chore: authz helpers

2026-02-19 23:42:29 +00:00 · 2026-02-19 17:39:05 -03:00
17 changed files with 1632 additions and 474 deletions
--- a/docs/api/openapi.yml
+++ b/docs/api/openapi.yml
@@ -752,9 +752,7 @@ components:
      - p90
      - p95
      - p99
-      - histogram_count
      type: string
-    MetrictypesSpaceAggregationParam: {}
    MetrictypesTemporality:
      enum:
      - delta
@@ -1044,8 +1042,6 @@ components:
          $ref: '#/components/schemas/Querybuildertypesv5ReduceTo'
        spaceAggregation:
          $ref: '#/components/schemas/MetrictypesSpaceAggregation'
-        spaceAggregationParam:
-          $ref: '#/components/schemas/MetrictypesSpaceAggregationParam'
        temporality:
          $ref: '#/components/schemas/MetrictypesTemporality'
        timeAggregation:
--- a/frontend/src/components/GuardAuthZ/GuardAuthZ.test.tsx
+++ b/frontend/src/components/GuardAuthZ/GuardAuthZ.test.tsx
@@ -0,0 +1,332 @@
+import { ReactElement } from 'react-markdown/lib/react-markdown';
+import { ENVIRONMENT } from 'constants/env';
+import { BrandedPermission, buildPermission } from 'hooks/useAuthZ/utils';
+import { server } from 'mocks-server/server';
+import { rest } from 'msw';
+import { render, screen, waitFor } from 'tests/test-utils';
+
+import { GuardAuthZ } from './GuardAuthZ';
+
+const BASE_URL = ENVIRONMENT.baseURL || '';
+
+describe('GuardAuthZ', () => {
+	const TestChild = (): ReactElement => <div>Protected Content</div>;
+	const LoadingFallback = (): ReactElement => <div>Loading...</div>;
+	const ErrorFallback = (error: Error): ReactElement => (
+		<div>Error occurred: {error.message}</div>
+	);
+	const NoPermissionFallback = (_response: {
+		requiredPermissionName: BrandedPermission;
+	}): ReactElement => <div>Access denied</div>;
+	const NoPermissionFallbackWithSuggestions = (response: {
+		requiredPermissionName: BrandedPermission;
+	}): ReactElement => (
+		<div>
+			Access denied. Required permission: {response.requiredPermissionName}
+		</div>
+	);
+
+	it('should render children when permission is granted', async () => {
+		const permission = buildPermission('read', 'dashboard:*');
+
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, (_req, res, ctx) => {
+				return res(
+					ctx.status(200),
+					ctx.json({
+						[permission]: true,
+					}),
+				);
+			}),
+		);
+
+		render(
+			<GuardAuthZ relation="read" object="dashboard:*">
+				<TestChild />
+			</GuardAuthZ>,
+		);
+
+		await waitFor(() => {
+			expect(screen.getByText('Protected Content')).toBeInTheDocument();
+		});
+	});
+
+	it('should render fallbackOnLoading when loading', () => {
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, (_req, res, ctx) => {
+				return res(ctx.status(200), ctx.json({}));
+			}),
+		);
+
+		render(
+			<GuardAuthZ
+				relation="read"
+				object="dashboard:*"
+				fallbackOnLoading={<LoadingFallback />}
+			>
+				<TestChild />
+			</GuardAuthZ>,
+		);
+
+		expect(screen.getByText('Loading...')).toBeInTheDocument();
+		expect(screen.queryByText('Protected Content')).not.toBeInTheDocument();
+	});
+
+	it('should render null when loading and no fallbackOnLoading provided', () => {
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, (_req, res, ctx) => {
+				return res(ctx.status(200), ctx.json({}));
+			}),
+		);
+
+		const { container } = render(
+			<GuardAuthZ relation="read" object="dashboard:*">
+				<TestChild />
+			</GuardAuthZ>,
+		);
+
+		expect(container.firstChild).toBeNull();
+		expect(screen.queryByText('Protected Content')).not.toBeInTheDocument();
+	});
+
+	it('should render fallbackOnError when API error occurs', async () => {
+		const errorMessage = 'Internal Server Error';
+
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, (_req, res, ctx) => {
+				return res(ctx.status(500), ctx.json({ error: errorMessage }));
+			}),
+		);
+
+		render(
+			<GuardAuthZ
+				relation="read"
+				object="dashboard:*"
+				fallbackOnError={ErrorFallback}
+			>
+				<TestChild />
+			</GuardAuthZ>,
+		);
+
+		await waitFor(() => {
+			expect(screen.getByText(/Error occurred:/)).toBeInTheDocument();
+		});
+
+		expect(screen.queryByText('Protected Content')).not.toBeInTheDocument();
+	});
+
+	it('should pass error object to fallbackOnError function', async () => {
+		const errorMessage = 'Network request failed';
+		let receivedError: Error | null = null;
+
+		const errorFallbackWithCapture = (error: Error): ReactElement => {
+			receivedError = error;
+			return <div>Captured error: {error.message}</div>;
+		};
+
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, (_req, res, ctx) => {
+				return res(ctx.status(500), ctx.json({ error: errorMessage }));
+			}),
+		);
+
+		render(
+			<GuardAuthZ
+				relation="read"
+				object="dashboard:*"
+				fallbackOnError={errorFallbackWithCapture}
+			>
+				<TestChild />
+			</GuardAuthZ>,
+		);
+
+		await waitFor(() => {
+			expect(receivedError).not.toBeNull();
+		});
+
+		expect(receivedError).toBeInstanceOf(Error);
+		expect(screen.getByText(/Captured error:/)).toBeInTheDocument();
+	});
+
+	it('should render null when error occurs and no fallbackOnError provided', async () => {
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, (_req, res, ctx) => {
+				return res(ctx.status(500), ctx.json({ error: 'Internal Server Error' }));
+			}),
+		);
+
+		const { container } = render(
+			<GuardAuthZ relation="read" object="dashboard:*">
+				<TestChild />
+			</GuardAuthZ>,
+		);
+
+		await waitFor(() => {
+			expect(container.firstChild).toBeNull();
+		});
+
+		expect(screen.queryByText('Protected Content')).not.toBeInTheDocument();
+	});
+
+	it('should render fallbackOnNoPermissions when permission is denied', async () => {
+		const permission = buildPermission('update', 'dashboard:123');
+
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, (_req, res, ctx) => {
+				return res(
+					ctx.status(200),
+					ctx.json({
+						[permission]: false,
+					}),
+				);
+			}),
+		);
+
+		render(
+			<GuardAuthZ
+				relation="update"
+				object="dashboard:123"
+				fallbackOnNoPermissions={NoPermissionFallback}
+			>
+				<TestChild />
+			</GuardAuthZ>,
+		);
+
+		await waitFor(() => {
+			expect(screen.getByText('Access denied')).toBeInTheDocument();
+		});
+
+		expect(screen.queryByText('Protected Content')).not.toBeInTheDocument();
+	});
+
+	it('should render null when permission is denied and no fallbackOnNoPermissions provided', async () => {
+		const permission = buildPermission('update', 'dashboard:123');
+
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, (_req, res, ctx) => {
+				return res(
+					ctx.status(200),
+					ctx.json({
+						[permission]: false,
+					}),
+				);
+			}),
+		);
+
+		const { container } = render(
+			<GuardAuthZ relation="update" object="dashboard:123">
+				<TestChild />
+			</GuardAuthZ>,
+		);
+
+		await waitFor(() => {
+			expect(container.firstChild).toBeNull();
+		});
+
+		expect(screen.queryByText('Protected Content')).not.toBeInTheDocument();
+	});
+
+	it('should render null when permissions object is null', async () => {
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, (_req, res, ctx) => {
+				return res(ctx.status(200), ctx.json(null));
+			}),
+		);
+
+		const { container } = render(
+			<GuardAuthZ relation="read" object="dashboard:*">
+				<TestChild />
+			</GuardAuthZ>,
+		);
+
+		await waitFor(() => {
+			expect(container.firstChild).toBeNull();
+		});
+
+		expect(screen.queryByText('Protected Content')).not.toBeInTheDocument();
+	});
+
+	it('should pass requiredPermissionName to fallbackOnNoPermissions', async () => {
+		const permission = buildPermission('update', 'dashboard:123');
+
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, (_req, res, ctx) => {
+				return res(
+					ctx.status(200),
+					ctx.json({
+						[permission]: false,
+					}),
+				);
+			}),
+		);
+
+		render(
+			<GuardAuthZ
+				relation="update"
+				object="dashboard:123"
+				fallbackOnNoPermissions={NoPermissionFallbackWithSuggestions}
+			>
+				<TestChild />
+			</GuardAuthZ>,
+		);
+
+		await waitFor(() => {
+			expect(
+				screen.getByText(/Access denied. Required permission:/),
+			).toBeInTheDocument();
+		});
+
+		expect(screen.getByText(new RegExp(permission))).toBeInTheDocument();
+		expect(screen.queryByText('Protected Content')).not.toBeInTheDocument();
+	});
+
+	it('should handle different relation and object combinations', async () => {
+		const permission1 = buildPermission('read', 'dashboard:*');
+		const permission2 = buildPermission('delete', 'dashboard:456');
+
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, (req, res, ctx) => {
+				const body = req.body as {
+					permissions: Array<{ relation: string; object: string }>;
+				};
+				const perm = body.permissions[0];
+				const permKey = `${perm.relation}/${perm.object}`;
+
+				if (permKey === permission1) {
+					return res(
+						ctx.status(200),
+						ctx.json({
+							[permission1]: true,
+						}),
+					);
+				}
+				return res(
+					ctx.status(200),
+					ctx.json({
+						[permission2]: true,
+					}),
+				);
+			}),
+		);
+
+		const { rerender } = render(
+			<GuardAuthZ relation="read" object="dashboard:*">
+				<TestChild />
+			</GuardAuthZ>,
+		);
+
+		await waitFor(() => {
+			expect(screen.getByText('Protected Content')).toBeInTheDocument();
+		});
+
+		rerender(
+			<GuardAuthZ relation="delete" object="dashboard:456">
+				<TestChild />
+			</GuardAuthZ>,
+		);
+
+		await waitFor(() => {
+			expect(screen.getByText('Protected Content')).toBeInTheDocument();
+		});
+	});
+});
--- a/frontend/src/components/GuardAuthZ/GuardAuthZ.tsx
+++ b/frontend/src/components/GuardAuthZ/GuardAuthZ.tsx
@@ -0,0 +1,50 @@
+import { ReactElement } from 'react';
+import { useAuthZ } from 'hooks/useAuthZ/useAuthZ';
+import {
+	AuthZObject,
+	AuthZRelation,
+	BrandedPermission,
+	buildPermission,
+} from 'hooks/useAuthZ/utils';
+
+export type GuardAuthZProps<R extends AuthZRelation> = {
+	children: ReactElement;
+	relation: R;
+	object: AuthZObject<R>;
+	fallbackOnLoading?: JSX.Element;
+	fallbackOnError?: (error: Error) => JSX.Element;
+	fallbackOnNoPermissions?: (response: {
+		requiredPermissionName: BrandedPermission;
+	}) => JSX.Element;
+};
+
+export function GuardAuthZ<R extends AuthZRelation>({
+	children,
+	relation,
+	object,
+	fallbackOnLoading,
+	fallbackOnError,
+	fallbackOnNoPermissions,
+}: GuardAuthZProps<R>): JSX.Element | null {
+	const permission = buildPermission<R>(relation, object);
+
+	const { permissions, isLoading, error } = useAuthZ([permission]);
+
+	if (isLoading) {
+		return fallbackOnLoading ?? null;
+	}
+
+	if (error) {
+		return fallbackOnError?.(error) ?? null;
+	}
+
+	if (!permissions?.[permission]?.isGranted) {
+		return (
+			fallbackOnNoPermissions?.({
+				requiredPermissionName: permission,
+			}) ?? null
+		);
+	}
+
+	return children;
+}
--- a/frontend/src/components/GuardAuthZ/createGuardedRoute.styles.scss
+++ b/frontend/src/components/GuardAuthZ/createGuardedRoute.styles.scss
@@ -0,0 +1,46 @@
+.guard-authz-error-no-authz {
+	display: flex;
+	align-items: center;
+	justify-content: center;
+
+	width: 100%;
+	height: 100%;
+
+	padding: 24px;
+
+	.guard-authz-error-no-authz-content {
+		display: flex;
+		flex-direction: column;
+		justify-content: flex-start;
+		gap: 8px;
+		max-width: 500px;
+	}
+
+	img {
+		width: 32px;
+		height: 32px;
+	}
+
+	h3 {
+		font-size: 18px;
+		color: var(--bg-vanilla-100);
+		line-height: 18px;
+	}
+
+	p {
+		font-size: 14px;
+		color: var(--bg-vanilla-400);
+		line-height: 18px;
+
+		pre {
+			display: flex;
+			align-items: center;
+			background-color: var(--bg-slate-400);
+			cursor: pointer;
+
+			svg {
+				margin-left: 2px;
+			}
+		}
+	}
+}
--- a/frontend/src/components/GuardAuthZ/createGuardedRoute.test.tsx
+++ b/frontend/src/components/GuardAuthZ/createGuardedRoute.test.tsx
@@ -0,0 +1,489 @@
+import { ReactElement } from 'react';
+import type { RouteComponentProps } from 'react-router-dom';
+import { ENVIRONMENT } from 'constants/env';
+import { buildPermission } from 'hooks/useAuthZ/utils';
+import { server } from 'mocks-server/server';
+import { rest } from 'msw';
+import { render, screen, waitFor } from 'tests/test-utils';
+
+import { createGuardedRoute } from './createGuardedRoute';
+
+const BASE_URL = ENVIRONMENT.baseURL || '';
+
+describe('createGuardedRoute', () => {
+	const TestComponent = ({ testProp }: { testProp: string }): ReactElement => (
+		<div>Test Component: {testProp}</div>
+	);
+
+	it('should render component when permission is granted', async () => {
+		const permission = buildPermission('read', 'dashboard:*');
+
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, (_req, res, ctx) => {
+				return res(
+					ctx.status(200),
+					ctx.json({
+						[permission]: true,
+					}),
+				);
+			}),
+		);
+
+		const GuardedComponent = createGuardedRoute(
+			TestComponent,
+			'read',
+			'dashboard:*',
+		);
+
+		const mockMatch = {
+			params: {},
+			isExact: true,
+			path: '/dashboard',
+			url: '/dashboard',
+		};
+
+		const props = {
+			testProp: 'test-value',
+			match: mockMatch,
+			location: ({} as unknown) as RouteComponentProps['location'],
+			history: ({} as unknown) as RouteComponentProps['history'],
+		};
+
+		render(<GuardedComponent {...props} />);
+
+		await waitFor(() => {
+			expect(screen.getByText('Test Component: test-value')).toBeInTheDocument();
+		});
+	});
+
+	it('should substitute route parameters in object string', async () => {
+		const permission = buildPermission('read', 'dashboard:123');
+
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, (_req, res, ctx) => {
+				return res(
+					ctx.status(200),
+					ctx.json({
+						[permission]: true,
+					}),
+				);
+			}),
+		);
+
+		const GuardedComponent = createGuardedRoute(
+			TestComponent,
+			'read',
+			'dashboard:{id}',
+		);
+
+		const mockMatch = {
+			params: { id: '123' },
+			isExact: true,
+			path: '/dashboard/:id',
+			url: '/dashboard/123',
+		};
+
+		const props = {
+			testProp: 'test-value',
+			match: mockMatch,
+			location: ({} as unknown) as RouteComponentProps['location'],
+			history: ({} as unknown) as RouteComponentProps['history'],
+		};
+
+		render(<GuardedComponent {...props} />);
+
+		await waitFor(() => {
+			expect(screen.getByText('Test Component: test-value')).toBeInTheDocument();
+		});
+	});
+
+	it('should handle multiple route parameters', async () => {
+		const permission = buildPermission('update', 'dashboard:123:456');
+
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, (_req, res, ctx) => {
+				return res(
+					ctx.status(200),
+					ctx.json({
+						[permission]: true,
+					}),
+				);
+			}),
+		);
+
+		const GuardedComponent = createGuardedRoute(
+			TestComponent,
+			'update',
+			'dashboard:{id}:{version}',
+		);
+
+		const mockMatch = {
+			params: { id: '123', version: '456' },
+			isExact: true,
+			path: '/dashboard/:id/:version',
+			url: '/dashboard/123/456',
+		};
+
+		const props = {
+			testProp: 'test-value',
+			match: mockMatch,
+			location: ({} as unknown) as RouteComponentProps['location'],
+			history: ({} as unknown) as RouteComponentProps['history'],
+		};
+
+		render(<GuardedComponent {...props} />);
+
+		await waitFor(() => {
+			expect(screen.getByText('Test Component: test-value')).toBeInTheDocument();
+		});
+	});
+
+	it('should keep placeholder when route parameter is missing', async () => {
+		const permission = buildPermission('read', 'dashboard:{id}');
+
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, (_req, res, ctx) => {
+				return res(
+					ctx.status(200),
+					ctx.json({
+						[permission]: true,
+					}),
+				);
+			}),
+		);
+
+		const GuardedComponent = createGuardedRoute(
+			TestComponent,
+			'read',
+			'dashboard:{id}',
+		);
+
+		const mockMatch = {
+			params: {},
+			isExact: true,
+			path: '/dashboard',
+			url: '/dashboard',
+		};
+
+		const props = {
+			testProp: 'test-value',
+			match: mockMatch,
+			location: ({} as unknown) as RouteComponentProps['location'],
+			history: ({} as unknown) as RouteComponentProps['history'],
+		};
+
+		render(<GuardedComponent {...props} />);
+
+		await waitFor(() => {
+			expect(screen.getByText('Test Component: test-value')).toBeInTheDocument();
+		});
+	});
+
+	it('should render loading fallback when loading', () => {
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, (_req, res, ctx) => {
+				return res(ctx.status(200), ctx.json({}));
+			}),
+		);
+
+		const GuardedComponent = createGuardedRoute(
+			TestComponent,
+			'read',
+			'dashboard:*',
+		);
+
+		const mockMatch = {
+			params: {},
+			isExact: true,
+			path: '/dashboard',
+			url: '/dashboard',
+		};
+
+		const props = {
+			testProp: 'test-value',
+			match: mockMatch,
+			location: ({} as unknown) as RouteComponentProps['location'],
+			history: ({} as unknown) as RouteComponentProps['history'],
+		};
+
+		render(<GuardedComponent {...props} />);
+
+		expect(screen.getByText('SigNoz')).toBeInTheDocument();
+		expect(
+			screen.queryByText('Test Component: test-value'),
+		).not.toBeInTheDocument();
+	});
+
+	it('should render error fallback when API error occurs', async () => {
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, (_req, res, ctx) => {
+				return res(ctx.status(500), ctx.json({ error: 'Internal Server Error' }));
+			}),
+		);
+
+		const GuardedComponent = createGuardedRoute(
+			TestComponent,
+			'read',
+			'dashboard:*',
+		);
+
+		const mockMatch = {
+			params: {},
+			isExact: true,
+			path: '/dashboard',
+			url: '/dashboard',
+		};
+
+		const props = {
+			testProp: 'test-value',
+			match: mockMatch,
+			location: ({} as unknown) as RouteComponentProps['location'],
+			history: ({} as unknown) as RouteComponentProps['history'],
+		};
+
+		render(<GuardedComponent {...props} />);
+
+		await waitFor(() => {
+			expect(screen.getByText(/Something went wrong/i)).toBeInTheDocument();
+		});
+
+		expect(
+			screen.queryByText('Test Component: test-value'),
+		).not.toBeInTheDocument();
+	});
+
+	it('should render no permissions fallback when permission is denied', async () => {
+		const permission = buildPermission('update', 'dashboard:123');
+
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, (_req, res, ctx) => {
+				return res(
+					ctx.status(200),
+					ctx.json({
+						[permission]: false,
+					}),
+				);
+			}),
+		);
+
+		const GuardedComponent = createGuardedRoute(
+			TestComponent,
+			'update',
+			'dashboard:{id}',
+		);
+
+		const mockMatch = {
+			params: { id: '123' },
+			isExact: true,
+			path: '/dashboard/:id',
+			url: '/dashboard/123',
+		};
+
+		const props = {
+			testProp: 'test-value',
+			match: mockMatch,
+			location: ({} as unknown) as RouteComponentProps['location'],
+			history: ({} as unknown) as RouteComponentProps['history'],
+		};
+
+		render(<GuardedComponent {...props} />);
+
+		await waitFor(() => {
+			const heading = document.querySelector('h3');
+			expect(heading).toBeInTheDocument();
+			expect(heading?.textContent).toMatch(/permission to view/i);
+		});
+
+		expect(screen.getByText(permission, { exact: false })).toBeInTheDocument();
+		expect(
+			screen.queryByText('Test Component: test-value'),
+		).not.toBeInTheDocument();
+	});
+
+	it('should pass all props to wrapped component', async () => {
+		const permission = buildPermission('read', 'dashboard:*');
+
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, (_req, res, ctx) => {
+				return res(
+					ctx.status(200),
+					ctx.json({
+						[permission]: true,
+					}),
+				);
+			}),
+		);
+
+		const ComponentWithMultipleProps = ({
+			prop1,
+			prop2,
+			prop3,
+		}: {
+			prop1: string;
+			prop2: number;
+			prop3: boolean;
+		}): ReactElement => (
+			<div>
+				{prop1} - {prop2} - {prop3.toString()}
+			</div>
+		);
+
+		const GuardedComponent = createGuardedRoute(
+			ComponentWithMultipleProps,
+			'read',
+			'dashboard:*',
+		);
+
+		const mockMatch = {
+			params: {},
+			isExact: true,
+			path: '/dashboard',
+			url: '/dashboard',
+		};
+
+		const props = {
+			prop1: 'value1',
+			prop2: 42,
+			prop3: true,
+			match: mockMatch,
+			location: ({} as unknown) as RouteComponentProps['location'],
+			history: ({} as unknown) as RouteComponentProps['history'],
+		};
+
+		render(<GuardedComponent {...props} />);
+
+		await waitFor(() => {
+			expect(screen.getByText('value1 - 42 - true')).toBeInTheDocument();
+		});
+	});
+
+	it('should memoize resolved object based on route params', async () => {
+		const permission1 = buildPermission('read', 'dashboard:123');
+		const permission2 = buildPermission('read', 'dashboard:456');
+
+		let requestCount = 0;
+		const requestedPermissions: string[] = [];
+
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, (req, res, ctx) => {
+				requestCount++;
+				const body = req.body as {
+					permissions: Array<{ relation: string; object: string }>;
+				};
+				const perm = body.permissions[0];
+				requestedPermissions.push(`${perm.relation}/${perm.object}`);
+
+				if (perm.object === 'dashboard:123') {
+					return res(
+						ctx.status(200),
+						ctx.json({
+							[permission1]: true,
+						}),
+					);
+				}
+
+				return res(
+					ctx.status(200),
+					ctx.json({
+						[permission2]: true,
+					}),
+				);
+			}),
+		);
+
+		const GuardedComponent = createGuardedRoute(
+			TestComponent,
+			'read',
+			'dashboard:{id}',
+		);
+
+		const mockMatch1 = {
+			params: { id: '123' },
+			isExact: true,
+			path: '/dashboard/:id',
+			url: '/dashboard/123',
+		};
+
+		const props1 = {
+			testProp: 'test-value-1',
+			match: mockMatch1,
+			location: ({} as unknown) as RouteComponentProps['location'],
+			history: ({} as unknown) as RouteComponentProps['history'],
+		};
+
+		const { unmount } = render(<GuardedComponent {...props1} />);
+
+		await waitFor(() => {
+			expect(screen.getByText('Test Component: test-value-1')).toBeInTheDocument();
+		});
+
+		expect(requestCount).toBe(1);
+		expect(requestedPermissions).toContain('read/dashboard:123');
+
+		unmount();
+
+		const mockMatch2 = {
+			params: { id: '456' },
+			isExact: true,
+			path: '/dashboard/:id',
+			url: '/dashboard/456',
+		};
+
+		const props2 = {
+			testProp: 'test-value-2',
+			match: mockMatch2,
+			location: ({} as unknown) as RouteComponentProps['location'],
+			history: ({} as unknown) as RouteComponentProps['history'],
+		};
+
+		render(<GuardedComponent {...props2} />);
+
+		await waitFor(() => {
+			expect(screen.getByText('Test Component: test-value-2')).toBeInTheDocument();
+		});
+
+		expect(requestCount).toBe(2);
+		expect(requestedPermissions).toContain('read/dashboard:456');
+	});
+
+	it('should handle different relation types', async () => {
+		const permission = buildPermission('delete', 'dashboard:789');
+
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, (_req, res, ctx) => {
+				return res(
+					ctx.status(200),
+					ctx.json({
+						[permission]: true,
+					}),
+				);
+			}),
+		);
+
+		const GuardedComponent = createGuardedRoute(
+			TestComponent,
+			'delete',
+			'dashboard:{id}',
+		);
+
+		const mockMatch = {
+			params: { id: '789' },
+			isExact: true,
+			path: '/dashboard/:id',
+			url: '/dashboard/789',
+		};
+
+		const props = {
+			testProp: 'test-value',
+			match: mockMatch,
+			location: ({} as unknown) as RouteComponentProps['location'],
+			history: ({} as unknown) as RouteComponentProps['history'],
+		};
+
+		render(<GuardedComponent {...props} />);
+
+		await waitFor(() => {
+			expect(screen.getByText('Test Component: test-value')).toBeInTheDocument();
+		});
+	});
+});
--- a/frontend/src/components/GuardAuthZ/createGuardedRoute.tsx
+++ b/frontend/src/components/GuardAuthZ/createGuardedRoute.tsx
@@ -0,0 +1,79 @@
+import { ComponentType, ReactElement, useMemo } from 'react';
+import { RouteComponentProps } from 'react-router-dom';
+import { toast } from '@signozhq/sonner';
+import {
+	AuthZObject,
+	AuthZRelation,
+	BrandedPermission,
+} from 'hooks/useAuthZ/utils';
+import { Copy } from 'lucide-react';
+
+import { useCopyToClipboard } from '../../hooks/useCopyToClipboard';
+import ErrorBoundaryFallback from '../../pages/ErrorBoundaryFallback/ErrorBoundaryFallback';
+import AppLoading from '../AppLoading/AppLoading';
+import { GuardAuthZ } from './GuardAuthZ';
+
+import './createGuardedRoute.styles.scss';
+
+const onErrorFallback = (): JSX.Element => <ErrorBoundaryFallback />;
+
+function OnNoPermissionsFallback(response: {
+	requiredPermissionName: BrandedPermission;
+}): ReactElement {
+	const { copyToClipboard } = useCopyToClipboard();
+	const onClickToCopy = (): void => {
+		copyToClipboard(response.requiredPermissionName, 'required-permission');
+
+		toast.success('Permission copied to clipboard');
+	};
+
+	return (
+		<div className="guard-authz-error-no-authz">
+			<div className="guard-authz-error-no-authz-content">
+				<img src="/Icons/no-data.svg" alt="No permission" />
+				<h3>Uh-oh! You don’t have permission to view this page.</h3>
+				<p>
+					You need the following permission to view this page:
+					<br />
+					<pre onClick={onClickToCopy}>
+						{response.requiredPermissionName} <Copy size={12} />
+					</pre>
+					Ask your SigNoz administrator to grant access.
+				</p>
+			</div>
+		</div>
+	);
+}
+
+// eslint-disable-next-line @typescript-eslint/ban-types
+export function createGuardedRoute<P extends object, R extends AuthZRelation>(
+	Component: ComponentType<P>,
+	relation: R,
+	object: AuthZObject<R>,
+): ComponentType<P & RouteComponentProps<Record<string, string>>> {
+	return function GuardedRouteComponent(
+		props: P & RouteComponentProps<Record<string, string>>,
+	): ReactElement {
+		const resolvedObject = useMemo(() => {
+			const paramPattern = /\{([^}]+)\}/g;
+			return object.replace(paramPattern, (match, paramName) => {
+				const paramValue = props.match?.params?.[paramName];
+				return paramValue !== undefined ? paramValue : match;
+			}) as AuthZObject<R>;
+		}, [props.match?.params]);
+
+		return (
+			<GuardAuthZ
+				relation={relation}
+				object={resolvedObject}
+				fallbackOnLoading={<AppLoading />}
+				fallbackOnError={onErrorFallback}
+				fallbackOnNoPermissions={(response): ReactElement => (
+					<OnNoPermissionsFallback {...response} />
+				)}
+			>
+				<Component {...props} />
+			</GuardAuthZ>
+		);
+	};
+}
--- a/frontend/src/components/GuardAuthZ/index.ts
+++ b/frontend/src/components/GuardAuthZ/index.ts
@@ -0,0 +1,3 @@
+export { createGuardedRoute } from './createGuardedRoute';
+export type { GuardAuthZProps } from './GuardAuthZ';
+export { GuardAuthZ } from './GuardAuthZ';
--- a/frontend/src/container/DashboardContainer/visualization/panels/TimeSeriesPanel/tests/utils.test.ts
+++ b/frontend/src/container/DashboardContainer/visualization/panels/TimeSeriesPanel/tests/utils.test.ts
@@ -1,325 +0,0 @@
-import { Widgets } from 'types/api/dashboard/getAll';
-import {
-	MetricRangePayloadProps,
-	MetricRangePayloadV3,
-} from 'types/api/metrics/getQueryRange';
-import { Query } from 'types/api/queryBuilder/queryBuilderData';
-
-import { PanelMode } from '../../types';
-import { prepareChartData, prepareUPlotConfig } from '../utils';
-
-jest.mock(
-	'container/DashboardContainer/visualization/panels/utils/legendVisibilityUtils',
-	() => ({
-		getStoredSeriesVisibility: jest.fn(),
-	}),
-);
-
-jest.mock('lib/uPlotLib/plugins/onClickPlugin', () => ({
-	__esModule: true,
-	default: jest.fn().mockReturnValue({ name: 'onClickPlugin' }),
-}));
-
-jest.mock('lib/dashboard/getQueryResults', () => ({
-	getLegend: jest.fn(
-		(_queryData: unknown, _query: unknown, labelName: string) =>
-			`legend-${labelName}`,
-	),
-}));
-
-jest.mock('lib/getLabelName', () => ({
-	__esModule: true,
-	default: jest.fn(
-		(_metric: unknown, _queryName: string, _legend: string) => 'baseLabel',
-	),
-}));
-
-const getLegendMock = jest.requireMock('lib/dashboard/getQueryResults')
-	.getLegend as jest.Mock;
-const getLabelNameMock = jest.requireMock('lib/getLabelName')
-	.default as jest.Mock;
-
-const createApiResponse = (
-	result: MetricRangePayloadProps['data']['result'] = [],
-): MetricRangePayloadProps => ({
-	data: {
-		result,
-		resultType: 'matrix',
-		newResult: (null as unknown) as MetricRangePayloadV3,
-	},
-});
-
-const createWidget = (overrides: Partial<Widgets> = {}): Widgets =>
-	({
-		id: 'widget-1',
-		yAxisUnit: 'ms',
-		isLogScale: false,
-		thresholds: [],
-		customLegendColors: {},
-		...overrides,
-	} as Widgets);
-
-const defaultTimezone = {
-	name: 'UTC',
-	value: 'UTC',
-	offset: 'UTC',
-	searchIndex: 'UTC',
-};
-
-describe('TimeSeriesPanel utils', () => {
-	beforeEach(() => {
-		jest.clearAllMocks();
-		getLabelNameMock.mockReturnValue('baseLabel');
-		getLegendMock.mockImplementation(
-			(_queryData: unknown, _query: unknown, labelName: string) =>
-				`legend-${labelName}`,
-		);
-	});
-
-	describe('prepareChartData', () => {
-		it('returns aligned data with timestamps and empty series when result is empty', () => {
-			const apiResponse = createApiResponse([]);
-
-			const data = prepareChartData(apiResponse);
-
-			expect(data).toHaveLength(1);
-			expect(data[0]).toEqual([]);
-		});
-
-		it('returns timestamps and one series of y values for single series', () => {
-			const apiResponse = createApiResponse([
-				{
-					metric: {},
-					queryName: 'Q',
-					legend: 'Series A',
-					values: [
-						[1000, '10'],
-						[2000, '20'],
-					],
-				} as MetricRangePayloadProps['data']['result'][0],
-			]);
-
-			const data = prepareChartData(apiResponse);
-
-			expect(data).toHaveLength(2);
-			expect(data[0]).toEqual([1000, 2000]);
-			expect(data[1]).toEqual([10, 20]);
-		});
-
-		it('merges timestamps and fills missing values with null for multiple series', () => {
-			const apiResponse = createApiResponse([
-				{
-					metric: {},
-					queryName: 'Q1',
-					values: [
-						[1000, '1'],
-						[3000, '3'],
-					],
-				} as MetricRangePayloadProps['data']['result'][0],
-				{
-					metric: {},
-					queryName: 'Q2',
-					values: [
-						[1000, '10'],
-						[2000, '20'],
-					],
-				} as MetricRangePayloadProps['data']['result'][0],
-			]);
-
-			const data = prepareChartData(apiResponse);
-
-			expect(data[0]).toEqual([1000, 2000, 3000]);
-			// First series: 1, null, 3
-			expect(data[1]).toEqual([1, null, 3]);
-			// Second series: 10, 20, null
-			expect(data[2]).toEqual([10, 20, null]);
-		});
-	});
-
-	describe('prepareUPlotConfig', () => {
-		const baseParams = {
-			widget: createWidget(),
-			isDarkMode: true,
-			currentQuery: {} as Query,
-			onClick: jest.fn(),
-			onDragSelect: jest.fn(),
-			apiResponse: createApiResponse(),
-			timezone: defaultTimezone,
-			panelMode: PanelMode.DASHBOARD_VIEW,
-		};
-
-		it('adds no series when apiResponse has empty result', () => {
-			const builder = prepareUPlotConfig(baseParams);
-
-			const config = builder.getConfig();
-			// Base series (timestamp) only
-			expect(config.series).toHaveLength(1);
-		});
-
-		it('adds one series per result item with label from getLabelName when no currentQuery', () => {
-			getLegendMock.mockReset();
-			const apiResponse = createApiResponse([
-				{
-					metric: { __name__: 'cpu' },
-					queryName: 'Q1',
-					legend: 'CPU',
-					values: [
-						[1000, '1'],
-						[2000, '2'],
-					],
-				} as MetricRangePayloadProps['data']['result'][0],
-			]);
-
-			const builder = prepareUPlotConfig({
-				...baseParams,
-				apiResponse,
-				currentQuery: (null as unknown) as Query,
-			});
-
-			expect(getLabelNameMock).toHaveBeenCalled();
-			expect(getLegendMock).not.toHaveBeenCalled();
-
-			const config = builder.getConfig();
-			expect(config.series).toHaveLength(2);
-			expect(config.series?.[1]).toMatchObject({
-				label: 'baseLabel',
-				scale: 'y',
-			});
-		});
-
-		it('uses getLegend for label when currentQuery is provided', () => {
-			const apiResponse = createApiResponse([
-				{
-					metric: {},
-					queryName: 'Q1',
-					legend: 'L1',
-					values: [[1000, '1']],
-				} as MetricRangePayloadProps['data']['result'][0],
-			]);
-
-			prepareUPlotConfig({
-				...baseParams,
-				apiResponse,
-				currentQuery: {} as Query,
-			});
-
-			expect(getLegendMock).toHaveBeenCalledWith(
-				{
-					legend: 'L1',
-					metric: {},
-					queryName: 'Q1',
-					values: [[1000, '1']],
-				},
-				{},
-				'baseLabel',
-			);
-
-			const config = prepareUPlotConfig({
-				...baseParams,
-				apiResponse,
-				currentQuery: {} as Query,
-			}).getConfig();
-			expect(config.series?.[1]).toMatchObject({
-				label: 'legend-baseLabel',
-			});
-		});
-
-		it('uses DrawStyle.Line and VisibilityMode.Never when series has multiple valid points', () => {
-			const apiResponse = createApiResponse([
-				{
-					metric: {},
-					queryName: 'Q',
-					values: [
-						[1000, '1'],
-						[2000, '2'],
-					],
-				} as MetricRangePayloadProps['data']['result'][0],
-			]);
-
-			const builder = prepareUPlotConfig({ ...baseParams, apiResponse });
-			const config = builder.getConfig();
-			const series = config.series?.[1];
-
-			expect(config.series).toHaveLength(2);
-			// Line style and points never for multi-point series (checked via builder API)
-			const legendItems = builder.getLegendItems();
-			expect(Object.keys(legendItems)).toHaveLength(1);
-			// multi-point series → points hidden
-			expect(series).toBeDefined();
-			expect(series!.points?.show).toBe(false);
-		});
-
-		it('uses DrawStyle.Points and shows points when series has only one valid point', () => {
-			const apiResponse = createApiResponse([
-				{
-					metric: {},
-					queryName: 'Q',
-					values: [
-						[1000, '1'],
-						[2000, 'NaN'],
-						[3000, 'invalid'],
-					],
-				} as MetricRangePayloadProps['data']['result'][0],
-			]);
-
-			const builder = prepareUPlotConfig({ ...baseParams, apiResponse });
-			const config = builder.getConfig();
-
-			expect(config.series).toHaveLength(2);
-			const seriesConfig = config.series?.[1];
-			expect(seriesConfig).toBeDefined();
-			// Single valid point -> Points draw style (asserted via series config)
-			expect(seriesConfig).toMatchObject({
-				scale: 'y',
-				spanGaps: true,
-			});
-			// single-point series → points shown
-			expect(seriesConfig).toBeDefined();
-			expect(seriesConfig!.points?.show).toBe(true);
-		});
-
-		it('uses widget customLegendColors to set series stroke color', () => {
-			const widget = createWidget({
-				customLegendColors: { 'legend-baseLabel': '#ff0000' },
-			});
-			const apiResponse = createApiResponse([
-				{
-					metric: {},
-					queryName: 'Q',
-					values: [[1000, '1']],
-				} as MetricRangePayloadProps['data']['result'][0],
-			]);
-
-			const builder = prepareUPlotConfig({
-				...baseParams,
-				widget,
-				apiResponse,
-			});
-
-			const config = builder.getConfig();
-			const seriesConfig = config.series?.[1];
-			expect(seriesConfig).toBeDefined();
-			expect(seriesConfig!.stroke).toBe('#ff0000');
-		});
-
-		it('adds multiple series when result has multiple items', () => {
-			const apiResponse = createApiResponse([
-				{
-					metric: {},
-					queryName: 'Q1',
-					values: [[1000, '1']],
-				} as MetricRangePayloadProps['data']['result'][0],
-				{
-					metric: {},
-					queryName: 'Q2',
-					values: [[1000, '2']],
-				} as MetricRangePayloadProps['data']['result'][0],
-			]);
-
-			const builder = prepareUPlotConfig({ ...baseParams, apiResponse });
-			const config = builder.getConfig();
-
-			expect(config.series).toHaveLength(3);
-		});
-	});
-});
--- a/frontend/src/container/DashboardContainer/visualization/panels/TimeSeriesPanel/utils.ts
+++ b/frontend/src/container/DashboardContainer/visualization/panels/TimeSeriesPanel/utils.ts
@@ -15,12 +15,10 @@ import {
 	VisibilityMode,
 } from 'lib/uPlotV2/config/types';
 import { UPlotConfigBuilder } from 'lib/uPlotV2/config/UPlotConfigBuilder';
-import { isInvalidPlotValue } from 'lib/uPlotV2/utils/dataUtils';
 import get from 'lodash-es/get';
 import { Widgets } from 'types/api/dashboard/getAll';
 import { MetricRangePayloadProps } from 'types/api/metrics/getQueryRange';
 import { Query } from 'types/api/queryBuilder/queryBuilderData';
-import { QueryData } from 'types/api/widgets/getQuery';

 import { PanelMode } from '../types';
 import { buildBaseConfig } from '../utils/baseConfigBuilder';
@@ -35,22 +33,6 @@ export const prepareChartData = (
 	return [timestampArr, ...yAxisValuesArr];
 };

-function hasSingleVisiblePointForSeries(series: QueryData): boolean {
-	const rawValues = series.values ?? [];
-	let validPointCount = 0;
-
-	for (const [, rawValue] of rawValues) {
-		if (!isInvalidPlotValue(rawValue)) {
-			validPointCount += 1;
-			if (validPointCount > 1) {
-				return false;
-			}
-		}
-	}
-
-	return true;
-}
-
 export const prepareUPlotConfig = ({
 	widget,
 	isDarkMode,
@@ -95,8 +77,9 @@ export const prepareUPlotConfig = ({
 		stepInterval: minStepInterval,
 	});

-	apiResponse.data?.result?.forEach((series) => {
-		const hasSingleValidPoint = hasSingleVisiblePointForSeries(series);
+	const seriesList = apiResponse.data?.result || [];
+
+	seriesList.forEach((series) => {
 		const baseLabelName = getLabelName(
 			series.metric,
 			series.queryName || '', // query
@@ -109,15 +92,13 @@ export const prepareUPlotConfig = ({

 		builder.addSeries({
 			scaleKey: 'y',
-			drawStyle: hasSingleValidPoint ? DrawStyle.Points : DrawStyle.Line,
+			drawStyle: DrawStyle.Line,
 			label: label,
 			colorMapping: widget.customLegendColors ?? {},
 			spanGaps: true,
 			lineStyle: LineStyle.Solid,
 			lineInterpolation: LineInterpolation.Spline,
-			showPoints: hasSingleValidPoint
-				? VisibilityMode.Always
-				: VisibilityMode.Never,
+			showPoints: VisibilityMode.Never,
 			pointSize: 5,
 			isDarkMode,
 			panelType: PANEL_TYPES.TIME_SERIES,
--- a/frontend/src/hooks/useAuthZ/useAuthZ.test.tsx
+++ b/frontend/src/hooks/useAuthZ/useAuthZ.test.tsx
@@ -0,0 +1,444 @@
+import { ReactElement } from 'react';
+import { renderHook, waitFor } from '@testing-library/react';
+import { ENVIRONMENT } from 'constants/env';
+import { server } from 'mocks-server/server';
+import { rest } from 'msw';
+import { AllTheProviders } from 'tests/test-utils';
+
+import { useAuthZ } from './useAuthZ';
+import { BrandedPermission, buildPermission } from './utils';
+
+const BASE_URL = ENVIRONMENT.baseURL || '';
+
+const wrapper = ({ children }: { children: ReactElement }): ReactElement => (
+	<AllTheProviders>{children}</AllTheProviders>
+);
+
+describe('useAuthZ', () => {
+	it('should fetch and return permissions successfully', async () => {
+		const permission1 = buildPermission('read', 'dashboard:*');
+		const permission2 = buildPermission('update', 'dashboard:123');
+
+		const mockApiResponse = {
+			[permission1]: true,
+			[permission2]: false,
+		};
+
+		const expectedResponse = {
+			[permission1]: {
+				isGranted: true,
+			},
+			[permission2]: {
+				isGranted: false,
+			},
+		};
+
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, (_req, res, ctx) => {
+				return res(ctx.status(200), ctx.json(mockApiResponse));
+			}),
+		);
+
+		const { result } = renderHook(() => useAuthZ([permission1, permission2]), {
+			wrapper,
+		});
+
+		expect(result.current.isLoading).toBe(true);
+		expect(result.current.permissions).toBeNull();
+
+		await waitFor(() => {
+			expect(result.current.isLoading).toBe(false);
+		});
+
+		expect(result.current.error).toBeNull();
+		expect(result.current.permissions).toEqual(expectedResponse);
+	});
+
+	it('should handle API errors', async () => {
+		const permission = buildPermission('read', 'dashboard:*');
+
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, (_req, res, ctx) => {
+				return res(ctx.status(500), ctx.json({ error: 'Internal Server Error' }));
+			}),
+		);
+
+		const { result } = renderHook(() => useAuthZ([permission]), {
+			wrapper,
+		});
+
+		await waitFor(() => {
+			expect(result.current.isLoading).toBe(false);
+		});
+
+		expect(result.current.error).not.toBeNull();
+		expect(result.current.permissions).toBeNull();
+	});
+
+	it('should refetch when permissions array changes', async () => {
+		const permission1 = buildPermission('read', 'dashboard:*');
+		const permission2 = buildPermission('update', 'dashboard:123');
+		const permission3 = buildPermission('delete', 'dashboard:456');
+
+		let requestCount = 0;
+
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, (req, res, ctx) => {
+				requestCount++;
+				const body = req.body as {
+					permissions: Array<{ relation: string; object: string }>;
+				};
+
+				if (body.permissions.length === 1) {
+					return res(
+						ctx.status(200),
+						ctx.json({
+							[permission1]: true,
+						}),
+					);
+				}
+
+				return res(
+					ctx.status(200),
+					ctx.json({
+						[permission1]: true,
+						[permission2]: false,
+						[permission3]: true,
+					}),
+				);
+			}),
+		);
+
+		const { result, rerender } = renderHook<
+			ReturnType<typeof useAuthZ>,
+			BrandedPermission[]
+		>((permissions) => useAuthZ(permissions), {
+			wrapper,
+			initialProps: [permission1],
+		});
+
+		await waitFor(() => {
+			expect(result.current.isLoading).toBe(false);
+		});
+
+		expect(requestCount).toBe(1);
+		expect(result.current.permissions).toEqual({
+			[permission1]: {
+				isGranted: true,
+			},
+		});
+
+		rerender([permission1, permission2, permission3]);
+
+		await waitFor(() => {
+			expect(result.current.isLoading).toBe(false);
+		});
+
+		expect(requestCount).toBe(2);
+		expect(result.current.permissions).toEqual({
+			[permission1]: {
+				isGranted: true,
+			},
+			[permission2]: {
+				isGranted: false,
+			},
+			[permission3]: {
+				isGranted: true,
+			},
+		});
+	});
+
+	it('should not refetch when permissions array order changes but content is the same', async () => {
+		const permission1 = buildPermission('read', 'dashboard:*');
+		const permission2 = buildPermission('update', 'dashboard:123');
+
+		let requestCount = 0;
+
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, (_req, res, ctx) => {
+				requestCount++;
+				return res(
+					ctx.status(200),
+					ctx.json({
+						[permission1]: true,
+						[permission2]: false,
+					}),
+				);
+			}),
+		);
+
+		const { result, rerender } = renderHook<
+			ReturnType<typeof useAuthZ>,
+			BrandedPermission[]
+		>((permissions) => useAuthZ(permissions), {
+			wrapper,
+			initialProps: [permission1, permission2],
+		});
+
+		await waitFor(() => {
+			expect(result.current.isLoading).toBe(false);
+		});
+
+		expect(requestCount).toBe(1);
+
+		rerender([permission2, permission1]);
+
+		await waitFor(() => {
+			expect(result.current.isLoading).toBe(false);
+		});
+
+		expect(requestCount).toBe(1);
+	});
+
+	it('should handle empty permissions array', async () => {
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, (_req, res, ctx) => {
+				return res(ctx.status(200), ctx.json({}));
+			}),
+		);
+
+		const { result } = renderHook(() => useAuthZ([]), {
+			wrapper,
+		});
+
+		expect(result.current.isLoading).toBe(false);
+		expect(result.current.error).toBeNull();
+		expect(result.current.permissions).toEqual({});
+	});
+
+	it('should send correct payload format to API', async () => {
+		const permission1 = buildPermission('read', 'dashboard:*');
+		const permission2 = buildPermission('update', 'dashboard:123');
+
+		let receivedPayload: any = null;
+
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, async (req, res, ctx) => {
+				receivedPayload = await req.json();
+				return res(
+					ctx.status(200),
+					ctx.json({
+						[permission1]: true,
+						[permission2]: false,
+					}),
+				);
+			}),
+		);
+
+		const { result } = renderHook(() => useAuthZ([permission1, permission2]), {
+			wrapper,
+		});
+
+		await waitFor(() => {
+			expect(result.current.isLoading).toBe(false);
+		});
+
+		expect(receivedPayload).toEqual({
+			permissions: [
+				{ relation: 'read', object: 'dashboard:*' },
+				{ relation: 'update', object: 'dashboard:123' },
+			],
+		});
+	});
+
+	it('should batch multiple hooks into single flight request', async () => {
+		const permission1 = buildPermission('read', 'dashboard:*');
+		const permission2 = buildPermission('update', 'dashboard:123');
+		const permission3 = buildPermission('delete', 'dashboard:456');
+		const permission4 = buildPermission('create', 'dashboards');
+
+		let requestCount = 0;
+		const receivedPayloads: any[] = [];
+
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, async (req, res, ctx) => {
+				requestCount++;
+				const payload = await req.json();
+				receivedPayloads.push(payload);
+
+				const allPermissions = [permission1, permission2, permission3, permission4];
+
+				const response: Record<string, boolean> = {};
+				payload.permissions.forEach((p: { relation: string; object: string }) => {
+					const perm = `${p.relation}/${p.object}` as BrandedPermission;
+					if (allPermissions.includes(perm)) {
+						response[perm] = perm === permission1 || perm === permission3;
+					}
+				});
+
+				return res(ctx.status(200), ctx.json(response));
+			}),
+		);
+
+		const { result: result1 } = renderHook(() => useAuthZ([permission1]), {
+			wrapper,
+		});
+
+		const { result: result2 } = renderHook(() => useAuthZ([permission2]), {
+			wrapper,
+		});
+
+		const { result: result3 } = renderHook(() => useAuthZ([permission3]), {
+			wrapper,
+		});
+
+		await waitFor(
+			() => {
+				expect(result1.current.isLoading).toBe(false);
+				expect(result2.current.isLoading).toBe(false);
+				expect(result3.current.isLoading).toBe(false);
+			},
+			{ timeout: 200 },
+		);
+
+		expect(requestCount).toBe(1);
+		expect(receivedPayloads).toHaveLength(1);
+		expect(receivedPayloads[0].permissions).toHaveLength(3);
+		expect(receivedPayloads[0].permissions).toEqual(
+			expect.arrayContaining([
+				{ relation: 'read', object: 'dashboard:*' },
+				{ relation: 'update', object: 'dashboard:123' },
+				{ relation: 'delete', object: 'dashboard:456' },
+			]),
+		);
+
+		expect(result1.current.permissions).toEqual({
+			[permission1]: { isGranted: true },
+		});
+		expect(result2.current.permissions).toEqual({
+			[permission2]: { isGranted: false },
+		});
+		expect(result3.current.permissions).toEqual({
+			[permission3]: { isGranted: true },
+		});
+	});
+
+	it('should create separate batches for calls after single flight window', async () => {
+		const permission1 = buildPermission('read', 'dashboard:*');
+		const permission2 = buildPermission('update', 'dashboard:123');
+		const permission3 = buildPermission('delete', 'dashboard:456');
+
+		let requestCount = 0;
+		const receivedPayloads: any[] = [];
+
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, async (req, res, ctx) => {
+				requestCount++;
+				const payload = await req.json();
+				receivedPayloads.push(payload);
+
+				const response: Record<string, boolean> = {};
+				payload.permissions.forEach((p: { relation: string; object: string }) => {
+					const perm = `${p.relation}/${p.object}` as BrandedPermission;
+					response[perm] = perm === permission1 || perm === permission3;
+				});
+
+				return res(ctx.status(200), ctx.json(response));
+			}),
+		);
+
+		const { result: result1 } = renderHook(() => useAuthZ([permission1]), {
+			wrapper,
+		});
+
+		await waitFor(
+			() => {
+				expect(result1.current.isLoading).toBe(false);
+			},
+			{ timeout: 200 },
+		);
+
+		expect(requestCount).toBe(1);
+		expect(receivedPayloads[0].permissions).toHaveLength(1);
+
+		await new Promise((resolve) => setTimeout(resolve, 100));
+
+		const { result: result2 } = renderHook(() => useAuthZ([permission2]), {
+			wrapper,
+		});
+
+		const { result: result3 } = renderHook(() => useAuthZ([permission3]), {
+			wrapper,
+		});
+
+		await waitFor(
+			() => {
+				expect(result2.current.isLoading).toBe(false);
+				expect(result3.current.isLoading).toBe(false);
+			},
+			{ timeout: 200 },
+		);
+
+		expect(requestCount).toBe(2);
+		expect(receivedPayloads).toHaveLength(2);
+		expect(receivedPayloads[1].permissions).toHaveLength(2);
+		expect(receivedPayloads[1].permissions).toEqual(
+			expect.arrayContaining([
+				{ relation: 'update', object: 'dashboard:123' },
+				{ relation: 'delete', object: 'dashboard:456' },
+			]),
+		);
+	});
+
+	it('should not leak state between separate batches', async () => {
+		const permission1 = buildPermission('read', 'dashboard:*');
+		const permission2 = buildPermission('update', 'dashboard:123');
+		const permission3 = buildPermission('delete', 'dashboard:456');
+
+		let requestCount = 0;
+
+		server.use(
+			rest.post(`${BASE_URL}/api/v1/permissions/check`, async (req, res, ctx) => {
+				requestCount++;
+				const payload = await req.json();
+
+				const response: Record<string, boolean> = {};
+				payload.permissions.forEach((p: { relation: string; object: string }) => {
+					const perm = `${p.relation}/${p.object}` as BrandedPermission;
+					response[perm] = perm === permission1 || perm === permission3;
+				});
+
+				return res(ctx.status(200), ctx.json(response));
+			}),
+		);
+
+		const { result: result1 } = renderHook(() => useAuthZ([permission1]), {
+			wrapper,
+		});
+
+		await waitFor(
+			() => {
+				expect(result1.current.isLoading).toBe(false);
+			},
+			{ timeout: 200 },
+		);
+
+		expect(requestCount).toBe(1);
+		expect(result1.current.permissions).toEqual({
+			[permission1]: { isGranted: true },
+		});
+
+		await new Promise((resolve) => setTimeout(resolve, 100));
+
+		const { result: result2 } = renderHook(() => useAuthZ([permission2]), {
+			wrapper,
+		});
+
+		await waitFor(
+			() => {
+				expect(result2.current.isLoading).toBe(false);
+			},
+			{ timeout: 200 },
+		);
+
+		expect(requestCount).toBe(2);
+		expect(result1.current.permissions).toEqual({
+			[permission1]: { isGranted: true },
+		});
+		expect(result2.current.permissions).toEqual({
+			[permission2]: { isGranted: false },
+		});
+		expect(result1.current.permissions).not.toHaveProperty(permission2);
+		expect(result2.current.permissions).not.toHaveProperty(permission1);
+	});
+});
--- a/frontend/src/hooks/useAuthZ/useAuthZ.tsx
+++ b/frontend/src/hooks/useAuthZ/useAuthZ.tsx
@@ -0,0 +1,136 @@
+import { useMemo } from 'react';
+import { useQueries } from 'react-query';
+import api from 'api';
+
+import { BrandedPermission } from './utils';
+
+export type UseAuthZPermissionResult = {
+	isGranted: boolean;
+};
+
+export type AuthZCheckResponse = Record<
+	BrandedPermission,
+	UseAuthZPermissionResult
+>;
+
+export type UseAuthZResult = {
+	isLoading: boolean;
+	error: Error | null;
+	permissions: AuthZCheckResponse | null;
+};
+
+let ctx: Promise<AuthZCheckResponse> | null;
+let pendingPermissions: BrandedPermission[] = [];
+const SINGLE_FLIGHT_WAIT_TIME_MS = 50;
+const AUTHZ_CACHE_TIME = 20_000;
+
+function dispatchPermission(
+	permission: BrandedPermission,
+): Promise<AuthZCheckResponse> {
+	pendingPermissions.push(permission);
+
+	if (!ctx) {
+		let resolve: (v: AuthZCheckResponse) => void, reject: (reason?: any) => void;
+		ctx = new Promise<AuthZCheckResponse>((r, re) => {
+			resolve = r;
+			reject = re;
+		});
+
+		setTimeout(() => {
+			const copiedPermissions = pendingPermissions.slice();
+			pendingPermissions = [];
+			ctx = null;
+
+			fetchManyPermissions(copiedPermissions).then(resolve).catch(reject);
+		}, SINGLE_FLIGHT_WAIT_TIME_MS);
+	}
+
+	return ctx;
+}
+
+async function fetchManyPermissions(
+	permissions: BrandedPermission[],
+): Promise<AuthZCheckResponse> {
+	const permissionsPayload = permissions.map((permission) => {
+		const [relation, object] = permission.split('/');
+
+		return {
+			relation,
+			object,
+		};
+	});
+
+	const permissionsCheckResponse = await api
+		.post<Record<string, boolean>>('/permissions/check', {
+			permissions: permissionsPayload,
+		})
+		.then((response) => response.data);
+
+	return Object.keys(permissionsCheckResponse).reduce<AuthZCheckResponse>(
+		(acc, permission): AuthZCheckResponse => {
+			acc[permission as BrandedPermission] = {
+				isGranted: !!permissionsCheckResponse[permission],
+			};
+			return acc;
+		},
+		{} as AuthZCheckResponse,
+	);
+}
+
+export function useAuthZ(permissions: BrandedPermission[]): UseAuthZResult {
+	const queryResults = useQueries(
+		permissions.map((permission) => {
+			return {
+				queryKey: ['authz', permission],
+				cacheTime: AUTHZ_CACHE_TIME,
+				refetchOnMount: false,
+				refetchIntervalInBackground: false,
+				refetchOnWindowFocus: false,
+				refetchOnReconnect: true,
+				queryFn: async (): Promise<AuthZCheckResponse> => {
+					const response = await dispatchPermission(permission);
+
+					return {
+						[permission]: {
+							isGranted: response[permission].isGranted,
+						},
+					};
+				},
+			};
+		}),
+	);
+
+	const isLoading = useMemo(() => queryResults.some((q) => q.isLoading), [
+		queryResults,
+	]);
+	const error = useMemo(
+		() =>
+			!isLoading
+				? (queryResults.find((q) => !!q.error)?.error as Error) || null
+				: null,
+		[isLoading, queryResults],
+	);
+	const data = useMemo(() => {
+		if (isLoading || error) {
+			return null;
+		}
+
+		return queryResults.reduce((acc, q) => {
+			if (!q.data) {
+				return acc;
+			}
+
+			for (const [key, value] of Object.entries(q.data)) {
+				acc[key as BrandedPermission] = value;
+			}
+
+			return acc;
+		}, {} as AuthZCheckResponse);
+	}, [isLoading, error, queryResults]);
+
+	return {
+		isLoading,
+		error,
+		permissions: data ?? null,
+	};
+}
--- a/frontend/src/hooks/useAuthZ/utils.ts
+++ b/frontend/src/hooks/useAuthZ/utils.ts
@@ -0,0 +1,32 @@
+export type AuthZRelation =
+	| 'list'
+	| 'create'
+	| 'read'
+	| 'update'
+	| 'delete'
+	| 'assignee';
+export type AuthZResource = 'dashboard';
+export type AuthZObject<R extends AuthZRelation> = R extends 'list' | 'create'
+	? `${AuthZResource}s`
+	: `${AuthZResource}:${string}`;
+
+export type AuthZPermissionCheck<R extends AuthZRelation> = {
+	object: AuthZObject<R>;
+	relation: R;
+};
+
+export type BrandedPermission = string & { __brandedPermission: true };
+
+export function buildPermission<R extends AuthZRelation>(
+	relation: R,
+	object: AuthZObject<R>,
+): BrandedPermission {
+	return `${relation}/${object}` as BrandedPermission;
+}
+
+export function buildObjectString(
+	resource: AuthZResource,
+	objectId: string,
+): `${AuthZResource}:${string}` {
+	return `${resource}:${objectId}`;
+}
--- a/pkg/querier/builder_query.go
+++ b/pkg/querier/builder_query.go
@@ -80,12 +80,11 @@ func (q *builderQuery[T]) Fingerprint() string {
 			case qbtypes.LogAggregation:
 				aggParts = append(aggParts, a.Expression)
 			case qbtypes.MetricAggregation:
-				aggParts = append(aggParts, fmt.Sprintf("%s:%s:%s:%s:%s",
+				aggParts = append(aggParts, fmt.Sprintf("%s:%s:%s:%s",
 					a.MetricName,
 					a.Temporality.StringValue(),
 					a.TimeAggregation.StringValue(),
 					a.SpaceAggregation.StringValue(),
-					a.SpaceAggregationParam.StringValue(),
 				))
 			}
 		}
--- a/pkg/telemetrymetrics/statement_builder.go
+++ b/pkg/telemetrymetrics/statement_builder.go
@@ -123,7 +123,8 @@ func (b *MetricQueryStatementBuilder) buildPipelineStatement(
 	origTimeAgg := query.Aggregations[0].TimeAggregation
 	origGroupBy := slices.Clone(query.GroupBy)

-	if query.Aggregations[0].Type == metrictypes.HistogramType {
+	if query.Aggregations[0].SpaceAggregation.IsPercentile() &&
+		query.Aggregations[0].Type != metrictypes.ExpHistogramType {
 		// add le in the group by if doesn't exist
 		leExists := false
 		for _, g := range query.GroupBy {
@@ -153,11 +154,7 @@ func (b *MetricQueryStatementBuilder) buildPipelineStatement(
 		}

 		// make the time aggregation rate and space aggregation sum
-		if query.Aggregations[0].SpaceAggregation.IsPercentile() {
-			query.Aggregations[0].TimeAggregation = metrictypes.TimeAggregationRate
-		} else {
-			query.Aggregations[0].TimeAggregation = metrictypes.TimeAggregationIncrease
-		}
+		query.Aggregations[0].TimeAggregation = metrictypes.TimeAggregationRate
 		query.Aggregations[0].SpaceAggregation = metrictypes.SpaceAggregationSum
 	}

@@ -527,7 +524,7 @@ func (b *MetricQueryStatementBuilder) buildSpatialAggregationCTE(
 		return "", nil, errors.Newf(
 			errors.TypeInvalidInput,
 			errors.CodeInvalidInput,
-			"invalid space aggregation, should be one of the following: [`sum`, `avg`, `min`, `max`, `count`, `p50`, `p75`, `p90`, `p95`, `p99`, `histogram_count`]",
+			"invalid space aggregation, should be one of the following: [`sum`, `avg`, `min`, `max`, `count`, `p50`, `p75`, `p90`, `p95`, `p99`]",
 		)
 	}
 	sb := sqlbuilder.NewSelectBuilder()
@@ -580,34 +577,6 @@ func (b *MetricQueryStatementBuilder) BuildFinalSelect(
 		sb.From("__spatial_aggregation_cte")
 		sb.GroupBy(querybuilder.GroupByKeys(query.GroupBy)...)
 		sb.GroupBy("ts")
-		if query.Having != nil && query.Having.Expression != "" {
-			rewriter := querybuilder.NewHavingExpressionRewriter()
-			rewrittenExpr := rewriter.RewriteForMetrics(query.Having.Expression, query.Aggregations)
-			sb.Having(rewrittenExpr)
-		}
-	} else if query.Aggregations[0].SpaceAggregation == metrictypes.SpaceAggregationHistogramCount {
-		sb.Select("ts")
-
-		for _, g := range query.GroupBy {
-			sb.SelectMore(fmt.Sprintf("`%s`", g.TelemetryFieldKey.Name))
-		}
-
-		switch query.Aggregations[0].SpaceAggregationParam.(type) {
-		case metrictypes.ComparisonSpaceAggregationParam:
-			aggQuery, err := AggregationQueryForHistogramCount(query.Aggregations[0].SpaceAggregationParam.(metrictypes.ComparisonSpaceAggregationParam))
-			if err != nil {
-				return nil, err
-			}
-			sb.SelectMore(aggQuery)
-		default:
-			return nil, errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "no aggregation param provided for histogram count")
-		}
-
-		sb.From("__spatial_aggregation_cte")
-
-		sb.GroupBy(querybuilder.GroupByKeys(query.GroupBy)...)
-		sb.GroupBy("ts")
-
 		if query.Having != nil && query.Having.Expression != "" {
 			rewriter := querybuilder.NewHavingExpressionRewriter()
 			rewrittenExpr := rewriter.RewriteForMetrics(query.Having.Expression, query.Aggregations)
--- a/pkg/telemetrymetrics/tables.go
+++ b/pkg/telemetrymetrics/tables.go
@@ -1,7 +1,6 @@
 package telemetrymetrics

 import (
-	"fmt"
 	"time"

 	"github.com/SigNoz/signoz/pkg/errors"
@@ -309,17 +308,3 @@ func AggregationColumnForSamplesTable(
 	}
 	return aggregationColumn, nil
 }
-
-func AggregationQueryForHistogramCount(params metrictypes.ComparisonSpaceAggregationParam) (string, error) {
-	histogramCountThreshold := params.Threshold
-
-	switch params.Operater {
-	case "<=":
-		return fmt.Sprintf("argMaxIf(value, toFloat64(le), toFloat64(le) <= %f) + (argMinIf(value, toFloat64(le), toFloat64(le) > %f) - argMaxIf(value, toFloat64(le), toFloat64(le) <= %f)) * (%f - maxIf(toFloat64(le), toFloat64(le) <= %f)) / (minIf(toFloat64(le), toFloat64(le) > %f) - maxIf(toFloat64(le), toFloat64(le) <= %f)) AS value", histogramCountThreshold, histogramCountThreshold, histogramCountThreshold, histogramCountThreshold, histogramCountThreshold, histogramCountThreshold, histogramCountThreshold), nil
-	case ">":
-		return fmt.Sprintf("argMax(value, toFloat64(le)) - (argMaxIf(value, toFloat64(le), toFloat64(le) < %f) + (argMinIf(value, toFloat64(le), toFloat64(le) >= %f) - argMaxIf(value, toFloat64(le), toFloat64(le) < %f)) * (%f - maxIf(toFloat64(le), toFloat64(le) < %f)) / (minIf(toFloat64(le), toFloat64(le) >= %f) - maxIf(toFloat64(le), toFloat64(le) <= %f))) AS value", histogramCountThreshold, histogramCountThreshold, histogramCountThreshold, histogramCountThreshold, histogramCountThreshold, histogramCountThreshold, histogramCountThreshold), nil
-	default:
-		return "", errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "invalid space aggregation operator, should be one of the following: [`<=`, `>`]")
-	}
-
-}
--- a/pkg/types/metrictypes/metrictypes.go
+++ b/pkg/types/metrictypes/metrictypes.go
@@ -2,7 +2,6 @@ package metrictypes

 import (
 	"database/sql/driver"
-	"fmt"
 	"strings"

 	"github.com/SigNoz/signoz/pkg/errors"
@@ -190,18 +189,17 @@ type SpaceAggregation struct {
 }

 var (
-	SpaceAggregationUnspecified    = SpaceAggregation{valuer.NewString("")}
-	SpaceAggregationSum            = SpaceAggregation{valuer.NewString("sum")}
-	SpaceAggregationAvg            = SpaceAggregation{valuer.NewString("avg")}
-	SpaceAggregationMin            = SpaceAggregation{valuer.NewString("min")}
-	SpaceAggregationMax            = SpaceAggregation{valuer.NewString("max")}
-	SpaceAggregationCount          = SpaceAggregation{valuer.NewString("count")}
-	SpaceAggregationPercentile50   = SpaceAggregation{valuer.NewString("p50")}
-	SpaceAggregationPercentile75   = SpaceAggregation{valuer.NewString("p75")}
-	SpaceAggregationPercentile90   = SpaceAggregation{valuer.NewString("p90")}
-	SpaceAggregationPercentile95   = SpaceAggregation{valuer.NewString("p95")}
-	SpaceAggregationPercentile99   = SpaceAggregation{valuer.NewString("p99")}
-	SpaceAggregationHistogramCount = SpaceAggregation{valuer.NewString("histogram_count")}
+	SpaceAggregationUnspecified  = SpaceAggregation{valuer.NewString("")}
+	SpaceAggregationSum          = SpaceAggregation{valuer.NewString("sum")}
+	SpaceAggregationAvg          = SpaceAggregation{valuer.NewString("avg")}
+	SpaceAggregationMin          = SpaceAggregation{valuer.NewString("min")}
+	SpaceAggregationMax          = SpaceAggregation{valuer.NewString("max")}
+	SpaceAggregationCount        = SpaceAggregation{valuer.NewString("count")}
+	SpaceAggregationPercentile50 = SpaceAggregation{valuer.NewString("p50")}
+	SpaceAggregationPercentile75 = SpaceAggregation{valuer.NewString("p75")}
+	SpaceAggregationPercentile90 = SpaceAggregation{valuer.NewString("p90")}
+	SpaceAggregationPercentile95 = SpaceAggregation{valuer.NewString("p95")}
+	SpaceAggregationPercentile99 = SpaceAggregation{valuer.NewString("p99")}
 )

 func (SpaceAggregation) Enum() []any {
@@ -216,7 +214,6 @@ func (SpaceAggregation) Enum() []any {
 		SpaceAggregationPercentile90,
 		SpaceAggregationPercentile95,
 		SpaceAggregationPercentile99,
-		SpaceAggregationHistogramCount,
 	}
 }

@@ -259,22 +256,3 @@ type MetricTableHints struct {
 type MetricValueFilter struct {
 	Value float64
 }
-
-type SpaceAggregationParam interface {
-	StringValue() string
-}
-
-type NoSpaceAggregationParam struct{}
-
-func (_ NoSpaceAggregationParam) StringValue() string {
-	return "{}"
-}
-
-type ComparisonSpaceAggregationParam struct {
-	Operater  string  `json:"operator"`
-	Threshold float64 `json:"limit"`
-}
-
-func (cso ComparisonSpaceAggregationParam) StringValue() string {
-	return fmt.Sprintf("{\"operator\": \"%s\", \"limit\": \"%f\"}", cso.Operater, cso.Threshold)
-}
--- a/pkg/types/querybuildertypes/querybuildertypesv5/builder_elements.go
+++ b/pkg/types/querybuildertypes/querybuildertypesv5/builder_elements.go
@@ -446,8 +446,6 @@ type MetricAggregation struct {
 	TimeAggregation metrictypes.TimeAggregation `json:"timeAggregation"`
 	// space aggregation to apply to the query
 	SpaceAggregation metrictypes.SpaceAggregation `json:"spaceAggregation"`
-	// param for space aggregation if needed
-	SpaceAggregationParam metrictypes.SpaceAggregationParam `json:"spaceAggregationParam"`
 	// table hints to use for the query
 	TableHints *metrictypes.MetricTableHints `json:"-"`
 	// value filter to apply to the query
@@ -456,40 +454,6 @@ type MetricAggregation struct {
 	ReduceTo ReduceTo `json:"reduceTo,omitempty"`
 }

-func (m *MetricAggregation) UnmarshalJSON(data []byte) error {
-	type Alias MetricAggregation
-	aux := &struct {
-		SpaceAggregationParam json.RawMessage `json:"spaceAggregationParam"`
-		*Alias
-	}{
-		Alias: (*Alias)(m),
-	}
-
-	if err := json.Unmarshal(data, &aux); err != nil {
-		return err
-	}
-
-	// If no param provided
-	if len(aux.SpaceAggregationParam) == 0 || string(aux.SpaceAggregationParam) == "null" {
-		m.SpaceAggregationParam = metrictypes.NoSpaceAggregationParam{}
-		return nil
-	}
-
-	switch m.SpaceAggregation {
-	case metrictypes.SpaceAggregationHistogramCount:
-		var p metrictypes.ComparisonSpaceAggregationParam
-		if err := json.Unmarshal(aux.SpaceAggregationParam, &p); err != nil {
-			return err
-		}
-		m.SpaceAggregationParam = p
-
-	default:
-		m.SpaceAggregationParam = metrictypes.NoSpaceAggregationParam{}
-	}
-
-	return nil
-}
-
 // Copy creates a deep copy of MetricAggregation
 func (m MetricAggregation) Copy() MetricAggregation {
 	c := m