDefaultConfig(service.config.Global, service.config.Route, orgID)
 		if err != nil {
-			return nil, err
+			return nil, "", err
 		}
+	} else {
+		storedHash = config.StoreableConfig().Hash
 	}
 
 	if err := config.SetGlobalConfig(service.config.Global); err != nil {
-		return nil, err
+		return nil, "", err
 	}
 	if err := config.SetRouteConfig(service.config.Route); err != nil {
-		return nil, err
+		return nil, "", err
 	}
 
-	return config, nil
+	return config, storedHash, nil
 }
 
 func (service *Service) compareAndSelectConfig(ctx context.Context, incomingConfig *alertmanagertypes.Config) (*alertmanagertypes.Config, error) {

pkg/authz/openfgaschema/base.fga

@@ -2,9 +2,11 @@ module base
 
 type user
 
+type serviceaccount 
+
 type role 
   relations
-    define assignee: [user]
+    define assignee: [user, serviceaccount]
 
 type organisation 
   relations

pkg/modules/serviceaccount/implserviceaccount/handler.go

@@ -111,7 +111,12 @@ func (handler *handler) Update(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	serviceAccount.Update(req.Name, req.Email, req.Roles)
+	err = serviceAccount.Update(req.Name, req.Email, req.Roles)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
 	err = handler.module.Update(ctx, valuer.MustNewUUID(claims.OrgID), serviceAccount)
 	if err != nil {
 		render.Error(rw, err)
@@ -147,7 +152,12 @@ func (handler *handler) UpdateStatus(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	serviceAccount.UpdateStatus(req.Status)
+	err = serviceAccount.UpdateStatus(req.Status)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
 	err = handler.module.UpdateStatus(ctx, valuer.MustNewUUID(claims.OrgID), serviceAccount)
 	if err != nil {
 		render.Error(rw, err)
@@ -290,7 +300,7 @@ func (handler *handler) UpdateFactorAPIKey(rw http.ResponseWriter, r *http.Reque
 	}
 
 	factorAPIKey.Update(req.Name, req.ExpiresAt)
-	err = handler.module.UpdateFactorAPIKey(ctx, serviceAccount.ID, factorAPIKey)
+	err = handler.module.UpdateFactorAPIKey(ctx, valuer.MustNewUUID(claims.OrgID), serviceAccount.ID, factorAPIKey)
 	if err != nil {
 		render.Error(rw, err)
 		return

pkg/modules/serviceaccount/implserviceaccount/module.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/SigNoz/signoz/pkg/authz"
 	"github.com/SigNoz/signoz/pkg/emailing"
+	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/modules/serviceaccount"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
@@ -33,7 +34,7 @@ func (module *module) Create(ctx context.Context, orgID valuer.UUID, serviceAcco
 	}
 
 	// authz actions cannot run in sql transactions
-	err = module.authz.Grant(ctx, orgID, serviceAccount.Roles, authtypes.MustNewSubject(authtypes.TypeableUser, serviceAccount.ID.String(), orgID, nil))
+	err = module.authz.Grant(ctx, orgID, serviceAccount.Roles, authtypes.MustNewSubject(authtypes.TypeableServiceAccount, serviceAccount.ID.String(), orgID, nil))
 	if err != nil {
 		return err
 	}
@@ -60,6 +61,24 @@ func (module *module) Create(ctx context.Context, orgID valuer.UUID, serviceAcco
 	return nil
 }
 
+func (module *module) GetOrCreate(ctx context.Context, serviceAccount *serviceaccounttypes.ServiceAccount) (*serviceaccounttypes.ServiceAccount, error) {
+	existingServiceAccount, err := module.store.GetActiveByOrgIDAndName(ctx, serviceAccount.OrgID, serviceAccount.Name)
+	if err != nil && !errors.Ast(err, errors.TypeNotFound) {
+		return nil, err
+	}
+
+	if existingServiceAccount != nil {
+		return serviceAccount, nil
+	}
+
+	err = module.Create(ctx, serviceAccount.OrgID, serviceAccount)
+	if err != nil {
+		return nil, err
+	}
+
+	return serviceAccount, nil
+}
+
 func (module *module) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*serviceaccounttypes.ServiceAccount, error) {
 	storableServiceAccount, err := module.store.Get(ctx, orgID, id)
 	if err != nil {
@@ -138,7 +157,7 @@ func (module *module) Update(ctx context.Context, orgID valuer.UUID, input *serv
 
 	// gets the role diff if any to modify grants.
 	grants, revokes := serviceAccount.PatchRoles(input)
-	err = module.authz.ModifyGrant(ctx, orgID, revokes, grants, authtypes.MustNewSubject(authtypes.TypeableUser, serviceAccount.ID.String(), orgID, nil))
+	err = module.authz.ModifyGrant(ctx, orgID, revokes, grants, authtypes.MustNewSubject(authtypes.TypeableServiceAccount, serviceAccount.ID.String(), orgID, nil))
 	if err != nil {
 		return err
 	}
@@ -171,26 +190,28 @@ func (module *module) Update(ctx context.Context, orgID valuer.UUID, input *serv
 }
 
 func (module *module) UpdateStatus(ctx context.Context, orgID valuer.UUID, input *serviceaccounttypes.ServiceAccount) error {
-	serviceAccount, err := module.Get(ctx, orgID, input.ID)
+	err := module.authz.Revoke(ctx, orgID, input.Roles, authtypes.MustNewSubject(authtypes.TypeableServiceAccount, input.ID.String(), orgID, nil))
 	if err != nil {
 		return err
 	}
 
-	if input.Status == serviceAccount.Status {
-		return nil
-	}
+	err = module.store.RunInTx(ctx, func(ctx context.Context) error {
+		// revoke all the API keys on disable
+		err := module.store.RevokeAllFactorAPIKeys(ctx, input.ID)
+		if err != nil {
+			return err
+		}
 
-	switch input.Status {
-	case serviceaccounttypes.StatusActive:
-		err := module.activateServiceAccount(ctx, orgID, input)
-		if err != nil {
-			return err
-		}
-	case serviceaccounttypes.StatusDisabled:
-		err := module.disableServiceAccount(ctx, orgID, input)
+		// update the status but do not delete the role mappings as we will use them for audits
+		err = module.store.Update(ctx, orgID, serviceaccounttypes.NewStorableServiceAccount(input))
 		if err != nil {
 			return err
 		}
+
+		return nil
+	})
+	if err != nil {
+		return err
 	}
 
 	return nil
@@ -203,7 +224,7 @@ func (module *module) Delete(ctx context.Context, orgID valuer.UUID, id valuer.U
 	}
 
 	// revoke from authz first as this cannot run in sql transaction
-	err = module.authz.Revoke(ctx, orgID, serviceAccount.Roles, authtypes.MustNewSubject(authtypes.TypeableUser, serviceAccount.ID.String(), orgID, nil))
+	err = module.authz.Revoke(ctx, orgID, serviceAccount.Roles, authtypes.MustNewSubject(authtypes.TypeableServiceAccount, serviceAccount.ID.String(), orgID, nil))
 	if err != nil {
 		return err
 	}
@@ -276,8 +297,13 @@ func (module *module) ListFactorAPIKey(ctx context.Context, serviceAccountID val
 	return serviceaccounttypes.NewFactorAPIKeyFromStorables(storables), nil
 }
 
-func (module *module) UpdateFactorAPIKey(ctx context.Context, serviceAccountID valuer.UUID, factorAPIKey *serviceaccounttypes.FactorAPIKey) error {
-	return module.store.UpdateFactorAPIKey(ctx, serviceAccountID, serviceaccounttypes.NewStorableFactorAPIKey(factorAPIKey))
+func (module *module) UpdateFactorAPIKey(ctx context.Context, _ valuer.UUID, serviceAccountID valuer.UUID, factorAPIKey *serviceaccounttypes.FactorAPIKey) error {
+	err := module.store.UpdateFactorAPIKey(ctx, serviceAccountID, serviceaccounttypes.NewStorableFactorAPIKey(factorAPIKey))
+	if err != nil {
+		return err
+	}
+
+	return nil
 }
 
 func (module *module) RevokeFactorAPIKey(ctx context.Context, serviceAccountID valuer.UUID, id valuer.UUID) error {
@@ -307,45 +333,3 @@ func (module *module) RevokeFactorAPIKey(ctx context.Context, serviceAccountID v
 
 	return nil
 }
-
-func (module *module) disableServiceAccount(ctx context.Context, orgID valuer.UUID, input *serviceaccounttypes.ServiceAccount) error {
-	err := module.authz.Revoke(ctx, orgID, input.Roles, authtypes.MustNewSubject(authtypes.TypeableUser, input.ID.String(), orgID, nil))
-	if err != nil {
-		return err
-	}
-
-	err = module.store.RunInTx(ctx, func(ctx context.Context) error {
-		// revoke all the API keys on disable
-		err := module.store.RevokeAllFactorAPIKeys(ctx, input.ID)
-		if err != nil {
-			return err
-		}
-
-		// update the status but do not delete the role mappings as we will reuse them on activation.
-		err = module.Update(ctx, orgID, input)
-		if err != nil {
-			return err
-		}
-
-		return nil
-	})
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (module *module) activateServiceAccount(ctx context.Context, orgID valuer.UUID, input *serviceaccounttypes.ServiceAccount) error {
-	err := module.authz.Grant(ctx, orgID, input.Roles, authtypes.MustNewSubject(authtypes.TypeableUser, input.ID.String(), orgID, nil))
-	if err != nil {
-		return err
-	}
-
-	err = module.Update(ctx, orgID, input)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}

pkg/modules/serviceaccount/implserviceaccount/store.go

@@ -48,6 +48,25 @@ func (store *store) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID)
 	return storable, nil
 }
 
+func (store *store) GetActiveByOrgIDAndName(ctx context.Context, orgID valuer.UUID, name string) (*serviceaccounttypes.StorableServiceAccount, error) {
+	storable := new(serviceaccounttypes.StorableServiceAccount)
+
+	err := store.
+		sqlstore.
+		BunDBCtx(ctx).
+		NewSelect().
+		Model(storable).
+		Where("org_id = ?", orgID).
+		Where("name = ?", name).
+		Where("status = ?", serviceaccounttypes.StatusActive).
+		Scan(ctx)
+	if err != nil {
+		return nil, store.sqlstore.WrapNotFoundErrf(err, serviceaccounttypes.ErrCodeServiceAccountNotFound, "service account with name: %s doesn't exist in org: %s", name, orgID.String())
+	}
+
+	return storable, nil
+}
+
 func (store *store) GetByID(ctx context.Context, id valuer.UUID) (*serviceaccounttypes.StorableServiceAccount, error) {
 	storable := new(serviceaccounttypes.StorableServiceAccount)
 
@@ -188,7 +207,7 @@ func (store *store) CreateFactorAPIKey(ctx context.Context, storable *serviceacc
 		Model(storable).
 		Exec(ctx)
 	if err != nil {
-		return store.sqlstore.WrapAlreadyExistsErrf(err, serviceaccounttypes.ErrCodeServiceAccountFactorAPIKeyAlreadyExists, "api key with name: %s already exists for service account: %s", storable.Name, storable.ServiceAccountID)
+		return store.sqlstore.WrapAlreadyExistsErrf(err, serviceaccounttypes.ErrCodeAPIKeyAlreadyExists, "api key with name: %s already exists for service account: %s", storable.Name, storable.ServiceAccountID)
 	}
 
 	return nil
@@ -206,7 +225,7 @@ func (store *store) GetFactorAPIKey(ctx context.Context, serviceAccountID valuer
 		Where("service_account_id = ?", serviceAccountID).
 		Scan(ctx)
 	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, serviceaccounttypes.ErrCodeServiceAccounFactorAPIKeytNotFound, "api key with id: %s doesn't exist for service account: %s", id, serviceAccountID)
+		return nil, store.sqlstore.WrapNotFoundErrf(err, serviceaccounttypes.ErrCodeAPIKeytNotFound, "api key with id: %s doesn't exist for service account: %s", id, serviceAccountID)
 	}
 
 	return storable, nil

pkg/modules/serviceaccount/serviceaccount.go

@@ -15,6 +15,9 @@ type Module interface {
 	// Gets a service account by id.
 	Get(context.Context, valuer.UUID, valuer.UUID) (*serviceaccounttypes.ServiceAccount, error)
 
+	// Gets or creates a service account by name
+	GetOrCreate(context.Context, *serviceaccounttypes.ServiceAccount) (*serviceaccounttypes.ServiceAccount, error)
+
 	// Gets a service account by id without fetching roles.
 	GetWithoutRoles(context.Context, valuer.UUID, valuer.UUID) (*serviceaccounttypes.ServiceAccount, error)
 
@@ -40,7 +43,7 @@ type Module interface {
 	ListFactorAPIKey(context.Context, valuer.UUID) ([]*serviceaccounttypes.FactorAPIKey, error)
 
 	// Updates an existing API key for a service account
-	UpdateFactorAPIKey(context.Context, valuer.UUID, *serviceaccounttypes.FactorAPIKey) error
+	UpdateFactorAPIKey(context.Context, valuer.UUID, valuer.UUID, *serviceaccounttypes.FactorAPIKey) error
 
 	// Revokes an existing API key for a service account
 	RevokeFactorAPIKey(context.Context, valuer.UUID, valuer.UUID) error

pkg/querier/querier.go

@@ -20,7 +20,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/types/instrumentationtypes"
 	"github.com/SigNoz/signoz/pkg/types/metrictypes"
 	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
-	"github.com/dustin/go-humanize"
 	"golang.org/x/exp/maps"
 
 	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
@@ -159,8 +158,7 @@ func (q *querier) QueryRange(ctx context.Context, orgID valuer.UUID, req *qbtype
 	metricNames := make([]string, 0)
 	for idx, query := range req.CompositeQuery.Queries {
 		event.QueryType = query.Type.StringValue()
-		switch query.Type {
-		case qbtypes.QueryTypeBuilder:
+		if query.Type == qbtypes.QueryTypeBuilder {
 			if spec, ok := query.Spec.(qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]); ok {
 				for _, agg := range spec.Aggregations {
 					if agg.MetricName != "" {
@@ -238,7 +236,7 @@ func (q *querier) QueryRange(ctx context.Context, orgID valuer.UUID, req *qbtype
 				}
 				req.CompositeQuery.Queries[idx].Spec = spec
 			}
-		case qbtypes.QueryTypePromQL:
+		} else if query.Type == qbtypes.QueryTypePromQL {
 			event.MetricsUsed = true
 			switch spec := query.Spec.(type) {
 			case qbtypes.PromQuery:
@@ -249,7 +247,7 @@ func (q *querier) QueryRange(ctx context.Context, orgID valuer.UUID, req *qbtype
 				}
 				req.CompositeQuery.Queries[idx].Spec = spec
 			}
-		case qbtypes.QueryTypeClickHouseSQL:
+		} else if query.Type == qbtypes.QueryTypeClickHouseSQL {
 			switch spec := query.Spec.(type) {
 			case qbtypes.ClickHouseQuery:
 				if strings.TrimSpace(spec.Query) != "" {
@@ -258,7 +256,7 @@ func (q *querier) QueryRange(ctx context.Context, orgID valuer.UUID, req *qbtype
 					event.TracesUsed = strings.Contains(spec.Query, "signoz_traces")
 				}
 			}
-		case qbtypes.QueryTypeTraceOperator:
+		} else if query.Type == qbtypes.QueryTypeTraceOperator {
 			if spec, ok := query.Spec.(qbtypes.QueryBuilderTraceOperator); ok {
 				if spec.StepInterval.Seconds() == 0 {
 					spec.StepInterval = qbtypes.Step{
@@ -278,9 +276,23 @@ func (q *querier) QueryRange(ctx context.Context, orgID valuer.UUID, req *qbtype
 		}
 	}
 
+	// Fetch temporality for all metrics at once
+	var metricTemporality map[string]metrictypes.Temporality
+	var metricTypes map[string]metrictypes.Type
+	if len(metricNames) > 0 {
+		var err error
+		metricTemporality, metricTypes, err = q.metadataStore.FetchTemporalityAndTypeMulti(ctx, req.Start, req.End, metricNames...)
+		if err != nil {
+			q.logger.WarnContext(ctx, "failed to fetch metric temporality", "error", err, "metrics", metricNames)
+			// Continue without temporality - statement builder will handle unspecified
+			metricTemporality = make(map[string]metrictypes.Temporality)
+			metricTypes = make(map[string]metrictypes.Type)
+		}
+		q.logger.DebugContext(ctx, "fetched metric temporalities and types", "metric_temporality", metricTemporality, "metric_types", metricTypes)
+	}
+
 	queries := make(map[string]qbtypes.Query)
 	steps := make(map[string]qbtypes.Step)
-	missingMetrics := []string{}
 
 	for _, query := range req.CompositeQuery.Queries {
 		var queryName string
@@ -362,26 +374,15 @@ func (q *querier) QueryRange(ctx context.Context, orgID valuer.UUID, req *qbtype
 				queries[spec.Name] = bq
 				steps[spec.Name] = spec.StepInterval
 			case qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]:
-				var metricTemporality map[string]metrictypes.Temporality
-				var metricTypes map[string]metrictypes.Type
-				if len(metricNames) > 0 {
-					var err error
-					metricTemporality, metricTypes, err = q.metadataStore.FetchTemporalityAndTypeMulti(ctx, req.Start, req.End, metricNames...)
-					if err != nil {
-						q.logger.WarnContext(ctx, "failed to fetch metric temporality", "error", err, "metrics", metricNames)
-						return nil, errors.NewInternalf(errors.CodeInternal, "failed to fetch metrics temporality")
-					}
-					q.logger.DebugContext(ctx, "fetched metric temporalities and types", "metric_temporality", metricTemporality, "metric_types", metricTypes)
-				}
 				for i := range spec.Aggregations {
 					if spec.Aggregations[i].MetricName != "" && spec.Aggregations[i].Temporality == metrictypes.Unknown {
 						if temp, ok := metricTemporality[spec.Aggregations[i].MetricName]; ok && temp != metrictypes.Unknown {
 							spec.Aggregations[i].Temporality = temp
 						}
 					}
+					// TODO(srikanthccv): warn when the metric is missing
 					if spec.Aggregations[i].Temporality == metrictypes.Unknown {
-						missingMetrics = append(missingMetrics, spec.Aggregations[i].MetricName)
-						continue
+						spec.Aggregations[i].Temporality = metrictypes.Unspecified
 					}
 
 					if spec.Aggregations[i].MetricName != "" && spec.Aggregations[i].Type == metrictypes.UnspecifiedType {
@@ -408,24 +409,6 @@ func (q *querier) QueryRange(ctx context.Context, orgID valuer.UUID, req *qbtype
 			}
 		}
 	}
-	if len(missingMetrics) > 0 {
-		lastSeenInfo, _ := q.metadataStore.FetchLastSeenInfoMulti(ctx, missingMetrics...)
-		lastSeenStr := func(name string) string {
-			if ts, ok := lastSeenInfo[name]; ok && ts > 0 {
-				ago := humanize.RelTime(time.UnixMilli(ts), time.Now(), "ago", "from now")
-				return fmt.Sprintf("%s (last seen %s)", name, ago)
-			}
-			return name
-		}
-		if len(missingMetrics) == 1 {
-			return nil, errors.NewNotFoundf(errors.CodeNotFound, "no data found for the metric %s in the query time range", lastSeenStr(missingMetrics[0]))
-		}
-		parts := make([]string, len(missingMetrics))
-		for i, m := range missingMetrics {
-			parts[i] = lastSeenStr(m)
-		}
-		return nil, errors.NewNotFoundf(errors.CodeNotFound, "no data found for the following metrics in the query time range: %s", strings.Join(parts, ", "))
-	}
 	qbResp, qbErr := q.run(ctx, orgID, queries, req, steps, event)
 	if qbResp != nil {
 		qbResp.QBEvent = event
@@ -680,7 +663,7 @@ func (q *querier) run(
 }
 
 // executeWithCache executes a query using the bucket cache
-func (q *querier) executeWithCache(ctx context.Context, orgID valuer.UUID, query qbtypes.Query, step qbtypes.Step, _ bool) (*qbtypes.Result, error) {
+func (q *querier) executeWithCache(ctx context.Context, orgID valuer.UUID, query qbtypes.Query, step qbtypes.Step, noCache bool) (*qbtypes.Result, error) {
 	// Get cached data and missing ranges
 	cachedResult, missingRanges := q.bucketCache.GetMissRanges(ctx, orgID, query, step)
 

pkg/query-service/rules/manager_test.go

@@ -76,21 +76,6 @@ func TestManager_TestNotification_SendUnmatched_ThresholdRule(t *testing.T) {
 					alertDataRows := cmock.NewRows(cols, tc.Values)
 
 					mock := mockStore.Mock()
-					// Mock metadata queries for FetchTemporalityAndTypeMulti
-					// First query: fetchMetricsTemporalityAndType (from signoz_metrics time series table)
-					metadataCols := []cmock.ColumnType{
-						{Name: "metric_name", Type: "String"},
-						{Name: "temporality", Type: "String"},
-						{Name: "type", Type: "String"},
-						{Name: "is_monotonic", Type: "Bool"},
-					}
-					metadataRows := cmock.NewRows(metadataCols, [][]any{
-						{"probe_success", metrictypes.Unspecified, metrictypes.GaugeType, false},
-					})
-					mock.ExpectQuery("*distributed_time_series_v4*").WithArgs(nil, nil, nil).WillReturnRows(metadataRows)
-					// Second query: fetchMeterSourceMetricsTemporalityAndType (from signoz_meter table)
-					emptyMetadataRows := cmock.NewRows(metadataCols, [][]any{})
-					mock.ExpectQuery("*meter*").WithArgs(nil).WillReturnRows(emptyMetadataRows)
 
 					// Generate query arguments for the metric query
 					evalTime := time.Now().UTC()

pkg/telemetrymetadata/metadata.go

@@ -1928,37 +1928,3 @@ func (t *telemetryMetaStore) GetFirstSeenFromMetricMetadata(ctx context.Context,
 
 	return result, nil
 }
-
-func (t *telemetryMetaStore) FetchLastSeenInfoMulti(ctx context.Context, metricNames ...string) (map[string]int64, error) {
-	sb := sqlbuilder.Select(
-		"metric_name",
-		"max(unix_milli)",
-	).
-		From(t.metricsDBName + "." + telemetrymetrics.TimeseriesV4TableName)
-	sb.Where(sb.In("metric_name", metricNames))
-	sb.GroupBy("metric_name")
-
-	query, args := sb.BuildWithFlavor(sqlbuilder.ClickHouse)
-
-	t.logger.DebugContext(ctx, "fetching metric last seen timestamp", "query", query, "args", args)
-
-	rows, err := t.telemetrystore.ClickhouseDB().Query(ctx, query, args...)
-	if err != nil {
-		return nil, errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "failed to fetch metric last seen info")
-	}
-	defer rows.Close()
-
-	lastSeenInfo := make(map[string]int64)
-	for rows.Next() {
-		var metricName string
-		var unix_milli int64
-		if err := rows.Scan(&metricName, &unix_milli); err != nil {
-			return nil, errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "failed to scan last seen info result")
-		}
-		lastSeenInfo[metricName] = unix_milli
-	}
-	if err := rows.Err(); err != nil {
-		return nil, errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "error iterating over metrics temporality rows")
-	}
-	return lastSeenInfo, nil
-}

pkg/types/authtypes/relation.go

@@ -20,19 +20,20 @@ var (
 )
 
 var TypeableRelations = map[Type][]Relation{
-	TypeUser:          {RelationRead, RelationUpdate, RelationDelete},
-	TypeRole:          {RelationAssignee, RelationRead, RelationUpdate, RelationDelete},
-	TypeOrganization:  {RelationRead, RelationUpdate, RelationDelete},
-	TypeMetaResource:  {RelationRead, RelationUpdate, RelationDelete},
-	TypeMetaResources: {RelationCreate, RelationList},
+	TypeUser:           {RelationRead, RelationUpdate, RelationDelete},
+	TypeServiceAccount: {RelationRead, RelationUpdate, RelationDelete},
+	TypeRole:           {RelationAssignee, RelationRead, RelationUpdate, RelationDelete},
+	TypeOrganization:   {RelationRead, RelationUpdate, RelationDelete},
+	TypeMetaResource:   {RelationRead, RelationUpdate, RelationDelete},
+	TypeMetaResources:  {RelationCreate, RelationList},
 }
 
 var RelationsTypeable = map[Relation][]Type{
 	RelationCreate:   {TypeMetaResources},
-	RelationRead:     {TypeUser, TypeRole, TypeOrganization, TypeMetaResource},
+	RelationRead:     {TypeUser, TypeServiceAccount, TypeRole, TypeOrganization, TypeMetaResource},
 	RelationList:     {TypeMetaResources},
-	RelationUpdate:   {TypeUser, TypeRole, TypeOrganization, TypeMetaResource},
-	RelationDelete:   {TypeUser, TypeRole, TypeOrganization, TypeMetaResource},
+	RelationUpdate:   {TypeUser, TypeServiceAccount, TypeRole, TypeOrganization, TypeMetaResource},
+	RelationDelete:   {TypeUser, TypeServiceAccount, TypeRole, TypeOrganization, TypeMetaResource},
 	RelationAssignee: {TypeRole},
 }
 

pkg/types/authtypes/selector.go

@@ -23,11 +23,12 @@ var (
 )
 
 var (
-	typeUserSelectorRegex         = regexp.MustCompile(`^(^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$|\*)$`)
-	typeRoleSelectorRegex         = regexp.MustCompile(`^([a-z-]{1,50}|\*)$`)
-	typeAnonymousSelectorRegex    = regexp.MustCompile(`^\*$`)
-	typeOrganizationSelectorRegex = regexp.MustCompile(`^(^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$|\*)$`)
-	typeMetaResourceSelectorRegex = regexp.MustCompile(`^(^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$|\*)$`)
+	typeUserSelectorRegex           = regexp.MustCompile(`^(^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$|\*)$`)
+	typeServiceAccountSelectorRegex = regexp.MustCompile(`^(^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$|\*)$`)
+	typeRoleSelectorRegex           = regexp.MustCompile(`^([a-z-]{1,50}|\*)$`)
+	typeAnonymousSelectorRegex      = regexp.MustCompile(`^\*$`)
+	typeOrganizationSelectorRegex   = regexp.MustCompile(`^(^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$|\*)$`)
+	typeMetaResourceSelectorRegex   = regexp.MustCompile(`^(^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$|\*)$`)
 	// metaresources selectors are used to select either all or none until we introduce some hierarchy here.
 	typeMetaResourcesSelectorRegex = regexp.MustCompile(`^\*$`)
 )
@@ -98,6 +99,11 @@ func IsValidSelector(typed Type, selector string) error {
 			return errors.Newf(errors.TypeInvalidInput, ErrCodeAuthZInvalidSelector, "selector must conform to regex %s", typeUserSelectorRegex.String())
 		}
 		return nil
+	case TypeServiceAccount:
+		if !typeServiceAccountSelectorRegex.MatchString(selector) {
+			return errors.Newf(errors.TypeInvalidInput, ErrCodeAuthZInvalidSelector, "selector must conform to regex %s", typeServiceAccountSelectorRegex.String())
+		}
+		return nil
 	case TypeRole:
 		if !typeRoleSelectorRegex.MatchString(selector) {
 			return errors.Newf(errors.TypeInvalidInput, ErrCodeAuthZInvalidSelector, "selector must conform to regex %s", typeRoleSelectorRegex.String())

pkg/types/authtypes/typeable.go

@@ -15,19 +15,21 @@ var (
 )
 
 var (
-	TypeUser          = Type{valuer.NewString("user")}
-	TypeAnonymous     = Type{valuer.NewString("anonymous")}
-	TypeRole          = Type{valuer.NewString("role")}
-	TypeOrganization  = Type{valuer.NewString("organization")}
-	TypeMetaResource  = Type{valuer.NewString("metaresource")}
-	TypeMetaResources = Type{valuer.NewString("metaresources")}
+	TypeUser           = Type{valuer.NewString("user")}
+	TypeServiceAccount = Type{valuer.NewString("serviceaccount")}
+	TypeAnonymous      = Type{valuer.NewString("anonymous")}
+	TypeRole           = Type{valuer.NewString("role")}
+	TypeOrganization   = Type{valuer.NewString("organization")}
+	TypeMetaResource   = Type{valuer.NewString("metaresource")}
+	TypeMetaResources  = Type{valuer.NewString("metaresources")}
 )
 
 var (
-	TypeableUser         = &typeableUser{}
-	TypeableAnonymous    = &typeableAnonymous{}
-	TypeableRole         = &typeableRole{}
-	TypeableOrganization = &typeableOrganization{}
+	TypeableUser           = &typeableUser{}
+	TypeableServiceAccount = &typeableServiceAccount{}
+	TypeableAnonymous      = &typeableAnonymous{}
+	TypeableRole           = &typeableRole{}
+	TypeableOrganization   = &typeableOrganization{}
 )
 
 type Typeable interface {
@@ -53,6 +55,8 @@ func NewType(input string) (Type, error) {
 	switch input {
 	case "user":
 		return TypeUser, nil
+	case "serviceaccount":
+		return TypeServiceAccount, nil
 	case "role":
 		return TypeRole, nil
 	case "organization":
@@ -88,6 +92,8 @@ func NewTypeableFromType(typed Type, name Name) (Typeable, error) {
 		return TypeableRole, nil
 	case TypeUser:
 		return TypeableUser, nil
+	case TypeServiceAccount:
+		return TypeableServiceAccount, nil
 	case TypeOrganization:
 		return TypeableOrganization, nil
 	case TypeMetaResource:

pkg/types/authtypes/typeable_serviceaccount.go

@@ -0,0 +1,38 @@
+package authtypes
+
+import (
+	"github.com/SigNoz/signoz/pkg/valuer"
+	openfgav1 "github.com/openfga/api/proto/openfga/v1"
+)
+
+var _ Typeable = new(typeableServiceAccount)
+
+type typeableServiceAccount struct{}
+
+func (typeableServiceAccount *typeableServiceAccount) Tuples(subject string, relation Relation, selectors []Selector, orgID valuer.UUID) ([]*openfgav1.TupleKey, error) {
+	tuples := make([]*openfgav1.TupleKey, 0)
+
+	for _, selector := range selectors {
+		object := typeableServiceAccount.Prefix(orgID) + "/" + selector.String()
+		tuples = append(tuples, &openfgav1.TupleKey{User: subject, Relation: relation.StringValue(), Object: object})
+	}
+
+	return tuples, nil
+}
+
+func (typeableServiceAccount *typeableServiceAccount) Type() Type {
+	return TypeServiceAccount
+}
+
+func (typeableServiceAccount *typeableServiceAccount) Name() Name {
+	return MustNewName("serviceaccount")
+}
+
+// example: serviceaccount:organization/0199c47d-f61b-7833-bc5f-c0730f12f046/serviceaccount
+func (typeableServiceAccount *typeableServiceAccount) Prefix(orgID valuer.UUID) string {
+	return typeableServiceAccount.Type().StringValue() + ":" + "organization" + "/" + orgID.StringValue() + "/" + typeableServiceAccount.Name().String()
+}
+
+func (typeableServiceAccount *typeableServiceAccount) Scope(relation Relation) string {
+	return typeableServiceAccount.Name().String() + ":" + relation.StringValue()
+}

pkg/types/serviceaccounttypes/factor_api_key.go

@@ -11,20 +11,22 @@ import (
 )
 
 var (
-	ErrCodeServiceAccountFactorAPIkeyInvalidInput  = errors.MustNewCode("service_account_factor_api_key_invalid_input")
-	ErrCodeServiceAccountFactorAPIKeyAlreadyExists = errors.MustNewCode("service_account_factor_api_key_already_exists")
-	ErrCodeServiceAccounFactorAPIKeytNotFound      = errors.MustNewCode("service_account_factor_api_key_not_found")
+	ErrCodeAPIkeyInvalidInput        = errors.MustNewCode("service_account_factor_api_key_invalid_input")
+	ErrCodeAPIKeyAlreadyExists       = errors.MustNewCode("service_account_factor_api_key_already_exists")
+	ErrCodeAPIKeytNotFound           = errors.MustNewCode("service_account_factor_api_key_not_found")
+	ErrCodeAPIKeyExpired             = errors.MustNewCode("api_key_expired")
+	ErrCodeAPIkeyOlderLastObservedAt = errors.MustNewCode("api_key_older_last_observed_at")
 )
 
 type StorableFactorAPIKey struct {
-	bun.BaseModel `bun:"table:factor_api_key"`
+	bun.BaseModel `bun:"table:factor_api_key,alias:factor_api_key"`
 
 	types.Identifiable
 	types.TimeAuditable
 	Name             string    `bun:"name"`
 	Key              string    `bun:"key"`
 	ExpiresAt        uint64    `bun:"expires_at"`
-	LastUsed         time.Time `bun:"last_used"`
+	LastObservedAt   time.Time `bun:"last_observed_at"`
 	ServiceAccountID string    `bun:"service_account_id"`
 }
 
@@ -33,9 +35,9 @@ type FactorAPIKey struct {
 	types.TimeAuditable
 	Name             string      `json:"name" requrired:"true"`
 	Key              string      `json:"key" required:"true"`
-	ExpiresAt        uint64      `json:"expires_at" required:"true"`
-	LastUsed         time.Time   `json:"last_used" required:"true"`
-	ServiceAccountID valuer.UUID `json:"service_account_id" required:"true"`
+	ExpiresAt        uint64      `json:"expiresAt" required:"true"`
+	LastObservedAt   time.Time   `json:"lastObservedAt" required:"true"`
+	ServiceAccountID valuer.UUID `json:"serviceAccountId" required:"true"`
 }
 
 type GettableFactorAPIKeyWithKey struct {
@@ -47,19 +49,19 @@ type GettableFactorAPIKey struct {
 	types.Identifiable
 	types.TimeAuditable
 	Name             string      `json:"name" requrired:"true"`
-	ExpiresAt        uint64      `json:"expires_at" required:"true"`
-	LastUsed         time.Time   `json:"last_used" required:"true"`
-	ServiceAccountID valuer.UUID `json:"service_account_id" required:"true"`
+	ExpiresAt        uint64      `json:"expiresAt" required:"true"`
+	LastObservedAt   time.Time   `json:"lastObservedAt" required:"true"`
+	ServiceAccountID valuer.UUID `json:"serviceAccountId" required:"true"`
 }
 
 type PostableFactorAPIKey struct {
 	Name      string `json:"name" required:"true"`
-	ExpiresAt uint64 `json:"expires_at" required:"true"`
+	ExpiresAt uint64 `json:"expiresAt" required:"true"`
 }
 
 type UpdatableFactorAPIKey struct {
 	Name      string `json:"name" required:"true"`
-	ExpiresAt uint64 `json:"expires_at" required:"true"`
+	ExpiresAt uint64 `json:"expiresAt" required:"true"`
 }
 
 func NewFactorAPIKeyFromStorable(storable *StorableFactorAPIKey) *FactorAPIKey {
@@ -69,7 +71,7 @@ func NewFactorAPIKeyFromStorable(storable *StorableFactorAPIKey) *FactorAPIKey {
 		Name:             storable.Name,
 		Key:              storable.Key,
 		ExpiresAt:        storable.ExpiresAt,
-		LastUsed:         storable.LastUsed,
+		LastObservedAt:   storable.LastObservedAt,
 		ServiceAccountID: valuer.MustNewUUID(storable.ServiceAccountID),
 	}
 }
@@ -91,7 +93,7 @@ func NewStorableFactorAPIKey(factorAPIKey *FactorAPIKey) *StorableFactorAPIKey {
 		Name:             factorAPIKey.Name,
 		Key:              factorAPIKey.Key,
 		ExpiresAt:        factorAPIKey.ExpiresAt,
-		LastUsed:         factorAPIKey.LastUsed,
+		LastObservedAt:   factorAPIKey.LastObservedAt,
 		ServiceAccountID: factorAPIKey.ServiceAccountID.String(),
 	}
 }
@@ -105,7 +107,7 @@ func NewGettableFactorAPIKeys(keys []*FactorAPIKey) []*GettableFactorAPIKey {
 			TimeAuditable:    key.TimeAuditable,
 			Name:             key.Name,
 			ExpiresAt:        key.ExpiresAt,
-			LastUsed:         key.LastUsed,
+			LastObservedAt:   key.LastObservedAt,
 			ServiceAccountID: key.ServiceAccountID,
 		}
 	}
@@ -128,6 +130,29 @@ func (apiKey *FactorAPIKey) Update(name string, expiresAt uint64) {
 	apiKey.UpdatedAt = time.Now()
 }
 
+func (apiKey *FactorAPIKey) IsExpired() error {
+	if apiKey.ExpiresAt == 0 {
+		return nil
+	}
+
+	if time.Now().After(time.Unix(int64(apiKey.ExpiresAt), 0)) {
+		return errors.New(errors.TypeUnauthenticated, ErrCodeAPIKeyExpired, "api key has been expired")
+	}
+
+	return nil
+}
+
+func (apiKey *FactorAPIKey) UpdateLastObservedAt(lastObservedAt time.Time) error {
+	if lastObservedAt.Before(apiKey.LastObservedAt) {
+		return errors.New(errors.TypeInvalidInput, ErrCodeAPIkeyOlderLastObservedAt, "last observed at is before the current last observed at")
+	}
+
+	apiKey.LastObservedAt = lastObservedAt
+	apiKey.UpdatedAt = time.Now()
+
+	return nil
+}
+
 func (key *PostableFactorAPIKey) UnmarshalJSON(data []byte) error {
 	type Alias PostableFactorAPIKey
 
@@ -137,7 +162,7 @@ func (key *PostableFactorAPIKey) UnmarshalJSON(data []byte) error {
 	}
 
 	if temp.Name == "" {
-		return errors.New(errors.TypeInvalidInput, ErrCodeServiceAccountFactorAPIkeyInvalidInput, "name cannot be empty")
+		return errors.New(errors.TypeInvalidInput, ErrCodeAPIkeyInvalidInput, "name cannot be empty")
 	}
 
 	*key = PostableFactorAPIKey(temp)
@@ -153,7 +178,7 @@ func (key *UpdatableFactorAPIKey) UnmarshalJSON(data []byte) error {
 	}
 
 	if temp.Name == "" {
-		return errors.New(errors.TypeInvalidInput, ErrCodeServiceAccountFactorAPIkeyInvalidInput, "name cannot be empty")
+		return errors.New(errors.TypeInvalidInput, ErrCodeAPIkeyInvalidInput, "name cannot be empty")
 	}
 
 	*key = UpdatableFactorAPIKey(temp)

pkg/types/serviceaccounttypes/service_acccount.go

@@ -4,7 +4,7 @@ import (
 	"crypto/rand"
 	"encoding/base64"
 	"encoding/json"
-	"slices"
+	"regexp"
 	"time"
 
 	"github.com/SigNoz/signoz/pkg/errors"
@@ -15,10 +15,11 @@ import (
 )
 
 var (
-	ErrCodeServiceAccountInvalidInput      = errors.MustNewCode("service_account_invalid_input")
-	ErrCodeServiceAccountAlreadyExists     = errors.MustNewCode("service_account_already_exists")
-	ErrCodeServiceAccountNotFound          = errors.MustNewCode("service_account_not_found")
-	ErrCodeServiceAccountRoleAlreadyExists = errors.MustNewCode("service_account_role_already_exists")
+	ErrCodeServiceAccountInvalidInput         = errors.MustNewCode("service_account_invalid_input")
+	ErrCodeServiceAccountAlreadyExists        = errors.MustNewCode("service_account_already_exists")
+	ErrCodeServiceAccountNotFound             = errors.MustNewCode("service_account_not_found")
+	ErrCodeServiceAccountRoleAlreadyExists    = errors.MustNewCode("service_account_role_already_exists")
+	ErrCodeServiceAccountOperationUnsupported = errors.MustNewCode("service_account_operation_unsupported")
 )
 
 var (
@@ -27,25 +28,31 @@ var (
 	ValidStatus    = []valuer.String{StatusActive, StatusDisabled}
 )
 
+var (
+	serviceAccountNameRegex = regexp.MustCompile("^[a-z-]{1,50}$")
+)
+
 type StorableServiceAccount struct {
 	bun.BaseModel `bun:"table:service_account,alias:service_account"`
 
 	types.Identifiable
 	types.TimeAuditable
-	Name   string        `bun:"name"`
-	Email  string        `bun:"email"`
-	Status valuer.String `bun:"status"`
-	OrgID  string        `bun:"org_id"`
+	Name      string        `bun:"name"`
+	Email     string        `bun:"email"`
+	Status    valuer.String `bun:"status"`
+	OrgID     string        `bun:"org_id"`
+	DeletedAt time.Time     `bun:"deleted_at"`
 }
 
 type ServiceAccount struct {
 	types.Identifiable
 	types.TimeAuditable
-	Name   string        `json:"name" required:"true"`
-	Email  valuer.Email  `json:"email" required:"true"`
-	Roles  []string      `json:"roles" required:"true" nullable:"false"`
-	Status valuer.String `json:"status" required:"true"`
-	OrgID  valuer.UUID   `json:"orgID" required:"true"`
+	Name      string        `json:"name" required:"true"`
+	Email     valuer.Email  `json:"email" required:"true"`
+	Roles     []string      `json:"roles" required:"true" nullable:"false"`
+	Status    valuer.String `json:"status" required:"true"`
+	OrgID     valuer.UUID   `json:"orgId" required:"true"`
+	DeletedAt time.Time     `json:"deletedAt" required:"true"`
 }
 
 type PostableServiceAccount struct {
@@ -73,11 +80,12 @@ func NewServiceAccount(name string, email valuer.Email, roles []string, status v
 			CreatedAt: time.Now(),
 			UpdatedAt: time.Now(),
 		},
-		Name:   name,
-		Email:  email,
-		Roles:  roles,
-		Status: status,
-		OrgID:  orgID,
+		Name:      name,
+		Email:     email,
+		Roles:     roles,
+		Status:    status,
+		OrgID:     orgID,
+		DeletedAt: time.Time{},
 	}
 }
 
@@ -90,6 +98,7 @@ func NewServiceAccountFromStorables(storableServiceAccount *StorableServiceAccou
 		Roles:         roles,
 		Status:        storableServiceAccount.Status,
 		OrgID:         valuer.MustNewUUID(storableServiceAccount.OrgID),
+		DeletedAt:     storableServiceAccount.DeletedAt,
 	}
 }
 
@@ -126,22 +135,46 @@ func NewStorableServiceAccount(serviceAccount *ServiceAccount) *StorableServiceA
 		Email:         serviceAccount.Email.String(),
 		Status:        serviceAccount.Status,
 		OrgID:         serviceAccount.OrgID.String(),
+		DeletedAt:     serviceAccount.DeletedAt,
 	}
 }
 
-func (sa *ServiceAccount) Update(name string, email valuer.Email, roles []string) {
+func (sa *ServiceAccount) Update(name string, email valuer.Email, roles []string) error {
+	if err := sa.ErrIfDisabled(); err != nil {
+		return err
+	}
+
 	sa.Name = name
 	sa.Email = email
 	sa.Roles = roles
 	sa.UpdatedAt = time.Now()
+	return nil
 }
 
-func (sa *ServiceAccount) UpdateStatus(status valuer.String) {
+func (sa *ServiceAccount) UpdateStatus(status valuer.String) error {
+	if err := sa.ErrIfDisabled(); err != nil {
+		return err
+	}
+
 	sa.Status = status
 	sa.UpdatedAt = time.Now()
+	sa.DeletedAt = time.Now()
+	return nil
+}
+
+func (sa *ServiceAccount) ErrIfDisabled() error {
+	if sa.Status == StatusDisabled {
+		return errors.New(errors.TypeUnsupported, ErrCodeServiceAccountOperationUnsupported, "this operation is not supported for disabled service account")
+	}
+
+	return nil
 }
 
 func (sa *ServiceAccount) NewFactorAPIKey(name string, expiresAt uint64) (*FactorAPIKey, error) {
+	if err := sa.ErrIfDisabled(); err != nil {
+		return nil, err
+	}
+
 	key := make([]byte, 32)
 	_, err := rand.Read(key)
 	if err != nil {
@@ -161,7 +194,7 @@ func (sa *ServiceAccount) NewFactorAPIKey(name string, expiresAt uint64) (*Facto
 		Name:             name,
 		Key:              encodedKey,
 		ExpiresAt:        expiresAt,
-		LastUsed:         time.Now(),
+		LastObservedAt:   time.Now(),
 		ServiceAccountID: sa.ID,
 	}, nil
 }
@@ -204,8 +237,8 @@ func (sa *PostableServiceAccount) UnmarshalJSON(data []byte) error {
 		return err
 	}
 
-	if temp.Name == "" {
-		return errors.New(errors.TypeInvalidInput, ErrCodeServiceAccountInvalidInput, "name cannot be empty")
+	if match := serviceAccountNameRegex.MatchString(temp.Name); !match {
+		return errors.Newf(errors.TypeInvalidInput, ErrCodeServiceAccountInvalidInput, "name must conform to the regex: %s", serviceAccountNameRegex.String())
 	}
 
 	if len(temp.Roles) == 0 {
@@ -224,8 +257,8 @@ func (sa *UpdatableServiceAccount) UnmarshalJSON(data []byte) error {
 		return err
 	}
 
-	if temp.Name == "" {
-		return errors.New(errors.TypeInvalidInput, ErrCodeServiceAccountInvalidInput, "name cannot be empty")
+	if match := serviceAccountNameRegex.MatchString(temp.Name); !match {
+		return errors.Newf(errors.TypeInvalidInput, ErrCodeServiceAccountInvalidInput, "name must conform to the regex: %s", serviceAccountNameRegex.String())
 	}
 
 	if len(temp.Roles) == 0 {
@@ -244,8 +277,8 @@ func (sa *UpdatableServiceAccountStatus) UnmarshalJSON(data []byte) error {
 		return err
 	}
 
-	if !slices.Contains(ValidStatus, temp.Status) {
-		return errors.Newf(errors.TypeInvalidInput, ErrCodeServiceAccountInvalidInput, "invalid status: %s, allowed status are: %v", temp.Status, ValidStatus)
+	if temp.Status != StatusDisabled {
+		return errors.Newf(errors.TypeInvalidInput, ErrCodeServiceAccountInvalidInput, "invalid status: %s, allowed status are: %v", temp.Status, StatusDisabled)
 	}
 
 	*sa = UpdatableServiceAccountStatus(temp)

pkg/types/serviceaccounttypes/store.go

@@ -10,6 +10,7 @@ type Store interface {
 	// Service Account
 	Create(context.Context, *StorableServiceAccount) error
 	Get(context.Context, valuer.UUID, valuer.UUID) (*StorableServiceAccount, error)
+	GetActiveByOrgIDAndName(context.Context, valuer.UUID, string) (*StorableServiceAccount, error)
 	GetByID(context.Context, valuer.UUID) (*StorableServiceAccount, error)
 	List(context.Context, valuer.UUID) ([]*StorableServiceAccount, error)
 	Update(context.Context, valuer.UUID, *StorableServiceAccount) error

pkg/types/telemetrytypes/store.go

@@ -45,8 +45,6 @@ type MetadataStore interface {
 
 	// GetFirstSeenFromMetricMetadata gets the first seen timestamp for a metric metadata lookup key.
 	GetFirstSeenFromMetricMetadata(ctx context.Context, lookupKeys []MetricMetadataLookupKey) (map[MetricMetadataLookupKey]int64, error)
-
-	FetchLastSeenInfoMulti(ctx context.Context, metricNames ...string) (map[string]int64, error)
 }
 
 type MetricMetadataLookupKey struct {

pkg/types/telemetrytypes/telemetrytypestest/metadata_store.go

@@ -342,7 +342,3 @@ func (m *MockMetadataStore) SetFirstSeenFromMetricMetadata(firstSeenMap map[tele
 		m.LookupKeysMap[key] = value
 	}
 }
-
-func (m *MockMetadataStore) FetchLastSeenInfoMulti(ctx context.Context, metricNames ...string) (map[string]int64, error) {
-	return make(map[string]int64), nil
-}