fix: add examples of structs for value param in param description

# Conflicts:
#	pkg/modules/tag/impltag/module.go
#	pkg/modules/tag/tag.go
#	pkg/types/tagtypes/tag_test.go

.github/CODEOWNERS

@@ -107,7 +107,6 @@ go.mod @therealpandey
 /pkg/modules/organization/ @therealpandey
 /pkg/modules/authdomain/ @therealpandey
 /pkg/modules/role/ @therealpandey
-/pkg/types/coretypes/ @therealpandey @vikrantgupta25
 
 # IdentN Owners
 

.github/workflows/goci.yaml

@@ -102,20 +102,3 @@ jobs:
         run: |
           go run cmd/enterprise/*.go generate openapi
           git diff --compact-summary --exit-code || (echo; echo "Unexpected difference in openapi spec. Run go run cmd/enterprise/*.go generate openapi locally and commit."; exit 1)
-  authz:
-    if: |
-      github.event_name == 'merge_group' ||
-      (github.event_name == 'pull_request' && ! github.event.pull_request.head.repo.fork && github.event.pull_request.user.login != 'dependabot[bot]' && ! contains(github.event.pull_request.labels.*.name, 'safe-to-test')) ||
-      (github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'safe-to-test'))
-    runs-on: ubuntu-latest
-    steps:
-      - name: self-checkout
-        uses: actions/checkout@v4
-      - name: go-install
-        uses: actions/setup-go@v5
-        with:
-          go-version: "1.24"
-      - name: generate-authz
-        run: |
-          go run cmd/enterprise/*.go generate authz
-          git diff --compact-summary --exit-code || (echo; echo "Unexpected difference in authz permissions. Run go run cmd/enterprise/*.go generate authz locally and commit."; exit 1)

.github/workflows/jsci.yaml

@@ -63,6 +63,46 @@ jobs:
         uses: actions/checkout@v4
       - name: run
         run: bash frontend/scripts/validate-md-languages.sh
+  authz:
+    if: |
+      github.event_name == 'merge_group' ||
+      (github.event_name == 'pull_request' && ! github.event.pull_request.head.repo.fork && github.event.pull_request.user.login != 'dependabot[bot]' && ! contains(github.event.pull_request.labels.*.name, 'safe-to-test')) ||
+      (github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'safe-to-test'))
+    runs-on: ubuntu-latest
+    steps:
+      - name: self-checkout
+        uses: actions/checkout@v5
+      - name: node-install
+        uses: actions/setup-node@v5
+        with:
+          node-version: "22"
+      - name: deps-install
+        working-directory: ./frontend
+        run: |
+          yarn install
+      - name: uv-install
+        uses: astral-sh/setup-uv@v5
+      - name: uv-deps
+        working-directory: ./tests/integration
+        run: |
+          uv sync
+      - name: setup-test
+        run: |
+          make py-test-setup
+      - name: generate
+        working-directory: ./frontend
+        run: |
+          yarn generate:permissions-type
+      - name: teardown-test
+        if: always()
+        run: |
+          make py-test-teardown
+      - name: validate
+        run: |
+          if ! git diff --exit-code frontend/src/hooks/useAuthZ/permissions.type.ts; then
+            echo "::error::frontend/src/hooks/useAuthZ/permissions.type.ts is out of date. Please run the generator locally and commit the changes: npm run generate:permissions-type (from the frontend directory)"
+            exit 1
+          fi
   openapi:
     if: |
       github.event_name == 'merge_group' ||

cmd/authz.go

@@ -1,117 +0,0 @@
-package cmd
-
-import (
-	"bytes"
-	"context"
-	"os"
-	"sort"
-	"text/template"
-
-	"github.com/SigNoz/signoz/pkg/types/coretypes"
-	"github.com/spf13/cobra"
-)
-
-const permissionsTypePath = "frontend/src/hooks/useAuthZ/permissions.type.ts"
-
-var permissionsTypeTemplate = template.Must(template.New("permissions").Parse(
-	`// AUTO GENERATED FILE - DO NOT EDIT - GENERATED BY cmd/enterprise/*.go generate authz
-export default {
-	status: 'success',
-	data: {
-		resources: [
-{{- range .Resources }}
-			{
-				kind: '{{ .Kind }}',
-				type: '{{ .Type }}',
-			},
-{{- end }}
-		],
-		relations: {
-{{- range .Relations }}
-			{{ .Verb }}: [{{ range $i, $t := .Types }}{{ if $i }}, {{ end }}'{{ $t }}'{{ end }}],
-{{- end }}
-		},
-	},
-} as const;
-`))
-
-type permissionsTypeRelation struct {
-	Verb  string
-	Types []string
-}
-
-type permissionsTypeResource struct {
-	Kind string
-	Type string
-}
-
-type permissionsTypeData struct {
-	Resources []permissionsTypeResource
-	Relations []permissionsTypeRelation
-}
-
-func registerGenerateAuthz(parentCmd *cobra.Command) {
-	authzCmd := &cobra.Command{
-		Use:   "authz",
-		Short: "Generate authz permissions for the frontend",
-		RunE: func(currCmd *cobra.Command, args []string) error {
-			return runGenerateAuthz(currCmd.Context())
-		},
-	}
-
-	parentCmd.AddCommand(authzCmd)
-}
-
-func runGenerateAuthz(_ context.Context) error {
-	registry := coretypes.NewRegistry()
-
-	allowedResources := map[string]bool{
-		coretypes.NewResourceRef(coretypes.ResourceServiceAccount).String():    true,
-		coretypes.NewResourceRef(coretypes.ResourceRole).String():              true,
-		coretypes.NewResourceRef(coretypes.ResourceMetaResourcesRole).String(): true,
-	}
-
-	allowedTypes := map[string]bool{}
-
-	refs := registry.ResourceRefs()
-	resources := make([]permissionsTypeResource, 0, len(refs))
-	for _, ref := range refs {
-		if !allowedResources[ref.String()] {
-			continue
-		}
-		allowedTypes[ref.Type.StringValue()] = true
-		resources = append(resources, permissionsTypeResource{
-			Kind: ref.Kind.String(),
-			Type: ref.Type.StringValue(),
-		})
-	}
-
-	typesByVerb := registry.TypesByVerb()
-	verbs := make([]coretypes.Verb, 0, len(typesByVerb))
-	for verb := range typesByVerb {
-		verbs = append(verbs, verb)
-	}
-	sort.Slice(verbs, func(i, j int) bool { return verbs[i].StringValue() < verbs[j].StringValue() })
-
-	relations := make([]permissionsTypeRelation, 0, len(verbs))
-	for _, verb := range verbs {
-		types := make([]string, 0, len(typesByVerb[verb]))
-		for _, t := range typesByVerb[verb] {
-			if !allowedTypes[t.StringValue()] {
-				continue
-			}
-			types = append(types, t.StringValue())
-		}
-		relations = append(relations, permissionsTypeRelation{
-			Verb:  verb.StringValue(),
-			Types: types,
-		})
-	}
-
-	var buf bytes.Buffer
-	if err := permissionsTypeTemplate.Execute(&buf, permissionsTypeData{Resources: resources, Relations: relations}); err != nil {
-		return err
-	}
-
-	return os.WriteFile(permissionsTypePath, buf.Bytes(), 0o600)
-}

cmd/community/server.go

@@ -27,6 +27,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/cloudintegration/implcloudintegration"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
+	"github.com/SigNoz/signoz/pkg/modules/tag"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/modules/rulestatehistory"
 	"github.com/SigNoz/signoz/pkg/modules/serviceaccount"
@@ -92,16 +93,16 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 		func(ctx context.Context, providerSettings factory.ProviderSettings, store authtypes.AuthNStore, licensing licensing.Licensing) (map[authtypes.AuthNProvider]authn.AuthN, error) {
 			return signoz.NewAuthNs(ctx, providerSettings, store, licensing)
 		},
-		func(ctx context.Context, sqlstore sqlstore.SQLStore, config authz.Config, _ licensing.Licensing, _ []authz.OnBeforeRoleDelete) (factory.ProviderFactory[authz.AuthZ, authz.Config], error) {
-			openfgaDataStore, err := openfgaserver.NewSQLStore(sqlstore, config)
+		func(ctx context.Context, sqlstore sqlstore.SQLStore, _ licensing.Licensing, _ []authz.OnBeforeRoleDelete, _ dashboard.Module) (factory.ProviderFactory[authz.AuthZ, authz.Config], error) {
+			openfgaDataStore, err := openfgaserver.NewSQLStore(sqlstore)
 			if err != nil {
 				return nil, err
 			}
 
-			return openfgaauthz.NewProviderFactory(sqlstore, openfgaschema.NewSchema().Get(ctx), openfgaDataStore, authtypes.NewRegistry()), nil
+			return openfgaauthz.NewProviderFactory(sqlstore, openfgaschema.NewSchema().Get(ctx), openfgaDataStore), nil
 		},
-		func(store sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, _ querier.Querier, _ licensing.Licensing) dashboard.Module {
-			return impldashboard.NewModule(impldashboard.NewStore(store), settings, analytics, orgGetter, queryParser)
+		func(store sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, _ querier.Querier, _ licensing.Licensing, tagModule tag.Module) dashboard.Module {
+			return impldashboard.NewModule(impldashboard.NewStore(store), store, settings, analytics, orgGetter, queryParser, tagModule)
 		},
 		func(_ licensing.Licensing) factory.ProviderFactory[gateway.Gateway, gateway.Config] {
 			return noopgateway.NewProviderFactory()

cmd/enterprise/server.go

@@ -42,6 +42,7 @@ import (
 	pkgcloudintegration "github.com/SigNoz/signoz/pkg/modules/cloudintegration/implcloudintegration"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	pkgimpldashboard "github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
+	"github.com/SigNoz/signoz/pkg/modules/tag"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/modules/rulestatehistory"
 	"github.com/SigNoz/signoz/pkg/modules/serviceaccount"
@@ -137,15 +138,15 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 
 			return authNs, nil
 		},
-		func(ctx context.Context, sqlstore sqlstore.SQLStore, config authz.Config, licensing licensing.Licensing, onBeforeRoleDelete []authz.OnBeforeRoleDelete) (factory.ProviderFactory[authz.AuthZ, authz.Config], error) {
-			openfgaDataStore, err := openfgaserver.NewSQLStore(sqlstore, config)
+		func(ctx context.Context, sqlstore sqlstore.SQLStore, licensing licensing.Licensing, onBeforeRoleDelete []authz.OnBeforeRoleDelete, dashboardModule dashboard.Module) (factory.ProviderFactory[authz.AuthZ, authz.Config], error) {
+			openfgaDataStore, err := openfgaserver.NewSQLStore(sqlstore)
 			if err != nil {
 				return nil, err
 			}
-			return openfgaauthz.NewProviderFactory(sqlstore, openfgaschema.NewSchema().Get(ctx), openfgaDataStore, licensing, onBeforeRoleDelete, authtypes.NewRegistry()), nil
+			return openfgaauthz.NewProviderFactory(sqlstore, openfgaschema.NewSchema().Get(ctx), openfgaDataStore, licensing, onBeforeRoleDelete, dashboardModule), nil
 		},
-		func(store sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, querier querier.Querier, licensing licensing.Licensing) dashboard.Module {
-			return impldashboard.NewModule(pkgimpldashboard.NewStore(store), settings, analytics, orgGetter, queryParser, querier, licensing)
+		func(store sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, querier querier.Querier, licensing licensing.Licensing, tagModule tag.Module) dashboard.Module {
+			return impldashboard.NewModule(pkgimpldashboard.NewStore(store), store, settings, analytics, orgGetter, queryParser, querier, licensing, tagModule)
 		},
 		func(licensing licensing.Licensing) factory.ProviderFactory[gateway.Gateway, gateway.Config] {
 			return httpgateway.NewProviderFactory(licensing)

cmd/generate.go

@@ -16,7 +16,6 @@ func RegisterGenerate(parentCmd *cobra.Command, logger *slog.Logger) {
 	}
 
 	registerGenerateOpenAPI(generateCmd)
-	registerGenerateAuthz(generateCmd)
 
 	parentCmd.AddCommand(generateCmd)
 }

conf/example.yaml

@@ -428,4 +428,4 @@ authz:
   provider: openfga
   openfga:
     # maximum tuples allowed per openfga write operation.
-    max_tuples_per_write: 300
+    max_tuples_per_write: 100

docs/contributing/go/authz.md

@@ -1,171 +0,0 @@
-# Authorization (FGA)
-
-SigNoz uses OpenFGA for fine-grained authorization. Resources are modeled as FGA objects — the authz system checks whether a principal (user or service account) has a specific relation (read, update, delete, etc.) on a specific resource.
-
-This guide explains how to enable FGA for a new entity.
-
-## Overview
-
-Enabling FGA for an entity involves four steps:
-
-1. **Define the resource in `coretypes`** — Register the Kind, Resource, Type entries, and managed role transactions
-2. **Switch routes to the Check middleware** — Replace role-based middleware with resource-level FGA checks
-3. **Add a migration** — Backfill FGA tuples for existing organizations
-
-## Step 1: Define the resource in `coretypes`
-
-All FGA-managed entities are declared statically in the `pkg/types/coretypes/` package. You need to add entries in several registry files:
-
-### 1a. Add a Kind
-
-In `registry_kind.go`, add your kind to the `Kinds` slice and declare the variable:
-
-```go
-var Kinds = []Kind{
-    // ... existing kinds ...
-    KindMyEntity,
-}
-
-var (
-    // ... existing kinds ...
-    KindMyEntity = MustNewKind("my-entity")
-)
-```
-
-### 1b. Add Resources
-
-In `registry_resource.go`, add two resources — a `metaresource` (instance) and `metaresources` (collection):
-
-```go
-var Resources = []Resource{
-    // ... existing resources ...
-    ResourceMetaResourceMyEntity,
-    ResourceMetaResourcesMyEntity,
-}
-
-var (
-    // ... existing resources ...
-    ResourceMetaResourceMyEntity  = NewResourceMetaResource(KindMyEntity)
-    ResourceMetaResourcesMyEntity = NewResourceMetaResources(KindMyEntity)
-)
-```
-
-### 1c. Add managed role transactions
-
-In `registry_managed_role.go`, add the transactions for each managed role. Use the service account entries as a reference:
-
-```go
-var ManagedRoleToTransactions = map[string][]Transaction{
-    SigNozAdminRoleName: {
-        // ... existing admin transactions ...
-        // my-entity — admin full CRUD
-        {Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindMyEntity}, WildCardSelectorString)},
-        {Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindMyEntity}, WildCardSelectorString)},
-        {Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindMyEntity}, WildCardSelectorString)},
-        {Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindMyEntity}, WildCardSelectorString)},
-        {Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindMyEntity}, WildCardSelectorString)},
-    },
-    SigNozEditorRoleName: {
-        // ... existing editor transactions ...
-        // my-entity — editor read only
-        {Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindMyEntity}, WildCardSelectorString)},
-        {Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindMyEntity}, WildCardSelectorString)},
-    },
-    SigNozViewerRoleName: {
-        // ... existing viewer transactions ...
-        // my-entity — viewer read only
-        {Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindMyEntity}, WildCardSelectorString)},
-        {Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindMyEntity}, WildCardSelectorString)},
-    },
-}
-```
-
-The `authtypes.Registry` (which wraps `coretypes.Registry`) will automatically bridge these static definitions into operational `*authtypes.Transaction` instances at construction time.
-
-## Step 2: Switch routes to the Check middleware
-
-In your route file (e.g., `pkg/apiserver/signozapiserver/myentity.go`), replace `AdminAccess` / `EditAccess` / `ViewAccess` with the `Check` middleware:
-
-```go
-provider.authZ.Check(
-    handler,                                         // the HTTP handler func
-    authtypes.Relation{Verb: coretypes.VerbRead},    // the relation to check
-    coretypes.ResourceMetaResourceMyEntity,           // the coretypes.Resource
-    selectorCallback,                                 // extracts resource ID from the request
-    roles,                                            // role names for community edition fallback
-)
-```
-
-### Selector callbacks
-
-You need two callbacks — one for collection operations, one for instance operations:
-
-```go
-// For create/list — wildcard selector on the collection.
-func myEntityCollectionSelector(_ *http.Request, _ authtypes.Claims) ([]coretypes.Selector, error) {
-    return []coretypes.Selector{
-        coretypes.TypeMetaResources.MustSelector(coretypes.WildCardSelectorString),
-    }, nil
-}
-
-// For read/update/delete — specific instance ID + wildcard.
-func myEntityInstanceSelector(req *http.Request, _ authtypes.Claims) ([]coretypes.Selector, error) {
-    id := mux.Vars(req)["id"]
-    idSelector, err := coretypes.TypeMetaResource.Selector(id)
-    if err != nil {
-        return nil, err
-    }
-    return []coretypes.Selector{
-        idSelector,
-        coretypes.TypeMetaResource.MustSelector(coretypes.WildCardSelectorString),
-    }, nil
-}
-```
-
-The instance callback includes a wildcard selector so that roles with wildcard permission (`*`) also match. Use `Type.Selector()` (not `MustSelector`) for user-supplied path parameters to avoid panics on malformed input.
-
-### Role fallback
-
-The `roles` parameter is used by the **community edition**, where `CheckWithTupleCreation` only checks role membership (ignoring resource selectors). Pass the role names that should have access:
-
-```go
-var myEntityAdminRoles = []string{authtypes.SigNozAdminRoleName}
-var myEntityReadRoles  = []string{authtypes.SigNozAdminRoleName, authtypes.SigNozEditorRoleName, authtypes.SigNozViewerRoleName}
-```
-
-### OpenAPI security schemes
-
-Use `newScopedSecuritySchemes` with the exact FGA scope, generated via `Resource.Scope(verb)`:
-
-```go
-SecuritySchemes: newScopedSecuritySchemes([]string{
-    coretypes.ResourceMetaResourceMyEntity.Scope(coretypes.VerbRead),
-}),
-// produces: ["my-entity:read"]
-```
-
-## Step 3: Add a migration for existing organizations
-
-New organizations get FGA tuples automatically during bootstrap (via `CreateManagedUserRoleTransactions`). Existing organizations need a SQL migration to backfill the tuples.
-
-Create a migration file in `pkg/sqlmigration/` (use the next available number). Follow the pattern in `078_add_sa_managed_role_txn.go`:
-
-1. Select the OpenFGA store ID
-2. Iterate all organizations
-3. For each org x tuple, insert into the `tuple` and `changelog` tables
-4. Use `ON CONFLICT DO NOTHING` for idempotency
-5. Handle both PostgreSQL and SQLite dialects
-
-Register the migration in `pkg/signoz/provider.go`.
-
-## Checklist
-
-- [ ] Kind added to `coretypes/registry_kind.go`
-- [ ] Resources added to `coretypes/registry_resource.go` (both metaresource and metaresources)
-- [ ] Managed role transactions added to `coretypes/registry_managed_role.go`
-- [ ] Routes switched from `AdminAccess`/`EditAccess`/`ViewAccess` to `Check` middleware
-- [ ] Selector callbacks use `Type.Selector()` (not `MustSelector`) for user-supplied IDs
-- [ ] OpenAPI `SecuritySchemes` use `newScopedSecuritySchemes` with exact scope strings
-- [ ] Migration backfills FGA tuples for existing organizations
-- [ ] `make go-build-community` and `make go-build-enterprise` compile
-- [ ] `make go-test` passes

docs/contributing/go/readme.md

@@ -11,7 +11,6 @@ We adhere to three primary style guides as our foundation:
 We **recommend** (almost enforce) reviewing these guides before contributing to the codebase. They provide valuable insights into writing idiomatic Go code and will help you understand our approach to backend development. In addition, we have a few additional rules that make certain areas stricter than the above which can be found in area-specific files in this package:
 
 - [Abstractions](abstractions.md) - When to introduce new types and intermediate representations
-- [Authorization](authz.md) - Enabling FGA for new entities
 - [Errors](errors.md) - Structured error handling
 - [Endpoint](endpoint.md) - HTTP endpoint patterns
 - [Flagger](flagger.md) - Feature flag patterns

ee/authz/openfgaauthz/provider.go

@@ -2,6 +2,7 @@ package openfgaauthz
 
 import (
 	"context"
+	"slices"
 
 	"github.com/SigNoz/signoz/ee/authz/openfgaserver"
 	"github.com/SigNoz/signoz/pkg/authz"
@@ -12,7 +13,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/licensing"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/coretypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	openfgav1 "github.com/openfga/api/proto/openfga/v1"
 	openfgapkgtransformer "github.com/openfga/language/pkg/go/transformer"
@@ -25,19 +25,19 @@ type provider struct {
 	openfgaServer      *openfgaserver.Server
 	licensing          licensing.Licensing
 	store              authtypes.RoleStore
-	registry           *authtypes.Registry
+	registry           []authz.RegisterTypeable
 	settings           factory.ScopedProviderSettings
 	onBeforeRoleDelete []authz.OnBeforeRoleDelete
 }
 
-func NewProviderFactory(sqlstore sqlstore.SQLStore, openfgaSchema []openfgapkgtransformer.ModuleFile, openfgaDataStore storage.OpenFGADatastore, licensing licensing.Licensing, onBeforeRoleDelete []authz.OnBeforeRoleDelete, registry *authtypes.Registry) factory.ProviderFactory[authz.AuthZ, authz.Config] {
+func NewProviderFactory(sqlstore sqlstore.SQLStore, openfgaSchema []openfgapkgtransformer.ModuleFile, openfgaDataStore storage.OpenFGADatastore, licensing licensing.Licensing, onBeforeRoleDelete []authz.OnBeforeRoleDelete, registry ...authz.RegisterTypeable) factory.ProviderFactory[authz.AuthZ, authz.Config] {
 	return factory.NewProviderFactory(factory.MustNewName("openfga"), func(ctx context.Context, ps factory.ProviderSettings, config authz.Config) (authz.AuthZ, error) {
 		return newOpenfgaProvider(ctx, ps, config, sqlstore, openfgaSchema, openfgaDataStore, licensing, onBeforeRoleDelete, registry)
 	})
 }
 
-func newOpenfgaProvider(ctx context.Context, settings factory.ProviderSettings, config authz.Config, sqlstore sqlstore.SQLStore, openfgaSchema []openfgapkgtransformer.ModuleFile, openfgaDataStore storage.OpenFGADatastore, licensing licensing.Licensing, onBeforeRoleDelete []authz.OnBeforeRoleDelete, registry *authtypes.Registry) (authz.AuthZ, error) {
-	pkgOpenfgaAuthzProvider := pkgopenfgaauthz.NewProviderFactory(sqlstore, openfgaSchema, openfgaDataStore, registry)
+func newOpenfgaProvider(ctx context.Context, settings factory.ProviderSettings, config authz.Config, sqlstore sqlstore.SQLStore, openfgaSchema []openfgapkgtransformer.ModuleFile, openfgaDataStore storage.OpenFGADatastore, licensing licensing.Licensing, onBeforeRoleDelete []authz.OnBeforeRoleDelete, registry []authz.RegisterTypeable) (authz.AuthZ, error) {
+	pkgOpenfgaAuthzProvider := pkgopenfgaauthz.NewProviderFactory(sqlstore, openfgaSchema, openfgaDataStore)
 	pkgAuthzService, err := pkgOpenfgaAuthzProvider.New(ctx, settings, config)
 	if err != nil {
 		return nil, err
@@ -74,11 +74,11 @@ func (provider *provider) Stop(ctx context.Context) error {
 	return provider.openfgaServer.Stop(ctx)
 }
 
-func (provider *provider) CheckWithTupleCreation(ctx context.Context, claims authtypes.Claims, orgID valuer.UUID, relation authtypes.Relation, typeable coretypes.Resource, selectors []coretypes.Selector, roleSelectors []coretypes.Selector) error {
+func (provider *provider) CheckWithTupleCreation(ctx context.Context, claims authtypes.Claims, orgID valuer.UUID, relation authtypes.Relation, typeable authtypes.Typeable, selectors []authtypes.Selector, roleSelectors []authtypes.Selector) error {
 	return provider.openfgaServer.CheckWithTupleCreation(ctx, claims, orgID, relation, typeable, selectors, roleSelectors)
 }
 
-func (provider *provider) CheckWithTupleCreationWithoutClaims(ctx context.Context, orgID valuer.UUID, relation authtypes.Relation, typeable coretypes.Resource, selectors []coretypes.Selector, roleSelectors []coretypes.Selector) error {
+func (provider *provider) CheckWithTupleCreationWithoutClaims(ctx context.Context, orgID valuer.UUID, relation authtypes.Relation, typeable authtypes.Typeable, selectors []authtypes.Selector, roleSelectors []authtypes.Selector) error {
 	return provider.openfgaServer.CheckWithTupleCreationWithoutClaims(ctx, orgID, relation, typeable, selectors, roleSelectors)
 }
 
@@ -108,7 +108,7 @@ func (provider *provider) CheckTransactions(ctx context.Context, subject string,
 	return results, nil
 }
 
-func (provider *provider) ListObjects(ctx context.Context, subject string, relation authtypes.Relation, objectType coretypes.Type) ([]*coretypes.Object, error) {
+func (provider *provider) ListObjects(ctx context.Context, subject string, relation authtypes.Relation, objectType authtypes.Type) ([]*authtypes.Object, error) {
 	return provider.openfgaServer.ListObjects(ctx, subject, relation, objectType)
 }
 
@@ -159,10 +159,16 @@ func (provider *provider) CreateManagedRoles(ctx context.Context, orgID valuer.U
 func (provider *provider) CreateManagedUserRoleTransactions(ctx context.Context, orgID valuer.UUID, userID valuer.UUID) error {
 	tuples := make([]*openfgav1.TupleKey, 0)
 
-	grantTuples := provider.getManagedRoleGrantTuples(orgID, userID)
+	grantTuples, err := provider.getManagedRoleGrantTuples(orgID, userID)
+	if err != nil {
+		return err
+	}
 	tuples = append(tuples, grantTuples...)
 
-	managedRoleTuples := provider.getManagedRoleTransactionTuples(orgID)
+	managedRoleTuples, err := provider.getManagedRoleTransactionTuples(orgID)
+	if err != nil {
+		return err
+	}
 	tuples = append(tuples, managedRoleTuples...)
 
 	return provider.Write(ctx, tuples, nil)
@@ -202,7 +208,21 @@ func (provider *provider) GetOrCreate(ctx context.Context, orgID valuer.UUID, ro
 	return role, nil
 }
 
-func (provider *provider) GetObjects(ctx context.Context, orgID valuer.UUID, id valuer.UUID, relation authtypes.Relation) ([]*coretypes.Object, error) {
+func (provider *provider) GetResources(_ context.Context) []*authtypes.Resource {
+	resources := make([]*authtypes.Resource, 0)
+	for _, register := range provider.registry {
+		for _, typeable := range register.MustGetTypeables() {
+			resources = append(resources, &authtypes.Resource{Name: typeable.Name(), Type: typeable.Type()})
+		}
+	}
+	for _, typeable := range provider.MustGetTypeables() {
+		resources = append(resources, &authtypes.Resource{Name: typeable.Name(), Type: typeable.Type()})
+	}
+
+	return resources
+}
+
+func (provider *provider) GetObjects(ctx context.Context, orgID valuer.UUID, id valuer.UUID, relation authtypes.Relation) ([]*authtypes.Object, error) {
 	_, err := provider.licensing.GetActive(ctx, orgID)
 	if err != nil {
 		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
@@ -213,16 +233,16 @@ func (provider *provider) GetObjects(ctx context.Context, orgID valuer.UUID, id
 		return nil, err
 	}
 
-	objects := make([]*coretypes.Object, 0)
-	for _, objectType := range provider.registry.Types() {
-		if coretypes.ErrIfVerbNotValidForType(relation.Verb, objectType) != nil {
+	objects := make([]*authtypes.Object, 0)
+	for _, objectType := range provider.getUniqueTypes() {
+		if !slices.Contains(authtypes.TypeableRelations[objectType], relation) {
 			continue
 		}
 
 		resourceObjects, err := provider.
 			ListObjects(
 				ctx,
-				authtypes.MustNewSubject(coretypes.NewResourceRole(), storableRole.Name, orgID, &coretypes.VerbAssignee),
+				authtypes.MustNewSubject(authtypes.TypeableRole, storableRole.Name, orgID, &authtypes.RelationAssignee),
 				relation,
 				objectType,
 			)
@@ -245,7 +265,7 @@ func (provider *provider) Patch(ctx context.Context, orgID valuer.UUID, role *au
 	return provider.store.Update(ctx, orgID, role)
 }
 
-func (provider *provider) PatchObjects(ctx context.Context, orgID valuer.UUID, name string, relation authtypes.Relation, additions, deletions []*coretypes.Object) error {
+func (provider *provider) PatchObjects(ctx context.Context, orgID valuer.UUID, name string, relation authtypes.Relation, additions, deletions []*authtypes.Object) error {
 	_, err := provider.licensing.GetActive(ctx, orgID)
 	if err != nil {
 		return errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
@@ -298,63 +318,84 @@ func (provider *provider) Delete(ctx context.Context, orgID valuer.UUID, id valu
 	return provider.store.Delete(ctx, orgID, id)
 }
 
-func (provider *provider) getManagedRoleGrantTuples(orgID valuer.UUID, userID valuer.UUID) []*openfgav1.TupleKey {
+func (provider *provider) MustGetTypeables() []authtypes.Typeable {
+	return []authtypes.Typeable{authtypes.TypeableRole, authtypes.TypeableResourcesRoles}
+}
+
+func (provider *provider) getManagedRoleGrantTuples(orgID valuer.UUID, userID valuer.UUID) ([]*openfgav1.TupleKey, error) {
 	tuples := []*openfgav1.TupleKey{}
 
 	// Grant the admin role to the user
-	adminSubject := authtypes.MustNewSubject(coretypes.NewResourceUser(), userID.String(), orgID, nil)
-	adminTuple := authtypes.NewTuples(
-		coretypes.NewResourceRole(),
+	adminSubject := authtypes.MustNewSubject(authtypes.TypeableUser, userID.String(), orgID, nil)
+	adminTuple, err := authtypes.TypeableRole.Tuples(
 		adminSubject,
-		authtypes.Relation{Verb: coretypes.VerbAssignee},
-		[]coretypes.Selector{coretypes.TypeRole.MustSelector(authtypes.SigNozAdminRoleName)},
+		authtypes.RelationAssignee,
+		[]authtypes.Selector{
+			authtypes.MustNewSelector(authtypes.TypeRole, authtypes.SigNozAdminRoleName),
+		},
 		orgID,
 	)
+	if err != nil {
+		return nil, err
+	}
 	tuples = append(tuples, adminTuple...)
 
 	// Grant the admin role to the anonymous user
-	anonymousSubject := authtypes.MustNewSubject(coretypes.NewResourceAnonymous(), coretypes.AnonymousUser.String(), orgID, nil)
-	anonymousTuple := authtypes.NewTuples(
-		coretypes.NewResourceRole(),
+	anonymousSubject := authtypes.MustNewSubject(authtypes.TypeableAnonymous, authtypes.AnonymousUser.String(), orgID, nil)
+	anonymousTuple, err := authtypes.TypeableRole.Tuples(
 		anonymousSubject,
-		authtypes.Relation{Verb: coretypes.VerbAssignee},
-		[]coretypes.Selector{coretypes.TypeRole.MustSelector(authtypes.SigNozAnonymousRoleName)},
+		authtypes.RelationAssignee,
+		[]authtypes.Selector{
+			authtypes.MustNewSelector(authtypes.TypeRole, authtypes.SigNozAnonymousRoleName),
+		},
 		orgID,
 	)
+	if err != nil {
+		return nil, err
+	}
 	tuples = append(tuples, anonymousTuple...)
 
-	return tuples
+	return tuples, nil
 }
 
-func (provider *provider) getManagedRoleTransactionTuples(orgID valuer.UUID) []*openfgav1.TupleKey {
+func (provider *provider) getManagedRoleTransactionTuples(orgID valuer.UUID) ([]*openfgav1.TupleKey, error) {
+	transactionsByRole := make(map[string][]*authtypes.Transaction)
+	for _, register := range provider.registry {
+		for roleName, txns := range register.MustGetManagedRoleTransactions() {
+			transactionsByRole[roleName] = append(transactionsByRole[roleName], txns...)
+		}
+	}
+
 	tuples := make([]*openfgav1.TupleKey, 0)
-	for roleName, transactions := range provider.registry.ManagedRoleTransactions() {
+	for roleName, transactions := range transactionsByRole {
 		for _, txn := range transactions {
-			resource := coretypes.MustNewResourceFromTypeAndKind(txn.Object.Resource.Type, txn.Object.Resource.Kind)
-			txnTuples := authtypes.NewTuples(
-				resource,
+			typeable := authtypes.MustNewTypeableFromType(txn.Object.Resource.Type, txn.Object.Resource.Name)
+			txnTuples, err := typeable.Tuples(
 				authtypes.MustNewSubject(
-					coretypes.NewResourceRole(),
+					authtypes.TypeableRole,
 					roleName,
 					orgID,
-					&coretypes.VerbAssignee,
+					&authtypes.RelationAssignee,
 				),
 				txn.Relation,
-				[]coretypes.Selector{txn.Object.Selector},
+				[]authtypes.Selector{txn.Object.Selector},
 				orgID,
 			)
+			if err != nil {
+				return nil, err
+			}
 			tuples = append(tuples, txnTuples...)
 		}
 	}
 
-	return tuples
+	return tuples, nil
 }
 
 func (provider *provider) deleteTuples(ctx context.Context, roleName string, orgID valuer.UUID) error {
-	subject := authtypes.MustNewSubject(coretypes.NewResourceRole(), roleName, orgID, &coretypes.VerbAssignee)
+	subject := authtypes.MustNewSubject(authtypes.TypeableRole, roleName, orgID, &authtypes.RelationAssignee)
 
 	tuples := make([]*openfgav1.TupleKey, 0)
-	for _, objectType := range provider.registry.Types() {
+	for _, objectType := range provider.getUniqueTypes() {
 		typeTuples, err := provider.ReadTuples(ctx, &openfgav1.ReadRequestTupleKey{
 			User:   subject,
 			Object: objectType.StringValue() + ":",
@@ -383,3 +424,28 @@ func (provider *provider) deleteTuples(ctx context.Context, roleName string, org
 
 	return nil
 }
+
+func (provider *provider) getUniqueTypes() []authtypes.Type {
+	seen := make(map[string]struct{})
+	uniqueTypes := make([]authtypes.Type, 0)
+	for _, register := range provider.registry {
+		for _, typeable := range register.MustGetTypeables() {
+			typeKey := typeable.Type().StringValue()
+			if _, ok := seen[typeKey]; ok {
+				continue
+			}
+			seen[typeKey] = struct{}{}
+			uniqueTypes = append(uniqueTypes, typeable.Type())
+		}
+	}
+	for _, typeable := range provider.MustGetTypeables() {
+		typeKey := typeable.Type().StringValue()
+		if _, ok := seen[typeKey]; ok {
+			continue
+		}
+		seen[typeKey] = struct{}{}
+		uniqueTypes = append(uniqueTypes, typeable.Type())
+	}
+
+	return uniqueTypes
+}

ee/authz/openfgaschema/base.fga

@@ -1,6 +1,6 @@
 module base
 
-type organization 
+type organisation 
   relations
     define read: [user, serviceaccount, role#assignee]
     define update: [user, serviceaccount, role#assignee]
@@ -10,14 +10,12 @@ type user
     define read: [user, serviceaccount, role#assignee]
     define update: [user, serviceaccount, role#assignee]
     define delete: [user, serviceaccount, role#assignee]
-    define attach: [user, serviceaccount, role#assignee]
 
-type serviceaccount
+type serviceaccount 
   relations
     define read: [user, serviceaccount, role#assignee]
     define update: [user, serviceaccount, role#assignee]
-    define delete: [user, serviceaccount, role#assignee]
-    define attach: [user, serviceaccount, role#assignee]
+    define delete: [user, serviceaccount, role#assignee]  
 
 type anonymous
 
@@ -28,7 +26,6 @@ type role
     define read: [user, serviceaccount, role#assignee]
     define update: [user, serviceaccount, role#assignee]
     define delete: [user, serviceaccount, role#assignee]
-    define attach: [user, serviceaccount, role#assignee]
 
 type metaresources
   relations

ee/authz/openfgaserver/server.go

@@ -7,7 +7,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/authz"
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/coretypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	openfgav1 "github.com/openfga/api/proto/openfga/v1"
 )
@@ -34,18 +33,18 @@ func (server *Server) Stop(ctx context.Context) error {
 	return server.pkgAuthzService.Stop(ctx)
 }
 
-func (server *Server) CheckWithTupleCreation(ctx context.Context, claims authtypes.Claims, orgID valuer.UUID, relation authtypes.Relation, typeable coretypes.Resource, selectors []coretypes.Selector, _ []coretypes.Selector) error {
+func (server *Server) CheckWithTupleCreation(ctx context.Context, claims authtypes.Claims, orgID valuer.UUID, relation authtypes.Relation, typeable authtypes.Typeable, selectors []authtypes.Selector, _ []authtypes.Selector) error {
 	subject := ""
 	switch claims.Principal {
 	case authtypes.PrincipalUser:
-		user, err := authtypes.NewSubject(coretypes.NewResourceUser(), claims.UserID, orgID, nil)
+		user, err := authtypes.NewSubject(authtypes.TypeableUser, claims.UserID, orgID, nil)
 		if err != nil {
 			return err
 		}
 
 		subject = user
 	case authtypes.PrincipalServiceAccount:
-		serviceAccount, err := authtypes.NewSubject(coretypes.NewResourceServiceAccount(), claims.ServiceAccountID, orgID, nil)
+		serviceAccount, err := authtypes.NewSubject(authtypes.TypeableServiceAccount, claims.ServiceAccountID, orgID, nil)
 		if err != nil {
 			return err
 		}
@@ -53,7 +52,10 @@ func (server *Server) CheckWithTupleCreation(ctx context.Context, claims authtyp
 		subject = serviceAccount
 	}
 
-	tupleSlice := authtypes.NewTuples(typeable, subject, relation, selectors, orgID)
+	tupleSlice, err := typeable.Tuples(subject, relation, selectors, orgID)
+	if err != nil {
+		return err
+	}
 
 	tuples := make(map[string]*openfgav1.TupleKey, len(tupleSlice))
 	for idx, tuple := range tupleSlice {
@@ -74,13 +76,16 @@ func (server *Server) CheckWithTupleCreation(ctx context.Context, claims authtyp
 	return errors.Newf(errors.TypeForbidden, authtypes.ErrCodeAuthZForbidden, "subjects are not authorized for requested access")
 }
 
-func (server *Server) CheckWithTupleCreationWithoutClaims(ctx context.Context, orgID valuer.UUID, relation authtypes.Relation, typeable coretypes.Resource, selectors []coretypes.Selector, _ []coretypes.Selector) error {
-	subject, err := authtypes.NewSubject(coretypes.NewResourceAnonymous(), coretypes.AnonymousUser.String(), orgID, nil)
+func (server *Server) CheckWithTupleCreationWithoutClaims(ctx context.Context, orgID valuer.UUID, relation authtypes.Relation, typeable authtypes.Typeable, selectors []authtypes.Selector, _ []authtypes.Selector) error {
+	subject, err := authtypes.NewSubject(authtypes.TypeableAnonymous, authtypes.AnonymousUser.String(), orgID, nil)
 	if err != nil {
 		return err
 	}
 
-	tupleSlice := authtypes.NewTuples(typeable, subject, relation, selectors, orgID)
+	tupleSlice, err := typeable.Tuples(subject, relation, selectors, orgID)
+	if err != nil {
+		return err
+	}
 
 	tuples := make(map[string]*openfgav1.TupleKey, len(tupleSlice))
 	for idx, tuple := range tupleSlice {
@@ -105,7 +110,7 @@ func (server *Server) BatchCheck(ctx context.Context, tupleReq map[string]*openf
 	return server.pkgAuthzService.BatchCheck(ctx, tupleReq)
 }
 
-func (server *Server) ListObjects(ctx context.Context, subject string, relation authtypes.Relation, objectType coretypes.Type) ([]*coretypes.Object, error) {
+func (server *Server) ListObjects(ctx context.Context, subject string, relation authtypes.Relation, objectType authtypes.Type) ([]*authtypes.Object, error) {
 	return server.pkgAuthzService.ListObjects(ctx, subject, relation, objectType)
 }
 

ee/authz/openfgaserver/sqlstore.go

@@ -2,7 +2,6 @@ package openfgaserver
 
 import (
 	"github.com/SigNoz/signoz/ee/sqlstore/postgressqlstore"
-	"github.com/SigNoz/signoz/pkg/authz"
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
 	"github.com/openfga/openfga/pkg/storage"
@@ -11,11 +10,11 @@ import (
 	"github.com/openfga/openfga/pkg/storage/sqlite"
 )
 
-func NewSQLStore(store sqlstore.SQLStore, config authz.Config) (storage.OpenFGADatastore, error) {
+func NewSQLStore(store sqlstore.SQLStore) (storage.OpenFGADatastore, error) {
 	switch store.BunDB().Dialect().Name().String() {
 	case "sqlite":
 		return sqlite.NewWithDB(store.SQLDB(), &sqlcommon.Config{
-			MaxTuplesPerWriteField: config.OpenFGA.MaxTuplesPerWrite,
+			MaxTuplesPerWriteField: 100,
 			MaxTypesPerModelField:  100,
 		})
 	case "pg":
@@ -25,7 +24,7 @@ func NewSQLStore(store sqlstore.SQLStore, config authz.Config) (storage.OpenFGAD
 		}
 
 		return postgres.NewWithDB(pgStore.Pool(), nil, &sqlcommon.Config{
-			MaxTuplesPerWriteField: config.OpenFGA.MaxTuplesPerWrite,
+			MaxTuplesPerWriteField: 100,
 			MaxTypesPerModelField:  100,
 		})
 	}

ee/modules/dashboard/impldashboard/module.go

@@ -11,10 +11,12 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	pkgimpldashboard "github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
+	"github.com/SigNoz/signoz/pkg/modules/tag"
 	"github.com/SigNoz/signoz/pkg/querier"
 	"github.com/SigNoz/signoz/pkg/queryparser"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
 	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/coretypes"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
 	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
 	"github.com/SigNoz/signoz/pkg/types/instrumentationtypes"
@@ -30,9 +32,9 @@ type module struct {
 	licensing          licensing.Licensing
 }
 
-func NewModule(store dashboardtypes.Store, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, querier querier.Querier, licensing licensing.Licensing) dashboard.Module {
+func NewModule(store dashboardtypes.Store, sqlstore sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, querier querier.Querier, licensing licensing.Licensing, tagModule tag.Module) dashboard.Module {
 	scopedProviderSettings := factory.NewScopedProviderSettings(settings, "github.com/SigNoz/signoz/ee/modules/dashboard/impldashboard")
-	pkgDashboardModule := pkgimpldashboard.NewModule(store, settings, analytics, orgGetter, queryParser)
+	pkgDashboardModule := pkgimpldashboard.NewModule(store, sqlstore, settings, analytics, orgGetter, queryParser, tagModule)
 
 	return &module{
 		pkgDashboardModule: pkgDashboardModule,
@@ -88,7 +90,7 @@ func (module *module) GetDashboardByPublicID(ctx context.Context, id valuer.UUID
 	return dashboardtypes.NewDashboardFromStorableDashboard(storableDashboard), nil
 }
 
-func (module *module) GetPublicDashboardSelectorsAndOrg(ctx context.Context, id valuer.UUID, orgs []*types.Organization) ([]coretypes.Selector, valuer.UUID, error) {
+func (module *module) GetPublicDashboardSelectorsAndOrg(ctx context.Context, id valuer.UUID, orgs []*types.Organization) ([]authtypes.Selector, valuer.UUID, error) {
 	orgIDs := make([]string, len(orgs))
 	for idx, org := range orgs {
 		orgIDs[idx] = org.ID.StringValue()
@@ -99,9 +101,9 @@ func (module *module) GetPublicDashboardSelectorsAndOrg(ctx context.Context, id
 		return nil, valuer.UUID{}, err
 	}
 
-	return []coretypes.Selector{
-		coretypes.TypeMetaResource.MustSelector(id.StringValue()),
-		coretypes.TypeMetaResource.MustSelector(coretypes.WildCardSelectorString),
+	return []authtypes.Selector{
+		authtypes.MustNewSelector(authtypes.TypeMetaResource, id.StringValue()),
+		authtypes.MustNewSelector(authtypes.TypeMetaResource, authtypes.WildCardSelectorString),
 	}, storableDashboard.OrgID, nil
 }
 
@@ -197,6 +199,68 @@ func (module *module) Create(ctx context.Context, orgID valuer.UUID, createdBy s
 	return module.pkgDashboardModule.Create(ctx, orgID, createdBy, creator, data)
 }
 
+func (module *module) CreateV2(ctx context.Context, orgID valuer.UUID, createdBy string, creator valuer.UUID, postable dashboardtypes.PostableDashboardV2) (*dashboardtypes.DashboardV2, error) {
+	return module.pkgDashboardModule.CreateV2(ctx, orgID, createdBy, creator, postable)
+}
+
+func (module *module) GetV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*dashboardtypes.DashboardV2, error) {
+	return module.pkgDashboardModule.GetV2(ctx, orgID, id)
+}
+
+func (module *module) UpdateV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, updateable dashboardtypes.UpdateableDashboardV2) (*dashboardtypes.DashboardV2, error) {
+	return module.pkgDashboardModule.UpdateV2(ctx, orgID, id, updatedBy, updateable)
+}
+
+func (module *module) PatchV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, patch dashboardtypes.PatchableDashboardV2) (*dashboardtypes.DashboardV2, error) {
+	return module.pkgDashboardModule.PatchV2(ctx, orgID, id, updatedBy, patch)
+}
+
+func (module *module) LockUnlockV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, isAdmin bool, lock bool) error {
+	return module.pkgDashboardModule.LockUnlockV2(ctx, orgID, id, updatedBy, isAdmin, lock)
+}
+
+func (module *module) CreatePublicV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, postable dashboardtypes.PostablePublicDashboard) (*dashboardtypes.DashboardV2, error) {
+	if _, err := module.licensing.GetActive(ctx, orgID); err != nil {
+		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
+	}
+
+	existing, err := module.pkgDashboardModule.GetV2(ctx, orgID, id)
+	if err != nil {
+		return nil, err
+	}
+	if existing.PublicConfig != nil {
+		return nil, errors.Newf(errors.TypeAlreadyExists, dashboardtypes.ErrCodePublicDashboardAlreadyExists, "dashboard with id %s is already public", id)
+	}
+
+	publicDashboard := dashboardtypes.NewPublicDashboard(postable.TimeRangeEnabled, postable.DefaultTimeRange, id)
+	if err := module.store.CreatePublic(ctx, dashboardtypes.NewStorablePublicDashboardFromPublicDashboard(publicDashboard)); err != nil {
+		return nil, err
+	}
+
+	existing.PublicConfig = publicDashboard
+	return existing, nil
+}
+
+func (module *module) UpdatePublicV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatable dashboardtypes.UpdatablePublicDashboard) (*dashboardtypes.DashboardV2, error) {
+	if _, err := module.licensing.GetActive(ctx, orgID); err != nil {
+		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
+	}
+
+	existing, err := module.pkgDashboardModule.GetV2(ctx, orgID, id)
+	if err != nil {
+		return nil, err
+	}
+	if existing.PublicConfig == nil {
+		return nil, errors.Newf(errors.TypeNotFound, dashboardtypes.ErrCodePublicDashboardNotFound, "dashboard with id %s isn't public", id)
+	}
+
+	existing.PublicConfig.Update(updatable.TimeRangeEnabled, updatable.DefaultTimeRange)
+	if err := module.store.UpdatePublic(ctx, dashboardtypes.NewStorablePublicDashboardFromPublicDashboard(existing.PublicConfig)); err != nil {
+		return nil, err
+	}
+	return existing, nil
+}
+
 func (module *module) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*dashboardtypes.Dashboard, error) {
 	return module.pkgDashboardModule.Get(ctx, orgID, id)
 }
@@ -217,6 +281,28 @@ func (module *module) LockUnlock(ctx context.Context, orgID valuer.UUID, id valu
 	return module.pkgDashboardModule.LockUnlock(ctx, orgID, id, updatedBy, isAdmin, lock)
 }
 
+func (module *module) MustGetTypeables() []authtypes.Typeable {
+	return module.pkgDashboardModule.MustGetTypeables()
+}
+
+func (module *module) MustGetManagedRoleTransactions() map[string][]*authtypes.Transaction {
+	return map[string][]*authtypes.Transaction{
+		authtypes.SigNozAnonymousRoleName: {
+			{
+				ID:       valuer.GenerateUUID(),
+				Relation: authtypes.RelationRead,
+				Object: *authtypes.MustNewObject(
+					authtypes.Resource{
+						Type: authtypes.TypeMetaResource,
+						Name: dashboardtypes.TypeableMetaResourcePublicDashboard.Name(),
+					},
+					authtypes.MustNewSelector(authtypes.TypeMetaResource, "*"),
+				),
+			},
+		},
+	}
+}
+
 func (module *module) deletePublic(ctx context.Context, _ valuer.UUID, dashboardID valuer.UUID) error {
 	return module.store.DeletePublic(ctx, dashboardID.StringValue())
 }

ee/query-service/app/api/queryrange.go

@@ -6,8 +6,6 @@ import (
 	"io"
 	"net/http"
 
-	"log/slog"
-
 	"github.com/SigNoz/signoz/ee/query-service/anomaly"
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/http/render"
@@ -17,6 +15,7 @@ import (
 	v3 "github.com/SigNoz/signoz/pkg/query-service/model/v3"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
+	"log/slog"
 )
 
 func (aH *APIHandler) queryRangeV4(w http.ResponseWriter, r *http.Request) {
@@ -138,3 +137,4 @@ func (aH *APIHandler) queryRangeV4(w http.ResponseWriter, r *http.Request) {
 		aH.QueryRangeV4(w, r)
 	}
 }
+

ee/query-service/app/server.go

@@ -42,8 +42,8 @@ import (
 
 // Server runs HTTP, Mux and a grpc server
 type Server struct {
-	config signoz.Config
-	signoz *signoz.SigNoz
+	config      signoz.Config
+	signoz      *signoz.SigNoz
 
 	// public http router
 	httpConn     net.Listener
@@ -148,7 +148,7 @@ func NewServer(config signoz.Config, signoz *signoz.SigNoz) (*Server, error) {
 
 	s := &Server{
 		config:             config,
-		signoz:             signoz,
+		signoz:       signoz,
 		httpHostPort:       baseconst.HTTPHostPort,
 		unavailableChannel: make(chan healthcheck.Status),
 		usageManager:       usageManager,
@@ -317,3 +317,4 @@ func (s *Server) Stop(ctx context.Context) error {
 
 	return nil
 }
+

frontend/.oxfmtrc.json

@@ -23,11 +23,6 @@
     "**/*.md",
     "**/*.json",
     "src/parser/**",
-    "src/TraceOperator/parser/**",
-    ".claude",
-    ".opencode",
-    "dist",
-    "playwright-report",
-    ".temp_cache"
+    "src/TraceOperator/parser/**"
   ]
 }

frontend/package.json

@@ -23,7 +23,8 @@
     "commitlint": "commitlint --edit $1",
     "test": "jest",
     "test:changedsince": "jest --changedSince=main --coverage --silent",
-    "generate:api": "orval --config ./orval.config.ts && sh scripts/post-types-generation.sh"
+    "generate:api": "orval --config ./orval.config.ts && sh scripts/post-types-generation.sh",
+    "generate:permissions-type": "node scripts/generate-permissions-type.cjs"
   },
   "engines": {
     "node": ">=22.0.0"

frontend/scripts/generate-permissions-type.cjs

@@ -0,0 +1,199 @@
+#!/usr/bin/env node
+
+const fs = require('fs');
+const path = require('path');
+const { execSync } = require('child_process');
+const axios = require('axios');
+
+const PERMISSIONS_TYPE_FILE = path.join(
+	__dirname,
+	'../src/hooks/useAuthZ/permissions.type.ts',
+);
+
+const SIGNOZ_INTEGRATION_IMAGE = 'signoz:integration';
+const LOCAL_BACKEND_URL = 'http://localhost:8080';
+
+function log(message) {
+	console.log(`[generate-permissions-type] ${message}`);
+}
+
+function getBackendUrlFromDocker() {
+	try {
+		const output = execSync(
+			`docker ps --filter "ancestor=${SIGNOZ_INTEGRATION_IMAGE}" --format "{{.Ports}}"`,
+			{ encoding: 'utf8', stdio: ['pipe', 'pipe', 'pipe'] },
+		).trim();
+
+		if (!output) {
+			return null;
+		}
+
+		const portMatch = output.match(/0\.0\.0\.0:(\d+)->8080\/tcp/);
+		if (portMatch) {
+			return `http://localhost:${portMatch[1]}`;
+		}
+
+		const ipv6Match = output.match(/:::(\d+)->8080\/tcp/);
+		if (ipv6Match) {
+			return `http://localhost:${ipv6Match[1]}`;
+		}
+	} catch (err) {
+		log(`Warning: Could not get port from docker: ${err.message}`);
+	}
+	return null;
+}
+
+async function checkBackendHealth(url, maxAttempts = 3, delayMs = 1000) {
+	for (let attempt = 1; attempt <= maxAttempts; attempt++) {
+		try {
+			await axios.get(`${url}/api/v1/health`, {
+				timeout: 5000,
+				validateStatus: (status) => status === 200,
+			});
+			return true;
+		} catch (err) {
+			if (attempt < maxAttempts) {
+				await new Promise((r) => setTimeout(r, delayMs));
+			}
+		}
+	}
+	return false;
+}
+
+async function discoverBackendUrl() {
+	const dockerUrl = getBackendUrlFromDocker();
+	if (dockerUrl) {
+		log(`Found ${SIGNOZ_INTEGRATION_IMAGE} container, trying ${dockerUrl}...`);
+		if (await checkBackendHealth(dockerUrl)) {
+			log(`Backend found at ${dockerUrl} (from py-test-setup)`);
+			return dockerUrl;
+		}
+		log(`Backend at ${dockerUrl} is not responding`);
+	}
+
+	log(`Trying local backend at ${LOCAL_BACKEND_URL}...`);
+	if (await checkBackendHealth(LOCAL_BACKEND_URL)) {
+		log(`Backend found at ${LOCAL_BACKEND_URL}`);
+		return LOCAL_BACKEND_URL;
+	}
+
+	return null;
+}
+
+async function fetchResources(backendUrl) {
+	log('Fetching resources from API...');
+	const resourcesUrl = `${backendUrl}/api/v1/authz/resources`;
+
+	const { data: response } = await axios.get(resourcesUrl);
+
+	return response;
+}
+
+function transformResponse(apiResponse) {
+	if (!apiResponse.data) {
+		throw new Error('Invalid API response: missing data field');
+	}
+
+	const { resources, relations } = apiResponse.data;
+
+	return {
+		status: apiResponse.status || 'success',
+		data: {
+			resources: resources,
+			relations: relations,
+		},
+	};
+}
+
+function generateTypeScriptFile(data) {
+	const resourcesStr = data.data.resources
+		.map(
+			(r) =>
+				`\t\t\t{\n\t\t\t\tname: '${r.name}',\n\t\t\t\ttype: '${r.type}',\n\t\t\t},`,
+		)
+		.join('\n');
+
+	const relationsStr = Object.entries(data.data.relations)
+		.map(
+			([type, relations]) =>
+				`\t\t\t${type}: [${relations.map((r) => `'${r}'`).join(', ')}],`,
+		)
+		.join('\n');
+
+	return `// AUTO GENERATED FILE - DO NOT EDIT - GENERATED BY scripts/generate-permissions-type
+export default {
+\tstatus: '${data.status}',
+\tdata: {
+\t\tresources: [
+${resourcesStr}
+\t\t],
+\t\trelations: {
+${relationsStr}
+\t\t},
+\t},
+} as const;
+`;
+}
+
+async function main() {
+	try {
+		log('Starting permissions type generation...');
+
+		const backendUrl = await discoverBackendUrl();
+
+		if (!backendUrl) {
+			console.error('\n' + '='.repeat(80));
+			console.error('ERROR: No running SigNoz backend found!');
+			console.error('='.repeat(80));
+			console.error(
+				'\nThe permissions type generator requires a running SigNoz backend.',
+			);
+			console.error('\nFor local development, start the backend with:');
+			console.error('  make go-run-enterprise');
+			console.error(
+				'\nFor CI or integration testing, start the test environment with:',
+			);
+			console.error('  make py-test-setup');
+			console.error(
+				'\nIf running in CI and seeing this error, check that the py-test-setup',
+			);
+			console.error('step completed successfully before this step runs.');
+			console.error('='.repeat(80) + '\n');
+			process.exit(1);
+		}
+
+		log('Fetching resources...');
+		const apiResponse = await fetchResources(backendUrl);
+
+		log('Transforming response...');
+		const transformed = transformResponse(apiResponse);
+
+		log('Generating TypeScript file...');
+		const content = generateTypeScriptFile(transformed);
+
+		log(`Writing to ${PERMISSIONS_TYPE_FILE}...`);
+		fs.writeFileSync(PERMISSIONS_TYPE_FILE, content, 'utf8');
+
+		const rootDir = path.join(__dirname, '../..');
+		const relativePath = path.relative(
+			path.join(rootDir, 'frontend'),
+			PERMISSIONS_TYPE_FILE,
+		);
+		log('Linting generated file...');
+		execSync(`cd frontend && yarn oxlint ${relativePath}`, {
+			cwd: rootDir,
+			stdio: 'inherit',
+		});
+
+		log('Successfully generated permissions.type.ts');
+	} catch (error) {
+		log(`Error: ${error.message}`);
+		process.exit(1);
+	}
+}
+
+if (require.main === module) {
+	main();
+}
+
+module.exports = { main };

frontend/src/api/generated/services/authz/index.ts

@@ -4,16 +4,23 @@
  * * regenerate with 'yarn generate:api'
  * SigNoz
  */
-import { useMutation } from 'react-query';
+import { useMutation, useQuery } from 'react-query';
 import type {
+	InvalidateOptions,
 	MutationFunction,
+	QueryClient,
+	QueryFunction,
+	QueryKey,
 	UseMutationOptions,
 	UseMutationResult,
+	UseQueryOptions,
+	UseQueryResult,
 } from 'react-query';
 
 import type {
 	AuthtypesTransactionDTO,
 	AuthzCheck200,
+	AuthzResources200,
 	RenderErrorResponseDTO,
 } from '../sigNoz.schemas';
 
@@ -103,3 +110,88 @@ export const useAuthzCheck = <
 
 	return useMutation(mutationOptions);
 };
+/**
+ * Gets all the available resources
+ * @summary Get resources
+ */
+export const authzResources = (signal?: AbortSignal) => {
+	return GeneratedAPIInstance<AuthzResources200>({
+		url: `/api/v1/authz/resources`,
+		method: 'GET',
+		signal,
+	});
+};
+
+export const getAuthzResourcesQueryKey = () => {
+	return [`/api/v1/authz/resources`] as const;
+};
+
+export const getAuthzResourcesQueryOptions = <
+	TData = Awaited<ReturnType<typeof authzResources>>,
+	TError = ErrorType<RenderErrorResponseDTO>,
+>(options?: {
+	query?: UseQueryOptions<
+		Awaited<ReturnType<typeof authzResources>>,
+		TError,
+		TData
+	>;
+}) => {
+	const { query: queryOptions } = options ?? {};
+
+	const queryKey = queryOptions?.queryKey ?? getAuthzResourcesQueryKey();
+
+	const queryFn: QueryFunction<Awaited<ReturnType<typeof authzResources>>> = ({
+		signal,
+	}) => authzResources(signal);
+
+	return { queryKey, queryFn, ...queryOptions } as UseQueryOptions<
+		Awaited<ReturnType<typeof authzResources>>,
+		TError,
+		TData
+	> & { queryKey: QueryKey };
+};
+
+export type AuthzResourcesQueryResult = NonNullable<
+	Awaited<ReturnType<typeof authzResources>>
+>;
+export type AuthzResourcesQueryError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Get resources
+ */
+
+export function useAuthzResources<
+	TData = Awaited<ReturnType<typeof authzResources>>,
+	TError = ErrorType<RenderErrorResponseDTO>,
+>(options?: {
+	query?: UseQueryOptions<
+		Awaited<ReturnType<typeof authzResources>>,
+		TError,
+		TData
+	>;
+}): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
+	const queryOptions = getAuthzResourcesQueryOptions(options);
+
+	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
+		queryKey: QueryKey;
+	};
+
+	query.queryKey = queryOptions.queryKey;
+
+	return query;
+}
+
+/**
+ * @summary Get resources
+ */
+export const invalidateAuthzResources = async (
+	queryClient: QueryClient,
+	options?: InvalidateOptions,
+): Promise<QueryClient> => {
+	await queryClient.invalidateQueries(
+		{ queryKey: getAuthzResourcesQueryKey() },
+		options,
+	);
+
+	return queryClient;
+};

frontend/src/api/generated/services/dashboard/index.ts

@@ -18,19 +18,34 @@ import type {
 } from 'react-query';
 
 import type {
+	CreateDashboardV2201,
 	CreatePublicDashboard201,
 	CreatePublicDashboardPathParameters,
+	CreatePublicDashboardV2200,
+	CreatePublicDashboardV2PathParameters,
+	DashboardtypesJSONPatchDocumentDTO,
+	DashboardtypesPostableDashboardV2DTO,
 	DashboardtypesPostablePublicDashboardDTO,
 	DashboardtypesUpdatablePublicDashboardDTO,
 	DeletePublicDashboardPathParameters,
+	GetDashboardV2200,
+	GetDashboardV2PathParameters,
 	GetPublicDashboard200,
 	GetPublicDashboardData200,
 	GetPublicDashboardDataPathParameters,
 	GetPublicDashboardPathParameters,
 	GetPublicDashboardWidgetQueryRange200,
 	GetPublicDashboardWidgetQueryRangePathParameters,
+	LockDashboardV2PathParameters,
+	PatchDashboardV2200,
+	PatchDashboardV2PathParameters,
 	RenderErrorResponseDTO,
+	UnlockDashboardV2PathParameters,
+	UpdateDashboardV2200,
+	UpdateDashboardV2PathParameters,
 	UpdatePublicDashboardPathParameters,
+	UpdatePublicDashboardV2200,
+	UpdatePublicDashboardV2PathParameters,
 } from '../sigNoz.schemas';
 
 import { GeneratedAPIInstance } from '../../../generatedAPIInstance';
@@ -634,3 +649,739 @@ export const invalidateGetPublicDashboardWidgetQueryRange = async (
 
 	return queryClient;
 };
+
+/**
+ * This endpoint creates a v2-shape dashboard with structured metadata, a typed data tree, and resolved tags.
+ * @summary Create dashboard (v2)
+ */
+export const createDashboardV2 = (
+	dashboardtypesPostableDashboardV2DTO: BodyType<DashboardtypesPostableDashboardV2DTO>,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<CreateDashboardV2201>({
+		url: `/api/v2/dashboards`,
+		method: 'POST',
+		headers: { 'Content-Type': 'application/json' },
+		data: dashboardtypesPostableDashboardV2DTO,
+		signal,
+	});
+};
+
+export const getCreateDashboardV2MutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof createDashboardV2>>,
+		TError,
+		{ data: BodyType<DashboardtypesPostableDashboardV2DTO> },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof createDashboardV2>>,
+	TError,
+	{ data: BodyType<DashboardtypesPostableDashboardV2DTO> },
+	TContext
+> => {
+	const mutationKey = ['createDashboardV2'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof createDashboardV2>>,
+		{ data: BodyType<DashboardtypesPostableDashboardV2DTO> }
+	> = (props) => {
+		const { data } = props ?? {};
+
+		return createDashboardV2(data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type CreateDashboardV2MutationResult = NonNullable<
+	Awaited<ReturnType<typeof createDashboardV2>>
+>;
+export type CreateDashboardV2MutationBody =
+	BodyType<DashboardtypesPostableDashboardV2DTO>;
+export type CreateDashboardV2MutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Create dashboard (v2)
+ */
+export const useCreateDashboardV2 = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof createDashboardV2>>,
+		TError,
+		{ data: BodyType<DashboardtypesPostableDashboardV2DTO> },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof createDashboardV2>>,
+	TError,
+	{ data: BodyType<DashboardtypesPostableDashboardV2DTO> },
+	TContext
+> => {
+	const mutationOptions = getCreateDashboardV2MutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
+/**
+ * This endpoint returns a v2-shape dashboard with its tags and public sharing config (if any).
+ * @summary Get dashboard (v2)
+ */
+export const getDashboardV2 = (
+	{ id }: GetDashboardV2PathParameters,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<GetDashboardV2200>({
+		url: `/api/v2/dashboards/${id}`,
+		method: 'GET',
+		signal,
+	});
+};
+
+export const getGetDashboardV2QueryKey = ({
+	id,
+}: GetDashboardV2PathParameters) => {
+	return [`/api/v2/dashboards/${id}`] as const;
+};
+
+export const getGetDashboardV2QueryOptions = <
+	TData = Awaited<ReturnType<typeof getDashboardV2>>,
+	TError = ErrorType<RenderErrorResponseDTO>,
+>(
+	{ id }: GetDashboardV2PathParameters,
+	options?: {
+		query?: UseQueryOptions<
+			Awaited<ReturnType<typeof getDashboardV2>>,
+			TError,
+			TData
+		>;
+	},
+) => {
+	const { query: queryOptions } = options ?? {};
+
+	const queryKey = queryOptions?.queryKey ?? getGetDashboardV2QueryKey({ id });
+
+	const queryFn: QueryFunction<Awaited<ReturnType<typeof getDashboardV2>>> = ({
+		signal,
+	}) => getDashboardV2({ id }, signal);
+
+	return {
+		queryKey,
+		queryFn,
+		enabled: !!id,
+		...queryOptions,
+	} as UseQueryOptions<
+		Awaited<ReturnType<typeof getDashboardV2>>,
+		TError,
+		TData
+	> & { queryKey: QueryKey };
+};
+
+export type GetDashboardV2QueryResult = NonNullable<
+	Awaited<ReturnType<typeof getDashboardV2>>
+>;
+export type GetDashboardV2QueryError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Get dashboard (v2)
+ */
+
+export function useGetDashboardV2<
+	TData = Awaited<ReturnType<typeof getDashboardV2>>,
+	TError = ErrorType<RenderErrorResponseDTO>,
+>(
+	{ id }: GetDashboardV2PathParameters,
+	options?: {
+		query?: UseQueryOptions<
+			Awaited<ReturnType<typeof getDashboardV2>>,
+			TError,
+			TData
+		>;
+	},
+): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
+	const queryOptions = getGetDashboardV2QueryOptions({ id }, options);
+
+	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
+		queryKey: QueryKey;
+	};
+
+	query.queryKey = queryOptions.queryKey;
+
+	return query;
+}
+
+/**
+ * @summary Get dashboard (v2)
+ */
+export const invalidateGetDashboardV2 = async (
+	queryClient: QueryClient,
+	{ id }: GetDashboardV2PathParameters,
+	options?: InvalidateOptions,
+): Promise<QueryClient> => {
+	await queryClient.invalidateQueries(
+		{ queryKey: getGetDashboardV2QueryKey({ id }) },
+		options,
+	);
+
+	return queryClient;
+};
+
+/**
+ * This endpoint applies an RFC 6902 JSON Patch to a v2-shape dashboard. The patch is applied against the postable view of the dashboard (metadata, data, tags), so individual panels, queries, variables, layouts, or tags can be updated without re-sending the rest of the dashboard. Locked dashboards are rejected.
+ * @summary Patch dashboard (v2)
+ */
+export const patchDashboardV2 = (
+	{ id }: PatchDashboardV2PathParameters,
+	dashboardtypesJSONPatchDocumentDTO: BodyType<DashboardtypesJSONPatchDocumentDTO>,
+) => {
+	return GeneratedAPIInstance<PatchDashboardV2200>({
+		url: `/api/v2/dashboards/${id}`,
+		method: 'PATCH',
+		headers: { 'Content-Type': 'application/json' },
+		data: dashboardtypesJSONPatchDocumentDTO,
+	});
+};
+
+export const getPatchDashboardV2MutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof patchDashboardV2>>,
+		TError,
+		{
+			pathParams: PatchDashboardV2PathParameters;
+			data: BodyType<DashboardtypesJSONPatchDocumentDTO>;
+		},
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof patchDashboardV2>>,
+	TError,
+	{
+		pathParams: PatchDashboardV2PathParameters;
+		data: BodyType<DashboardtypesJSONPatchDocumentDTO>;
+	},
+	TContext
+> => {
+	const mutationKey = ['patchDashboardV2'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof patchDashboardV2>>,
+		{
+			pathParams: PatchDashboardV2PathParameters;
+			data: BodyType<DashboardtypesJSONPatchDocumentDTO>;
+		}
+	> = (props) => {
+		const { pathParams, data } = props ?? {};
+
+		return patchDashboardV2(pathParams, data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type PatchDashboardV2MutationResult = NonNullable<
+	Awaited<ReturnType<typeof patchDashboardV2>>
+>;
+export type PatchDashboardV2MutationBody =
+	BodyType<DashboardtypesJSONPatchDocumentDTO>;
+export type PatchDashboardV2MutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Patch dashboard (v2)
+ */
+export const usePatchDashboardV2 = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof patchDashboardV2>>,
+		TError,
+		{
+			pathParams: PatchDashboardV2PathParameters;
+			data: BodyType<DashboardtypesJSONPatchDocumentDTO>;
+		},
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof patchDashboardV2>>,
+	TError,
+	{
+		pathParams: PatchDashboardV2PathParameters;
+		data: BodyType<DashboardtypesJSONPatchDocumentDTO>;
+	},
+	TContext
+> => {
+	const mutationOptions = getPatchDashboardV2MutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
+/**
+ * This endpoint updates a v2-shape dashboard's metadata, data, and tag set. Locked dashboards are rejected.
+ * @summary Update dashboard (v2)
+ */
+export const updateDashboardV2 = (
+	{ id }: UpdateDashboardV2PathParameters,
+	dashboardtypesPostableDashboardV2DTO: BodyType<DashboardtypesPostableDashboardV2DTO>,
+) => {
+	return GeneratedAPIInstance<UpdateDashboardV2200>({
+		url: `/api/v2/dashboards/${id}`,
+		method: 'PUT',
+		headers: { 'Content-Type': 'application/json' },
+		data: dashboardtypesPostableDashboardV2DTO,
+	});
+};
+
+export const getUpdateDashboardV2MutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof updateDashboardV2>>,
+		TError,
+		{
+			pathParams: UpdateDashboardV2PathParameters;
+			data: BodyType<DashboardtypesPostableDashboardV2DTO>;
+		},
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof updateDashboardV2>>,
+	TError,
+	{
+		pathParams: UpdateDashboardV2PathParameters;
+		data: BodyType<DashboardtypesPostableDashboardV2DTO>;
+	},
+	TContext
+> => {
+	const mutationKey = ['updateDashboardV2'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof updateDashboardV2>>,
+		{
+			pathParams: UpdateDashboardV2PathParameters;
+			data: BodyType<DashboardtypesPostableDashboardV2DTO>;
+		}
+	> = (props) => {
+		const { pathParams, data } = props ?? {};
+
+		return updateDashboardV2(pathParams, data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type UpdateDashboardV2MutationResult = NonNullable<
+	Awaited<ReturnType<typeof updateDashboardV2>>
+>;
+export type UpdateDashboardV2MutationBody =
+	BodyType<DashboardtypesPostableDashboardV2DTO>;
+export type UpdateDashboardV2MutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Update dashboard (v2)
+ */
+export const useUpdateDashboardV2 = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof updateDashboardV2>>,
+		TError,
+		{
+			pathParams: UpdateDashboardV2PathParameters;
+			data: BodyType<DashboardtypesPostableDashboardV2DTO>;
+		},
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof updateDashboardV2>>,
+	TError,
+	{
+		pathParams: UpdateDashboardV2PathParameters;
+		data: BodyType<DashboardtypesPostableDashboardV2DTO>;
+	},
+	TContext
+> => {
+	const mutationOptions = getUpdateDashboardV2MutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
+/**
+ * This endpoint unlocks a v2-shape dashboard. Only the dashboard's creator or an org admin may lock or unlock.
+ * @summary Unlock dashboard (v2)
+ */
+export const unlockDashboardV2 = ({ id }: UnlockDashboardV2PathParameters) => {
+	return GeneratedAPIInstance<string>({
+		url: `/api/v2/dashboards/${id}/lock`,
+		method: 'DELETE',
+	});
+};
+
+export const getUnlockDashboardV2MutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof unlockDashboardV2>>,
+		TError,
+		{ pathParams: UnlockDashboardV2PathParameters },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof unlockDashboardV2>>,
+	TError,
+	{ pathParams: UnlockDashboardV2PathParameters },
+	TContext
+> => {
+	const mutationKey = ['unlockDashboardV2'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof unlockDashboardV2>>,
+		{ pathParams: UnlockDashboardV2PathParameters }
+	> = (props) => {
+		const { pathParams } = props ?? {};
+
+		return unlockDashboardV2(pathParams);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type UnlockDashboardV2MutationResult = NonNullable<
+	Awaited<ReturnType<typeof unlockDashboardV2>>
+>;
+
+export type UnlockDashboardV2MutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Unlock dashboard (v2)
+ */
+export const useUnlockDashboardV2 = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof unlockDashboardV2>>,
+		TError,
+		{ pathParams: UnlockDashboardV2PathParameters },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof unlockDashboardV2>>,
+	TError,
+	{ pathParams: UnlockDashboardV2PathParameters },
+	TContext
+> => {
+	const mutationOptions = getUnlockDashboardV2MutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
+/**
+ * This endpoint locks a v2-shape dashboard. Only the dashboard's creator or an org admin may lock or unlock.
+ * @summary Lock dashboard (v2)
+ */
+export const lockDashboardV2 = ({ id }: LockDashboardV2PathParameters) => {
+	return GeneratedAPIInstance<string>({
+		url: `/api/v2/dashboards/${id}/lock`,
+		method: 'PUT',
+	});
+};
+
+export const getLockDashboardV2MutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof lockDashboardV2>>,
+		TError,
+		{ pathParams: LockDashboardV2PathParameters },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof lockDashboardV2>>,
+	TError,
+	{ pathParams: LockDashboardV2PathParameters },
+	TContext
+> => {
+	const mutationKey = ['lockDashboardV2'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof lockDashboardV2>>,
+		{ pathParams: LockDashboardV2PathParameters }
+	> = (props) => {
+		const { pathParams } = props ?? {};
+
+		return lockDashboardV2(pathParams);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type LockDashboardV2MutationResult = NonNullable<
+	Awaited<ReturnType<typeof lockDashboardV2>>
+>;
+
+export type LockDashboardV2MutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Lock dashboard (v2)
+ */
+export const useLockDashboardV2 = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof lockDashboardV2>>,
+		TError,
+		{ pathParams: LockDashboardV2PathParameters },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof lockDashboardV2>>,
+	TError,
+	{ pathParams: LockDashboardV2PathParameters },
+	TContext
+> => {
+	const mutationOptions = getLockDashboardV2MutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
+/**
+ * This endpoint creates the public sharing config for a v2 dashboard and returns the dashboard with the new public config attached. Lock state does not gate this endpoint.
+ * @summary Make a dashboard v2 public
+ */
+export const createPublicDashboardV2 = (
+	{ id }: CreatePublicDashboardV2PathParameters,
+	dashboardtypesPostablePublicDashboardDTO: BodyType<DashboardtypesPostablePublicDashboardDTO>,
+) => {
+	return GeneratedAPIInstance<CreatePublicDashboardV2200>({
+		url: `/api/v2/dashboards/${id}/public`,
+		method: 'PATCH',
+		headers: { 'Content-Type': 'application/json' },
+		data: dashboardtypesPostablePublicDashboardDTO,
+	});
+};
+
+export const getCreatePublicDashboardV2MutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof createPublicDashboardV2>>,
+		TError,
+		{
+			pathParams: CreatePublicDashboardV2PathParameters;
+			data: BodyType<DashboardtypesPostablePublicDashboardDTO>;
+		},
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof createPublicDashboardV2>>,
+	TError,
+	{
+		pathParams: CreatePublicDashboardV2PathParameters;
+		data: BodyType<DashboardtypesPostablePublicDashboardDTO>;
+	},
+	TContext
+> => {
+	const mutationKey = ['createPublicDashboardV2'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof createPublicDashboardV2>>,
+		{
+			pathParams: CreatePublicDashboardV2PathParameters;
+			data: BodyType<DashboardtypesPostablePublicDashboardDTO>;
+		}
+	> = (props) => {
+		const { pathParams, data } = props ?? {};
+
+		return createPublicDashboardV2(pathParams, data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type CreatePublicDashboardV2MutationResult = NonNullable<
+	Awaited<ReturnType<typeof createPublicDashboardV2>>
+>;
+export type CreatePublicDashboardV2MutationBody =
+	BodyType<DashboardtypesPostablePublicDashboardDTO>;
+export type CreatePublicDashboardV2MutationError =
+	ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Make a dashboard v2 public
+ */
+export const useCreatePublicDashboardV2 = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof createPublicDashboardV2>>,
+		TError,
+		{
+			pathParams: CreatePublicDashboardV2PathParameters;
+			data: BodyType<DashboardtypesPostablePublicDashboardDTO>;
+		},
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof createPublicDashboardV2>>,
+	TError,
+	{
+		pathParams: CreatePublicDashboardV2PathParameters;
+		data: BodyType<DashboardtypesPostablePublicDashboardDTO>;
+	},
+	TContext
+> => {
+	const mutationOptions = getCreatePublicDashboardV2MutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
+/**
+ * This endpoint updates the public sharing config (time range settings) of an already-public v2 dashboard. Lock state does not gate this endpoint.
+ * @summary Update public sharing config for a dashboard v2
+ */
+export const updatePublicDashboardV2 = (
+	{ id }: UpdatePublicDashboardV2PathParameters,
+	dashboardtypesUpdatablePublicDashboardDTO: BodyType<DashboardtypesUpdatablePublicDashboardDTO>,
+) => {
+	return GeneratedAPIInstance<UpdatePublicDashboardV2200>({
+		url: `/api/v2/dashboards/${id}/public`,
+		method: 'PUT',
+		headers: { 'Content-Type': 'application/json' },
+		data: dashboardtypesUpdatablePublicDashboardDTO,
+	});
+};
+
+export const getUpdatePublicDashboardV2MutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof updatePublicDashboardV2>>,
+		TError,
+		{
+			pathParams: UpdatePublicDashboardV2PathParameters;
+			data: BodyType<DashboardtypesUpdatablePublicDashboardDTO>;
+		},
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof updatePublicDashboardV2>>,
+	TError,
+	{
+		pathParams: UpdatePublicDashboardV2PathParameters;
+		data: BodyType<DashboardtypesUpdatablePublicDashboardDTO>;
+	},
+	TContext
+> => {
+	const mutationKey = ['updatePublicDashboardV2'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof updatePublicDashboardV2>>,
+		{
+			pathParams: UpdatePublicDashboardV2PathParameters;
+			data: BodyType<DashboardtypesUpdatablePublicDashboardDTO>;
+		}
+	> = (props) => {
+		const { pathParams, data } = props ?? {};
+
+		return updatePublicDashboardV2(pathParams, data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type UpdatePublicDashboardV2MutationResult = NonNullable<
+	Awaited<ReturnType<typeof updatePublicDashboardV2>>
+>;
+export type UpdatePublicDashboardV2MutationBody =
+	BodyType<DashboardtypesUpdatablePublicDashboardDTO>;
+export type UpdatePublicDashboardV2MutationError =
+	ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Update public sharing config for a dashboard v2
+ */
+export const useUpdatePublicDashboardV2 = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof updatePublicDashboardV2>>,
+		TError,
+		{
+			pathParams: UpdatePublicDashboardV2PathParameters;
+			data: BodyType<DashboardtypesUpdatablePublicDashboardDTO>;
+		},
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof updatePublicDashboardV2>>,
+	TError,
+	{
+		pathParams: UpdatePublicDashboardV2PathParameters;
+		data: BodyType<DashboardtypesUpdatablePublicDashboardDTO>;
+	},
+	TContext
+> => {
+	const mutationOptions = getUpdatePublicDashboardV2MutationOptions(options);
+
+	return useMutation(mutationOptions);
+};

frontend/src/api/generated/services/role/index.ts

@@ -18,9 +18,9 @@ import type {
 } from 'react-query';
 
 import type {
+	AuthtypesPatchableObjectsDTO,
 	AuthtypesPatchableRoleDTO,
 	AuthtypesPostableRoleDTO,
-	CoretypesPatchableObjectsDTO,
 	CreateRole201,
 	DeleteRolePathParameters,
 	GetObjects200,
@@ -571,13 +571,13 @@ export const invalidateGetObjects = async (
  */
 export const patchObjects = (
 	{ id, relation }: PatchObjectsPathParameters,
-	coretypesPatchableObjectsDTO: BodyType<CoretypesPatchableObjectsDTO>,
+	authtypesPatchableObjectsDTO: BodyType<AuthtypesPatchableObjectsDTO>,
 ) => {
 	return GeneratedAPIInstance<string>({
 		url: `/api/v1/roles/${id}/relations/${relation}/objects`,
 		method: 'PATCH',
 		headers: { 'Content-Type': 'application/json' },
-		data: coretypesPatchableObjectsDTO,
+		data: authtypesPatchableObjectsDTO,
 	});
 };
 
@@ -590,7 +590,7 @@ export const getPatchObjectsMutationOptions = <
 		TError,
 		{
 			pathParams: PatchObjectsPathParameters;
-			data: BodyType<CoretypesPatchableObjectsDTO>;
+			data: BodyType<AuthtypesPatchableObjectsDTO>;
 		},
 		TContext
 	>;
@@ -599,7 +599,7 @@ export const getPatchObjectsMutationOptions = <
 	TError,
 	{
 		pathParams: PatchObjectsPathParameters;
-		data: BodyType<CoretypesPatchableObjectsDTO>;
+		data: BodyType<AuthtypesPatchableObjectsDTO>;
 	},
 	TContext
 > => {
@@ -616,7 +616,7 @@ export const getPatchObjectsMutationOptions = <
 		Awaited<ReturnType<typeof patchObjects>>,
 		{
 			pathParams: PatchObjectsPathParameters;
-			data: BodyType<CoretypesPatchableObjectsDTO>;
+			data: BodyType<AuthtypesPatchableObjectsDTO>;
 		}
 	> = (props) => {
 		const { pathParams, data } = props ?? {};
@@ -630,7 +630,7 @@ export const getPatchObjectsMutationOptions = <
 export type PatchObjectsMutationResult = NonNullable<
 	Awaited<ReturnType<typeof patchObjects>>
 >;
-export type PatchObjectsMutationBody = BodyType<CoretypesPatchableObjectsDTO>;
+export type PatchObjectsMutationBody = BodyType<AuthtypesPatchableObjectsDTO>;
 export type PatchObjectsMutationError = ErrorType<RenderErrorResponseDTO>;
 
 /**
@@ -645,7 +645,7 @@ export const usePatchObjects = <
 		TError,
 		{
 			pathParams: PatchObjectsPathParameters;
-			data: BodyType<CoretypesPatchableObjectsDTO>;
+			data: BodyType<AuthtypesPatchableObjectsDTO>;
 		},
 		TContext
 	>;
@@ -654,7 +654,7 @@ export const usePatchObjects = <
 	TError,
 	{
 		pathParams: PatchObjectsPathParameters;
-		data: BodyType<CoretypesPatchableObjectsDTO>;
+		data: BodyType<AuthtypesPatchableObjectsDTO>;
 	},
 	TContext
 > => {

frontend/src/components/GuardAuthZ/GuardAuthZ.test.tsx

@@ -55,7 +55,7 @@ describe('GuardAuthZ', () => {
 		);
 
 		render(
-			<GuardAuthZ relation="read" object="role:*">
+			<GuardAuthZ relation="read" object="dashboard:*">
 				<TestChild />
 			</GuardAuthZ>,
 		);
@@ -79,7 +79,7 @@ describe('GuardAuthZ', () => {
 		render(
 			<GuardAuthZ
 				relation="read"
-				object="role:*"
+				object="dashboard:*"
 				fallbackOnLoading={<LoadingFallback />}
 			>
 				<TestChild />
@@ -102,7 +102,7 @@ describe('GuardAuthZ', () => {
 		);
 
 		const { container } = render(
-			<GuardAuthZ relation="read" object="role:*">
+			<GuardAuthZ relation="read" object="dashboard:*">
 				<TestChild />
 			</GuardAuthZ>,
 		);
@@ -121,7 +121,11 @@ describe('GuardAuthZ', () => {
 		);
 
 		render(
-			<GuardAuthZ relation="read" object="role:*" fallbackOnError={ErrorFallback}>
+			<GuardAuthZ
+				relation="read"
+				object="dashboard:*"
+				fallbackOnError={ErrorFallback}
+			>
 				<TestChild />
 			</GuardAuthZ>,
 		);
@@ -151,7 +155,7 @@ describe('GuardAuthZ', () => {
 		render(
 			<GuardAuthZ
 				relation="read"
-				object="role:*"
+				object="dashboard:*"
 				fallbackOnError={errorFallbackWithCapture}
 			>
 				<TestChild />
@@ -174,7 +178,7 @@ describe('GuardAuthZ', () => {
 		);
 
 		const { container } = render(
-			<GuardAuthZ relation="read" object="role:*">
+			<GuardAuthZ relation="read" object="dashboard:*">
 				<TestChild />
 			</GuardAuthZ>,
 		);
@@ -197,7 +201,7 @@ describe('GuardAuthZ', () => {
 		render(
 			<GuardAuthZ
 				relation="update"
-				object="role:123"
+				object="dashboard:123"
 				fallbackOnNoPermissions={NoPermissionFallback}
 			>
 				<TestChild />
@@ -220,7 +224,7 @@ describe('GuardAuthZ', () => {
 		);
 
 		const { container } = render(
-			<GuardAuthZ relation="update" object="role:123">
+			<GuardAuthZ relation="update" object="dashboard:123">
 				<TestChild />
 			</GuardAuthZ>,
 		);
@@ -240,7 +244,7 @@ describe('GuardAuthZ', () => {
 		);
 
 		const { container } = render(
-			<GuardAuthZ relation="read" object="role:*">
+			<GuardAuthZ relation="read" object="dashboard:*">
 				<TestChild />
 			</GuardAuthZ>,
 		);
@@ -253,7 +257,7 @@ describe('GuardAuthZ', () => {
 	});
 
 	it('should pass requiredPermissionName to fallbackOnNoPermissions', async () => {
-		const permission = buildPermission('update', 'role:123');
+		const permission = buildPermission('update', 'dashboard:123');
 
 		server.use(
 			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
@@ -265,7 +269,7 @@ describe('GuardAuthZ', () => {
 		render(
 			<GuardAuthZ
 				relation="update"
-				object="role:123"
+				object="dashboard:123"
 				fallbackOnNoPermissions={NoPermissionFallbackWithSuggestions}
 			>
 				<TestChild />
@@ -295,7 +299,7 @@ describe('GuardAuthZ', () => {
 		);
 
 		const { rerender } = render(
-			<GuardAuthZ relation="read" object="role:*">
+			<GuardAuthZ relation="read" object="dashboard:*">
 				<TestChild />
 			</GuardAuthZ>,
 		);
@@ -305,7 +309,7 @@ describe('GuardAuthZ', () => {
 		});
 
 		rerender(
-			<GuardAuthZ relation="delete" object="role:456">
+			<GuardAuthZ relation="delete" object="dashboard:456">
 				<TestChild />
 			</GuardAuthZ>,
 		);

frontend/src/components/createGuardedRoute/createGuardedRoute.test.tsx

@@ -41,7 +41,11 @@ describe('createGuardedRoute', () => {
 			}),
 		);
 
-		const GuardedComponent = createGuardedRoute(TestComponent, 'read', 'role:*');
+		const GuardedComponent = createGuardedRoute(
+			TestComponent,
+			'read',
+			'dashboard:*',
+		);
 
 		const mockMatch = {
 			params: {},
@@ -75,7 +79,7 @@ describe('createGuardedRoute', () => {
 		const GuardedComponent = createGuardedRoute(
 			TestComponent,
 			'read',
-			'role:{id}',
+			'dashboard:{id}',
 		);
 
 		const mockMatch = {
@@ -109,7 +113,7 @@ describe('createGuardedRoute', () => {
 						relation: txn.relation,
 						object: {
 							resource: {
-								kind: txn.object.resource.kind,
+								name: txn.object.resource.name,
 								type: txn.object.resource.type,
 							},
 							selector: '123:456',
@@ -127,7 +131,7 @@ describe('createGuardedRoute', () => {
 		const GuardedComponent = createGuardedRoute(
 			TestComponent,
 			'update',
-			'role:{id}:{version}',
+			'dashboard:{id}:{version}',
 		);
 
 		const mockMatch = {
@@ -162,7 +166,7 @@ describe('createGuardedRoute', () => {
 		const GuardedComponent = createGuardedRoute(
 			TestComponent,
 			'read',
-			'role:{id}',
+			'dashboard:{id}',
 		);
 
 		const mockMatch = {
@@ -197,7 +201,11 @@ describe('createGuardedRoute', () => {
 			}),
 		);
 
-		const GuardedComponent = createGuardedRoute(TestComponent, 'read', 'role:*');
+		const GuardedComponent = createGuardedRoute(
+			TestComponent,
+			'read',
+			'dashboard:*',
+		);
 
 		const mockMatch = {
 			params: {},
@@ -228,7 +236,11 @@ describe('createGuardedRoute', () => {
 			}),
 		);
 
-		const GuardedComponent = createGuardedRoute(TestComponent, 'read', 'role:*');
+		const GuardedComponent = createGuardedRoute(
+			TestComponent,
+			'read',
+			'dashboard:*',
+		);
 
 		const mockMatch = {
 			params: {},
@@ -266,7 +278,7 @@ describe('createGuardedRoute', () => {
 		const GuardedComponent = createGuardedRoute(
 			TestComponent,
 			'update',
-			'role:{id}',
+			'dashboard:{id}',
 		);
 
 		const mockMatch = {
@@ -292,7 +304,7 @@ describe('createGuardedRoute', () => {
 		});
 
 		expect(screen.getByText('update')).toBeInTheDocument();
-		expect(screen.getByText('role:123')).toBeInTheDocument();
+		expect(screen.getByText('dashboard:123')).toBeInTheDocument();
 		expect(
 			screen.queryByText('Test Component: test-value'),
 		).not.toBeInTheDocument();
@@ -323,7 +335,7 @@ describe('createGuardedRoute', () => {
 		const GuardedComponent = createGuardedRoute(
 			ComponentWithMultipleProps,
 			'read',
-			'role:*',
+			'dashboard:*',
 		);
 
 		const mockMatch = {
@@ -358,10 +370,10 @@ describe('createGuardedRoute', () => {
 				requestCount++;
 				const payload = (await req.json()) as AuthtypesTransactionDTO[];
 				const obj = payload[0]?.object;
-				const kind = obj?.resource?.kind;
+				const name = obj?.resource?.name;
 				const selector = obj?.selector ?? '*';
 				const objectStr =
-					obj?.resource?.type === 'metaresources' ? kind : `${kind}:${selector}`;
+					obj?.resource?.type === 'metaresources' ? name : `${name}:${selector}`;
 				requestedObjects.push(objectStr ?? '');
 
 				return res(ctx.status(200), ctx.json(authzMockResponse(payload, [true])));
@@ -371,7 +383,7 @@ describe('createGuardedRoute', () => {
 		const GuardedComponent = createGuardedRoute(
 			TestComponent,
 			'read',
-			'role:{id}',
+			'dashboard:{id}',
 		);
 
 		const mockMatch1 = {
@@ -395,7 +407,7 @@ describe('createGuardedRoute', () => {
 		});
 
 		expect(requestCount).toBe(1);
-		expect(requestedObjects).toContain('role:123');
+		expect(requestedObjects).toContain('dashboard:123');
 
 		unmount();
 
@@ -420,7 +432,7 @@ describe('createGuardedRoute', () => {
 		});
 
 		expect(requestCount).toBe(2);
-		expect(requestedObjects).toContain('role:456');
+		expect(requestedObjects).toContain('dashboard:456');
 	});
 
 	it('should handle different relation types', async () => {
@@ -434,7 +446,7 @@ describe('createGuardedRoute', () => {
 		const GuardedComponent = createGuardedRoute(
 			TestComponent,
 			'delete',
-			'role:{id}',
+			'dashboard:{id}',
 		);
 
 		const mockMatch = {

frontend/src/constants/events.ts

@@ -6,7 +6,6 @@ export enum Events {
 	TOOLTIP_PINNED = 'TOOLTIP_PINNED',
 	TOOLTIP_UNPINNED = 'TOOLTIP_UNPINNED',
 	TOOLTIP_CONTENT_SCROLLED = 'TOOLTIP_CONTENT_SCROLLED',
-	TOOLTIP_SYNC_MODE_CHANGED = 'TOOLTIP_SYNC_MODE_CHANGED',
 }
 
 export enum InfraMonitoringEvents {

frontend/src/constants/localStorage.ts

@@ -38,5 +38,4 @@ export enum LOCALSTORAGE {
 	DISSMISSED_COST_METER_INFO = 'DISMISSED_COST_METER_INFO',
 	DISMISSED_API_KEYS_DEPRECATION_BANNER = 'DISMISSED_API_KEYS_DEPRECATION_BANNER',
 	LICENSE_KEY_CALLOUT_DISMISSED = 'LICENSE_KEY_CALLOUT_DISMISSED',
-	DASHBOARD_PREFERENCES = 'DASHBOARD_PREFERENCES',
 }

frontend/src/container/BillingContainer/BillingContainer.test.tsx

@@ -107,7 +107,7 @@ describe('BillingContainer', () => {
 			).resolves.toBeInTheDocument();
 
 			await expect(
-				screen.findByText('Cancel your subscription', { selector: 'span' }),
+				screen.findByText('Cancel Subscription', { selector: 'span' }),
 			).resolves.toBeInTheDocument();
 		});
 
@@ -150,7 +150,7 @@ describe('BillingContainer', () => {
 			expect(dayRemainingInBillingPeriod).toBeInTheDocument();
 
 			await expect(
-				screen.findByText('Cancel your subscription', { selector: 'span' }),
+				screen.findByText('Cancel Subscription', { selector: 'span' }),
 			).resolves.toBeInTheDocument();
 		});
 	});
@@ -162,7 +162,7 @@ describe('BillingContainer', () => {
 		it('should render when license is ACTIVATED and platform is CLOUD', async () => {
 			render(<BillingContainer />);
 			await expect(
-				screen.findByText('Cancel your subscription', { selector: 'span' }),
+				screen.findByText('Cancel Subscription', { selector: 'span' }),
 			).resolves.toBeInTheDocument();
 		});
 
@@ -186,7 +186,7 @@ describe('BillingContainer', () => {
 			);
 			await screen.findByText('billing');
 			expect(
-				screen.queryByText('Cancel your subscription', { selector: 'span' }),
+				screen.queryByText('Cancel Subscription', { selector: 'span' }),
 			).not.toBeInTheDocument();
 		});
 
@@ -225,7 +225,7 @@ describe('BillingContainer', () => {
 			render(<BillingContainer />, {}, { appContextOverrides: overrides });
 			await screen.findByText('billing');
 			expect(
-				screen.queryByText('Cancel your subscription', { selector: 'span' }),
+				screen.queryByText('Cancel Subscription', { selector: 'span' }),
 			).not.toBeInTheDocument();
 		});
 	});

frontend/src/container/BillingContainer/CancelSubscriptionBanner.module.scss

@@ -1,11 +1,11 @@
 .banner {
 	display: flex;
 	justify-content: space-between;
-	align-items: flex-start;
+	align-items: center;
 	padding: var(--padding-4);
 	border-radius: 4px;
-	border: 1px solid var(--l1-border);
-	background-color: var(--l2-background);
+	border: 1px solid var(--callout-error-border);
+	background-color: var(--callout-error-background);
 	margin: var(--spacing-4) 0 var(--spacing-12);
 }
 
@@ -15,55 +15,21 @@
 	gap: var(--spacing-2);
 }
 
-.titleRow {
-	display: flex;
-	align-items: center;
-	gap: var(--spacing-3);
-}
-
 .title {
-	font-size: var(--paragraph-base-500-font-size);
-	font-weight: var(--paragraph-base-500-font-weight);
-	line-height: var(--paragraph-base-500-line-height);
-	color: var(--l1-foreground);
+	font-size: var(--font-size-sm);
+	font-weight: var(--font-weight-medium);
+	color: var(--callout-error-title);
 }
 
 .subtitle {
 	font-size: var(--paragraph-base-400-font-size);
 	font-weight: var(--paragraph-base-400-font-weight);
 	line-height: var(--paragraph-base-400-line-height);
-	color: var(--l2-foreground);
-	padding-left: 20px;
+	color: var(--callout-error-icon);
 }
 
 .dialogBody {
-	display: flex;
-	flex-direction: column;
-	gap: var(--spacing-4);
-}
-
-.dialogDescription {
-	font-size: var(--paragraph-base-400-font-size);
-	font-weight: var(--paragraph-base-400-font-weight);
-	line-height: var(--paragraph-base-400-line-height);
+	font-size: var(--font-size-sm);
+	line-height: var(--line-height-relaxed);
 	color: var(--l2-foreground);
-	margin: 0;
-}
-
-.dialogConfirmLabel {
-	font-size: var(--paragraph-base-400-font-size);
-	font-weight: var(--paragraph-base-400-font-weight);
-	line-height: var(--paragraph-base-400-line-height);
-	color: var(--l2-foreground);
-	margin: 0;
-
-	code {
-		font-family: var(--font-mono);
-		color: var(--l1-foreground);
-	}
-}
-
-.cancelButton {
-	background: var(--secondary-background);
-	border: 1px solid var(--l1-border);
 }

frontend/src/container/BillingContainer/CancelSubscriptionBanner.test.tsx

@@ -1,4 +1,4 @@
-import { render, screen, userEvent, waitFor } from 'tests/test-utils';
+import { render, screen, userEvent } from 'tests/test-utils';
 
 import CancelSubscriptionBanner from './CancelSubscriptionBanner';
 
@@ -13,16 +13,14 @@ describe('CancelSubscriptionBanner', () => {
 	it('renders banner with title and subtitle', () => {
 		render(<CancelSubscriptionBanner />);
 		expect(
-			screen.getByText('Cancel your subscription', { selector: 'span' }),
+			screen.getByText('Cancel Subscription', { selector: 'span' }),
 		).toBeInTheDocument();
 		expect(
-			screen.getByText(
-				/When you cancel your SigNoz subscription, all your data will be deleted/i,
-			),
+			screen.getByText('Cancel your SigNoz subscription.'),
 		).toBeInTheDocument();
 	});
 
-	it('opens dialog with content when Cancel Subscription is clicked', async () => {
+	it('opens dialog with correct content when Cancel Subscription is clicked', async () => {
 		const user = userEvent.setup({ pointerEventsCheck: 0 });
 		render(<CancelSubscriptionBanner />);
 
@@ -32,62 +30,17 @@ describe('CancelSubscriptionBanner', () => {
 
 		expect(screen.getByRole('dialog')).toBeInTheDocument();
 		expect(
-			screen.getByText(/Cancelling your subscription would stop your data/i),
+			screen.getByText(/reach out to our support team/i),
 		).toBeInTheDocument();
-		expect(screen.getByText(/Type/i)).toBeInTheDocument();
 		expect(
-			screen.getByPlaceholderText(/Enter the word cancel/i),
+			screen.getByRole('button', { name: /keep subscription/i }),
 		).toBeInTheDocument();
-		expect(screen.getByRole('button', { name: /go back/i })).toBeInTheDocument();
 		expect(
-			screen.getByRole('button', { name: /cancel subscription/i }),
+			screen.getByRole('button', { name: /contact support/i }),
 		).toBeInTheDocument();
 	});
 
-	it('keeps Cancel subscription button disabled until "cancel" is typed', async () => {
-		const user = userEvent.setup({ pointerEventsCheck: 0 });
-		render(<CancelSubscriptionBanner />);
-
-		await user.click(
-			screen.getByRole('button', { name: /cancel subscription/i }),
-		);
-
-		const confirmButton = screen.getByRole('button', {
-			name: /cancel subscription/i,
-		});
-		expect(confirmButton).toBeDisabled();
-
-		const input = screen.getByPlaceholderText(/Enter the word cancel/i);
-		await user.type(input, 'canc');
-		expect(confirmButton).toBeDisabled();
-
-		await user.type(input, 'el');
-		expect(confirmButton).toBeEnabled();
-	});
-
-	it('closes dialog and resets input when Go back is clicked', async () => {
-		const user = userEvent.setup({ pointerEventsCheck: 0 });
-		render(<CancelSubscriptionBanner />);
-
-		await user.click(
-			screen.getByRole('button', { name: /cancel subscription/i }),
-		);
-
-		const input = screen.getByPlaceholderText(/Enter the word cancel/i);
-		await user.type(input, 'cancel');
-
-		await user.click(screen.getByRole('button', { name: /go back/i }));
-		await waitFor(() =>
-			expect(screen.queryByRole('dialog')).not.toBeInTheDocument(),
-		);
-
-		await user.click(
-			screen.getByRole('button', { name: /cancel subscription/i }),
-		);
-		expect(screen.getByPlaceholderText(/Enter the word cancel/i)).toHaveValue('');
-	});
-
-	it('sends mailto to cloud-support with correct subject after typing "cancel"', async () => {
+	it('sends mailto to cloud-support with correct subject on Contact Support', async () => {
 		const realCreateElement = document.createElement.bind(document);
 		const mockClick = jest.fn();
 		const mockAnchor = { href: '', click: mockClick };
@@ -104,13 +57,7 @@ describe('CancelSubscriptionBanner', () => {
 		await user.click(
 			screen.getByRole('button', { name: /cancel subscription/i }),
 		);
-
-		const input = screen.getByPlaceholderText(/Enter the word cancel/i);
-		await user.type(input, 'cancel');
-
-		await user.click(
-			screen.getByRole('button', { name: /cancel subscription/i }),
-		);
+		await user.click(screen.getByRole('button', { name: /contact support/i }));
 
 		expect(mockAnchor.href).toContain('mailto:cloud-support@signoz.io');
 		expect(mockAnchor.href).toContain('Cancel%20My%20SigNoz%20Subscription');

frontend/src/container/BillingContainer/CancelSubscriptionBanner.tsx

@@ -1,17 +1,15 @@
 import { useState } from 'react';
-import { SolidInfoCircle, Undo2, X } from '@signozhq/icons';
-import { Button, DialogWrapper, Input } from '@signozhq/ui';
+import { X } from '@signozhq/icons';
+import { Button, DialogWrapper } from '@signozhq/ui';
 import logEvent from 'api/common/logEvent';
 import { pick } from 'lodash-es';
 import { useAppContext } from 'providers/App/App';
 import { getBaseUrl } from 'utils/basePath';
 
 import styles from './CancelSubscriptionBanner.module.scss';
-import { Color } from '@signozhq/design-tokens';
 
 function CancelSubscriptionBanner(): JSX.Element {
 	const [open, setOpen] = useState(false);
-	const [confirmText, setConfirmText] = useState('');
 	const { user, org } = useAppContext();
 
 	const handleOpenCancelDialog = (): void => {
@@ -55,12 +53,6 @@ function CancelSubscriptionBanner(): JSX.Element {
 		link.href = `mailto:cloud-support@signoz.io?subject=${subject}&body=${body}`;
 		link.click();
 		setOpen(false);
-		setConfirmText('');
-	};
-
-	const handleClose = (): void => {
-		setOpen(false);
-		setConfirmText('');
 	};
 
 	const footer = (
@@ -68,19 +60,12 @@ function CancelSubscriptionBanner(): JSX.Element {
 			<Button
 				variant="solid"
 				color="secondary"
-				prefix={<Undo2 size={14} />}
-				onClick={handleClose}
+				onClick={(): void => setOpen(false)}
 			>
-				Go back
+				Keep Subscription
 			</Button>
-			<Button
-				variant="solid"
-				color="destructive"
-				prefix={<X size={14} />}
-				disabled={confirmText !== 'cancel'}
-				onClick={handleContactSupport}
-			>
-				Cancel subscription
+			<Button variant="solid" color="destructive" onClick={handleContactSupport}>
+				Contact Support
 			</Button>
 		</>
 	);
@@ -89,47 +74,30 @@ function CancelSubscriptionBanner(): JSX.Element {
 		<>
 			<div className={styles.banner}>
 				<div className={styles.info}>
-					<div className={styles.titleRow}>
-						<SolidInfoCircle color={Color.BG_SAKURA_500} size={12} />
-						<span className={styles.title}>Cancel your subscription</span>
-					</div>
-					<span className={styles.subtitle}>
-						When you cancel your SigNoz subscription, all your data will be deleted
-						immediately and removed from our servers.
-					</span>
+					<span className={styles.title}>Cancel Subscription</span>
+					<span className={styles.subtitle}>Cancel your SigNoz subscription.</span>
 				</div>
 				<Button
 					variant="solid"
-					color="secondary"
+					color="destructive"
 					prefix={<X size={12} />}
 					onClick={handleOpenCancelDialog}
-					className={styles.cancelButton}
 				>
 					Cancel Subscription
 				</Button>
 			</div>
 			<DialogWrapper
 				open={open}
-				onOpenChange={handleClose}
-				title="Cancel your subscription?"
+				onOpenChange={setOpen}
+				title="Cancel your subscription"
 				width="narrow"
 				showCloseButton={false}
 				footer={footer}
 			>
-				<div className={styles.dialogBody}>
-					<p className={styles.dialogDescription}>
-						Cancelling your subscription would stop your data from being ingested to
-						SigNoz. All the data that has been already sent will also be deleted.
-					</p>
-					<p className={styles.dialogConfirmLabel}>
-						Type <code>cancel</code> to confirm the cancellation.
-					</p>
-					<Input
-						placeholder="Enter the word cancel..."
-						value={confirmText}
-						onChange={(e): void => setConfirmText(e.target.value)}
-					/>
-				</div>
+				<p className={styles.dialogBody}>
+					To cancel your SigNoz subscription, please reach out to our support team.
+					We&apos;ll be happy to assist you.
+				</p>
 			</DialogWrapper>
 		</>
 	);

frontend/src/container/DashboardContainer/DashboardSettings/General/GeneralSettings.module.scss

@@ -1,190 +0,0 @@
-.overviewContent {
-	display: flex;
-	flex-direction: column;
-	gap: 16px;
-}
-
-.overviewSettings {
-	border-radius: 3px;
-	border: 1px solid var(--l1-border);
-	padding: 16px !important;
-}
-
-.crossPanelSyncGroup {
-	display: flex;
-	flex-direction: column;
-	gap: 16px;
-}
-
-.crossPanelSyncSectionTitle {
-	color: var(--l1-foreground);
-	font-family: Inter;
-	font-size: 14px;
-	font-weight: 500;
-	line-height: 20px;
-}
-
-.crossPanelSyncRow {
-	display: flex;
-	flex-direction: row;
-	justify-content: space-between;
-	align-items: center;
-	gap: 16px;
-
-	& + & {
-		padding-top: 16px;
-		border-top: 1px solid var(--l1-border);
-	}
-}
-
-.crossPanelSyncInfo {
-	display: flex;
-	flex-direction: column;
-	gap: 4px;
-}
-
-.crossPanelSyncTitle {
-	color: var(--l2-foreground);
-	font-family: Inter;
-	font-size: 14px;
-	font-weight: 400;
-	line-height: 20px;
-}
-
-.crossPanelSyncDescription {
-	color: var(--l3-foreground);
-	font-family: Inter;
-	font-size: 13px;
-	font-weight: 400;
-	line-height: 20px;
-}
-
-.nameIconInput {
-	display: flex;
-}
-
-.dashboardImageInput {
-	:global(.ant-select-selector) {
-		display: flex;
-		width: 32px;
-		height: 32px;
-		padding: 6px;
-		justify-content: center;
-		align-items: center;
-		border-radius: 2px 0px 0px 2px;
-		border: 1px solid var(--l1-border) !important;
-		background: var(--l3-background) !important;
-
-		:global(.ant-select-selection-item) {
-			display: flex;
-			align-items: center;
-		}
-	}
-
-	&:global(.ant-select-dropdown) {
-		padding: 0px !important;
-	}
-
-	:global(.ant-select-item) {
-		padding: 0px;
-		align-items: center;
-		justify-content: center;
-
-		:global(.ant-select-item-option-content) {
-			display: flex;
-			align-items: center;
-			justify-content: center;
-		}
-	}
-}
-
-.listItemImage {
-	height: 16px;
-	width: 16px;
-}
-
-.dashboardNameInput {
-	border-radius: 0px 2px 2px 0px;
-	border: 1px solid var(--l1-border);
-	background: var(--l3-background);
-}
-
-.dashboardName {
-	color: var(--l2-foreground);
-	font-family: Inter;
-	font-size: 14px;
-	font-style: normal;
-	font-weight: 400;
-	line-height: 20px;
-	margin-bottom: 0.5rem;
-}
-
-.descriptionTextArea {
-	padding: 6px 6px 6px 8px;
-	border-radius: 2px;
-	border: 1px solid var(--l1-border);
-	background: var(--l3-background);
-}
-
-.overviewSettingsFooter {
-	display: flex;
-	justify-content: space-between;
-	align-items: center;
-	width: -webkit-fill-available;
-	padding: 12px 16px 12px 0px;
-	position: fixed;
-	bottom: 0;
-	height: 32px;
-	border-top: 1px solid var(--l1-border);
-	background: var(--l2-background);
-}
-
-.unsaved {
-	display: flex;
-	align-items: center;
-	gap: 8px;
-}
-
-.unsavedDot {
-	width: 6px;
-	height: 6px;
-	border-radius: 50px;
-	background: var(--primary-background);
-	box-shadow: 0px 0px 6px 0px
-		color-mix(in srgb, var(--primary-background) 40%, transparent);
-}
-
-.unsavedChanges {
-	color: var(--bg-robin-400);
-	font-family: Inter;
-	font-size: 14px;
-	font-style: normal;
-	font-weight: 400;
-	line-height: 24px;
-	letter-spacing: -0.07px;
-}
-
-.footerActionBtns {
-	display: flex;
-	gap: 8px;
-}
-
-.discardBtn {
-	margin: '16px 0';
-	color: var(--l1-foreground);
-	font-family: Inter;
-	font-size: 12px;
-	font-style: normal;
-	font-weight: 500;
-	line-height: 24px;
-}
-
-.saveBtn {
-	margin: 0px !important;
-	color: var(--l1-foreground);
-	font-family: Inter;
-	font-size: 12px;
-	font-style: normal;
-	font-weight: 500;
-	line-height: 24px;
-}

frontend/src/container/DashboardContainer/DashboardSettings/General/GeneralSettings.styles.scss

@@ -0,0 +1,143 @@
+.overview-content {
+	display: flex;
+	flex-direction: column;
+
+	.overview-settings {
+		border-radius: 3px;
+		border: 1px solid var(--l1-border);
+		padding: 16px !important;
+
+		.name-icon-input {
+			display: flex;
+			.dashboard-image-input {
+				.ant-select-selector {
+					display: flex;
+					width: 32px;
+					height: 32px;
+					padding: 6px;
+					justify-content: center;
+					align-items: center;
+					border-radius: 2px 0px 0px 2px;
+					border: 1px solid var(--l1-border);
+					background: var(--l3-background);
+
+					.ant-select-selection-item {
+						display: flex;
+						align-items: center;
+
+						.list-item-image {
+							height: 16px;
+							width: 16px;
+						}
+					}
+				}
+			}
+
+			.dashboard-name-input {
+				border-radius: 0px 2px 2px 0px;
+				border: 1px solid var(--l1-border);
+				background: var(--l3-background);
+			}
+		}
+
+		.dashboard-name {
+			color: var(--l2-foreground);
+			font-family: Inter;
+			font-size: 14px;
+			font-style: normal;
+			font-weight: 400;
+			line-height: 20px; /* 142.857% */
+		}
+
+		.description-text-area {
+			padding: 6px 6px 6px 8px;
+			border-radius: 2px;
+			border: 1px solid var(--l1-border);
+			background: var(--l3-background);
+		}
+	}
+
+	.overview-settings-footer {
+		display: flex;
+		justify-content: space-between;
+		align-items: center;
+		width: -webkit-fill-available;
+		padding: 12px 16px 12px 0px;
+		position: fixed;
+		bottom: 0;
+		height: 32px;
+		border-top: 1px solid var(--l1-border);
+		background: var(--l2-background);
+
+		.unsaved {
+			display: flex;
+			align-items: center;
+			gap: 8px;
+
+			.unsaved-dot {
+				width: 6px;
+				height: 6px;
+				border-radius: 50px;
+				background: var(--primary-background);
+				box-shadow: 0px 0px 6px 0px
+					color-mix(in srgb, var(--primary-background) 40%, transparent);
+			}
+			.unsaved-changes {
+				color: var(--bg-robin-400);
+				font-family: Inter;
+				font-size: 14px;
+				font-style: normal;
+				font-weight: 400;
+				line-height: 24px; /* 171.429% */
+				letter-spacing: -0.07px;
+			}
+		}
+		.footer-action-btns {
+			display: flex;
+			gap: 8px;
+
+			.discard-btn {
+				margin: '16px 0';
+				color: var(--l1-foreground);
+				font-family: Inter;
+				font-size: 12px;
+				font-style: normal;
+				font-weight: 500;
+				line-height: 24px;
+			}
+
+			.save-btn {
+				margin: 0px !important;
+				color: var(--l1-foreground);
+				font-family: Inter;
+				font-size: 12px;
+				font-style: normal;
+				font-weight: 500;
+				line-height: 24px;
+			}
+		}
+	}
+}
+
+.dashboard-image-input {
+	&.ant-select-dropdown {
+		padding: 0px !important;
+	}
+
+	.ant-select-item {
+		padding: 0px;
+		align-items: center;
+		justify-content: center;
+
+		.ant-select-item-option-content {
+			display: flex;
+			align-items: center;
+			justify-content: center;
+
+			.list-item-image {
+				height: 16px;
+				width: 16px;
+			}
+		}
+	}
+}

frontend/src/container/DashboardContainer/DashboardSettings/General/index.tsx

@@ -1,24 +1,16 @@
 import { useEffect, useState } from 'react';
 import { useTranslation } from 'react-i18next';
-import { Col, Input, Radio, Select, Space, Typography } from 'antd';
+import { Col, Input, Select, Space, Typography } from 'antd';
 import AddTags from 'container/DashboardContainer/DashboardSettings/General/AddTags';
-import { useDashboardCursorSyncMode } from 'hooks/dashboard/useDashboardCursorSyncMode';
-import { useSyncTooltipFilterMode } from 'hooks/dashboard/useSyncTooltipFilterMode';
 import { useUpdateDashboard } from 'hooks/dashboard/useUpdateDashboard';
-import {
-	DashboardCursorSync,
-	SyncTooltipFilterMode,
-} from 'lib/uPlotV2/plugins/TooltipPlugin/types';
 import { isEqual } from 'lodash-es';
 import { Check, X } from 'lucide-react';
 import { useDashboardStore } from 'providers/Dashboard/store/useDashboardStore';
 
-import styles from './GeneralSettings.module.scss';
 import { Button } from './styles';
 import { Base64Icons } from './utils';
-import logEvent from 'api/common/logEvent';
-import { Events } from 'constants/events';
-import { getAbsoluteUrl } from 'utils/basePath';
+
+import './GeneralSettings.styles.scss';
 
 const { Option } = Select;
 
@@ -27,13 +19,6 @@ function GeneralDashboardSettings(): JSX.Element {
 
 	const updateDashboardMutation = useUpdateDashboard();
 
-	const [cursorSyncMode, setCursorSyncMode] = useDashboardCursorSyncMode(
-		dashboardData?.id,
-	);
-
-	const [syncTooltipFilterMode, setSyncTooltipFilterMode] =
-		useSyncTooltipFilterMode(dashboardData?.id);
-
 	const selectedData = dashboardData?.data;
 
 	const {
@@ -115,8 +100,8 @@ function GeneralDashboardSettings(): JSX.Element {
 	};
 
 	return (
-		<div className={styles.overviewContent}>
-			<Col className={styles.overviewSettings}>
+		<div className="overview-content">
+			<Col className="overview-settings">
 				<Space
 					direction="vertical"
 					style={{
@@ -127,29 +112,27 @@ function GeneralDashboardSettings(): JSX.Element {
 					}}
 				>
 					<div>
-						<Typography className={styles.dashboardName}>Dashboard Name</Typography>
-						<section className={styles.nameIconInput}>
+						<Typography style={{ marginBottom: '0.5rem' }} className="dashboard-name">
+							Dashboard Name
+						</Typography>
+						<section className="name-icon-input">
 							<Select
 								defaultActiveFirstOption
 								data-testid="dashboard-image"
 								suffixIcon={null}
-								rootClassName={styles.dashboardImageInput}
+								rootClassName="dashboard-image-input"
 								value={updatedImage}
 								onChange={(value: string): void => setUpdatedImage(value)}
 							>
 								{Base64Icons.map((icon) => (
 									<Option value={icon} key={icon}>
-										<img
-											src={icon}
-											alt="dashboard-icon"
-											className={styles.listItemImage}
-										/>
+										<img src={icon} alt="dashboard-icon" className="list-item-image" />
 									</Option>
 								))}
 							</Select>
 							<Input
 								data-testid="dashboard-name"
-								className={styles.dashboardNameInput}
+								className="dashboard-name-input"
 								value={updatedTitle}
 								onChange={(e): void => setUpdatedTitle(e.target.value)}
 							/>
@@ -157,92 +140,41 @@ function GeneralDashboardSettings(): JSX.Element {
 					</div>
 
 					<div>
-						<Typography className={styles.dashboardName}>Description</Typography>
+						<Typography style={{ marginBottom: '0.5rem' }} className="dashboard-name">
+							Description
+						</Typography>
 						<Input.TextArea
 							data-testid="dashboard-desc"
 							rows={6}
 							value={updatedDescription}
-							className={styles.descriptionTextArea}
+							className="description-text-area"
 							onChange={(e): void => setUpdatedDescription(e.target.value)}
 						/>
 					</div>
 					<div>
-						<Typography className={styles.dashboardName}>Tags</Typography>
+						<Typography style={{ marginBottom: '0.5rem' }} className="dashboard-name">
+							Tags
+						</Typography>
 						<AddTags tags={updatedTags} setTags={setUpdatedTags} />
 					</div>
 				</Space>
 			</Col>
-			<Col className={`${styles.overviewSettings} ${styles.crossPanelSyncGroup}`}>
-				<Typography.Text className={styles.crossPanelSyncSectionTitle}>
-					Cross-Panel Sync
-				</Typography.Text>
-				<div className={styles.crossPanelSyncRow}>
-					<div className={styles.crossPanelSyncInfo}>
-						<Typography.Text className={styles.crossPanelSyncTitle}>
-							Sync Mode
-						</Typography.Text>
-						<Typography.Text className={styles.crossPanelSyncDescription}>
-							Sync crosshair and tooltip across all the dashboard panels
-						</Typography.Text>
-					</div>
-					<Radio.Group
-						value={cursorSyncMode}
-						onChange={(e): void => {
-							setCursorSyncMode(e.target.value as DashboardCursorSync);
-						}}
-					>
-						<Radio.Button value={DashboardCursorSync.None}>No Sync</Radio.Button>
-						<Radio.Button value={DashboardCursorSync.Crosshair}>
-							Crosshair
-						</Radio.Button>
-						<Radio.Button value={DashboardCursorSync.Tooltip}>Tooltip</Radio.Button>
-					</Radio.Group>
-				</div>
-				{cursorSyncMode === DashboardCursorSync.Tooltip && (
-					<div className={styles.crossPanelSyncRow}>
-						<div className={styles.crossPanelSyncInfo}>
-							<Typography.Text className={styles.crossPanelSyncTitle}>
-								Synced Tooltip Series
-							</Typography.Text>
-							<Typography.Text className={styles.crossPanelSyncDescription}>
-								Show only series that intersect on group-by, or every series with the
-								matching ones highlighted
-							</Typography.Text>
-						</div>
-						<Radio.Group
-							value={syncTooltipFilterMode}
-							onChange={(e): void => {
-								logEvent(Events.TOOLTIP_SYNC_MODE_CHANGED, {
-									path: getAbsoluteUrl(window.location.pathname),
-									mode: e.target.value,
-								});
-								setSyncTooltipFilterMode(e.target.value as SyncTooltipFilterMode);
-							}}
-						>
-							<Radio.Button value={SyncTooltipFilterMode.All}>All</Radio.Button>
-							<Radio.Button value={SyncTooltipFilterMode.Filtered}>
-								Filtered
-							</Radio.Button>
-						</Radio.Group>
-					</div>
-				)}
-			</Col>
 			{numberOfUnsavedChanges > 0 && (
-				<div className={styles.overviewSettingsFooter}>
-					<div className={styles.unsaved}>
-						<div className={styles.unsavedDot} />
-						<Typography.Text className={styles.unsavedChanges}>
+				<div className="overview-settings-footer">
+					<div className="unsaved">
+						<div className="unsaved-dot" />
+						<Typography.Text className="unsaved-changes">
 							{numberOfUnsavedChanges} unsaved change
 							{numberOfUnsavedChanges > 1 && 's'}
 						</Typography.Text>
 					</div>
-					<div className={styles.footerActionBtns}>
+					<div className="footer-action-btns">
 						<Button
 							disabled={updateDashboardMutation.isLoading}
 							icon={<X size={14} />}
 							onClick={discardHandler}
 							type="text"
-							className={styles.discardBtn}
+							className="discard-btn"
 						>
 							Discard
 						</Button>
@@ -256,7 +188,7 @@ function GeneralDashboardSettings(): JSX.Element {
 							data-testid="save-dashboard-config"
 							onClick={onSaveHandler}
 							type="primary"
-							className={styles.saveBtn}
+							className="save-btn"
 						>
 							{t('save')}
 						</Button>

frontend/src/container/DashboardContainer/visualization/charts/BarChart/BarChart.tsx

@@ -33,13 +33,11 @@ export default function BarChart(props: BarChartProps): JSX.Element {
 			}
 			const tooltipProps: BarTooltipProps = {
 				...props,
-				id: config.getId(),
 				timezone: rest.timezone,
 				yAxisUnit: rest.yAxisUnit,
 				decimalPrecision: rest.decimalPrecision,
 				isStackedBarChart: isStackedBarChart,
 				canPinTooltip: rest.canPinTooltip,
-				renderTooltipFooter: rest.renderTooltipFooter,
 			};
 			return <BarChartTooltip {...tooltipProps} />;
 		},
@@ -50,7 +48,6 @@ export default function BarChart(props: BarChartProps): JSX.Element {
 			rest.decimalPrecision,
 			isStackedBarChart,
 			rest.canPinTooltip,
-			rest.renderTooltipFooter,
 		],
 	);
 

frontend/src/container/DashboardContainer/visualization/charts/ChartWrapper/ChartWrapper.tsx

@@ -29,12 +29,11 @@ export default function ChartWrapper({
 	onClick,
 	syncMode,
 	syncKey,
-	syncFilterMode,
 	onDestroy = noop,
 	children,
 	layoutChildren,
 	yAxisUnit,
-	groupByPerQuery,
+	groupBy,
 	customTooltip,
 	pinnedTooltipElement,
 	'data-testid': testId,
@@ -70,10 +69,9 @@ export default function ChartWrapper({
 	const syncMetadata = useMemo(
 		() => ({
 			yAxisUnit,
-			groupByPerQuery,
-			filterMode: syncFilterMode,
+			groupBy,
 		}),
-		[yAxisUnit, groupByPerQuery, syncFilterMode],
+		[yAxisUnit, groupBy],
 	);
 
 	return (

frontend/src/container/DashboardContainer/visualization/charts/Histogram/Histogram.tsx

@@ -24,21 +24,13 @@ export default function Histogram(props: HistogramChartProps): JSX.Element {
 			}
 			const tooltipProps: HistogramTooltipProps = {
 				...props,
-				id: rest.config.getId(),
 				yAxisUnit: rest.yAxisUnit,
 				decimalPrecision: rest.decimalPrecision,
 				canPinTooltip: rest.canPinTooltip,
-				renderTooltipFooter: rest.renderTooltipFooter,
 			};
 			return <HistogramTooltip {...tooltipProps} />;
 		},
-		[
-			customTooltip,
-			rest.yAxisUnit,
-			rest.decimalPrecision,
-			rest.canPinTooltip,
-			rest.renderTooltipFooter,
-		],
+		[customTooltip, rest.yAxisUnit, rest.decimalPrecision, rest.canPinTooltip],
 	);
 
 	return (

frontend/src/container/DashboardContainer/visualization/charts/TimeSeries/TimeSeries.tsx

@@ -9,7 +9,7 @@ import {
 import { TimeSeriesChartProps } from '../types';
 
 export default function TimeSeries(props: TimeSeriesChartProps): JSX.Element {
-	const { children, customTooltip, ...rest } = props;
+	const { children, customTooltip, pinnedTooltipElement, ...rest } = props;
 
 	const renderTooltip = useCallback(
 		(props: TooltipRenderArgs): React.ReactNode => {
@@ -18,12 +18,10 @@ export default function TimeSeries(props: TimeSeriesChartProps): JSX.Element {
 			}
 			const tooltipProps: TimeSeriesTooltipProps = {
 				...props,
-				id: rest.config.getId(),
 				timezone: rest.timezone,
 				yAxisUnit: rest.yAxisUnit,
 				decimalPrecision: rest.decimalPrecision,
 				canPinTooltip: rest.canPinTooltip,
-				renderTooltipFooter: rest.renderTooltipFooter,
 			};
 			return <TimeSeriesTooltip {...tooltipProps} />;
 		},
@@ -33,12 +31,15 @@ export default function TimeSeries(props: TimeSeriesChartProps): JSX.Element {
 			rest.yAxisUnit,
 			rest.decimalPrecision,
 			rest.canPinTooltip,
-			rest.renderTooltipFooter,
 		],
 	);
 
 	return (
-		<ChartWrapper {...rest} customTooltip={renderTooltip}>
+		<ChartWrapper
+			{...rest}
+			customTooltip={renderTooltip}
+			pinnedTooltipElement={pinnedTooltipElement}
+		>
 			{children}
 		</ChartWrapper>
 	);

frontend/src/container/DashboardContainer/visualization/charts/types.ts

@@ -1,14 +1,9 @@
 import { Timezone } from 'components/CustomTimePicker/timezoneUtils';
 import { PrecisionOption } from 'components/Graph/types';
-import {
-	IRenderTooltipFooterArgs,
-	LegendConfig,
-	TooltipRenderArgs,
-} from 'lib/uPlotV2/components/types';
+import { LegendConfig, TooltipRenderArgs } from 'lib/uPlotV2/components/types';
 import { UPlotConfigBuilder } from 'lib/uPlotV2/config/UPlotConfigBuilder';
 import {
 	DashboardCursorSync,
-	SyncTooltipFilterMode,
 	TooltipClickData,
 } from 'lib/uPlotV2/plugins/TooltipPlugin/types';
 import { BaseAutocompleteData } from 'types/api/queryBuilder/queryAutocompleteResponse';
@@ -26,7 +21,6 @@ interface BaseChartProps {
 	yAxisUnit?: string;
 	decimalPrecision?: PrecisionOption;
 	pinnedTooltipElement?: (clickData: TooltipClickData) => React.ReactNode;
-	renderTooltipFooter?: (args: IRenderTooltipFooterArgs) => React.ReactNode;
 	customTooltip?: (props: TooltipRenderArgs) => React.ReactNode;
 	'data-testid'?: string;
 }
@@ -36,7 +30,6 @@ interface UPlotBasedChartProps {
 	legendConfig: LegendConfig;
 	syncMode?: DashboardCursorSync;
 	syncKey?: string;
-	syncFilterMode?: SyncTooltipFilterMode;
 	plotRef?: (plot: uPlot | null) => void;
 	onDestroy?: (plot: uPlot) => void;
 	children?: React.ReactNode;
@@ -46,7 +39,7 @@ interface UPlotBasedChartProps {
 interface UPlotChartDataProps {
 	yAxisUnit?: string;
 	decimalPrecision?: PrecisionOption;
-	groupByPerQuery?: Record<string, BaseAutocompleteData[]>;
+	groupBy?: BaseAutocompleteData[];
 }
 
 export interface TimeSeriesChartProps

frontend/src/container/DashboardContainer/visualization/panels/BarPanel/BarPanel.tsx

@@ -1,15 +1,9 @@
 import { useCallback, useEffect, useMemo, useRef, useState } from 'react';
 import { PanelWrapperProps } from 'container/PanelWrapper/panelWrapper.types';
-import { useDashboardCursorSyncMode } from 'hooks/dashboard/useDashboardCursorSyncMode';
-import { useSyncTooltipFilterMode } from 'hooks/dashboard/useSyncTooltipFilterMode';
 import { useIsDarkMode } from 'hooks/useDarkMode';
 import { useResizeObserver } from 'hooks/useDimensions';
-import {
-	IRenderTooltipFooterArgs,
-	LegendPosition,
-} from 'lib/uPlotV2/components/types';
+import { LegendPosition } from 'lib/uPlotV2/components/types';
 import ContextMenu from 'periscope/components/ContextMenu';
-import { useDashboardStore } from 'providers/Dashboard/store/useDashboardStore';
 import { useTimezone } from 'providers/Timezone';
 import uPlot from 'uplot';
 import { getTimeRange } from 'utils/getTimeRange';
@@ -20,7 +14,7 @@ import { usePanelContextMenu } from '../../hooks/usePanelContextMenu';
 import { prepareBarPanelConfig, prepareBarPanelData } from './utils';
 
 import '../Panel.styles.scss';
-import TooltipFooter from '../components/TooltipFooter';
+import get from 'lodash/get';
 
 function BarPanel(props: PanelWrapperProps): JSX.Element {
 	const {
@@ -30,7 +24,6 @@ function BarPanel(props: PanelWrapperProps): JSX.Element {
 		onDragSelect,
 		isFullViewMode,
 		onToggleModelHandler,
-		groupByPerQuery,
 	} = props;
 	const uPlotRef = useRef<uPlot | null>(null);
 	const graphRef = useRef<HTMLDivElement>(null);
@@ -41,10 +34,6 @@ function BarPanel(props: PanelWrapperProps): JSX.Element {
 	const isDarkMode = useIsDarkMode();
 	const { timezone } = useTimezone();
 
-	const dashboardId = useDashboardStore((s) => s.dashboardData?.id);
-	const [syncMode] = useDashboardCursorSyncMode(dashboardId, panelMode);
-	const [syncFilterMode] = useSyncTooltipFilterMode(dashboardId);
-
 	useEffect((): void => {
 		const { startTime, endTime } = getTimeRange(queryResponse);
 
@@ -86,11 +75,6 @@ function BarPanel(props: PanelWrapperProps): JSX.Element {
 		maxTimeScale,
 		timezone,
 		panelMode,
-		// `config` gets mutated by TooltipPlugin (config.setCursor for cursor sync).
-		// Rebuild it on syncMode changes so the new chart instance starts from a
-		// clean config — otherwise switching to "No Sync" would inherit stale sync
-		// settings from the previous mode.
-		syncMode,
 	]);
 
 	const chartData = useMemo(() => {
@@ -130,20 +114,14 @@ function BarPanel(props: PanelWrapperProps): JSX.Element {
 		uPlotRef.current = plot;
 	}, []);
 
-	const renderTooltipFooter = useCallback(
-		({ isPinned, dismiss }: IRenderTooltipFooterArgs) => {
-			return (
-				<TooltipFooter id={widget.id} isPinned={isPinned} dismiss={dismiss} />
-			);
-		},
-		[],
-	);
+	const groupBy = useMemo(() => {
+		return get(widget, 'query.builder.queryData[0].groupBy', []);
+	}, [widget.query]);
 
 	return (
 		<div className="panel-container" ref={graphRef}>
 			{containerDimensions.width > 0 && containerDimensions.height > 0 && (
 				<BarChart
-					key={`${syncMode}-${syncFilterMode}`}
 					config={config}
 					legendConfig={{
 						position: widget?.legendPosition ?? LegendPosition.BOTTOM,
@@ -155,14 +133,11 @@ function BarPanel(props: PanelWrapperProps): JSX.Element {
 					width={containerDimensions.width}
 					height={containerDimensions.height}
 					layoutChildren={layoutChildren}
-					groupByPerQuery={groupByPerQuery}
+					groupBy={groupBy}
 					isStackedBarChart={widget.stackedBarChart ?? false}
 					yAxisUnit={widget.yAxisUnit}
 					decimalPrecision={widget.decimalPrecision}
 					timezone={timezone}
-					syncMode={syncMode}
-					syncFilterMode={syncFilterMode}
-					renderTooltipFooter={renderTooltipFooter}
 				>
 					<ContextMenu
 						coordinates={coordinates}

frontend/src/container/DashboardContainer/visualization/panels/HistogramPanel/HistogramPanel.tsx

@@ -1,11 +1,8 @@
-import { useCallback, useMemo, useRef } from 'react';
+import { useMemo, useRef } from 'react';
 import { PanelWrapperProps } from 'container/PanelWrapper/panelWrapper.types';
 import { useIsDarkMode } from 'hooks/useDarkMode';
 import { useResizeObserver } from 'hooks/useDimensions';
-import {
-	IRenderTooltipFooterArgs,
-	LegendPosition,
-} from 'lib/uPlotV2/components/types';
+import { LegendPosition } from 'lib/uPlotV2/components/types';
 import uPlot from 'uplot';
 
 import Histogram from '../../charts/Histogram/Histogram';
@@ -16,7 +13,6 @@ import {
 } from './utils';
 
 import '../Panel.styles.scss';
-import TooltipFooter from '../components/TooltipFooter';
 
 function HistogramPanel(props: PanelWrapperProps): JSX.Element {
 	const {
@@ -79,20 +75,6 @@ function HistogramPanel(props: PanelWrapperProps): JSX.Element {
 		widget.mergeAllActiveQueries,
 	]);
 
-	const renderTooltipFooter = useCallback(
-		({ isPinned, dismiss }: IRenderTooltipFooterArgs) => {
-			return (
-				<TooltipFooter
-					id={widget.id}
-					isPinned={isPinned}
-					dismiss={dismiss}
-					canDrilldown={false}
-				/>
-			);
-		},
-		[],
-	);
-
 	return (
 		<div className="panel-container" ref={graphRef}>
 			{containerDimensions.width > 0 && containerDimensions.height > 0 && (
@@ -115,7 +97,6 @@ function HistogramPanel(props: PanelWrapperProps): JSX.Element {
 					width={containerDimensions.width}
 					height={containerDimensions.height}
 					layoutChildren={layoutChildren}
-					renderTooltipFooter={renderTooltipFooter}
 				/>
 			)}
 		</div>

frontend/src/container/DashboardContainer/visualization/panels/TimeSeriesPanel/TimeSeriesPanel.tsx

@@ -1,26 +1,20 @@
-import { useCallback, useEffect, useMemo, useRef, useState } from 'react';
+import { useEffect, useMemo, useRef, useState } from 'react';
 import TimeSeries from 'container/DashboardContainer/visualization/charts/TimeSeries/TimeSeries';
 import ChartManager from 'container/DashboardContainer/visualization/components/ChartManager/ChartManager';
 import { usePanelContextMenu } from 'container/DashboardContainer/visualization/hooks/usePanelContextMenu';
 import { PanelWrapperProps } from 'container/PanelWrapper/panelWrapper.types';
-import { useDashboardCursorSyncMode } from 'hooks/dashboard/useDashboardCursorSyncMode';
-import { useSyncTooltipFilterMode } from 'hooks/dashboard/useSyncTooltipFilterMode';
 import { useIsDarkMode } from 'hooks/useDarkMode';
 import { useResizeObserver } from 'hooks/useDimensions';
-import {
-	IRenderTooltipFooterArgs,
-	LegendPosition,
-} from 'lib/uPlotV2/components/types';
+import { LegendPosition } from 'lib/uPlotV2/components/types';
 import { ContextMenu } from 'periscope/components/ContextMenu';
-import { useDashboardStore } from 'providers/Dashboard/store/useDashboardStore';
 import { useTimezone } from 'providers/Timezone';
 import uPlot from 'uplot';
 import { getTimeRange } from 'utils/getTimeRange';
+import get from 'lodash/get';
 
 import { prepareChartData, prepareUPlotConfig } from '../TimeSeriesPanel/utils';
 
 import '../Panel.styles.scss';
-import TooltipFooter from '../components/TooltipFooter';
 
 function TimeSeriesPanel(props: PanelWrapperProps): JSX.Element {
 	const {
@@ -30,7 +24,6 @@ function TimeSeriesPanel(props: PanelWrapperProps): JSX.Element {
 		onDragSelect,
 		isFullViewMode,
 		onToggleModelHandler,
-		groupByPerQuery,
 	} = props;
 	const graphRef = useRef<HTMLDivElement>(null);
 	const [minTimeScale, setMinTimeScale] = useState<number>();
@@ -40,10 +33,6 @@ function TimeSeriesPanel(props: PanelWrapperProps): JSX.Element {
 	const isDarkMode = useIsDarkMode();
 	const { timezone } = useTimezone();
 
-	const dashboardId = useDashboardStore((s) => s.dashboardData?.id);
-	const [syncMode] = useDashboardCursorSyncMode(dashboardId, panelMode);
-	const [syncFilterMode] = useSyncTooltipFilterMode(dashboardId);
-
 	useEffect((): void => {
 		const { startTime, endTime } = getTimeRange(queryResponse);
 
@@ -92,11 +81,6 @@ function TimeSeriesPanel(props: PanelWrapperProps): JSX.Element {
 		minTimeScale,
 		maxTimeScale,
 		timezone,
-		// `config` gets mutated by TooltipPlugin (config.setCursor for cursor sync).
-		// Rebuild it on syncMode changes so the new chart instance starts from a
-		// clean config — otherwise switching to "No Sync" would inherit stale sync
-		// settings from the previous mode.
-		syncMode,
 	]);
 
 	const layoutChildren = useMemo(() => {
@@ -121,20 +105,14 @@ function TimeSeriesPanel(props: PanelWrapperProps): JSX.Element {
 		widget.decimalPrecision,
 	]);
 
-	const renderTooltipFooter = useCallback(
-		({ isPinned, dismiss }: IRenderTooltipFooterArgs) => {
-			return (
-				<TooltipFooter id={widget.id} isPinned={isPinned} dismiss={dismiss} />
-			);
-		},
-		[],
-	);
+	const groupBy = useMemo(() => {
+		return get(widget, 'query.builder.queryData[0].groupBy', []);
+	}, [widget.query]);
 
 	return (
 		<div className="panel-container" ref={graphRef}>
 			{containerDimensions.width > 0 && containerDimensions.height > 0 && (
 				<TimeSeries
-					key={`${syncMode}-${syncFilterMode}`}
 					config={config}
 					legendConfig={{
 						position: widget?.legendPosition ?? LegendPosition.BOTTOM,
@@ -144,13 +122,10 @@ function TimeSeriesPanel(props: PanelWrapperProps): JSX.Element {
 					yAxisUnit={widget.yAxisUnit}
 					decimalPrecision={widget.decimalPrecision}
 					data={chartData as uPlot.AlignedData}
-					groupByPerQuery={groupByPerQuery}
+					groupBy={groupBy}
 					width={containerDimensions.width}
 					height={containerDimensions.height}
-					syncMode={syncMode}
-					syncFilterMode={syncFilterMode}
 					layoutChildren={layoutChildren}
-					renderTooltipFooter={renderTooltipFooter}
 				>
 					<ContextMenu
 						coordinates={coordinates}

frontend/src/container/DashboardContainer/visualization/panels/components/__tests__/TooltipFooter.test.tsx

@@ -1,93 +0,0 @@
-import { Events } from 'constants/events';
-import { DEFAULT_PIN_TOOLTIP_KEY } from 'lib/uPlotV2/plugins/TooltipPlugin/types';
-import { render, screen, userEvent } from 'tests/test-utils';
-
-import TooltipFooter from '../TooltipFooter';
-
-const mockLogEvent = jest.fn();
-
-jest.mock('api/common/logEvent', () => ({
-	__esModule: true,
-	default: (...args: unknown[]): unknown => mockLogEvent(...args),
-}));
-
-describe('TooltipFooter', () => {
-	const defaultProps = {
-		id: 'panel-123',
-		isPinned: false,
-		dismiss: jest.fn(),
-	};
-
-	describe('when not pinned', () => {
-		it('renders the drilldown and pin hints by default', () => {
-			render(<TooltipFooter {...defaultProps} />);
-
-			expect(screen.getByText('Click to drilldown')).toBeInTheDocument();
-			expect(screen.getByText('to pin the tooltip')).toBeInTheDocument();
-			expect(
-				screen.getByText(DEFAULT_PIN_TOOLTIP_KEY.toUpperCase()),
-			).toBeInTheDocument();
-		});
-
-		it('hides the drilldown hint when canDrilldown is false', () => {
-			render(<TooltipFooter {...defaultProps} canDrilldown={false} />);
-
-			expect(screen.queryByText('Click to drilldown')).not.toBeInTheDocument();
-			expect(screen.getByText('to pin the tooltip')).toBeInTheDocument();
-		});
-
-		it('renders a custom pin key in uppercase', () => {
-			render(<TooltipFooter {...defaultProps} pinKey="x" />);
-
-			expect(screen.getByText('X')).toBeInTheDocument();
-		});
-
-		it('does not render the unpin button', () => {
-			render(<TooltipFooter {...defaultProps} />);
-
-			expect(screen.queryByTestId('uplot-tooltip-unpin')).not.toBeInTheDocument();
-		});
-	});
-
-	describe('when pinned', () => {
-		it('renders the unpin hint with pin key and Esc', () => {
-			render(<TooltipFooter {...defaultProps} isPinned />);
-
-			expect(screen.getByText('to unpin')).toBeInTheDocument();
-			expect(
-				screen.getByText(DEFAULT_PIN_TOOLTIP_KEY.toUpperCase()),
-			).toBeInTheDocument();
-			expect(screen.getByText('Esc')).toBeInTheDocument();
-		});
-
-		it('renders the unpin button', () => {
-			render(<TooltipFooter {...defaultProps} isPinned />);
-
-			expect(screen.getByTestId('uplot-tooltip-unpin')).toBeInTheDocument();
-			expect(
-				screen.getByRole('button', { name: /unpin tooltip/i }),
-			).toBeInTheDocument();
-		});
-
-		it('hides the drilldown and pin-instruction hints', () => {
-			render(<TooltipFooter {...defaultProps} isPinned />);
-
-			expect(screen.queryByText('Click to drilldown')).not.toBeInTheDocument();
-			expect(screen.queryByText('to pin the tooltip')).not.toBeInTheDocument();
-		});
-
-		it('calls dismiss and logs the unpin event when the unpin button is clicked', async () => {
-			const user = userEvent.setup({ pointerEventsCheck: 0 });
-			const dismiss = jest.fn();
-
-			render(<TooltipFooter {...defaultProps} dismiss={dismiss} isPinned />);
-
-			await user.click(screen.getByTestId('uplot-tooltip-unpin'));
-
-			expect(mockLogEvent).toHaveBeenCalledWith(Events.TOOLTIP_UNPINNED, {
-				id: 'panel-123',
-			});
-			expect(dismiss).toHaveBeenCalledTimes(1);
-		});
-	});
-});

frontend/src/container/Home/Home.tsx

@@ -3,7 +3,7 @@ import React, { useCallback, useEffect, useState } from 'react';
 import { useMutation, useQuery } from 'react-query';
 import { Color } from '@signozhq/design-tokens';
 import { Compass, Dot, House, Plus, Wrench } from '@signozhq/icons';
-import { Button } from '@signozhq/ui';
+import { Button, PersistedAnnouncementBanner } from '@signozhq/ui';
 import { Popover } from 'antd';
 import logEvent from 'api/common/logEvent';
 import { useGetMetricsOnboardingStatus } from 'api/generated/services/metrics';
@@ -11,6 +11,7 @@ import listUserPreferences from 'api/v1/user/preferences/list';
 import updateUserPreferenceAPI from 'api/v1/user/preferences/name/update';
 import Header from 'components/Header/Header';
 import { ENTITY_VERSION_V5 } from 'constants/app';
+import { LOCALSTORAGE } from 'constants/localStorage';
 import { ORG_PREFERENCES } from 'constants/orgPreferences';
 import { initialQueriesMap, PANEL_TYPES } from 'constants/queryBuilder';
 import { REACT_QUERY_KEY } from 'constants/reactQueryKeys';
@@ -270,6 +271,23 @@ export default function Home(): JSX.Element {
 
 	return (
 		<div className="home-container">
+			{user?.role === USER_ROLES.ADMIN && (
+				<PersistedAnnouncementBanner
+					type="info"
+					storageKey={LOCALSTORAGE.DISMISSED_API_KEYS_DEPRECATION_BANNER}
+					action={{
+						label: 'Go to Service Accounts',
+						onClick: (): void => history.push(ROUTES.SERVICE_ACCOUNTS_SETTINGS),
+					}}
+				>
+					<>
+						<strong>API keys</strong> have been deprecated in favour of{' '}
+						<strong>Service accounts</strong>. The existing API Keys have been
+						migrated to service accounts.
+					</>
+				</PersistedAnnouncementBanner>
+			)}
+
 			<div className="sticky-header">
 				<Header
 					leftComponent={

frontend/src/container/PanelWrapper/PanelWrapper.tsx

@@ -1,6 +1,5 @@
-import { FC, useMemo } from 'react';
+import { FC } from 'react';
 import Spinner from 'components/Spinner';
-import { BaseAutocompleteData } from 'types/api/queryBuilder/queryAutocompleteResponse';
 
 import { PanelTypeVsPanelWrapper } from './constants';
 import { PanelWrapperProps } from './panelWrapper.types';
@@ -31,20 +30,6 @@ function PanelWrapper({
 		selectedGraph || widget.panelTypes
 	] as FC<PanelWrapperProps>;
 
-	const groupByPerQuery = useMemo<Record<string, BaseAutocompleteData[]>>(() => {
-		if (!widget.query.builder) {
-			return {};
-		}
-		const { queryData } = widget.query.builder;
-		return queryData.reduce<Record<string, BaseAutocompleteData[]>>(
-			(acc, query) => {
-				acc[query.queryName] = query.groupBy ?? [];
-				return acc;
-			},
-			{},
-		);
-	}, [widget]);
-
 	if (!Component) {
 		return <></>;
 	}
@@ -75,7 +60,6 @@ function PanelWrapper({
 			customSeries={customSeries}
 			enableDrillDown={enableDrillDown}
 			onColumnWidthsChange={onColumnWidthsChange}
-			groupByPerQuery={groupByPerQuery}
 		/>
 	);
 }

frontend/src/container/PanelWrapper/panelWrapper.types.ts

@@ -5,7 +5,6 @@ import { PanelMode } from 'container/DashboardContainer/visualization/panels/typ
 import { WidgetGraphComponentProps } from 'container/GridCardLayout/GridCard/types';
 import { RowData } from 'lib/query/createTableColumnsFromQuery';
 import { OnClickPluginOpts } from 'lib/uPlotLib/plugins/onClickPlugin';
-import { BaseAutocompleteData } from 'types/api/queryBuilder/queryAutocompleteResponse';
 import { Widgets } from 'types/api/dashboard/getAll';
 import { MetricQueryRangeSuccessResponse } from 'types/api/metrics/getQueryRange';
 import { QueryData } from 'types/api/widgets/getQuery';
@@ -31,7 +30,6 @@ export type PanelWrapperProps = {
 	enableDrillDown?: boolean;
 	panelMode: PanelMode;
 	onColumnWidthsChange?: (widths: Record<string, number>) => void;
-	groupByPerQuery?: Record<string, BaseAutocompleteData[]>;
 };
 
 export type TooltipData = {

frontend/src/container/RolesSettings/RoleDetails/RoleDetailsPage.tsx

@@ -4,6 +4,7 @@ import { useHistory, useLocation } from 'react-router-dom';
 import { Table2, Trash2, Users } from '@signozhq/icons';
 import { Button, toast, ToggleGroup, ToggleGroupItem } from '@signozhq/ui';
 import { Skeleton } from 'antd';
+import { useAuthzResources } from 'api/generated/services/authz';
 import {
 	getGetObjectsQueryKey,
 	useDeleteRole,
@@ -11,9 +12,6 @@ import {
 	useGetRole,
 	usePatchObjects,
 } from 'api/generated/services/role';
-import permissionsType from 'hooks/useAuthZ/permissions.type';
-
-import type { AuthzResources } from '../utils';
 import ErrorInPlace from 'components/ErrorInPlace/ErrorInPlace';
 import ROUTES from 'constants/routes';
 import { capitalize } from 'lodash-es';
@@ -54,7 +52,10 @@ function RoleDetailsPage(): JSX.Element {
 	const queryClient = useQueryClient();
 	const { showErrorModal } = useErrorModal();
 
-	const authzResources = permissionsType.data as unknown as AuthzResources;
+	const { data: authzResourcesResponse } = useAuthzResources({
+		query: { enabled: true },
+	});
+	const authzResources = authzResourcesResponse?.data ?? null;
 
 	// Extract channelId from URL pathname since useParams doesn't work in nested routing
 	const roleIdMatch = pathname.match(ROLE_ID_REGEX);
@@ -93,7 +94,7 @@ function RoleDetailsPage(): JSX.Element {
 
 	const initialConfig = useMemo(() => {
 		if (!objectsData?.data || !activePermission) {
-			return;
+			return undefined;
 		}
 		return objectsToPermissionConfig(
 			objectsData.data,

frontend/src/container/RolesSettings/RoleDetails/__tests__/RoleDetailsPage.test.tsx

@@ -15,6 +15,15 @@ const CUSTOM_ROLE_ID = '019c24aa-3333-0001-aaaa-111111111111';
 const MANAGED_ROLE_ID = '019c24aa-2248-756f-9833-984f1ab63819';
 
 const rolesApiBase = 'http://localhost/api/v1/roles';
+const authzResourcesUrl = 'http://localhost/api/v1/authz/resources';
+
+const authzResourcesResponse = {
+	status: 'success',
+	data: {
+		relations: { create: ['dashboard'], read: ['dashboard'] },
+		resources: [{ name: 'dashboard', type: 'dashboard' }],
+	},
+};
 
 const emptyObjectsResponse = { status: 'success', data: [] };
 
@@ -36,6 +45,9 @@ function setupDefaultHandlers(roleId = CUSTOM_ROLE_ID): void {
 		rest.get(`${rolesApiBase}/:id`, (_req, res, ctx) =>
 			res(ctx.status(200), ctx.json(roleResponse)),
 		),
+		rest.get(authzResourcesUrl, (_req, res, ctx) =>
+			res(ctx.status(200), ctx.json(authzResourcesResponse)),
+		),
 	);
 }
 

frontend/src/container/RolesSettings/__tests__/utils.test.ts

@@ -1,18 +1,12 @@
 import type {
-	CoretypesResourceRefDTO,
-	CoretypesObjectGroupDTO,
-	CoretypesTypeDTO,
+	AuthtypesGettableObjectsDTO,
+	AuthtypesGettableResourcesDTO,
 } from 'api/generated/services/sigNoz.schemas';
 
 import type {
 	PermissionConfig,
 	ResourceDefinition,
 } from '../PermissionSidePanel/PermissionSidePanel.types';
-
-type AuthzResources = {
-	resources: CoretypesResourceRefDTO[];
-	relations: Record<string, string[]>;
-};
 import { PermissionScope } from '../PermissionSidePanel/PermissionSidePanel.types';
 import {
 	buildConfig,
@@ -39,17 +33,17 @@ jest.mock('../RoleDetails/constants', () => {
 	};
 });
 
-const dashboardResource: AuthzResources['resources'][number] = {
-	kind: 'dashboard',
-	type: 'metaresource' as CoretypesTypeDTO,
+const dashboardResource: AuthtypesGettableResourcesDTO['resources'][number] = {
+	name: 'dashboard',
+	type: 'metaresource',
 };
 
-const alertResource: AuthzResources['resources'][number] = {
-	kind: 'alert',
-	type: 'metaresource' as CoretypesTypeDTO,
+const alertResource: AuthtypesGettableResourcesDTO['resources'][number] = {
+	name: 'alert',
+	type: 'metaresource',
 };
 
-const baseAuthzResources: AuthzResources = {
+const baseAuthzResources: AuthtypesGettableResourcesDTO = {
 	resources: [dashboardResource, alertResource],
 	relations: {
 		create: ['metaresource'],
@@ -226,7 +220,7 @@ describe('buildPatchPayload', () => {
 
 describe('objectsToPermissionConfig', () => {
 	it('maps a wildcard selector to ALL scope', () => {
-		const objects: CoretypesObjectGroupDTO[] = [
+		const objects: AuthtypesGettableObjectsDTO[] = [
 			{ resource: dashboardResource, selectors: ['*'] },
 		];
 
@@ -239,7 +233,7 @@ describe('objectsToPermissionConfig', () => {
 	});
 
 	it('maps specific selectors to ONLY_SELECTED scope with the IDs', () => {
-		const objects: CoretypesObjectGroupDTO[] = [
+		const objects: AuthtypesGettableObjectsDTO[] = [
 			{ resource: dashboardResource, selectors: [ID_A, ID_B] },
 		];
 
@@ -344,7 +338,7 @@ describe('buildConfig', () => {
 
 describe('derivePermissionTypes', () => {
 	it('derives one PermissionType per relation key with correct key and capitalised label', () => {
-		const relations: AuthzResources['relations'] = {
+		const relations: AuthtypesGettableResourcesDTO['relations'] = {
 			create: ['metaresource'],
 			read: ['metaresource'],
 			delete: ['metaresource'],

frontend/src/container/RolesSettings/utils.tsx

@@ -1,8 +1,8 @@
 import React from 'react';
 import { Badge } from '@signozhq/ui';
 import type {
-	CoretypesResourceRefDTO,
-	CoretypesObjectGroupDTO,
+	AuthtypesGettableObjectsDTO,
+	AuthtypesGettableResourcesDTO,
 } from 'api/generated/services/sigNoz.schemas';
 import { DATE_TIME_FORMATS } from 'constants/dateTimeFormats';
 import { capitalize } from 'lodash-es';
@@ -19,11 +19,6 @@ import {
 	PERMISSION_ICON_MAP,
 } from './RoleDetails/constants';
 
-export type AuthzResources = {
-	resources: ReadonlyArray<CoretypesResourceRefDTO>;
-	relations: Readonly<Record<string, ReadonlyArray<string>>>;
-};
-
 export interface PermissionType {
 	key: string;
 	label: string;
@@ -34,11 +29,11 @@ export interface PatchPayloadOptions {
 	newConfig: PermissionConfig;
 	initialConfig: PermissionConfig;
 	resources: ResourceDefinition[];
-	authzRes: AuthzResources;
+	authzRes: AuthtypesGettableResourcesDTO;
 }
 
 export function derivePermissionTypes(
-	relations: AuthzResources['relations'] | null,
+	relations: AuthtypesGettableResourcesDTO['relations'] | null,
 ): PermissionType[] {
 	const iconSize = { size: 14 };
 
@@ -60,7 +55,7 @@ export function derivePermissionTypes(
 }
 
 export function deriveResourcesForRelation(
-	authzResources: AuthzResources | null,
+	authzResources: AuthtypesGettableResourcesDTO | null,
 	relation: string,
 ): ResourceDefinition[] {
 	if (!authzResources?.relations) {
@@ -70,19 +65,19 @@ export function deriveResourcesForRelation(
 	return authzResources.resources
 		.filter((r) => supportedTypes.includes(r.type))
 		.map((r) => ({
-			id: r.kind,
-			label: capitalize(r.kind).replaceAll('_', ' '),
+			id: r.name,
+			label: capitalize(r.name).replace(/_/g, ' '),
 			options: [],
 		}));
 }
 
 export function objectsToPermissionConfig(
-	objects: CoretypesObjectGroupDTO[],
+	objects: AuthtypesGettableObjectsDTO[],
 	resources: ResourceDefinition[],
 ): PermissionConfig {
 	const config: PermissionConfig = {};
 	for (const res of resources) {
-		const obj = objects.find((o) => o.resource.kind === res.id);
+		const obj = objects.find((o) => o.resource.name === res.id);
 		if (!obj) {
 			config[res.id] = {
 				scope: PermissionScope.ONLY_SELECTED,
@@ -106,19 +101,19 @@ export function buildPatchPayload({
 	resources,
 	authzRes,
 }: PatchPayloadOptions): {
-	additions: CoretypesObjectGroupDTO[] | null;
-	deletions: CoretypesObjectGroupDTO[] | null;
+	additions: AuthtypesGettableObjectsDTO[] | null;
+	deletions: AuthtypesGettableObjectsDTO[] | null;
 } {
 	if (!authzRes) {
 		return { additions: null, deletions: null };
 	}
-	const additions: CoretypesObjectGroupDTO[] = [];
-	const deletions: CoretypesObjectGroupDTO[] = [];
+	const additions: AuthtypesGettableObjectsDTO[] = [];
+	const deletions: AuthtypesGettableObjectsDTO[] = [];
 
 	for (const res of resources) {
 		const initial = initialConfig[res.id];
 		const current = newConfig[res.id];
-		const resourceDef = authzRes.resources.find((r) => r.kind === res.id);
+		const resourceDef = authzRes.resources.find((r) => r.name === res.id);
 		if (!resourceDef) {
 			continue;
 		}

frontend/src/hooks/dashboard/__test__/useDashboardCursorSyncMode.test.ts

@@ -1,150 +0,0 @@
-import { act, renderHook } from '@testing-library/react';
-import { LOCALSTORAGE } from 'constants/localStorage';
-import { PanelMode } from 'container/DashboardContainer/visualization/panels/types';
-import { DashboardCursorSync } from 'lib/uPlotV2/plugins/TooltipPlugin/types';
-
-import { useDashboardCursorSyncMode } from '../useDashboardCursorSyncMode';
-import { useDashboardPreferencesStore } from '../useDashboardPreference';
-
-const STORAGE_KEY = LOCALSTORAGE.DASHBOARD_PREFERENCES;
-
-describe('useDashboardCursorSyncMode', () => {
-	beforeEach(() => {
-		useDashboardPreferencesStore.setState({ preferences: {} });
-		localStorage.removeItem(STORAGE_KEY);
-	});
-
-	describe('in DASHBOARD_VIEW mode', () => {
-		it('uses Crosshair as the default cursor sync mode', () => {
-			const { result } = renderHook(() =>
-				useDashboardCursorSyncMode('dash-1', PanelMode.DASHBOARD_VIEW),
-			);
-
-			expect(result.current[0]).toBe(DashboardCursorSync.Crosshair);
-		});
-
-		it('reads the stored cursor sync mode for the dashboard', () => {
-			useDashboardPreferencesStore.setState({
-				preferences: { 'dash-1': { cursorSyncMode: DashboardCursorSync.Tooltip } },
-			});
-
-			const { result } = renderHook(() =>
-				useDashboardCursorSyncMode('dash-1', PanelMode.DASHBOARD_VIEW),
-			);
-
-			expect(result.current[0]).toBe(DashboardCursorSync.Tooltip);
-		});
-
-		it('writes the value under the cursorSyncMode key in the store', () => {
-			const { result } = renderHook(() =>
-				useDashboardCursorSyncMode('dash-1', PanelMode.DASHBOARD_VIEW),
-			);
-
-			act(() => {
-				result.current[1](DashboardCursorSync.None);
-			});
-
-			expect(result.current[0]).toBe(DashboardCursorSync.None);
-			expect(useDashboardPreferencesStore.getState().preferences).toStrictEqual({
-				'dash-1': { cursorSyncMode: DashboardCursorSync.None },
-			});
-		});
-
-		it('persists the value to localStorage', () => {
-			const { result } = renderHook(() =>
-				useDashboardCursorSyncMode('dash-1', PanelMode.DASHBOARD_VIEW),
-			);
-
-			act(() => {
-				result.current[1](DashboardCursorSync.None);
-			});
-
-			const persisted = JSON.parse(localStorage.getItem(STORAGE_KEY) ?? '{}');
-			expect(persisted.state.preferences).toStrictEqual({
-				'dash-1': { cursorSyncMode: DashboardCursorSync.None },
-			});
-		});
-
-		it('returns the default when dashboardId is undefined', () => {
-			const { result } = renderHook(() =>
-				useDashboardCursorSyncMode(undefined, PanelMode.DASHBOARD_VIEW),
-			);
-
-			expect(result.current[0]).toBe(DashboardCursorSync.Crosshair);
-		});
-
-		it('treats the setter as a no-op when dashboardId is undefined', () => {
-			const { result } = renderHook(() =>
-				useDashboardCursorSyncMode(undefined, PanelMode.DASHBOARD_VIEW),
-			);
-
-			act(() => {
-				result.current[1](DashboardCursorSync.Tooltip);
-			});
-
-			expect(useDashboardPreferencesStore.getState().preferences).toStrictEqual(
-				{},
-			);
-			expect(localStorage.getItem(STORAGE_KEY)).toBeNull();
-			expect(result.current[0]).toBe(DashboardCursorSync.Crosshair);
-		});
-	});
-
-	describe('without a panelMode (e.g. dashboard settings call site)', () => {
-		it('reads the stored value just like DASHBOARD_VIEW does', () => {
-			useDashboardPreferencesStore.setState({
-				preferences: { 'dash-1': { cursorSyncMode: DashboardCursorSync.Tooltip } },
-			});
-
-			const { result } = renderHook(() => useDashboardCursorSyncMode('dash-1'));
-
-			expect(result.current[0]).toBe(DashboardCursorSync.Tooltip);
-		});
-
-		it('writes through the setter to the store', () => {
-			const { result } = renderHook(() => useDashboardCursorSyncMode('dash-1'));
-
-			act(() => {
-				result.current[1](DashboardCursorSync.None);
-			});
-
-			expect(result.current[0]).toBe(DashboardCursorSync.None);
-			expect(useDashboardPreferencesStore.getState().preferences).toStrictEqual({
-				'dash-1': { cursorSyncMode: DashboardCursorSync.None },
-			});
-		});
-	});
-
-	describe.each([[PanelMode.DASHBOARD_EDIT], [PanelMode.STANDALONE_VIEW]])(
-		'in %s mode (cursor sync disabled)',
-		(panelMode) => {
-			it('returns None and ignores any stored value', () => {
-				useDashboardPreferencesStore.setState({
-					preferences: { 'dash-1': { cursorSyncMode: DashboardCursorSync.Tooltip } },
-				});
-
-				const { result } = renderHook(() =>
-					useDashboardCursorSyncMode('dash-1', panelMode),
-				);
-
-				expect(result.current[0]).toBe(DashboardCursorSync.None);
-			});
-
-			it('treats the setter as a no-op and does not write to the store', () => {
-				const { result } = renderHook(() =>
-					useDashboardCursorSyncMode('dash-1', panelMode),
-				);
-
-				act(() => {
-					result.current[1](DashboardCursorSync.Tooltip);
-				});
-
-				expect(useDashboardPreferencesStore.getState().preferences).toStrictEqual(
-					{},
-				);
-				expect(localStorage.getItem(STORAGE_KEY)).toBeNull();
-				expect(result.current[0]).toBe(DashboardCursorSync.None);
-			});
-		},
-	);
-});

frontend/src/hooks/dashboard/__test__/useDashboardPreference.test.ts

@@ -1,201 +0,0 @@
-import { act, renderHook } from '@testing-library/react';
-import { DashboardCursorSync } from 'lib/uPlotV2/plugins/TooltipPlugin/types';
-
-import {
-	useDashboardPreference,
-	useDashboardPreferencesStore,
-} from '../useDashboardPreference';
-
-const DEFAULT_MODE = DashboardCursorSync.Crosshair;
-
-describe('useDashboardPreference', () => {
-	beforeEach(() => {
-		useDashboardPreferencesStore.setState({ preferences: {} });
-	});
-
-	it('returns the default value when no preference is stored', () => {
-		const { result } = renderHook(() =>
-			useDashboardPreference('dash-1', 'cursorSyncMode', DEFAULT_MODE),
-		);
-
-		expect(result.current[0]).toBe(DEFAULT_MODE);
-	});
-
-	it('returns the default value when dashboardId is undefined', () => {
-		useDashboardPreferencesStore.setState({
-			preferences: { 'dash-1': { cursorSyncMode: DashboardCursorSync.Tooltip } },
-		});
-
-		const { result } = renderHook(() =>
-			useDashboardPreference(undefined, 'cursorSyncMode', DEFAULT_MODE),
-		);
-
-		expect(result.current[0]).toBe(DEFAULT_MODE);
-	});
-
-	it('returns the stored value for the given dashboardId', () => {
-		useDashboardPreferencesStore.setState({
-			preferences: {
-				'dash-1': { cursorSyncMode: DashboardCursorSync.Tooltip },
-				'dash-2': { cursorSyncMode: DashboardCursorSync.None },
-			},
-		});
-
-		const { result } = renderHook(() =>
-			useDashboardPreference('dash-1', 'cursorSyncMode', DEFAULT_MODE),
-		);
-
-		expect(result.current[0]).toBe(DashboardCursorSync.Tooltip);
-	});
-
-	it('persists the new value via the setter', () => {
-		const { result } = renderHook(() =>
-			useDashboardPreference('dash-1', 'cursorSyncMode', DEFAULT_MODE),
-		);
-
-		act(() => {
-			result.current[1](DashboardCursorSync.None);
-		});
-
-		expect(result.current[0]).toBe(DashboardCursorSync.None);
-		expect(useDashboardPreferencesStore.getState().preferences).toStrictEqual({
-			'dash-1': { cursorSyncMode: DashboardCursorSync.None },
-		});
-	});
-
-	it('does not write when dashboardId is undefined', () => {
-		const { result } = renderHook(() =>
-			useDashboardPreference(undefined, 'cursorSyncMode', DEFAULT_MODE),
-		);
-
-		act(() => {
-			result.current[1](DashboardCursorSync.Tooltip);
-		});
-
-		expect(useDashboardPreferencesStore.getState().preferences).toStrictEqual({});
-		expect(result.current[0]).toBe(DEFAULT_MODE);
-	});
-
-	it('keeps multiple hook instances in sync after a write', () => {
-		const { result: writer } = renderHook(() =>
-			useDashboardPreference('dash-1', 'cursorSyncMode', DEFAULT_MODE),
-		);
-		const { result: reader } = renderHook(() =>
-			useDashboardPreference('dash-1', 'cursorSyncMode', DEFAULT_MODE),
-		);
-
-		act(() => {
-			writer.current[1](DashboardCursorSync.Tooltip);
-		});
-
-		expect(writer.current[0]).toBe(DashboardCursorSync.Tooltip);
-		expect(reader.current[0]).toBe(DashboardCursorSync.Tooltip);
-	});
-
-	it('isolates preferences across different dashboardIds', () => {
-		const { result: dashOne } = renderHook(() =>
-			useDashboardPreference('dash-1', 'cursorSyncMode', DEFAULT_MODE),
-		);
-		const { result: dashTwo } = renderHook(() =>
-			useDashboardPreference('dash-2', 'cursorSyncMode', DEFAULT_MODE),
-		);
-
-		act(() => {
-			dashOne.current[1](DashboardCursorSync.None);
-		});
-
-		expect(dashOne.current[0]).toBe(DashboardCursorSync.None);
-		expect(dashTwo.current[0]).toBe(DEFAULT_MODE);
-	});
-
-	it('does not overwrite preferences for other dashboards when writing', () => {
-		useDashboardPreferencesStore.setState({
-			preferences: { 'dash-2': { cursorSyncMode: DashboardCursorSync.Tooltip } },
-		});
-
-		const { result } = renderHook(() =>
-			useDashboardPreference('dash-1', 'cursorSyncMode', DEFAULT_MODE),
-		);
-
-		act(() => {
-			result.current[1](DashboardCursorSync.None);
-		});
-
-		expect(useDashboardPreferencesStore.getState().preferences).toStrictEqual({
-			'dash-1': { cursorSyncMode: DashboardCursorSync.None },
-			'dash-2': { cursorSyncMode: DashboardCursorSync.Tooltip },
-		});
-	});
-});
-
-describe('useDashboardPreferencesStore.removePreferences', () => {
-	beforeEach(() => {
-		useDashboardPreferencesStore.setState({ preferences: {} });
-	});
-
-	it('removes the preferences for the given dashboardId', () => {
-		useDashboardPreferencesStore.setState({
-			preferences: {
-				'dash-1': { cursorSyncMode: DashboardCursorSync.Tooltip },
-			},
-		});
-
-		act(() => {
-			useDashboardPreferencesStore.getState().removePreferences('dash-1');
-		});
-
-		expect(useDashboardPreferencesStore.getState().preferences).toStrictEqual({});
-	});
-
-	it('leaves other dashboards untouched', () => {
-		useDashboardPreferencesStore.setState({
-			preferences: {
-				'dash-1': { cursorSyncMode: DashboardCursorSync.Tooltip },
-				'dash-2': { cursorSyncMode: DashboardCursorSync.None },
-			},
-		});
-
-		act(() => {
-			useDashboardPreferencesStore.getState().removePreferences('dash-1');
-		});
-
-		expect(useDashboardPreferencesStore.getState().preferences).toStrictEqual({
-			'dash-2': { cursorSyncMode: DashboardCursorSync.None },
-		});
-	});
-
-	it('is a no-op when the dashboardId is not present', () => {
-		const initial = {
-			'dash-2': { cursorSyncMode: DashboardCursorSync.Tooltip },
-		};
-		useDashboardPreferencesStore.setState({ preferences: initial });
-		const before = useDashboardPreferencesStore.getState().preferences;
-
-		act(() => {
-			useDashboardPreferencesStore.getState().removePreferences('dash-1');
-		});
-
-		// Identity-preserving so subscribers reading `preferences` don't re-render.
-		expect(useDashboardPreferencesStore.getState().preferences).toBe(before);
-	});
-
-	it('causes subsequent reads via useDashboardPreference to fall back to the default', () => {
-		useDashboardPreferencesStore.setState({
-			preferences: {
-				'dash-1': { cursorSyncMode: DashboardCursorSync.Tooltip },
-			},
-		});
-
-		const { result } = renderHook(() =>
-			useDashboardPreference('dash-1', 'cursorSyncMode', DEFAULT_MODE),
-		);
-
-		expect(result.current[0]).toBe(DashboardCursorSync.Tooltip);
-
-		act(() => {
-			useDashboardPreferencesStore.getState().removePreferences('dash-1');
-		});
-
-		expect(result.current[0]).toBe(DEFAULT_MODE);
-	});
-});

frontend/src/hooks/dashboard/useDashboardCursorSyncMode.ts

@@ -1,26 +0,0 @@
-import { DashboardCursorSync } from 'lib/uPlotV2/plugins/TooltipPlugin/types';
-
-import { useDashboardPreference } from './useDashboardPreference';
-import { PanelMode } from 'container/DashboardContainer/visualization/panels/types';
-
-const NOOP = (): void => {};
-
-export function useDashboardCursorSyncMode(
-	dashboardId: string | undefined,
-	panelMode?: PanelMode,
-): [DashboardCursorSync, (value: DashboardCursorSync) => void] {
-	const [value, setValue] = useDashboardPreference(
-		dashboardId,
-		'cursorSyncMode',
-		DashboardCursorSync.Crosshair,
-	);
-
-	// Chart panels in edit / standalone modes don't participate in cross-panel
-	// sync, so surface the default with a no-op setter for them. Callers without
-	// a panelMode (e.g. dashboard settings) read/write the preference normally.
-	if (panelMode && panelMode !== PanelMode.DASHBOARD_VIEW) {
-		return [DashboardCursorSync.None, NOOP];
-	}
-
-	return [value, setValue];
-}

frontend/src/hooks/dashboard/useDashboardPreference.ts

@@ -1,88 +0,0 @@
-import { useCallback } from 'react';
-import { create } from 'zustand';
-import { persist } from 'zustand/middleware';
-import { LOCALSTORAGE } from 'constants/localStorage';
-import {
-	DashboardCursorSync,
-	SyncTooltipFilterMode,
-} from 'lib/uPlotV2/plugins/TooltipPlugin/types';
-
-// Per-dashboard preferences persisted in localStorage. Add new preference
-// fields here as they are introduced.
-export type DashboardPreferences = {
-	cursorSyncMode?: DashboardCursorSync;
-	syncTooltipFilterMode?: SyncTooltipFilterMode;
-};
-
-interface DashboardPreferencesState {
-	preferences: Record<string, DashboardPreferences>;
-	setPreference: <K extends keyof DashboardPreferences>(
-		dashboardId: string,
-		key: K,
-		value: NonNullable<DashboardPreferences[K]>,
-	) => void;
-	removePreferences: (dashboardId: string) => void;
-}
-
-export const useDashboardPreferencesStore = create<DashboardPreferencesState>()(
-	persist(
-		(set) => ({
-			preferences: {},
-			setPreference: (dashboardId, key, value): void => {
-				set((state) => ({
-					preferences: {
-						...state.preferences,
-						[dashboardId]: {
-							...state.preferences[dashboardId],
-							[key]: value,
-						},
-					},
-				}));
-			},
-			removePreferences: (dashboardId): void => {
-				set((state) => {
-					if (!(dashboardId in state.preferences)) {
-						return state;
-					}
-					const { [dashboardId]: _, ...rest } = state.preferences;
-					return { preferences: rest };
-				});
-			},
-		}),
-		{ name: LOCALSTORAGE.DASHBOARD_PREFERENCES },
-	),
-);
-
-export function useDashboardPreference<K extends keyof DashboardPreferences>(
-	dashboardId: string | undefined,
-	key: K,
-	defaultValue: NonNullable<DashboardPreferences[K]>,
-): [
-	NonNullable<DashboardPreferences[K]>,
-	(value: NonNullable<DashboardPreferences[K]>) => void,
-] {
-	type Value = NonNullable<DashboardPreferences[K]>;
-
-	const value = useDashboardPreferencesStore((state): Value => {
-		if (!dashboardId) {
-			return defaultValue;
-		}
-		return (
-			(state.preferences[dashboardId]?.[key] as Value | undefined) ?? defaultValue
-		);
-	});
-
-	const setPreference = useDashboardPreferencesStore((s) => s.setPreference);
-
-	const updateValue = useCallback(
-		(next: Value): void => {
-			if (!dashboardId) {
-				return;
-			}
-			setPreference(dashboardId, key, next);
-		},
-		[dashboardId, key, setPreference],
-	);
-
-	return [value, updateValue];
-}

frontend/src/hooks/dashboard/useDeleteDashboard.tsx

@@ -5,15 +5,10 @@ import { useErrorModal } from 'providers/ErrorModalProvider';
 import { SuccessResponseV2 } from 'types/api';
 import APIError from 'types/api/error';
 
-import { useDashboardPreferencesStore } from './useDashboardPreference';
-
 export const useDeleteDashboard = (
 	id: string,
 ): UseMutationResult<SuccessResponseV2<null>, APIError, void, unknown> => {
 	const { showErrorModal } = useErrorModal();
-	const removePreferences = useDashboardPreferencesStore(
-		(state) => state.removePreferences,
-	);
 
 	return useMutation<SuccessResponseV2<null>, APIError>({
 		mutationKey: REACT_QUERY_KEY.DELETE_DASHBOARD,
@@ -21,9 +16,6 @@ export const useDeleteDashboard = (
 			deleteDashboard({
 				id,
 			}),
-		onSuccess: () => {
-			removePreferences(id);
-		},
 		onError: (error: APIError) => {
 			showErrorModal(error);
 		},

frontend/src/hooks/dashboard/useSyncTooltipFilterMode.ts

@@ -1,15 +0,0 @@
-import { SyncTooltipFilterMode } from 'lib/uPlotV2/plugins/TooltipPlugin/types';
-
-import { useDashboardPreference } from './useDashboardPreference';
-
-const DEFAULT_SYNC_TOOLTIP_FILTER_MODE = SyncTooltipFilterMode.Filtered;
-
-export function useSyncTooltipFilterMode(
-	dashboardId: string | undefined,
-): [SyncTooltipFilterMode, (value: SyncTooltipFilterMode) => void] {
-	return useDashboardPreference(
-		dashboardId,
-		'syncTooltipFilterMode',
-		DEFAULT_SYNC_TOOLTIP_FILTER_MODE,
-	);
-}

frontend/src/hooks/useAuthZ/permissions.type.ts

@@ -1,29 +1,32 @@
-// AUTO GENERATED FILE - DO NOT EDIT - GENERATED BY cmd/enterprise/*.go generate authz
+// AUTO GENERATED FILE - DO NOT EDIT - GENERATED BY scripts/generate-permissions-type
 export default {
 	status: 'success',
 	data: {
 		resources: [
 			{
-				kind: 'role',
+				name: 'dashboard',
+				type: 'metaresource',
+			},
+			{
+				name: 'dashboards',
 				type: 'metaresources',
 			},
 			{
-				kind: 'role',
+				name: 'role',
 				type: 'role',
 			},
 			{
-				kind: 'serviceaccount',
-				type: 'serviceaccount',
+				name: 'roles',
+				type: 'metaresources',
 			},
 		],
 		relations: {
 			assignee: ['role'],
-			attach: ['role', 'serviceaccount'],
 			create: ['metaresources'],
-			delete: ['role', 'serviceaccount'],
+			delete: ['user', 'serviceaccount', 'role', 'organization', 'metaresource'],
 			list: ['metaresources'],
-			read: ['role', 'serviceaccount'],
-			update: ['role', 'serviceaccount'],
+			read: ['user', 'serviceaccount', 'role', 'organization', 'metaresource'],
+			update: ['user', 'serviceaccount', 'role', 'organization', 'metaresource'],
 		},
 	},
 } as const;

frontend/src/hooks/useAuthZ/types.ts

@@ -1,16 +1,15 @@
 import permissionsType from './permissions.type';
-
-const ObjectSeparator = ':';
+import { ObjectSeparator } from './utils';
 
 type PermissionsData = typeof permissionsType.data;
 export type Resource = PermissionsData['resources'][number];
-export type ResourceName = Resource['kind'];
+export type ResourceName = Resource['name'];
 export type ResourceType = Resource['type'];
 
 type RelationsByType = PermissionsData['relations'];
 
 type ResourceTypeMap = {
-	[K in ResourceName]: Extract<Resource, { kind: K }>['type'];
+	[K in ResourceName]: Extract<Resource, { name: K }>['type'];
 };
 
 type RelationName = keyof RelationsByType;
@@ -18,7 +17,7 @@ type RelationName = keyof RelationsByType;
 export type ResourcesForRelation<R extends RelationName> = Extract<
 	Resource,
 	{ type: RelationsByType[R][number] }
->['kind'];
+>['name'];
 
 type IsPluralResource<R extends ResourceName> =
 	ResourceTypeMap[R] extends 'metaresources' ? true : false;

frontend/src/hooks/useAuthZ/useAuthZ.test.tsx

@@ -36,8 +36,8 @@ const wrapper = ({ children }: { children: ReactElement }): ReactElement => (
 
 describe('useAuthZ', () => {
 	it('should fetch and return permissions successfully', async () => {
-		const permission1 = buildPermission('read', 'role:*');
-		const permission2 = buildPermission('update', 'role:123');
+		const permission1 = buildPermission('read', 'dashboard:*');
+		const permission2 = buildPermission('update', 'dashboard:123');
 
 		const expectedResponse = {
 			[permission1]: {
@@ -74,7 +74,7 @@ describe('useAuthZ', () => {
 	});
 
 	it('should handle API errors', async () => {
-		const permission = buildPermission('read', 'role:*');
+		const permission = buildPermission('read', 'dashboard:*');
 
 		server.use(
 			rest.post(AUTHZ_CHECK_URL, (_req, res, ctx) => {
@@ -95,9 +95,9 @@ describe('useAuthZ', () => {
 	});
 
 	it('should refetch when permissions array changes', async () => {
-		const permission1 = buildPermission('read', 'role:*');
-		const permission2 = buildPermission('update', 'role:123');
-		const permission3 = buildPermission('delete', 'role:456');
+		const permission1 = buildPermission('read', 'dashboard:*');
+		const permission2 = buildPermission('update', 'dashboard:123');
+		const permission3 = buildPermission('delete', 'dashboard:456');
 
 		let requestCount = 0;
 
@@ -161,8 +161,8 @@ describe('useAuthZ', () => {
 	});
 
 	it('should not refetch when permissions array order changes but content is the same', async () => {
-		const permission1 = buildPermission('read', 'role:*');
-		const permission2 = buildPermission('update', 'role:123');
+		const permission1 = buildPermission('read', 'dashboard:*');
+		const permission2 = buildPermission('update', 'dashboard:123');
 
 		let requestCount = 0;
 
@@ -217,8 +217,8 @@ describe('useAuthZ', () => {
 	});
 
 	it('should send correct payload format to API', async () => {
-		const permission1 = buildPermission('read', 'role:*');
-		const permission2 = buildPermission('update', 'role:123');
+		const permission1 = buildPermission('read', 'dashboard:*');
+		const permission2 = buildPermission('update', 'dashboard:123');
 
 		let receivedPayload: any = null;
 
@@ -244,23 +244,23 @@ describe('useAuthZ', () => {
 		expect(receivedPayload[0]).toMatchObject({
 			relation: 'read',
 			object: {
-				resource: { kind: 'role', type: 'role' },
+				resource: { name: 'dashboard', type: 'metaresource' },
 				selector: '*',
 			},
 		});
 		expect(receivedPayload[1]).toMatchObject({
 			relation: 'update',
 			object: {
-				resource: { kind: 'role', type: 'role' },
+				resource: { name: 'dashboard', type: 'metaresource' },
 				selector: '123',
 			},
 		});
 	});
 
 	it('should batch multiple hooks into single flight request', async () => {
-		const permission1 = buildPermission('read', 'role:*');
-		const permission2 = buildPermission('update', 'role:123');
-		const permission3 = buildPermission('delete', 'role:456');
+		const permission1 = buildPermission('read', 'dashboard:*');
+		const permission2 = buildPermission('update', 'dashboard:123');
+		const permission3 = buildPermission('delete', 'dashboard:456');
 
 		let requestCount = 0;
 		const receivedPayloads: any[] = [];
@@ -304,17 +304,17 @@ describe('useAuthZ', () => {
 		expect(receivedPayloads[0][0]).toMatchObject({
 			relation: 'read',
 			object: {
-				resource: { kind: 'role', type: 'role' },
+				resource: { name: 'dashboard', type: 'metaresource' },
 				selector: '*',
 			},
 		});
 		expect(receivedPayloads[0][1]).toMatchObject({
 			relation: 'update',
-			object: { resource: { kind: 'role' }, selector: '123' },
+			object: { resource: { name: 'dashboard' }, selector: '123' },
 		});
 		expect(receivedPayloads[0][2]).toMatchObject({
 			relation: 'delete',
-			object: { resource: { kind: 'role' }, selector: '456' },
+			object: { resource: { name: 'dashboard' }, selector: '456' },
 		});
 
 		expect(result1.current.permissions).toStrictEqual({
@@ -329,9 +329,9 @@ describe('useAuthZ', () => {
 	});
 
 	it('should create separate batches for calls after single flight window', async () => {
-		const permission1 = buildPermission('read', 'role:*');
-		const permission2 = buildPermission('update', 'role:123');
-		const permission3 = buildPermission('delete', 'role:456');
+		const permission1 = buildPermission('read', 'dashboard:*');
+		const permission2 = buildPermission('update', 'dashboard:123');
+		const permission3 = buildPermission('delete', 'dashboard:456');
 
 		let requestCount = 0;
 		const receivedPayloads: any[] = [];
@@ -386,18 +386,18 @@ describe('useAuthZ', () => {
 		expect(receivedPayloads[1]).toHaveLength(2);
 		expect(receivedPayloads[1][0]).toMatchObject({
 			relation: 'update',
-			object: { resource: { kind: 'role' }, selector: '123' },
+			object: { resource: { name: 'dashboard' }, selector: '123' },
 		});
 		expect(receivedPayloads[1][1]).toMatchObject({
 			relation: 'delete',
-			object: { resource: { kind: 'role' }, selector: '456' },
+			object: { resource: { name: 'dashboard' }, selector: '456' },
 		});
 	});
 
 	it('should map permissions correctly when API returns response out of order', async () => {
-		const permission1 = buildPermission('read', 'role:*');
-		const permission2 = buildPermission('update', 'role:123');
-		const permission3 = buildPermission('delete', 'role:456');
+		const permission1 = buildPermission('read', 'dashboard:*');
+		const permission2 = buildPermission('update', 'dashboard:123');
+		const permission3 = buildPermission('delete', 'dashboard:456');
 
 		server.use(
 			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
@@ -435,8 +435,8 @@ describe('useAuthZ', () => {
 	});
 
 	it('should not leak state between separate batches', async () => {
-		const permission1 = buildPermission('read', 'role:*');
-		const permission2 = buildPermission('update', 'role:123');
+		const permission1 = buildPermission('read', 'dashboard:*');
+		const permission2 = buildPermission('update', 'dashboard:123');
 
 		let requestCount = 0;
 

frontend/src/hooks/useAuthZ/useAuthZ.tsx

@@ -2,7 +2,7 @@ import { useCallback, useMemo } from 'react';
 import { useQueries } from 'react-query';
 import { authzCheck } from 'api/generated/services/authz';
 import type {
-	CoretypesObjectDTO,
+	AuthtypesObjectDTO,
 	AuthtypesTransactionDTO,
 } from 'api/generated/services/sigNoz.schemas';
 
@@ -34,7 +34,7 @@ function dispatchPermission(
 		});
 
 		setTimeout(() => {
-			const copiedPermissions = [...pendingPermissions];
+			const copiedPermissions = pendingPermissions.slice();
 			pendingPermissions = [];
 			ctx = null;
 
@@ -50,9 +50,9 @@ async function fetchManyPermissions(
 ): Promise<AuthZCheckResponse> {
 	const payload: AuthtypesTransactionDTO[] = permissions.map((permission) => {
 		const dto = permissionToTransactionDto(permission);
-		const object: CoretypesObjectDTO = {
+		const object: AuthtypesObjectDTO = {
 			resource: {
-				kind: dto.object.resource.kind,
+				name: dto.object.resource.name,
 				type: dto.object.resource.type,
 			},
 			selector: dto.object.selector,

frontend/src/hooks/useAuthZ/utils.ts

@@ -1,8 +1,4 @@
-import {
-	AuthtypesTransactionDTO,
-	CoretypesTypeDTO,
-	AuthtypesRelationDTO,
-} from '../../api/generated/services/sigNoz.schemas';
+import { AuthtypesTransactionDTO } from '../../api/generated/services/sigNoz.schemas';
 import permissionsType from './permissions.type';
 import {
 	AuthZObject,
@@ -37,72 +33,36 @@ export function parsePermission(permission: BrandedPermission): {
 	return { relation: relation as AuthZRelation, object };
 }
 
-const kindsByType = permissionsType.data.resources.reduce(
+const resourceNameToType = permissionsType.data.resources.reduce(
 	(acc, r) => {
-		if (!acc[r.type]) {
-			acc[r.type] = new Set();
-		}
-		acc[r.type].add(r.kind);
+		acc[r.name] = r.type;
 		return acc;
 	},
-	{} as Record<string, Set<string>>,
+	{} as Record<ResourceName, ResourceType>,
 );
 
-function resolveType(
-	relation: AuthZRelation,
-	kind: string,
-): ResourceType | undefined {
-	const candidates: readonly string[] =
-		permissionsType.data.relations[relation] ?? [];
-	for (const t of candidates) {
-		if (kindsByType[t]?.has(kind)) {
-			return t as ResourceType;
-		}
-	}
-	return undefined;
-}
-
-function splitObjectString(objectStr: string): {
-	resourceName: string;
-	selector: string;
-} {
-	const idx = objectStr.indexOf(ObjectSeparator);
-	if (idx === -1) {
-		return { resourceName: objectStr, selector: '' };
-	}
-	return {
-		resourceName: objectStr.slice(0, idx),
-		selector: objectStr.slice(idx + 1),
-	};
-}
-
 export function permissionToTransactionDto(
 	permission: BrandedPermission,
 ): AuthtypesTransactionDTO {
 	const { relation, object: objectStr } = parsePermission(permission);
-	const directType = resolveType(relation, objectStr);
+	const directType = resourceNameToType[objectStr as ResourceName];
 	if (directType === 'metaresources') {
 		return {
-			relation: relation as AuthtypesRelationDTO,
+			relation,
 			object: {
-				resource: {
-					kind: objectStr as ResourceName,
-					type: directType as CoretypesTypeDTO,
-				},
+				resource: { name: objectStr, type: directType },
 				selector: '*',
 			},
 		};
 	}
-	const { resourceName, selector } = splitObjectString(objectStr);
-	const type = resolveType(relation, resourceName) ?? 'metaresource';
+	const [resourceName, selector] = objectStr.split(ObjectSeparator);
+	const type =
+		resourceNameToType[resourceName as ResourceName] ?? 'metaresource';
 
 	return {
-		relation: relation as AuthtypesRelationDTO,
+		relation,
 		object: {
-			resource: {
-				kind: resourceName as ResourceName,
-				type: type as CoretypesTypeDTO,
-			},
+			resource: { name: resourceName, type },
 			selector: selector || '*',
 		},
 	};
@@ -115,7 +75,7 @@ export function gettableTransactionToPermission(
 		relation,
 		object: { resource, selector },
 	} = item;
-	const resourceName = String(resource.kind);
+	const resourceName = String(resource.name);
 	const selectorStr = typeof selector === 'string' ? selector : '*';
 	const objectStr =
 		resource.type === 'metaresources'

frontend/src/lib/uPlotV2/components/Tooltip/BarChartTooltip.tsx

@@ -17,7 +17,6 @@ export default function BarChartTooltip(props: BarTooltipProps): JSX.Element {
 				decimalPrecision: props.decimalPrecision,
 				isStackedBarChart: props.isStackedBarChart,
 				syncedSeriesIndexes: props.syncedSeriesIndexes,
-				syncFilterMode: props.syncFilterMode,
 			}),
 		[
 			props.uPlotInstance,
@@ -27,7 +26,6 @@ export default function BarChartTooltip(props: BarTooltipProps): JSX.Element {
 			props.decimalPrecision,
 			props.isStackedBarChart,
 			props.syncedSeriesIndexes,
-			props.syncFilterMode,
 		],
 	);
 

frontend/src/lib/uPlotV2/components/Tooltip/HistogramTooltip.tsx

@@ -18,7 +18,6 @@ export default function HistogramTooltip(
 				yAxisUnit: props.yAxisUnit ?? '',
 				decimalPrecision: props.decimalPrecision,
 				syncedSeriesIndexes: props.syncedSeriesIndexes,
-				syncFilterMode: props.syncFilterMode,
 			}),
 		[
 			props.uPlotInstance,
@@ -27,7 +26,6 @@ export default function HistogramTooltip(
 			props.yAxisUnit,
 			props.decimalPrecision,
 			props.syncedSeriesIndexes,
-			props.syncFilterMode,
 		],
 	);
 

frontend/src/lib/uPlotV2/components/Tooltip/TimeSeriesTooltip.tsx

@@ -18,7 +18,6 @@ export default function TimeSeriesTooltip(
 				yAxisUnit: props.yAxisUnit ?? '',
 				decimalPrecision: props.decimalPrecision,
 				syncedSeriesIndexes: props.syncedSeriesIndexes,
-				syncFilterMode: props.syncFilterMode,
 			}),
 		[
 			props.uPlotInstance,
@@ -27,7 +26,6 @@ export default function TimeSeriesTooltip(
 			props.yAxisUnit,
 			props.decimalPrecision,
 			props.syncedSeriesIndexes,
-			props.syncFilterMode,
 		],
 	);
 

frontend/src/lib/uPlotV2/components/Tooltip/Tooltip.module.scss

@@ -8,15 +8,15 @@
 	border: 1px solid var(--l2-border);
 	display: flex;
 	flex-direction: column;
+	gap: 8px;
 
 	&.pinned {
 		border-color: var(--ring);
 	}
-}
 
-.divider {
-	display: block;
-	width: 100%;
-	height: 1px;
-	background-color: var(--l2-border);
+	.divider {
+		width: 100%;
+		height: 1px;
+		background-color: var(--l2-border);
+	}
 }

frontend/src/lib/uPlotV2/components/Tooltip/Tooltip.tsx

@@ -2,19 +2,19 @@ import { useMemo } from 'react';
 import cx from 'classnames';
 
 import { TooltipProps } from '../types';
+import TooltipFooter from './components/TooltipFooter/TooltipFooter';
 import TooltipHeader from './components/TooltipHeader/TooltipHeader';
 import TooltipList from './components/TooltipList/TooltipList';
 
 import Styles from './Tooltip.module.scss';
 
 export default function Tooltip({
-	id,
 	uPlotInstance,
 	timezone,
 	content,
 	showTooltipHeader = true,
 	isPinned,
-	renderTooltipFooter,
+	canPinTooltip,
 	dismiss,
 }: TooltipProps): JSX.Element {
 	const tooltipContent = useMemo(() => content ?? [], [content]);
@@ -31,9 +31,7 @@ export default function Tooltip({
 
 	return (
 		<div
-			className={cx(Styles.container, {
-				[Styles.pinned]: isPinned,
-			})}
+			className={cx(Styles.container, isPinned && Styles.pinned)}
 			data-testid="uplot-tooltip-container"
 		>
 			{showHeader && (
@@ -48,9 +46,9 @@ export default function Tooltip({
 
 			{showDivider && <span className={Styles.divider} />}
 
-			{showList && <TooltipList id={id} content={tooltipContent} />}
+			{showList && <TooltipList content={tooltipContent} />}
 
-			{renderTooltipFooter && renderTooltipFooter({ isPinned, dismiss })}
+			{canPinTooltip && <TooltipFooter isPinned={isPinned} dismiss={dismiss} />}
 		</div>
 	);
 }

frontend/src/lib/uPlotV2/components/Tooltip/__tests__/Tooltip.test.tsx

@@ -7,7 +7,7 @@ import { useIsDarkMode } from 'hooks/useDarkMode';
 import { render, RenderResult, screen } from 'tests/test-utils';
 import uPlot from 'uplot';
 
-import { IRenderTooltipFooterArgs, TooltipContentItem } from '../../types';
+import { TooltipContentItem } from '../../types';
 import Tooltip from '../Tooltip';
 
 type MockVirtuosoProps = {
@@ -83,7 +83,6 @@ function createUPlotInstance(cursorIdx: number | null): uPlot {
 
 function renderTooltip(props: Partial<TooltipTestProps> = {}): RenderResult {
 	const defaultProps: TooltipTestProps = {
-		id: 'tooltip-1',
 		uPlotInstance: createUPlotInstance(null),
 		timezone: { value: 'UTC', name: 'UTC', offset: '0', searchIndex: '0' },
 		content: [],
@@ -193,88 +192,63 @@ describe('Tooltip', () => {
 	});
 });
 
-describe('Tooltip renderTooltipFooter', () => {
+describe('Tooltip footer hint', () => {
 	beforeEach(() => {
 		jest.clearAllMocks();
 		mockUseIsDarkMode.mockReturnValue(false);
 	});
 
-	it('does not render footer content when renderTooltipFooter is not provided', () => {
-		renderTooltip();
+	it('renders footer with "Press P to pin the tooltip" hint when not pinned', () => {
+		renderTooltip({ isPinned: false, canPinTooltip: true });
 
-		expect(screen.queryByTestId('custom-tooltip-footer')).not.toBeInTheDocument();
+		const footer = screen.getByTestId('uplot-tooltip-footer');
+		expect(footer).toBeInTheDocument();
+		expect(footer).toHaveTextContent('Press');
+		expect(footer).toHaveTextContent('P');
+		expect(footer).toHaveTextContent('to pin the tooltip');
 	});
 
-	it('renders content returned by renderTooltipFooter', () => {
-		const renderTooltipFooter = jest.fn(
-			(): JSX.Element => <div data-testid="custom-tooltip-footer">Footer</div>,
-		);
+	it('renders footer with "Press P or Esc to unpin" hint when pinned', () => {
+		renderTooltip({ isPinned: true, canPinTooltip: true });
 
-		renderTooltip({ renderTooltipFooter });
-
-		expect(screen.getByTestId('custom-tooltip-footer')).toBeInTheDocument();
+		const footer = screen.getByTestId('uplot-tooltip-footer');
+		expect(footer).toHaveTextContent('Press');
+		expect(footer).toHaveTextContent('P');
+		expect(footer).toHaveTextContent('Esc');
+		expect(footer).toHaveTextContent('to unpin');
 	});
 
-	it('calls renderTooltipFooter with isPinned=false when tooltip is not pinned', () => {
-		const renderTooltipFooter = jest.fn(() => null);
+	it('does not render Unpin button when not pinned', () => {
+		renderTooltip({ isPinned: false, canPinTooltip: true });
 
-		renderTooltip({ renderTooltipFooter, isPinned: false });
-
-		expect(renderTooltipFooter).toHaveBeenCalledWith(
-			expect.objectContaining({ isPinned: false }),
-		);
+		expect(screen.queryByTestId('uplot-tooltip-unpin')).not.toBeInTheDocument();
 	});
 
-	it('calls renderTooltipFooter with isPinned=true when tooltip is pinned', () => {
-		const renderTooltipFooter = jest.fn(() => null);
+	it('renders Unpin button when pinned', () => {
+		renderTooltip({ isPinned: true, canPinTooltip: true });
 
-		renderTooltip({ renderTooltipFooter, isPinned: true });
-
-		expect(renderTooltipFooter).toHaveBeenCalledWith(
-			expect.objectContaining({ isPinned: true }),
-		);
+		const unpinBtn = screen.getByTestId('uplot-tooltip-unpin');
+		expect(unpinBtn).toBeInTheDocument();
+		expect(unpinBtn).toHaveAttribute('aria-label', 'Unpin tooltip');
 	});
 
-	it('calls renderTooltipFooter with the dismiss callback', () => {
+	it('calls dismiss when Unpin button is clicked', async () => {
 		const dismiss = jest.fn();
-		const renderTooltipFooter = jest.fn(() => null);
-
-		renderTooltip({ renderTooltipFooter, dismiss });
-
-		expect(renderTooltipFooter).toHaveBeenCalledWith(
-			expect.objectContaining({ dismiss }),
-		);
-	});
-
-	it('footer content reflects pinned state via renderTooltipFooter args', () => {
-		const renderTooltipFooter = jest.fn(
-			({ isPinned }: IRenderTooltipFooterArgs): JSX.Element => (
-				<div data-testid="footer-state">{isPinned ? 'Pinned' : 'Not pinned'}</div>
-			),
-		);
-
-		renderTooltip({ renderTooltipFooter, isPinned: true });
-
-		expect(screen.getByTestId('footer-state')).toHaveTextContent('Pinned');
-	});
-
-	it('dismiss is callable when invoked from renderTooltipFooter', async () => {
-		const dismiss = jest.fn();
-		const renderTooltipFooter = jest.fn(
-			({ dismiss: onDismiss }: IRenderTooltipFooterArgs): JSX.Element => (
-				<button data-testid="dismiss-btn" onClick={onDismiss}>
-					Dismiss
-				</button>
-			),
-		);
-
-		renderTooltip({ renderTooltipFooter, isPinned: true, dismiss });
+		renderTooltip({ isPinned: true, canPinTooltip: true, dismiss });
 
 		const user = userEvent.setup();
-		await user.click(screen.getByTestId('dismiss-btn'));
+		const unpinBtn = screen.getByTestId('uplot-tooltip-unpin');
+		await user.click(unpinBtn);
 
 		expect(dismiss).toHaveBeenCalledTimes(1);
 	});
+
+	it('footer has role="status" for screen reader announcements', () => {
+		renderTooltip({ canPinTooltip: true });
+
+		const footer = screen.getByRole('status');
+		expect(footer).toBeInTheDocument();
+	});
 });
 
 describe('Tooltip header status pill', () => {

frontend/src/lib/uPlotV2/components/Tooltip/components/TooltipFooter/TooltipFooter.tsx

@@ -7,25 +7,22 @@ import Styles from './TooltipFooter.module.scss';
 import { MousePointerClick } from '@signozhq/icons';
 import logEvent from 'api/common/logEvent';
 import { Events } from 'constants/events';
+import { getAbsoluteUrl } from 'utils/basePath';
 
 interface TooltipFooterProps {
-	id: string;
 	pinKey?: string;
 	isPinned: boolean;
-	canDrilldown?: boolean;
 	dismiss: () => void;
 }
 
 export default function TooltipFooter({
-	id,
 	pinKey = DEFAULT_PIN_TOOLTIP_KEY,
 	isPinned,
-	canDrilldown = true,
 	dismiss,
 }: TooltipFooterProps): JSX.Element {
 	const handleUnpinClick = (): void => {
 		logEvent(Events.TOOLTIP_UNPINNED, {
-			id: id,
+			path: getAbsoluteUrl(window.location.pathname),
 		});
 		dismiss();
 	};
@@ -46,14 +43,12 @@ export default function TooltipFooter({
 					</div>
 				) : (
 					<div className={Styles.hintList}>
-						{canDrilldown && (
-							<div className={Styles.hint} data-active="false">
-								<Kbd>
-									<MousePointerClick size={12} />
-								</Kbd>
-								<span>Click to drilldown</span>
-							</div>
-						)}
+						<div className={Styles.hint} data-active="false">
+							<Kbd>
+								<MousePointerClick size={12} />
+							</Kbd>
+							<span>Click to drilldown</span>
+						</div>
 						<div className={Styles.hint} data-active="false">
 							<span>Press</span>
 							<Kbd>{pinKey.toUpperCase()}</Kbd>

frontend/src/lib/uPlotV2/components/Tooltip/components/TooltipHeader/TooltipHeader.module.scss

@@ -11,10 +11,11 @@
 	align-items: center;
 	justify-content: space-between;
 	gap: var(--spacing-2);
+	margin-bottom: var(--spacing-2);
 }
 
 .pinnedItem {
-	padding: var(--spacing-4);
+	padding: var(--spacing-4) var(--spacing-4) 0 var(--spacing-4);
 }
 
 .status {

frontend/src/lib/uPlotV2/components/Tooltip/components/TooltipList/TooltipList.module.scss

@@ -1,13 +1,9 @@
-.container {
-	padding-bottom: var(--spacing-6);
-}
-
 .list {
 	width: 100%;
 	:global(div[data-viewport-type='element']) {
 		left: 0;
 		box-sizing: border-box;
-		padding: var(--spacing-4) var(--spacing-2) var(--spacing-4) var(--spacing-4);
+		padding: 0px var(--spacing-2) 0 var(--spacing-4);
 
 		[data-test-id='virtuoso-item-list'] > * + * {
 			margin-top: var(--spacing-2);

frontend/src/lib/uPlotV2/components/Tooltip/components/TooltipList/TooltipList.tsx

@@ -9,18 +9,17 @@ import logEvent from 'api/common/logEvent';
 import { Events } from 'constants/events';
 
 import Styles from './TooltipList.module.scss';
+import { getAbsoluteUrl } from 'utils/basePath';
 
 // Fallback per-item height before Virtuoso reports the real total.
 const TOOLTIP_ITEM_HEIGHT = 38;
 const LIST_MAX_HEIGHT = 300;
 
 interface TooltipListProps {
-	id: string;
 	content: TooltipContentItem[];
 }
 
 export default function TooltipList({
-	id,
 	content,
 }: TooltipListProps): JSX.Element {
 	const isDarkMode = useIsDarkMode();
@@ -42,25 +41,23 @@ export default function TooltipList({
 		if (!isScrollEventTriggered.current) {
 			// TODO: remove event in July 2026
 			logEvent(Events.TOOLTIP_CONTENT_SCROLLED, {
-				id,
+				path: getAbsoluteUrl(window.location.pathname),
 			});
 			isScrollEventTriggered.current = true;
 		}
 	}, []);
 
 	return (
-		<div className={Styles.container}>
-			<Virtuoso
-				className={cx(Styles.list, !isDarkMode && Styles.listLightMode)}
-				data-testid="uplot-tooltip-list"
-				data={content}
-				onScroll={handleScroll}
-				style={{ height }}
-				totalListHeightChanged={setTotalListHeight}
-				itemContent={(_, item): JSX.Element => (
-					<TooltipItem item={item} isItemActive={item.isHighlighted === true} />
-				)}
-			/>
-		</div>
+		<Virtuoso
+			className={cx(Styles.list, !isDarkMode && Styles.listLightMode)}
+			data-testid="uplot-tooltip-list"
+			data={content}
+			onScroll={handleScroll}
+			style={{ height }}
+			totalListHeightChanged={setTotalListHeight}
+			itemContent={(_, item): JSX.Element => (
+				<TooltipItem item={item} isItemActive={false} />
+			)}
+		/>
 	);
 }

frontend/src/lib/uPlotV2/components/Tooltip/utils.ts

@@ -2,7 +2,6 @@ import { PrecisionOption } from 'components/Graph/types';
 import { getToolTipValue } from 'components/Graph/yAxisConfig';
 import uPlot, { AlignedData, Series } from 'uplot';
 
-import { SyncTooltipFilterMode } from '../../plugins/TooltipPlugin/types';
 import { TooltipContentItem } from '../types';
 
 export const FALLBACK_SERIES_COLOR = '#000000';
@@ -64,7 +63,6 @@ export function buildTooltipContent({
 	decimalPrecision,
 	isStackedBarChart,
 	syncedSeriesIndexes,
-	syncFilterMode,
 }: {
 	data: AlignedData;
 	series: Series[];
@@ -75,16 +73,10 @@ export function buildTooltipContent({
 	decimalPrecision?: PrecisionOption;
 	isStackedBarChart?: boolean;
 	syncedSeriesIndexes?: number[] | null;
-	syncFilterMode?: SyncTooltipFilterMode;
 }): TooltipContentItem[] {
 	const items: TooltipContentItem[] = [];
-	const matchedIndexes =
-		syncedSeriesIndexes != null ? new Set(syncedSeriesIndexes) : null;
-	const filterMode = syncFilterMode ?? SyncTooltipFilterMode.Filtered;
-	// In Filtered mode the matched indexes act as a whitelist; in All mode every
-	// series renders and matched indexes only drive row highlighting.
 	const allowedIndexes =
-		filterMode === SyncTooltipFilterMode.All ? null : matchedIndexes;
+		syncedSeriesIndexes != null ? new Set(syncedSeriesIndexes) : null;
 
 	for (let seriesIndex = 1; seriesIndex < series.length; seriesIndex += 1) {
 		const seriesItem = series[seriesIndex];
@@ -97,7 +89,6 @@ export function buildTooltipContent({
 
 		const dataIndex = dataIndexes[seriesIndex];
 		const isSync = allowedIndexes != null;
-		const isHighlighted = matchedIndexes?.has(seriesIndex) ?? false;
 
 		if (dataIndex === null) {
 			if (isSync) {
@@ -107,7 +98,6 @@ export function buildTooltipContent({
 					tooltipValue: 'No Data',
 					color: resolveSeriesColor(seriesItem.stroke, uPlotInstance, seriesIndex),
 					isActive: false,
-					isHighlighted,
 				});
 			}
 			continue;
@@ -128,7 +118,6 @@ export function buildTooltipContent({
 				tooltipValue: getToolTipValue(baseValue, yAxisUnit, decimalPrecision),
 				color: resolveSeriesColor(seriesItem.stroke, uPlotInstance, seriesIndex),
 				isActive: seriesIndex === activeSeriesIndex,
-				isHighlighted,
 			});
 		} else if (isSync) {
 			items.push({
@@ -137,7 +126,6 @@ export function buildTooltipContent({
 				tooltipValue: 'No Data',
 				color: resolveSeriesColor(seriesItem.stroke, uPlotInstance, seriesIndex),
 				isActive: false,
-				isHighlighted,
 			});
 		}
 	}

frontend/src/lib/uPlotV2/components/types.ts

@@ -4,7 +4,6 @@ import { PrecisionOption } from 'components/Graph/types';
 import uPlot from 'uplot';
 
 import { UPlotConfigBuilder } from '../config/UPlotConfigBuilder';
-import { SyncTooltipFilterMode } from '../plugins/TooltipPlugin/types';
 
 /**
  * Props for the Plot component
@@ -59,31 +58,17 @@ export interface TooltipRenderArgs {
 	isPinned: boolean;
 	dismiss: () => void;
 	viaSync: boolean;
-	/** In Tooltip sync mode, identifies receiver series that match the source's
-	 * focused series on the shared groupBy keys.
-	 * Filtered mode: limits which series are rendered (null = no filter,
-	 *   [] = no matches/tooltip hidden upstream, [...] = allowed indexes).
-	 * All mode: same indexes are interpreted as a highlight set; non-matching
-	 *   series still render. */
+	/** In Tooltip sync mode, limits which series are rendered in the receiver tooltip.
+	 * null = no filtering; [] = no matches (tooltip hidden upstream); [...] = allowed indexes */
 	syncedSeriesIndexes?: number[] | null;
-	/** Receiver-side filter mode for the synced tooltip. Defaults to Filtered. */
-	syncFilterMode?: SyncTooltipFilterMode;
-}
-
-export interface IRenderTooltipFooterArgs {
-	pinKey?: string;
-	isPinned: boolean;
-	dismiss: () => void;
 }
 
 export interface BaseTooltipProps {
-	id: string;
 	showTooltipHeader?: boolean;
 	canPinTooltip?: boolean;
 	yAxisUnit?: string;
 	decimalPrecision?: PrecisionOption;
 	content?: TooltipContentItem[];
-	renderTooltipFooter?: (args: IRenderTooltipFooterArgs) => ReactNode;
 	timezone?: Timezone;
 }
 
@@ -121,9 +106,4 @@ export interface TooltipContentItem {
 	tooltipValue: string;
 	color: string;
 	isActive: boolean;
-	/** Synced receiver series whose metric matches the source's focused series
-	 * on the shared groupBy keys, in 'all' filter mode. List rendering uses this
-	 * to apply the active highlight to matching rows while non-matching rows
-	 * stay dimmed. */
-	isHighlighted?: boolean;
 }

frontend/src/lib/uPlotV2/plugins/TooltipPlugin/TooltipPlugin.tsx

@@ -18,7 +18,6 @@ import {
 import {
 	DashboardCursorSync,
 	DEFAULT_PIN_TOOLTIP_KEY,
-	SyncTooltipFilterMode,
 	TooltipControllerContext,
 	TooltipControllerState,
 	TooltipLayoutInfo,
@@ -33,6 +32,7 @@ import {
 import { Events } from 'constants/events';
 
 import Styles from './TooltipPlugin.module.scss';
+import { getAbsoluteUrl } from 'utils/basePath';
 
 // Delay before hiding an unpinned tooltip when the cursor briefly leaves
 // the plot – this avoids flicker when moving between nearby points.
@@ -199,14 +199,10 @@ export default function TooltipPlugin({
 			if (!controller.hoverActive || !plot) {
 				return null;
 			}
-			const filterMode =
-				syncMetadata?.filterMode ?? SyncTooltipFilterMode.Filtered;
-			// In Filtered Tooltip sync mode, suppress the receiver tooltip entirely
-			// when no receiver series match the source panel's focused series. In
-			// All mode the tooltip still renders with every series visible.
+			// In Tooltip sync mode, suppress the receiver tooltip entirely when
+			// no receiver series match the source panel's focused series.
 			if (
 				syncTooltipWithDashboard &&
-				filterMode === SyncTooltipFilterMode.Filtered &&
 				controller.cursorDrivenBySync &&
 				Array.isArray(controller.syncedSeriesIndexes) &&
 				controller.syncedSeriesIndexes.length === 0
@@ -221,7 +217,6 @@ export default function TooltipPlugin({
 				dismiss: dismissTooltip,
 				viaSync: controller.cursorDrivenBySync,
 				syncedSeriesIndexes: controller.syncedSeriesIndexes,
-				syncFilterMode: filterMode,
 			});
 		}
 
@@ -309,7 +304,7 @@ export default function TooltipPlugin({
 			if (event.key === 'Escape') {
 				if (controller.pinned) {
 					logEvent(Events.TOOLTIP_UNPINNED, {
-						id: config.getId(),
+						path: getAbsoluteUrl(window.location.pathname),
 					});
 					dismissTooltip();
 				}
@@ -323,7 +318,7 @@ export default function TooltipPlugin({
 			// Toggle off: P pressed while already pinned.
 			if (controller.pinned) {
 				logEvent(Events.TOOLTIP_UNPINNED, {
-					id: config.getId(),
+					path: getAbsoluteUrl(window.location.pathname),
 				});
 				dismissTooltip();
 				return;
@@ -357,7 +352,7 @@ export default function TooltipPlugin({
 			controller.clickData = buildClickData(syntheticEvent, plot);
 			controller.pinned = true;
 			logEvent(Events.TOOLTIP_PINNED, {
-				id: config.getId(),
+				path: getAbsoluteUrl(window.location.pathname),
 			});
 			scheduleRender(true);
 		};

frontend/src/lib/uPlotV2/plugins/TooltipPlugin/syncDisplayHook.ts

@@ -2,33 +2,10 @@ import uPlot from 'uplot';
 
 import type { ExtendedSeries } from '../../config/types';
 import { syncCursorRegistry } from './syncCursorRegistry';
-import {
-	SyncTooltipFilterMode,
-	type TooltipControllerState,
-	type TooltipSyncMetadata,
-} from './types';
+import type { TooltipControllerState, TooltipSyncMetadata } from './types';
 
 /**
- * Flattens per-query groupBys into a deduped set of dimension keys.
- * A panel's effective groupBy is the union across all of its queries.
- */
-function collectGroupByKeys(
-	groupByPerQuery: TooltipSyncMetadata['groupByPerQuery'],
-): Set<string> {
-	const keys = new Set<string>();
-	if (!groupByPerQuery) {
-		return keys;
-	}
-	for (const groupBy of Object.values(groupByPerQuery)) {
-		for (const dim of groupBy) {
-			keys.add(dim.key);
-		}
-	}
-	return keys;
-}
-
-/**
- * Returns the dimension keys present in both panels' groupBys.
+ * Returns the dimension keys present in both groupBy arrays.
  * An empty result means no overlap — series highlighting should not run.
  *
  *   exact    [A, B] vs [A, B]  → [A, B]   one match
@@ -37,28 +14,24 @@ function collectGroupByKeys(
  *   partial  [A, B] vs [B, C]  → [B]
  */
 function getCommonGroupByKeys(
-	a: TooltipSyncMetadata['groupByPerQuery'],
-	b: TooltipSyncMetadata['groupByPerQuery'],
+	a: TooltipSyncMetadata['groupBy'],
+	b: TooltipSyncMetadata['groupBy'],
 ): string[] {
-	const aKeys = collectGroupByKeys(a);
-	const bKeys = collectGroupByKeys(b);
-	if (aKeys.size === 0 || bKeys.size === 0) {
+	if (
+		!Array.isArray(a) ||
+		a.length === 0 ||
+		!Array.isArray(b) ||
+		b.length === 0
+	) {
 		return [];
 	}
-	const common: string[] = [];
-	aKeys.forEach((key) => {
-		if (bKeys.has(key)) {
-			common.push(key);
-		}
-	});
-	return common;
+	const bKeys = new Set(b.map((g) => g.key));
+	return a.filter((g) => bKeys.has(g.key)).map((g) => g.key);
 }
 
 /**
- * Returns the 1-based indexes of every visible series whose metric matches
- * sourceMetric on all commonKeys. Hidden series (toggled off in the legend)
- * are excluded so the synced tooltip is suppressed when no visible series
- * would match.
+ * Returns the 1-based indexes of every series whose metric matches
+ * sourceMetric on all commonKeys.
  */
 function findMatchingSeriesIndexes(
 	series: uPlot.Series[],
@@ -66,7 +39,7 @@ function findMatchingSeriesIndexes(
 	commonKeys: string[],
 ): number[] {
 	return series.reduce<number[]>((acc, s, i) => {
-		if (i === 0 || s.show === false) {
+		if (i === 0) {
 			return acc;
 		}
 		const metric = (s as ExtendedSeries).metric;
@@ -103,15 +76,10 @@ function applySourceSync({
 }
 
 /**
- * Computes receiver-side series filtering / highlighting for Tooltip sync.
- *
- * Returns the indexes that the tooltip render path should treat per
- * `syncMetadata.filterMode`:
- *   - Filtered (default): null = no filter, [] = no matches (suppress tooltip),
- *      number[] = allowed indexes (show only these).
- *   - All: null = no highlight (show all), number[] = highlight set (show all,
- *      emphasize matching rows). Never returns [] in this mode so the synced
- *      tooltip is not suppressed when matches are missing.
+ * Returns:
+ *   null      – no groupBy filtering configured or cursor off-chart (no-op for tooltip)
+ *   []        – groupBy configured but no receiver series match the source (hide synced tooltip)
+ *   number[]  – 1-based indexes of matching receiver series (show only these)
  */
 function applyReceiverSync({
 	uPlotInstance,
@@ -131,13 +99,8 @@ function applyReceiverSync({
 	yCrosshairEl.style.display =
 		sourceMetadata?.yAxisUnit === syncMetadata?.yAxisUnit ? '' : 'none';
 
-	const filterMode = syncMetadata?.filterMode ?? SyncTooltipFilterMode.Filtered;
-	const noMatchResult: number[] | null =
-		filterMode === SyncTooltipFilterMode.All ? null : [];
-
 	if (commonKeys.length === 0) {
-		uPlotInstance.setSeries(null, { focus: false });
-		return [];
+		return null;
 	}
 
 	if ((uPlotInstance.cursor.left ?? -1) < 0) {
@@ -148,7 +111,7 @@ function applyReceiverSync({
 	const sourceSeriesMetric = syncCursorRegistry.getActiveSeriesMetric(syncKey);
 	if (sourceSeriesMetric == null) {
 		uPlotInstance.setSeries(null, { focus: false });
-		return noMatchResult;
+		return [];
 	}
 
 	const matchingIdxs = findMatchingSeriesIndexes(
@@ -159,7 +122,7 @@ function applyReceiverSync({
 
 	if (matchingIdxs.length === 0) {
 		uPlotInstance.setSeries(null, { focus: false });
-		return noMatchResult;
+		return [];
 	}
 
 	uPlotInstance.setSeries(matchingIdxs[0], { focus: true });
@@ -177,7 +140,7 @@ export function createSyncDisplayHook(
 
 	// groupBy on both panels is stable (set at config time). Recompute the
 	// intersection only when the source panel's groupBy reference changes.
-	let lastSourceGroupBy: TooltipSyncMetadata['groupByPerQuery'];
+	let lastSourceGroupBy: TooltipSyncMetadata['groupBy'];
 	let cachedCommonKeys: string[] = [];
 
 	return (u: uPlot): void => {
@@ -202,11 +165,11 @@ export function createSyncDisplayHook(
 		// inside applyReceiverSync.
 		const sourceMetadata = syncCursorRegistry.getMetadata(syncKey);
 
-		if (sourceMetadata?.groupByPerQuery !== lastSourceGroupBy) {
-			lastSourceGroupBy = sourceMetadata?.groupByPerQuery;
+		if (sourceMetadata?.groupBy !== lastSourceGroupBy) {
+			lastSourceGroupBy = sourceMetadata?.groupBy;
 			cachedCommonKeys = getCommonGroupByKeys(
-				sourceMetadata?.groupByPerQuery,
-				syncMetadata?.groupByPerQuery,
+				sourceMetadata?.groupBy,
+				syncMetadata?.groupBy,
 			);
 		}
 

frontend/src/lib/uPlotV2/plugins/TooltipPlugin/types.ts

@@ -16,18 +16,9 @@ export const TOOLTIP_OFFSET = 10;
 export const DEFAULT_PIN_TOOLTIP_KEY = 'p';
 
 export enum DashboardCursorSync {
-	Crosshair = 'crosshair',
-	None = 'none',
-	Tooltip = 'tooltip',
-}
-
-/**
- * Controls whether a synced tooltip filters series by groupBy intersection
- * or shows every series with the matching ones highlighted.
- */
-export enum SyncTooltipFilterMode {
-	Filtered = 'filtered',
-	All = 'all',
+	Crosshair,
+	None,
+	Tooltip,
 }
 
 export interface TooltipViewState {
@@ -49,8 +40,7 @@ export interface TooltipLayoutInfo {
 
 export interface TooltipSyncMetadata {
 	yAxisUnit?: string;
-	groupByPerQuery?: Record<string, BaseAutocompleteData[]>;
-	filterMode?: SyncTooltipFilterMode;
+	groupBy?: BaseAutocompleteData[];
 }
 
 export interface TooltipPluginProps {

frontend/src/lib/uPlotV2/plugins/__tests__/syncDisplayHook.test.ts

@@ -1,152 +0,0 @@
-import type { BaseAutocompleteData } from 'types/api/queryBuilder/queryAutocompleteResponse';
-import type uPlot from 'uplot';
-
-import type { ExtendedSeries } from '../../config/types';
-import { syncCursorRegistry } from '../TooltipPlugin/syncCursorRegistry';
-import { createSyncDisplayHook } from '../TooltipPlugin/syncDisplayHook';
-import type {
-	TooltipControllerState,
-	TooltipSyncMetadata,
-} from '../TooltipPlugin/types';
-
-const SYNC_KEY = 'test-sync';
-
-function makeController(): TooltipControllerState {
-	return {
-		plot: null,
-		hoverActive: false,
-		isAnySeriesActive: false,
-		pinned: false,
-		clickData: null,
-		style: {},
-		horizontalOffset: 0,
-		verticalOffset: 0,
-		seriesIndexes: [],
-		focusedSeriesIndex: null,
-		syncedSeriesIndexes: null,
-		cursorDrivenBySync: false,
-		plotWithinViewport: true,
-		windowWidth: 1024,
-		windowHeight: 768,
-		pendingPinnedUpdate: false,
-	};
-}
-
-function makeFakePlot(
-	series: ExtendedSeries[],
-	cursorEvent: Record<string, unknown> | null = null,
-): uPlot {
-	const root = document.createElement('div');
-	const yCrosshair = document.createElement('div');
-	yCrosshair.className = 'u-cursor-y';
-	root.appendChild(yCrosshair);
-
-	return {
-		root,
-		series,
-		cursor: { event: cursorEvent, left: 50 },
-		setSeries: jest.fn(),
-	} as unknown as uPlot;
-}
-
-const SERVICE_NAME_KEY: BaseAutocompleteData = {
-	key: 'service.name',
-	type: 'tag',
-};
-
-const groupByService: TooltipSyncMetadata = {
-	groupByPerQuery: { queryName: [SERVICE_NAME_KEY] },
-};
-
-function seedSourcePanel(activeMetric: Record<string, string>): void {
-	syncCursorRegistry.setMetadata(SYNC_KEY, groupByService);
-	syncCursorRegistry.setActiveSeriesMetric(SYNC_KEY, activeMetric);
-}
-
-function makeReceiverSeries(
-	entries: { name: string; show?: boolean }[],
-): ExtendedSeries[] {
-	return [
-		{} as ExtendedSeries,
-		...entries.map(
-			(e) =>
-				({
-					show: e.show ?? true,
-					metric: { 'service.name': e.name },
-				}) as unknown as ExtendedSeries,
-		),
-	];
-}
-
-describe('createSyncDisplayHook (receiver-side filtering)', () => {
-	beforeEach(() => {
-		syncCursorRegistry.setMetadata(SYNC_KEY, undefined);
-		syncCursorRegistry.setActiveSeriesMetric(SYNC_KEY, null);
-	});
-
-	it('returns indexes of visible matching series only', () => {
-		seedSourcePanel({ 'service.name': 'flagd' });
-
-		const series = makeReceiverSeries([
-			{ name: 'flagd', show: true },
-			{ name: 'frontend', show: true },
-			{ name: 'flagd', show: true },
-		]);
-		const plot = makeFakePlot(series, null);
-		const controller = makeController();
-
-		createSyncDisplayHook(SYNC_KEY, groupByService, controller)(plot);
-
-		expect(controller.syncedSeriesIndexes).toStrictEqual([1, 3]);
-	});
-
-	it('treats all matching series being hidden as no match → empty array', () => {
-		seedSourcePanel({ 'service.name': 'frontendproxy' });
-
-		const series = makeReceiverSeries([
-			{ name: 'flagd', show: true },
-			{ name: 'frontendproxy', show: false },
-		]);
-		const plot = makeFakePlot(series, null);
-		const controller = makeController();
-
-		createSyncDisplayHook(SYNC_KEY, groupByService, controller)(plot);
-
-		expect(controller.syncedSeriesIndexes).toStrictEqual([]);
-		expect(plot.setSeries).toHaveBeenCalledWith(null, { focus: false });
-	});
-
-	it('excludes hidden series and keeps the visible matches', () => {
-		seedSourcePanel({ 'service.name': 'flagd' });
-
-		const series = makeReceiverSeries([
-			{ name: 'flagd', show: false },
-			{ name: 'frontend', show: true },
-			{ name: 'flagd', show: true },
-		]);
-		const plot = makeFakePlot(series, null);
-		const controller = makeController();
-
-		createSyncDisplayHook(SYNC_KEY, groupByService, controller)(plot);
-
-		expect(controller.syncedSeriesIndexes).toStrictEqual([3]);
-		// Focuses the first visible match, not the hidden one at index 1.
-		expect(plot.setSeries).toHaveBeenCalledWith(3, { focus: true });
-	});
-
-	it('returns null (no filtering) when the hook runs on the source panel', () => {
-		const series = makeReceiverSeries([{ name: 'flagd', show: true }]);
-		// cursor.event != null marks this invocation as the source panel.
-		const plot = makeFakePlot(series, { type: 'mousemove' });
-		const controller = makeController();
-		controller.focusedSeriesIndex = 1;
-		(series[1] as ExtendedSeries).metric = { 'service.name': 'flagd' };
-
-		createSyncDisplayHook(SYNC_KEY, groupByService, controller)(plot);
-
-		expect(controller.syncedSeriesIndexes).toBeNull();
-		expect(syncCursorRegistry.getActiveSeriesMetric(SYNC_KEY)).toStrictEqual({
-			'service.name': 'flagd',
-		});
-	});
-});

go.mod

@@ -88,6 +88,7 @@ require (
 	gonum.org/v1/gonum v0.17.0
 	google.golang.org/api v0.265.0
 	google.golang.org/protobuf v1.36.11
+	gopkg.in/evanphx/json-patch.v4 v4.13.0
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/apimachinery v0.35.2

pkg/apiserver/signozapiserver/authz.go

@@ -26,5 +26,22 @@ func (provider *provider) addAuthzRoutes(router *mux.Router) error {
 		return err
 	}
 
+	if err := router.Handle("/api/v1/authz/resources", handler.New(provider.authZ.OpenAccess(provider.authzHandler.GetResources), handler.OpenAPIDef{
+		ID:                  "AuthzResources",
+		Tags:                []string{"authz"},
+		Summary:             "Get resources",
+		Description:         "Gets all the available resources",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            new(authtypes.GettableResources),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusOK,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     nil,
+	})).Methods(http.MethodGet).GetError(); err != nil {
+		return err
+	}
+
 	return nil
 }

pkg/apiserver/signozapiserver/dashboard.go

@@ -6,7 +6,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/http/handler"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/coretypes"
 	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
 	"github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
 	"github.com/SigNoz/signoz/pkg/valuer"
@@ -14,6 +13,148 @@ import (
 )
 
 func (provider *provider) addDashboardRoutes(router *mux.Router) error {
+	if err := router.Handle("/api/v2/dashboards", handler.New(provider.authZ.EditAccess(provider.dashboardHandler.CreateV2), handler.OpenAPIDef{
+		ID:                  "CreateDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Create dashboard (v2)",
+		Description:         "This endpoint creates a v2-shape dashboard with structured metadata, a typed data tree, and resolved tags.",
+		Request:             new(dashboardtypes.PostableDashboardV2),
+		RequestContentType:  "application/json",
+		Response:            new(dashboardtypes.GettableDashboardV2),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusCreated,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleEditor),
+	})).Methods(http.MethodPost).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards/{id}", handler.New(provider.authZ.ViewAccess(provider.dashboardHandler.GetV2), handler.OpenAPIDef{
+		ID:                  "GetDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Get dashboard (v2)",
+		Description:         "This endpoint returns a v2-shape dashboard with its tags and public sharing config (if any).",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            new(dashboardtypes.GettableDashboardV2),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusOK,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
+	})).Methods(http.MethodGet).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards/{id}", handler.New(provider.authZ.EditAccess(provider.dashboardHandler.UpdateV2), handler.OpenAPIDef{
+		ID:                  "UpdateDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Update dashboard (v2)",
+		Description:         "This endpoint updates a v2-shape dashboard's metadata, data, and tag set. Locked dashboards are rejected.",
+		Request:             new(dashboardtypes.UpdateableDashboardV2),
+		RequestContentType:  "application/json",
+		Response:            new(dashboardtypes.GettableDashboardV2),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusOK,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleEditor),
+	})).Methods(http.MethodPut).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards/{id}", handler.New(provider.authZ.EditAccess(provider.dashboardHandler.PatchV2), handler.OpenAPIDef{
+		ID:                  "PatchDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Patch dashboard (v2)",
+		Description:         "This endpoint applies an RFC 6902 JSON Patch to a v2-shape dashboard. The patch is applied against the postable view of the dashboard (metadata, data, tags), so individual panels, queries, variables, layouts, or tags can be updated without re-sending the rest of the dashboard. Locked dashboards are rejected.",
+		Request:             new(dashboardtypes.JSONPatchDocument),
+		// Strictly per RFC 6902 the content type is `application/json-patch+json`,
+		// but our OpenAPI generator only reflects schemas for content types it
+		// understands (application/json, form-urlencoded, multipart) — anything
+		// else degrades to `type: string`. Declaring application/json here keeps
+		// the array-of-ops schema visible to spec consumers; the runtime decoder
+		// parses JSON regardless of the request's actual Content-Type header.
+		RequestContentType:  "application/json",
+		Response:            new(dashboardtypes.GettableDashboardV2),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusOK,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleEditor),
+	})).Methods(http.MethodPatch).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards/{id}/lock", handler.New(provider.authZ.EditAccess(provider.dashboardHandler.LockV2), handler.OpenAPIDef{
+		ID:                  "LockDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Lock dashboard (v2)",
+		Description:         "This endpoint locks a v2-shape dashboard. Only the dashboard's creator or an org admin may lock or unlock.",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            nil,
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusNoContent,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleEditor),
+	})).Methods(http.MethodPut).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards/{id}/lock", handler.New(provider.authZ.EditAccess(provider.dashboardHandler.UnlockV2), handler.OpenAPIDef{
+		ID:                  "UnlockDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Unlock dashboard (v2)",
+		Description:         "This endpoint unlocks a v2-shape dashboard. Only the dashboard's creator or an org admin may lock or unlock.",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            nil,
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusNoContent,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleEditor),
+	})).Methods(http.MethodDelete).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards/{id}/public", handler.New(provider.authZ.AdminAccess(provider.dashboardHandler.CreatePublicV2), handler.OpenAPIDef{
+		ID:                  "CreatePublicDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Make a dashboard v2 public",
+		Description:         "This endpoint creates the public sharing config for a v2 dashboard and returns the dashboard with the new public config attached. Lock state does not gate this endpoint.",
+		Request:             new(dashboardtypes.PostablePublicDashboard),
+		RequestContentType:  "application/json",
+		Response:            new(dashboardtypes.GettableDashboardV2),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusOK,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+	})).Methods(http.MethodPatch).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards/{id}/public", handler.New(provider.authZ.AdminAccess(provider.dashboardHandler.UpdatePublicV2), handler.OpenAPIDef{
+		ID:                  "UpdatePublicDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Update public sharing config for a dashboard v2",
+		Description:         "This endpoint updates the public sharing config (time range settings) of an already-public v2 dashboard. Lock state does not gate this endpoint.",
+		Request:             new(dashboardtypes.UpdatablePublicDashboard),
+		RequestContentType:  "application/json",
+		Response:            new(dashboardtypes.GettableDashboardV2),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusOK,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+	})).Methods(http.MethodPut).GetError(); err != nil {
+		return err
+	}
+
 	if err := router.Handle("/api/v1/dashboards/{id}/public", handler.New(provider.authZ.AdminAccess(provider.dashboardHandler.CreatePublic), handler.OpenAPIDef{
 		ID:                  "CreatePublicDashboard",
 		Tags:                []string{"dashboard"},
@@ -84,9 +225,9 @@ func (provider *provider) addDashboardRoutes(router *mux.Router) error {
 
 	if err := router.Handle("/api/v1/public/dashboards/{id}", handler.New(provider.authZ.CheckWithoutClaims(
 		provider.dashboardHandler.GetPublicData,
-		authtypes.Relation{Verb: coretypes.VerbRead},
-		coretypes.ResourceMetaResourcePublicDashboard,
-		func(req *http.Request, orgs []*types.Organization) ([]coretypes.Selector, valuer.UUID, error) {
+		authtypes.RelationRead,
+		dashboardtypes.TypeableMetaResourcePublicDashboard,
+		func(req *http.Request, orgs []*types.Organization) ([]authtypes.Selector, valuer.UUID, error) {
 			id, err := valuer.NewUUID(mux.Vars(req)["id"])
 			if err != nil {
 				return nil, valuer.UUID{}, err
@@ -105,16 +246,16 @@ func (provider *provider) addDashboardRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newAnonymousSecuritySchemes([]string{coretypes.ResourceMetaResourcePublicDashboard.Scope(coretypes.VerbRead)}),
+		SecuritySchemes:     newAnonymousSecuritySchemes([]string{dashboardtypes.TypeableMetaResourcePublicDashboard.Scope(authtypes.RelationRead)}),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
 
 	if err := router.Handle("/api/v1/public/dashboards/{id}/widgets/{idx}/query_range", handler.New(provider.authZ.CheckWithoutClaims(
 		provider.dashboardHandler.GetPublicWidgetQueryRange,
-		authtypes.Relation{Verb: coretypes.VerbRead},
-		coretypes.ResourceMetaResourcePublicDashboard,
-		func(req *http.Request, orgs []*types.Organization) ([]coretypes.Selector, valuer.UUID, error) {
+		authtypes.RelationRead,
+		dashboardtypes.TypeableMetaResourcePublicDashboard,
+		func(req *http.Request, orgs []*types.Organization) ([]authtypes.Selector, valuer.UUID, error) {
 			id, err := valuer.NewUUID(mux.Vars(req)["id"])
 			if err != nil {
 				return nil, valuer.UUID{}, err
@@ -133,7 +274,7 @@ func (provider *provider) addDashboardRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newAnonymousSecuritySchemes([]string{coretypes.ResourceMetaResourcePublicDashboard.Scope(coretypes.VerbRead)}),
+		SecuritySchemes:     newAnonymousSecuritySchemes([]string{dashboardtypes.TypeableMetaResourcePublicDashboard.Scope(authtypes.RelationRead)}),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}

pkg/apiserver/signozapiserver/provider.go

@@ -60,7 +60,6 @@ type provider struct {
 	rawDataExportHandler    rawdataexport.Handler
 	zeusHandler             zeus.Handler
 	querierHandler          querier.Handler
-	serviceAccountModule    serviceaccount.Module
 	serviceAccountHandler   serviceaccount.Handler
 	factoryHandler          factory.Handler
 	cloudIntegrationHandler cloudintegration.Handler
@@ -93,7 +92,6 @@ func NewFactory(
 	rawDataExportHandler rawdataexport.Handler,
 	zeusHandler zeus.Handler,
 	querierHandler querier.Handler,
-	serviceAccountModule serviceaccount.Module,
 	serviceAccountHandler serviceaccount.Handler,
 	factoryHandler factory.Handler,
 	cloudIntegrationHandler cloudintegration.Handler,
@@ -129,7 +127,6 @@ func NewFactory(
 			rawDataExportHandler,
 			zeusHandler,
 			querierHandler,
-			serviceAccountModule,
 			serviceAccountHandler,
 			factoryHandler,
 			cloudIntegrationHandler,
@@ -167,7 +164,6 @@ func newProvider(
 	rawDataExportHandler rawdataexport.Handler,
 	zeusHandler zeus.Handler,
 	querierHandler querier.Handler,
-	serviceAccountModule serviceaccount.Module,
 	serviceAccountHandler serviceaccount.Handler,
 	factoryHandler factory.Handler,
 	cloudIntegrationHandler cloudintegration.Handler,
@@ -203,7 +199,6 @@ func newProvider(
 		rawDataExportHandler:    rawDataExportHandler,
 		zeusHandler:             zeusHandler,
 		querierHandler:          querierHandler,
-		serviceAccountModule:    serviceAccountModule,
 		serviceAccountHandler:   serviceAccountHandler,
 		factoryHandler:          factoryHandler,
 		cloudIntegrationHandler: cloudIntegrationHandler,
@@ -341,7 +336,10 @@ func (provider *provider) AddToRouter(router *mux.Router) error {
 }
 
 func newSecuritySchemes(role types.Role) []handler.OpenAPISecurityScheme {
-	return newScopedSecuritySchemes([]string{role.String()})
+	return []handler.OpenAPISecurityScheme{
+		{Name: authtypes.IdentNProviderAPIKey.StringValue(), Scopes: []string{role.String()}},
+		{Name: authtypes.IdentNProviderTokenizer.StringValue(), Scopes: []string{role.String()}},
+	}
 }
 
 func newAnonymousSecuritySchemes(scopes []string) []handler.OpenAPISecurityScheme {
@@ -349,10 +347,3 @@ func newAnonymousSecuritySchemes(scopes []string) []handler.OpenAPISecuritySchem
 		{Name: authtypes.IdentNProviderAnonymous.StringValue(), Scopes: scopes},
 	}
 }
-
-func newScopedSecuritySchemes(scopes []string) []handler.OpenAPISecurityScheme {
-	return []handler.OpenAPISecurityScheme{
-		{Name: authtypes.IdentNProviderAPIKey.StringValue(), Scopes: scopes},
-		{Name: authtypes.IdentNProviderTokenizer.StringValue(), Scopes: scopes},
-	}
-}

pkg/apiserver/signozapiserver/role.go

@@ -6,7 +6,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/http/handler"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/coretypes"
 	"github.com/gorilla/mux"
 )
 
@@ -69,7 +68,7 @@ func (provider *provider) addRoleRoutes(router *mux.Router) error {
 		Description:         "Gets all objects connected to the specified role via a given relation type",
 		Request:             nil,
 		RequestContentType:  "",
-		Response:            make([]*coretypes.ObjectGroup, 0),
+		Response:            make([]*authtypes.GettableObjects, 0),
 		ResponseContentType: "application/json",
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{http.StatusNotFound, http.StatusNotImplemented, http.StatusUnavailableForLegalReasons},
@@ -101,7 +100,7 @@ func (provider *provider) addRoleRoutes(router *mux.Router) error {
 		Tags:                []string{"role"},
 		Summary:             "Patch objects for a role by relation",
 		Description:         "Patches the objects connected to the specified role via a given relation type",
-		Request:             new(coretypes.PatchableObjects),
+		Request:             new(authtypes.PatchableObjects),
 		RequestContentType:  "",
 		Response:            nil,
 		ResponseContentType: "application/json",

pkg/apiserver/signozapiserver/serviceaccount.go

@@ -4,57 +4,14 @@ import (
 	"net/http"
 
 	"github.com/SigNoz/signoz/pkg/http/handler"
-	"github.com/SigNoz/signoz/pkg/http/middleware"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/coretypes"
 	"github.com/SigNoz/signoz/pkg/types/serviceaccounttypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/gorilla/mux"
 )
 
-var (
-	serviceAccountAdminRoles = []string{
-		authtypes.SigNozAdminRoleName,
-	}
-	serviceAccountReadRoles = []string{
-		authtypes.SigNozAdminRoleName,
-		authtypes.SigNozEditorRoleName,
-		authtypes.SigNozViewerRoleName,
-	}
-)
-
-func serviceAccountCollectionSelectorCallback(_ *http.Request, _ authtypes.Claims) ([]coretypes.Selector, error) {
-	return []coretypes.Selector{
-		coretypes.TypeMetaResources.MustSelector(coretypes.WildCardSelectorString),
-	}, nil
-}
-
-func serviceAccountInstanceSelectorCallback(req *http.Request, _ authtypes.Claims) ([]coretypes.Selector, error) {
-	id := mux.Vars(req)["id"]
-	idSelector, err := coretypes.TypeServiceAccount.Selector(id)
-	if err != nil {
-		return nil, err
-	}
-
-	return []coretypes.Selector{
-		idSelector,
-		coretypes.TypeServiceAccount.MustSelector(coretypes.WildCardSelectorString),
-	}, nil
-}
-
-func (provider *provider) roleAttachSelectorFromPath(req *http.Request, claims authtypes.Claims) ([]coretypes.Selector, error) {
-	roleID, err := valuer.NewUUID(mux.Vars(req)["rid"])
-	if err != nil {
-		return nil, err
-	}
-
-	return provider.serviceAccountModule.RoleAttachSelectors(req.Context(), valuer.MustNewUUID(claims.OrgID), roleID)
-}
-
-
 func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
-	if err := router.Handle("/api/v1/service_accounts", handler.New(provider.authZ.Check(provider.serviceAccountHandler.Create, authtypes.Relation{Verb: coretypes.VerbCreate}, coretypes.ResourceMetaResourcesServiceAccount, serviceAccountCollectionSelectorCallback, serviceAccountAdminRoles), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/service_accounts", handler.New(provider.authZ.AdminAccess(provider.serviceAccountHandler.Create), handler.OpenAPIDef{
 		ID:                  "CreateServiceAccount",
 		Tags:                []string{"serviceaccount"},
 		Summary:             "Create service account",
@@ -66,12 +23,12 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusCreated,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusConflict},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceMetaResourcesServiceAccount.Scope(coretypes.VerbCreate)}),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPost).GetError(); err != nil {
 		return err
 	}
 
-	if err := router.Handle("/api/v1/service_accounts", handler.New(provider.authZ.Check(provider.serviceAccountHandler.List, authtypes.Relation{Verb: coretypes.VerbList}, coretypes.ResourceMetaResourcesServiceAccount, serviceAccountCollectionSelectorCallback, serviceAccountReadRoles), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/service_accounts", handler.New(provider.authZ.AdminAccess(provider.serviceAccountHandler.List), handler.OpenAPIDef{
 		ID:                  "ListServiceAccounts",
 		Tags:                []string{"serviceaccount"},
 		Summary:             "List service accounts",
@@ -83,7 +40,7 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceMetaResourcesServiceAccount.Scope(coretypes.VerbList)}),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -105,7 +62,7 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		return err
 	}
 
-	if err := router.Handle("/api/v1/service_accounts/{id}", handler.New(provider.authZ.Check(provider.serviceAccountHandler.Get, authtypes.Relation{Verb: coretypes.VerbRead}, coretypes.ResourceServiceAccount, serviceAccountInstanceSelectorCallback, serviceAccountReadRoles), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/service_accounts/{id}", handler.New(provider.authZ.AdminAccess(provider.serviceAccountHandler.Get), handler.OpenAPIDef{
 		ID:                  "GetServiceAccount",
 		Tags:                []string{"serviceaccount"},
 		Summary:             "Gets a service account",
@@ -117,12 +74,12 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{http.StatusNotFound},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceServiceAccount.Scope(coretypes.VerbRead)}),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
 
-	if err := router.Handle("/api/v1/service_accounts/{id}/roles", handler.New(provider.authZ.Check(provider.serviceAccountHandler.GetRoles, authtypes.Relation{Verb: coretypes.VerbRead}, coretypes.ResourceServiceAccount, serviceAccountInstanceSelectorCallback, serviceAccountReadRoles), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/service_accounts/{id}/roles", handler.New(provider.authZ.AdminAccess(provider.serviceAccountHandler.GetRoles), handler.OpenAPIDef{
 		ID:                  "GetServiceAccountRoles",
 		Tags:                []string{"serviceaccount"},
 		Summary:             "Gets service account roles",
@@ -134,12 +91,12 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{http.StatusNotFound},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceServiceAccount.Scope(coretypes.VerbRead)}),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
 
-	if err := router.Handle("/api/v1/service_accounts/{id}/roles", handler.New(provider.authZ.Check(provider.serviceAccountHandler.SetRole, authtypes.Relation{Verb: coretypes.VerbAttach}, coretypes.ResourceServiceAccount, serviceAccountInstanceSelectorCallback, serviceAccountAdminRoles), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/service_accounts/{id}/roles", handler.New(provider.authZ.AdminAccess(provider.serviceAccountHandler.SetRole), handler.OpenAPIDef{
 		ID:                  "CreateServiceAccountRole",
 		Tags:                []string{"serviceaccount"},
 		Summary:             "Create service account role",
@@ -151,15 +108,12 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusCreated,
 		ErrorStatusCodes:    []int{http.StatusBadRequest},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceServiceAccount.Scope(coretypes.VerbAttach), coretypes.ResourceRole.Scope(coretypes.VerbAttach)}),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPost).GetError(); err != nil {
 		return err
 	}
 
-	if err := router.Handle("/api/v1/service_accounts/{id}/roles/{rid}", handler.New(provider.authZ.CheckAll(provider.serviceAccountHandler.DeleteRole, []middleware.AuthZCheckGroup{
-		{{Relation: authtypes.Relation{Verb: coretypes.VerbAttach}, Resource: coretypes.ResourceServiceAccount, SelectorCallback: serviceAccountInstanceSelectorCallback, Roles: serviceAccountAdminRoles}},
-		{{Relation: authtypes.Relation{Verb: coretypes.VerbAttach}, Resource: coretypes.ResourceRole, SelectorCallback: provider.roleAttachSelectorFromPath, Roles: serviceAccountAdminRoles}},
-	}), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/service_accounts/{id}/roles/{rid}", handler.New(provider.authZ.AdminAccess(provider.serviceAccountHandler.DeleteRole), handler.OpenAPIDef{
 		ID:                  "DeleteServiceAccountRole",
 		Tags:                []string{"serviceaccount"},
 		Summary:             "Delete service account role",
@@ -171,7 +125,7 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceServiceAccount.Scope(coretypes.VerbAttach), coretypes.ResourceRole.Scope(coretypes.VerbAttach)}),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodDelete).GetError(); err != nil {
 		return err
 	}
@@ -193,7 +147,7 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		return err
 	}
 
-	if err := router.Handle("/api/v1/service_accounts/{id}", handler.New(provider.authZ.Check(provider.serviceAccountHandler.Update, authtypes.Relation{Verb: coretypes.VerbUpdate}, coretypes.ResourceServiceAccount, serviceAccountInstanceSelectorCallback, serviceAccountAdminRoles), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/service_accounts/{id}", handler.New(provider.authZ.AdminAccess(provider.serviceAccountHandler.Update), handler.OpenAPIDef{
 		ID:                  "UpdateServiceAccount",
 		Tags:                []string{"serviceaccount"},
 		Summary:             "Updates a service account",
@@ -205,12 +159,12 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusNotFound, http.StatusBadRequest},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceServiceAccount.Scope(coretypes.VerbUpdate)}),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPut).GetError(); err != nil {
 		return err
 	}
 
-	if err := router.Handle("/api/v1/service_accounts/{id}", handler.New(provider.authZ.Check(provider.serviceAccountHandler.Delete, authtypes.Relation{Verb: coretypes.VerbDelete}, coretypes.ResourceServiceAccount, serviceAccountInstanceSelectorCallback, serviceAccountAdminRoles), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/service_accounts/{id}", handler.New(provider.authZ.AdminAccess(provider.serviceAccountHandler.Delete), handler.OpenAPIDef{
 		ID:                  "DeleteServiceAccount",
 		Tags:                []string{"serviceaccount"},
 		Summary:             "Deletes a service account",
@@ -222,12 +176,12 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusNotFound},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceServiceAccount.Scope(coretypes.VerbDelete)}),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodDelete).GetError(); err != nil {
 		return err
 	}
 
-	if err := router.Handle("/api/v1/service_accounts/{id}/keys", handler.New(provider.authZ.Check(provider.serviceAccountHandler.CreateFactorAPIKey, authtypes.Relation{Verb: coretypes.VerbUpdate}, coretypes.ResourceServiceAccount, serviceAccountInstanceSelectorCallback, serviceAccountAdminRoles), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/service_accounts/{id}/keys", handler.New(provider.authZ.AdminAccess(provider.serviceAccountHandler.CreateFactorAPIKey), handler.OpenAPIDef{
 		ID:                  "CreateServiceAccountKey",
 		Tags:                []string{"serviceaccount"},
 		Summary:             "Create a service account key",
@@ -239,12 +193,12 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusCreated,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusConflict},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceServiceAccount.Scope(coretypes.VerbUpdate)}),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPost).GetError(); err != nil {
 		return err
 	}
 
-	if err := router.Handle("/api/v1/service_accounts/{id}/keys", handler.New(provider.authZ.Check(provider.serviceAccountHandler.ListFactorAPIKey, authtypes.Relation{Verb: coretypes.VerbRead}, coretypes.ResourceServiceAccount, serviceAccountInstanceSelectorCallback, serviceAccountReadRoles), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/service_accounts/{id}/keys", handler.New(provider.authZ.AdminAccess(provider.serviceAccountHandler.ListFactorAPIKey), handler.OpenAPIDef{
 		ID:                  "ListServiceAccountKeys",
 		Tags:                []string{"serviceaccount"},
 		Summary:             "List service account keys",
@@ -256,12 +210,12 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceServiceAccount.Scope(coretypes.VerbRead)}),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
 
-	if err := router.Handle("/api/v1/service_accounts/{id}/keys/{fid}", handler.New(provider.authZ.Check(provider.serviceAccountHandler.UpdateFactorAPIKey, authtypes.Relation{Verb: coretypes.VerbUpdate}, coretypes.ResourceServiceAccount, serviceAccountInstanceSelectorCallback, serviceAccountAdminRoles), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/service_accounts/{id}/keys/{fid}", handler.New(provider.authZ.AdminAccess(provider.serviceAccountHandler.UpdateFactorAPIKey), handler.OpenAPIDef{
 		ID:                  "UpdateServiceAccountKey",
 		Tags:                []string{"serviceaccount"},
 		Summary:             "Updates a service account key",
@@ -273,12 +227,12 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceServiceAccount.Scope(coretypes.VerbUpdate)}),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPut).GetError(); err != nil {
 		return err
 	}
 
-	if err := router.Handle("/api/v1/service_accounts/{id}/keys/{fid}", handler.New(provider.authZ.Check(provider.serviceAccountHandler.RevokeFactorAPIKey, authtypes.Relation{Verb: coretypes.VerbUpdate}, coretypes.ResourceServiceAccount, serviceAccountInstanceSelectorCallback, serviceAccountAdminRoles), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/service_accounts/{id}/keys/{fid}", handler.New(provider.authZ.AdminAccess(provider.serviceAccountHandler.RevokeFactorAPIKey), handler.OpenAPIDef{
 		ID:                  "RevokeServiceAccountKey",
 		Tags:                []string{"serviceaccount"},
 		Summary:             "Revoke a service account key",
@@ -290,7 +244,7 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusNotFound},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceServiceAccount.Scope(coretypes.VerbUpdate)}),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodDelete).GetError(); err != nil {
 		return err
 	}

pkg/auditor/auditorserver/server_test.go

@@ -11,7 +11,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/instrumentation/instrumentationtest"
 	"github.com/SigNoz/signoz/pkg/types/audittypes"
-	"github.com/SigNoz/signoz/pkg/types/coretypes"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -20,16 +19,16 @@ func newTestSettings() factory.ScopedProviderSettings {
 	return factory.NewScopedProviderSettings(instrumentationtest.New().ToProviderSettings(), "auditorserver_test")
 }
 
-func newTestEvent(resource string, action coretypes.Verb) audittypes.AuditEvent {
+func newTestEvent(resource string, action audittypes.Action) audittypes.AuditEvent {
 	return audittypes.AuditEvent{
 		Timestamp: time.Now(),
-		EventName: audittypes.NewEventName(coretypes.MustNewKind(resource), action),
+		EventName: audittypes.NewEventName(resource, action),
 		AuditAttributes: audittypes.AuditAttributes{
 			Action:  action,
 			Outcome: audittypes.OutcomeSuccess,
 		},
 		ResourceAttributes: audittypes.ResourceAttributes{
-			ResourceKind: coretypes.MustNewKind(resource),
+			ResourceKind: resource,
 		},
 	}
 }
@@ -84,7 +83,7 @@ func TestAdd_FlushesOnBatchSize(t *testing.T) {
 	go func() { _ = server.Start(ctx) }()
 
 	for i := 0; i < 3; i++ {
-		server.Add(ctx, newTestEvent("dashboard", coretypes.VerbCreate))
+		server.Add(ctx, newTestEvent("dashboard", audittypes.ActionCreate))
 	}
 
 	assert.Eventually(t, func() bool {
@@ -113,7 +112,7 @@ func TestAdd_FlushesOnInterval(t *testing.T) {
 
 	go func() { _ = server.Start(ctx) }()
 
-	server.Add(ctx, newTestEvent("user", coretypes.VerbUpdate))
+	server.Add(ctx, newTestEvent("user", audittypes.ActionUpdate))
 
 	assert.Eventually(t, func() bool {
 		return exported.Load() == 1
@@ -131,9 +130,9 @@ func TestAdd_DropsWhenBufferFull(t *testing.T) {
 
 	ctx := context.Background()
 
-	server.Add(ctx, newTestEvent("dashboard", coretypes.VerbCreate))
-	server.Add(ctx, newTestEvent("dashboard", coretypes.VerbUpdate))
-	server.Add(ctx, newTestEvent("dashboard", coretypes.VerbDelete))
+	server.Add(ctx, newTestEvent("dashboard", audittypes.ActionCreate))
+	server.Add(ctx, newTestEvent("dashboard", audittypes.ActionUpdate))
+	server.Add(ctx, newTestEvent("dashboard", audittypes.ActionDelete))
 
 	assert.Equal(t, 2, server.queueLen())
 }
@@ -156,7 +155,7 @@ func TestStop_DrainsRemainingEvents(t *testing.T) {
 	go func() { _ = server.Start(ctx) }()
 
 	for i := 0; i < 5; i++ {
-		server.Add(ctx, newTestEvent("alert-rule", coretypes.VerbCreate))
+		server.Add(ctx, newTestEvent("alert-rule", audittypes.ActionCreate))
 	}
 
 	require.NoError(t, server.Stop(ctx))
@@ -181,8 +180,8 @@ func TestAdd_ContinuesAfterExportFailure(t *testing.T) {
 
 	go func() { _ = server.Start(ctx) }()
 
-	server.Add(ctx, newTestEvent("user", coretypes.VerbDelete))
-	server.Add(ctx, newTestEvent("user", coretypes.VerbDelete))
+	server.Add(ctx, newTestEvent("user", audittypes.ActionDelete))
+	server.Add(ctx, newTestEvent("user", audittypes.ActionDelete))
 
 	assert.Eventually(t, func() bool {
 		return calls.Load() >= 1
@@ -213,7 +212,7 @@ func TestAdd_ConcurrentSafety(t *testing.T) {
 		wg.Add(1)
 		go func() {
 			defer wg.Done()
-			server.Add(ctx, newTestEvent("dashboard", coretypes.VerbCreate))
+			server.Add(ctx, newTestEvent("dashboard", audittypes.ActionCreate))
 		}()
 	}
 	wg.Wait()

pkg/authz/authz.go

@@ -6,7 +6,6 @@ import (
 
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/coretypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	openfgav1 "github.com/openfga/api/proto/openfga/v1"
 )
@@ -15,10 +14,10 @@ type AuthZ interface {
 	factory.ServiceWithHealthy
 
 	// CheckWithTupleCreation takes upon the responsibility for generating the tuples alongside everything Check does.
-	CheckWithTupleCreation(context.Context, authtypes.Claims, valuer.UUID, authtypes.Relation, coretypes.Resource, []coretypes.Selector, []coretypes.Selector) error
+	CheckWithTupleCreation(context.Context, authtypes.Claims, valuer.UUID, authtypes.Relation, authtypes.Typeable, []authtypes.Selector, []authtypes.Selector) error
 
 	// CheckWithTupleCreationWithoutClaims checks permissions for anonymous users.
-	CheckWithTupleCreationWithoutClaims(context.Context, valuer.UUID, authtypes.Relation, coretypes.Resource, []coretypes.Selector, []coretypes.Selector) error
+	CheckWithTupleCreationWithoutClaims(context.Context, valuer.UUID, authtypes.Relation, authtypes.Typeable, []authtypes.Selector, []authtypes.Selector) error
 
 	// BatchCheck accepts a map of ID → tuple and returns a map of ID → authorization result.
 	BatchCheck(context.Context, map[string]*openfgav1.TupleKey) (map[string]*authtypes.TupleKeyAuthorization, error)
@@ -31,7 +30,7 @@ type AuthZ interface {
 	Write(context.Context, []*openfgav1.TupleKey, []*openfgav1.TupleKey) error
 
 	// Lists the selectors for objects assigned to subject (s) with relation (r) on resource (s)
-	ListObjects(context.Context, string, authtypes.Relation, coretypes.Type) ([]*coretypes.Object, error)
+	ListObjects(context.Context, string, authtypes.Relation, authtypes.Type) ([]*authtypes.Object, error)
 
 	// Creates the role.
 	Create(context.Context, valuer.UUID, *authtypes.Role) error
@@ -40,13 +39,16 @@ type AuthZ interface {
 	GetOrCreate(context.Context, valuer.UUID, *authtypes.Role) (*authtypes.Role, error)
 
 	// Gets the objects associated with the given role and relation.
-	GetObjects(context.Context, valuer.UUID, valuer.UUID, authtypes.Relation) ([]*coretypes.Object, error)
+	GetObjects(context.Context, valuer.UUID, valuer.UUID, authtypes.Relation) ([]*authtypes.Object, error)
+
+	// Gets all the typeable resources registered from role registry.
+	GetResources(context.Context) []*authtypes.Resource
 
 	// Patches the role.
 	Patch(context.Context, valuer.UUID, *authtypes.Role) error
 
 	// Patches the objects in authorization server associated with the given role and relation
-	PatchObjects(context.Context, valuer.UUID, string, authtypes.Relation, []*coretypes.Object, []*coretypes.Object) error
+	PatchObjects(context.Context, valuer.UUID, string, authtypes.Relation, []*authtypes.Object, []*authtypes.Object) error
 
 	// Deletes the role and tuples in authorization server.
 	Delete(context.Context, valuer.UUID, valuer.UUID) error
@@ -88,6 +90,12 @@ type AuthZ interface {
 // OnBeforeRoleDelete is a callback invoked before a role is deleted.
 type OnBeforeRoleDelete func(context.Context, valuer.UUID, valuer.UUID) error
 
+type RegisterTypeable interface {
+	MustGetTypeables() []authtypes.Typeable
+
+	MustGetManagedRoleTransactions() map[string][]*authtypes.Transaction
+}
+
 type Handler interface {
 	Create(http.ResponseWriter, *http.Request)
 
@@ -95,6 +103,8 @@ type Handler interface {
 
 	GetObjects(http.ResponseWriter, *http.Request)
 
+	GetResources(http.ResponseWriter, *http.Request)
+
 	List(http.ResponseWriter, *http.Request)
 
 	Patch(http.ResponseWriter, *http.Request)

pkg/authz/config.go

@@ -25,7 +25,7 @@ func newConfig() factory.Config {
 	return &Config{
 		Provider: "openfga",
 		OpenFGA: OpenFGAConfig{
-			MaxTuplesPerWrite: 300,
+			MaxTuplesPerWrite: 100,
 		},
 	}
 }

pkg/authz/openfgaauthz/provider.go

@@ -8,7 +8,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/authz/openfgaserver"
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/coretypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 
 	"github.com/SigNoz/signoz/pkg/factory"
@@ -19,27 +18,31 @@ import (
 )
 
 type provider struct {
-	server   *openfgaserver.Server
-	store    authtypes.RoleStore
-	registry *authtypes.Registry
+	server                    *openfgaserver.Server
+	store                     authtypes.RoleStore
+	registry                  []authz.RegisterTypeable
+	managedRolesByTransaction map[string][]string
 }
 
-func NewProviderFactory(sqlstore sqlstore.SQLStore, openfgaSchema []openfgapkgtransformer.ModuleFile, openfgaDataStore storage.OpenFGADatastore, registry *authtypes.Registry) factory.ProviderFactory[authz.AuthZ, authz.Config] {
+func NewProviderFactory(sqlstore sqlstore.SQLStore, openfgaSchema []openfgapkgtransformer.ModuleFile, openfgaDataStore storage.OpenFGADatastore, registry ...authz.RegisterTypeable) factory.ProviderFactory[authz.AuthZ, authz.Config] {
 	return factory.NewProviderFactory(factory.MustNewName("openfga"), func(ctx context.Context, ps factory.ProviderSettings, config authz.Config) (authz.AuthZ, error) {
 		return newOpenfgaProvider(ctx, ps, config, sqlstore, openfgaSchema, openfgaDataStore, registry)
 	})
 }
 
-func newOpenfgaProvider(ctx context.Context, settings factory.ProviderSettings, config authz.Config, sqlstore sqlstore.SQLStore, openfgaSchema []openfgapkgtransformer.ModuleFile, openfgaDataStore storage.OpenFGADatastore, registry *authtypes.Registry) (authz.AuthZ, error) {
+func newOpenfgaProvider(ctx context.Context, settings factory.ProviderSettings, config authz.Config, sqlstore sqlstore.SQLStore, openfgaSchema []openfgapkgtransformer.ModuleFile, openfgaDataStore storage.OpenFGADatastore, registry []authz.RegisterTypeable) (authz.AuthZ, error) {
 	server, err := openfgaserver.NewOpenfgaServer(ctx, settings, config, sqlstore, openfgaSchema, openfgaDataStore)
 	if err != nil {
 		return nil, err
 	}
 
+	managedRolesByTransaction := buildManagedRolesByTransaction(registry)
+
 	return &provider{
-		server:   server,
-		store:    sqlauthzstore.NewSqlAuthzStore(sqlstore),
-		registry: registry,
+		server:                    server,
+		store:                     sqlauthzstore.NewSqlAuthzStore(sqlstore),
+		registry:                  registry,
+		managedRolesByTransaction: managedRolesByTransaction,
 	}, nil
 }
 
@@ -59,11 +62,11 @@ func (provider *provider) BatchCheck(ctx context.Context, tupleReq map[string]*o
 	return provider.server.BatchCheck(ctx, tupleReq)
 }
 
-func (provider *provider) CheckWithTupleCreation(ctx context.Context, claims authtypes.Claims, orgID valuer.UUID, relation authtypes.Relation, typeable coretypes.Resource, selectors []coretypes.Selector, roleSelectors []coretypes.Selector) error {
+func (provider *provider) CheckWithTupleCreation(ctx context.Context, claims authtypes.Claims, orgID valuer.UUID, relation authtypes.Relation, typeable authtypes.Typeable, selectors []authtypes.Selector, roleSelectors []authtypes.Selector) error {
 	return provider.server.CheckWithTupleCreation(ctx, claims, orgID, relation, typeable, selectors, roleSelectors)
 }
 
-func (provider *provider) CheckWithTupleCreationWithoutClaims(ctx context.Context, orgID valuer.UUID, relation authtypes.Relation, typeable coretypes.Resource, selectors []coretypes.Selector, roleSelectors []coretypes.Selector) error {
+func (provider *provider) CheckWithTupleCreationWithoutClaims(ctx context.Context, orgID valuer.UUID, relation authtypes.Relation, typeable authtypes.Typeable, selectors []authtypes.Selector, roleSelectors []authtypes.Selector) error {
 	return provider.server.CheckWithTupleCreationWithoutClaims(ctx, orgID, relation, typeable, selectors, roleSelectors)
 }
 
@@ -75,7 +78,7 @@ func (provider *provider) ReadTuples(ctx context.Context, tupleKey *openfgav1.Re
 	return provider.server.ReadTuples(ctx, tupleKey)
 }
 
-func (provider *provider) ListObjects(ctx context.Context, subject string, relation authtypes.Relation, objectType coretypes.Type) ([]*coretypes.Object, error) {
+func (provider *provider) ListObjects(ctx context.Context, subject string, relation authtypes.Relation, objectType authtypes.Type) ([]*authtypes.Object, error) {
 	return provider.server.ListObjects(ctx, subject, relation, objectType)
 }
 
@@ -100,14 +103,22 @@ func (provider *provider) ListByOrgIDAndIDs(ctx context.Context, orgID valuer.UU
 }
 
 func (provider *provider) Grant(ctx context.Context, orgID valuer.UUID, names []string, subject string) error {
-	selectors := make([]coretypes.Selector, len(names))
+	selectors := make([]authtypes.Selector, len(names))
 	for idx, name := range names {
-		selectors[idx] = coretypes.TypeRole.MustSelector(name)
+		selectors[idx] = authtypes.MustNewSelector(authtypes.TypeRole, name)
 	}
 
-	tuples := authtypes.NewTuples(coretypes.NewResourceRole(), subject, authtypes.Relation{Verb: coretypes.VerbAssignee}, selectors, orgID)
+	tuples, err := authtypes.TypeableRole.Tuples(
+		subject,
+		authtypes.RelationAssignee,
+		selectors,
+		orgID,
+	)
+	if err != nil {
+		return err
+	}
 
-	err := provider.Write(ctx, tuples, nil)
+	err = provider.Write(ctx, tuples, nil)
 	if err != nil {
 		return errors.WithAdditionalf(err, "failed to grant roles: %v to subject: %s", names, subject)
 	}
@@ -130,14 +141,22 @@ func (provider *provider) ModifyGrant(ctx context.Context, orgID valuer.UUID, ex
 }
 
 func (provider *provider) Revoke(ctx context.Context, orgID valuer.UUID, names []string, subject string) error {
-	selectors := make([]coretypes.Selector, len(names))
+	selectors := make([]authtypes.Selector, len(names))
 	for idx, name := range names {
-		selectors[idx] = coretypes.TypeRole.MustSelector(name)
+		selectors[idx] = authtypes.MustNewSelector(authtypes.TypeRole, name)
 	}
 
-	tuples := authtypes.NewTuples(coretypes.NewResourceRole(), subject, authtypes.Relation{Verb: coretypes.VerbAssignee}, selectors, orgID)
+	tuples, err := authtypes.TypeableRole.Tuples(
+		subject,
+		authtypes.RelationAssignee,
+		selectors,
+		orgID,
+	)
+	if err != nil {
+		return err
+	}
 
-	err := provider.Write(ctx, nil, tuples)
+	err = provider.Write(ctx, nil, tuples)
 	if err != nil {
 		return errors.WithAdditionalf(err, "failed to revoke roles: %v to subject: %s", names, subject)
 	}
@@ -165,7 +184,7 @@ func (provider *provider) CreateManagedRoles(ctx context.Context, _ valuer.UUID,
 }
 
 func (provider *provider) CreateManagedUserRoleTransactions(ctx context.Context, orgID valuer.UUID, userID valuer.UUID) error {
-	return provider.Grant(ctx, orgID, []string{authtypes.SigNozAdminRoleName}, authtypes.MustNewSubject(coretypes.NewResourceUser(), userID.String(), orgID, nil))
+	return provider.Grant(ctx, orgID, []string{authtypes.SigNozAdminRoleName}, authtypes.MustNewSubject(authtypes.TypeableUser, userID.String(), orgID, nil))
 }
 
 func (setter *provider) Create(_ context.Context, _ valuer.UUID, _ *authtypes.Role) error {
@@ -176,7 +195,11 @@ func (provider *provider) GetOrCreate(_ context.Context, _ valuer.UUID, _ *autht
 	return nil, errors.Newf(errors.TypeUnsupported, authtypes.ErrCodeRoleUnsupported, "not implemented")
 }
 
-func (provider *provider) GetObjects(ctx context.Context, orgID valuer.UUID, id valuer.UUID, relation authtypes.Relation) ([]*coretypes.Object, error) {
+func (provider *provider) GetResources(_ context.Context) []*authtypes.Resource {
+	return []*authtypes.Resource{}
+}
+
+func (provider *provider) GetObjects(ctx context.Context, orgID valuer.UUID, id valuer.UUID, relation authtypes.Relation) ([]*authtypes.Object, error) {
 	return nil, errors.Newf(errors.TypeUnsupported, authtypes.ErrCodeRoleUnsupported, "not implemented")
 }
 
@@ -184,7 +207,7 @@ func (provider *provider) Patch(_ context.Context, _ valuer.UUID, _ *authtypes.R
 	return errors.Newf(errors.TypeUnsupported, authtypes.ErrCodeRoleUnsupported, "not implemented")
 }
 
-func (provider *provider) PatchObjects(_ context.Context, _ valuer.UUID, _ string, _ authtypes.Relation, _, _ []*coretypes.Object) error {
+func (provider *provider) PatchObjects(_ context.Context, _ valuer.UUID, _ string, _ authtypes.Relation, _, _ []*authtypes.Object) error {
 	return errors.Newf(errors.TypeUnsupported, authtypes.ErrCodeRoleUnsupported, "not implemented")
 }
 
@@ -197,7 +220,7 @@ func (provider *provider) CheckTransactions(ctx context.Context, subject string,
 		return make([]*authtypes.TransactionWithAuthorization, 0), nil
 	}
 
-	tuples, preResolved, roleCorrelations, err := authtypes.NewTuplesFromTransactionsWithManagedRoles(transactions, subject, orgID, provider.registry.ManagedRolesByTransaction())
+	tuples, preResolved, roleCorrelations, err := authtypes.NewTuplesFromTransactionsWithManagedRoles(transactions, subject, orgID, provider.managedRolesByTransaction)
 	if err != nil {
 		return nil, err
 	}
@@ -213,3 +236,21 @@ func (provider *provider) CheckTransactions(ctx context.Context, subject string,
 
 	return authtypes.NewTransactionWithAuthorizationFromBatchResults(transactions, batchResults, preResolved, roleCorrelations), nil
 }
+
+func buildManagedRolesByTransaction(registry []authz.RegisterTypeable) map[string][]string {
+	managedRolesByTransaction := make(map[string][]string)
+	for _, register := range registry {
+		for roleName, transactions := range register.MustGetManagedRoleTransactions() {
+			for _, txn := range transactions {
+				key := txn.TransactionKey()
+				managedRolesByTransaction[key] = append(managedRolesByTransaction[key], roleName)
+			}
+		}
+	}
+
+	return managedRolesByTransaction
+}
+
+func (provider *provider) MustGetTypeables() []authtypes.Typeable {
+	return nil
+}

pkg/authz/openfgaschema/base.fga

@@ -8,7 +8,7 @@ type role
   relations
     define assignee: [user, serviceaccount]
 
-type organization 
+type organisation 
   relations
     define create: [role#assignee]
     define read: [role#assignee]

pkg/authz/openfgaserver/server.go

@@ -8,7 +8,6 @@ import (
 	authz "github.com/SigNoz/signoz/pkg/authz"
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/coretypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 
 	"github.com/SigNoz/signoz/pkg/factory"
@@ -142,18 +141,18 @@ func (server *Server) BatchCheck(ctx context.Context, tupleReq map[string]*openf
 	return response, nil
 }
 
-func (server *Server) CheckWithTupleCreation(ctx context.Context, claims authtypes.Claims, orgID valuer.UUID, _ authtypes.Relation, _ coretypes.Resource, _ []coretypes.Selector, roleSelectors []coretypes.Selector) error {
+func (server *Server) CheckWithTupleCreation(ctx context.Context, claims authtypes.Claims, orgID valuer.UUID, _ authtypes.Relation, _ authtypes.Typeable, _ []authtypes.Selector, roleSelectors []authtypes.Selector) error {
 	subject := ""
 	switch claims.Principal {
 	case authtypes.PrincipalUser:
-		user, err := authtypes.NewSubject(coretypes.NewResourceUser(), claims.UserID, orgID, nil)
+		user, err := authtypes.NewSubject(authtypes.TypeableUser, claims.UserID, orgID, nil)
 		if err != nil {
 			return err
 		}
 
 		subject = user
 	case authtypes.PrincipalServiceAccount:
-		serviceAccount, err := authtypes.NewSubject(coretypes.NewResourceServiceAccount(), claims.ServiceAccountID, orgID, nil)
+		serviceAccount, err := authtypes.NewSubject(authtypes.TypeableServiceAccount, claims.ServiceAccountID, orgID, nil)
 		if err != nil {
 			return err
 		}
@@ -161,7 +160,10 @@ func (server *Server) CheckWithTupleCreation(ctx context.Context, claims authtyp
 		subject = serviceAccount
 	}
 
-	tupleSlice := authtypes.NewTuples(coretypes.NewResourceRole(), subject, authtypes.Relation{Verb: coretypes.VerbAssignee}, roleSelectors, orgID)
+	tupleSlice, err := authtypes.TypeableRole.Tuples(subject, authtypes.RelationAssignee, roleSelectors, orgID)
+	if err != nil {
+		return err
+	}
 
 	// Convert slice to map with generated IDs for internal use
 	tuples := make(map[string]*openfgav1.TupleKey, len(tupleSlice))
@@ -183,13 +185,16 @@ func (server *Server) CheckWithTupleCreation(ctx context.Context, claims authtyp
 	return errors.Newf(errors.TypeForbidden, authtypes.ErrCodeAuthZForbidden, "subjects are not authorized for requested access")
 }
 
-func (server *Server) CheckWithTupleCreationWithoutClaims(ctx context.Context, orgID valuer.UUID, _ authtypes.Relation, _ coretypes.Resource, _ []coretypes.Selector, roleSelectors []coretypes.Selector) error {
-	subject, err := authtypes.NewSubject(coretypes.NewResourceAnonymous(), coretypes.AnonymousUser.String(), orgID, nil)
+func (server *Server) CheckWithTupleCreationWithoutClaims(ctx context.Context, orgID valuer.UUID, _ authtypes.Relation, _ authtypes.Typeable, _ []authtypes.Selector, roleSelectors []authtypes.Selector) error {
+	subject, err := authtypes.NewSubject(authtypes.TypeableAnonymous, authtypes.AnonymousUser.String(), orgID, nil)
 	if err != nil {
 		return err
 	}
 
-	tupleSlice := authtypes.NewTuples(coretypes.NewResourceRole(), subject, authtypes.Relation{Verb: coretypes.VerbAssignee}, roleSelectors, orgID)
+	tupleSlice, err := authtypes.TypeableRole.Tuples(subject, authtypes.RelationAssignee, roleSelectors, orgID)
+	if err != nil {
+		return err
+	}
 
 	// Convert slice to map with generated IDs for internal use
 	tuples := make(map[string]*openfgav1.TupleKey, len(tupleSlice))
@@ -288,7 +293,7 @@ func (server *Server) ReadTuples(ctx context.Context, tupleKey *openfgav1.ReadRe
 	return tuples, nil
 }
 
-func (server *Server) ListObjects(ctx context.Context, subject string, relation authtypes.Relation, objectType coretypes.Type) ([]*coretypes.Object, error) {
+func (server *Server) ListObjects(ctx context.Context, subject string, relation authtypes.Relation, objectType authtypes.Type) ([]*authtypes.Object, error) {
 	storeID, modelID := server.getStoreIDandModelID()
 	response, err := server.openfgaServer.ListObjects(ctx, &openfgav1.ListObjectsRequest{
 		StoreId:              storeID,
@@ -301,7 +306,7 @@ func (server *Server) ListObjects(ctx context.Context, subject string, relation
 		return nil, errors.Wrapf(err, errors.TypeInternal, authtypes.ErrCodeAuthZUnavailable, "cannot list objects for subject %s with relation %s for type %s", subject, relation.StringValue(), objectType.StringValue())
 	}
 
-	return coretypes.MustNewObjectsFromStringSlice(response.Objects), nil
+	return authtypes.MustNewObjectsFromStringSlice(response.Objects), nil
 }
 
 func (server *Server) getOrCreateStore(ctx context.Context, name string) (string, error) {

pkg/authz/openfgaserver/server_test.go

@@ -18,7 +18,7 @@ func TestProviderStartStop(t *testing.T) {
 	providerSettings := instrumentationtest.New().ToProviderSettings()
 	sqlstore := sqlstoretest.New(sqlstore.Config{Provider: "sqlite"}, sqlmock.QueryMatcherRegexp)
 
-	openfgaDataStore, err := NewSQLStore(sqlstore, authz.Config{OpenFGA: authz.OpenFGAConfig{MaxTuplesPerWrite: 100}})
+	openfgaDataStore, err := NewSQLStore(sqlstore)
 	require.NoError(t, err)
 
 	expectedModel := `module base 

pkg/authz/openfgaserver/sqlstore.go

@@ -1,7 +1,6 @@
 package openfgaserver
 
 import (
-	"github.com/SigNoz/signoz/pkg/authz"
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
 	"github.com/openfga/openfga/pkg/storage"
@@ -9,11 +8,11 @@ import (
 	"github.com/openfga/openfga/pkg/storage/sqlite"
 )
 
-func NewSQLStore(store sqlstore.SQLStore, config authz.Config) (storage.OpenFGADatastore, error) {
+func NewSQLStore(store sqlstore.SQLStore) (storage.OpenFGADatastore, error) {
 	switch store.BunDB().Dialect().Name().String() {
 	case "sqlite":
 		return sqlite.NewWithDB(store.SQLDB(), &sqlcommon.Config{
-			MaxTuplesPerWriteField: config.OpenFGA.MaxTuplesPerWrite,
+			MaxTuplesPerWriteField: 100,
 			MaxTypesPerModelField:  100,
 		})
 

pkg/authz/signozauthzapi/handler.go

@@ -9,7 +9,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/http/render"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/coretypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/gorilla/mux"
 )
@@ -98,20 +97,25 @@ func (handler *handler) GetObjects(rw http.ResponseWriter, r *http.Request) {
 		render.Error(rw, errors.New(errors.TypeInvalidInput, authtypes.ErrCodeRoleInvalidInput, "relation is missing from the request"))
 		return
 	}
-
-	relation, err := coretypes.NewVerb(relationStr)
+	relation, err := authtypes.NewRelation(relationStr)
 	if err != nil {
 		render.Error(rw, err)
 		return
 	}
 
-	objects, err := handler.authz.GetObjects(ctx, valuer.MustNewUUID(claims.OrgID), roleID, authtypes.Relation{Verb: relation})
+	objects, err := handler.authz.GetObjects(ctx, valuer.MustNewUUID(claims.OrgID), roleID, relation)
 	if err != nil {
 		render.Error(rw, err)
 		return
 	}
 
-	render.Success(rw, http.StatusOK, coretypes.NewObjectGroupsFromObjects(objects))
+	render.Success(rw, http.StatusOK, authtypes.NewGettableObjects(objects))
+}
+
+func (handler *handler) GetResources(rw http.ResponseWriter, r *http.Request) {
+	resources := handler.authz.GetResources(r.Context())
+
+	render.Success(rw, http.StatusOK, authtypes.NewGettableResources(resources))
 }
 
 func (handler *handler) List(rw http.ResponseWriter, r *http.Request) {
@@ -186,7 +190,7 @@ func (handler *handler) PatchObjects(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	relation, err := coretypes.NewVerb(mux.Vars(r)["relation"])
+	relation, err := authtypes.NewRelation(mux.Vars(r)["relation"])
 	if err != nil {
 		render.Error(rw, err)
 		return
@@ -203,19 +207,19 @@ func (handler *handler) PatchObjects(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	req := new(coretypes.PatchableObjects)
+	req := new(authtypes.PatchableObjects)
 	if err := binding.JSON.BindBody(r.Body, req); err != nil {
 		render.Error(rw, err)
 		return
 	}
 
-	additions, deletions, err := coretypes.NewPatchableObjects(req.Additions, req.Deletions, relation)
+	additions, deletions, err := authtypes.NewPatchableObjects(req.Additions, req.Deletions, relation)
 	if err != nil {
 		render.Error(rw, err)
 		return
 	}
 
-	err = handler.authz.PatchObjects(ctx, valuer.MustNewUUID(claims.OrgID), role.Name, authtypes.Relation{Verb: relation}, additions, deletions)
+	err = handler.authz.PatchObjects(ctx, valuer.MustNewUUID(claims.OrgID), role.Name, relation, additions, deletions)
 	if err != nil {
 		render.Error(rw, err)
 		return
@@ -262,7 +266,7 @@ func (handler *handler) Check(rw http.ResponseWriter, r *http.Request) {
 	}
 
 	orgID := valuer.MustNewUUID(claims.OrgID)
-	subject, err := authtypes.NewSubject(coretypes.NewResourceUser(), claims.UserID, orgID, nil)
+	subject, err := authtypes.NewSubject(authtypes.TypeableUser, claims.UserID, orgID, nil)
 	if err != nil {
 		render.Error(rw, err)
 		return

pkg/factory/registry_test.go

@@ -171,7 +171,7 @@ func TestAwaitHealthy(t *testing.T) {
 func TestAwaitHealthyWithFailure(t *testing.T) {
 	s1 := &failingHealthyService{
 		healthyC: make(chan struct{}),
-		err:      errors.Newf(errors.TypeInternal, errors.CodeInternal, "startup failed"),
+		err:      errors.Newf(errors.TypeInternal, errors.CodeInternal,"startup failed"),
 	}
 
 	registry, err := NewRegistry(context.Background(), slog.New(slog.DiscardHandler), NewNamedService(MustNewName("s1"), s1))
@@ -245,7 +245,7 @@ func TestDependsOnStartsAfterDependency(t *testing.T) {
 func TestDependsOnFailsWhenDependencyFails(t *testing.T) {
 	s1 := &failingHealthyService{
 		healthyC: make(chan struct{}),
-		err:      errors.Newf(errors.TypeInternal, errors.CodeInternal, "s1 crashed"),
+		err:      errors.Newf(errors.TypeInternal, errors.CodeInternal,"s1 crashed"),
 	}
 	s2 := newTestService(t)
 
@@ -291,7 +291,7 @@ func TestDependsOnUnknownServiceIsIgnored(t *testing.T) {
 func TestServiceStateFailed(t *testing.T) {
 	s1 := &failingHealthyService{
 		healthyC: make(chan struct{}),
-		err:      errors.Newf(errors.TypeInternal, errors.CodeInternal, "fatal error"),
+		err:      errors.Newf(errors.TypeInternal, errors.CodeInternal,"fatal error"),
 	}
 
 	registry, err := NewRegistry(context.Background(), slog.New(slog.DiscardHandler), NewNamedService(MustNewName("s1"), s1))

pkg/http/binding/query_test.go

@@ -15,24 +15,12 @@ func TestQueryBinding_BindQuery(t *testing.T) {
 		obj      any
 		expected any
 	}{
-		{name: "SingleIntField_NonEmptyValue", query: map[string][]string{"a": {"1"}}, obj: &struct {
-			A int `query:"a"`
-		}{}, expected: &struct{ A int }{A: 1}},
-		{name: "SingleIntField_EmptyValue", query: map[string][]string{"a": {""}}, obj: &struct {
-			A int `query:"a"`
-		}{}, expected: &struct{ A int }{A: 0}},
-		{name: "SingleIntField_MissingField", query: map[string][]string{}, obj: &struct {
-			A int `query:"a"`
-		}{}, expected: &struct{ A int }{A: 0}},
-		{name: "SinglePointerIntField_NonEmptyValue", query: map[string][]string{"a": {"1"}}, obj: &struct {
-			A *int `query:"a"`
-		}{}, expected: &struct{ A *int }{A: &one}},
-		{name: "SinglePointerIntField_EmptyValue", query: map[string][]string{"a": {""}}, obj: &struct {
-			A *int `query:"a"`
-		}{}, expected: &struct{ A *int }{A: &zero}},
-		{name: "SinglePointerIntField_MissingField", query: map[string][]string{}, obj: &struct {
-			A *int `query:"a"`
-		}{}, expected: &struct{ A *int }{A: nil}},
+		{name: "SingleIntField_NonEmptyValue", query: map[string][]string{"a": {"1"}}, obj: &struct{A int `query:"a"`}{}, expected: &struct{ A int }{A: 1}},
+		{name: "SingleIntField_EmptyValue", query: map[string][]string{"a": {""}}, obj: &struct{A int `query:"a"`}{}, expected: &struct{ A int }{A: 0}},
+		{name: "SingleIntField_MissingField", query: map[string][]string{}, obj: &struct{A int `query:"a"`}{}, expected: &struct{ A int }{A: 0}},
+		{name: "SinglePointerIntField_NonEmptyValue", query: map[string][]string{"a": {"1"}}, obj: &struct{A *int `query:"a"`}{}, expected: &struct{ A *int }{A: &one}},
+		{name: "SinglePointerIntField_EmptyValue", query: map[string][]string{"a": {""}}, obj: &struct{A *int `query:"a"`}{}, expected: &struct{ A *int }{A: &zero}},
+		{name: "SinglePointerIntField_MissingField", query: map[string][]string{}, obj: &struct{A *int `query:"a"`}{}, expected: &struct{ A *int }{A: nil}},
 	}
 
 	for _, testCase := range testCases {

pkg/http/handler/option.go

@@ -2,15 +2,14 @@ package handler
 
 import (
 	"github.com/SigNoz/signoz/pkg/types/audittypes"
-	"github.com/SigNoz/signoz/pkg/types/coretypes"
 )
 
 // Option configures optional behaviour on a handler created by New.
 type Option func(*handler)
 
 type AuditDef struct {
-	ResourceKind    coretypes.Kind            //  Typeable.Kind() value, e.g. "dashboard", "user".
-	Action          coretypes.Verb            // create, update, delete, etc.
+	ResourceKind    string                    // AuthZ Typeable.Kind() value, e.g. "dashboard", "user".
+	Action          audittypes.Action         // create, update, delete, login, etc.
 	Category        audittypes.ActionCategory // access_control, configuration_change, etc.
 	ResourceIDParam string                    // Gorilla mux path param name for the resource ID.
 }

pkg/http/middleware/authz.go

@@ -9,7 +9,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/http/render"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/coretypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/gorilla/mux"
 )
@@ -41,18 +40,18 @@ func (middleware *AuthZ) ViewAccess(next http.HandlerFunc) http.HandlerFunc {
 			return
 		}
 
-		selectors := []coretypes.Selector{
-			coretypes.TypeRole.MustSelector(authtypes.SigNozAdminRoleName),
-			coretypes.TypeRole.MustSelector(authtypes.SigNozEditorRoleName),
-			coretypes.TypeRole.MustSelector(authtypes.SigNozViewerRoleName),
+		selectors := []authtypes.Selector{
+			authtypes.MustNewSelector(authtypes.TypeRole, authtypes.SigNozAdminRoleName),
+			authtypes.MustNewSelector(authtypes.TypeRole, authtypes.SigNozEditorRoleName),
+			authtypes.MustNewSelector(authtypes.TypeRole, authtypes.SigNozViewerRoleName),
 		}
 
 		err = middleware.authzService.CheckWithTupleCreation(
 			ctx,
 			claims,
 			valuer.MustNewUUID(claims.OrgID),
-			authtypes.Relation{Verb: coretypes.VerbAssignee},
-			coretypes.NewResourceRole(),
+			authtypes.RelationAssignee,
+			authtypes.TypeableRole,
 			selectors,
 			selectors,
 		)
@@ -80,17 +79,17 @@ func (middleware *AuthZ) EditAccess(next http.HandlerFunc) http.HandlerFunc {
 			return
 		}
 
-		selectors := []coretypes.Selector{
-			coretypes.TypeRole.MustSelector(authtypes.SigNozAdminRoleName),
-			coretypes.TypeRole.MustSelector(authtypes.SigNozEditorRoleName),
+		selectors := []authtypes.Selector{
+			authtypes.MustNewSelector(authtypes.TypeRole, authtypes.SigNozAdminRoleName),
+			authtypes.MustNewSelector(authtypes.TypeRole, authtypes.SigNozEditorRoleName),
 		}
 
 		err = middleware.authzService.CheckWithTupleCreation(
 			ctx,
 			claims,
 			valuer.MustNewUUID(claims.OrgID),
-			authtypes.Relation{Verb: coretypes.VerbAssignee},
-			coretypes.NewResourceRole(),
+			authtypes.RelationAssignee,
+			authtypes.TypeableRole,
 			selectors,
 			selectors,
 		)
@@ -118,16 +117,16 @@ func (middleware *AuthZ) AdminAccess(next http.HandlerFunc) http.HandlerFunc {
 			return
 		}
 
-		selectors := []coretypes.Selector{
-			coretypes.TypeRole.MustSelector(authtypes.SigNozAdminRoleName),
+		selectors := []authtypes.Selector{
+			authtypes.MustNewSelector(authtypes.TypeRole, authtypes.SigNozAdminRoleName),
 		}
 
 		err = middleware.authzService.CheckWithTupleCreation(
 			ctx,
 			claims,
 			valuer.MustNewUUID(claims.OrgID),
-			authtypes.Relation{Verb: coretypes.VerbAssignee},
-			coretypes.NewResourceRole(),
+			authtypes.RelationAssignee,
+			authtypes.TypeableRole,
 			selectors,
 			selectors,
 		)
@@ -154,16 +153,16 @@ func (middleware *AuthZ) SelfAccess(next http.HandlerFunc) http.HandlerFunc {
 			return
 		}
 
-		selectors := []coretypes.Selector{
-			coretypes.TypeRole.MustSelector(authtypes.SigNozAdminRoleName),
+		selectors := []authtypes.Selector{
+			authtypes.MustNewSelector(authtypes.TypeRole, authtypes.SigNozAdminRoleName),
 		}
 
 		err = middleware.authzService.CheckWithTupleCreation(
 			req.Context(),
 			claims,
 			valuer.MustNewUUID(claims.OrgID),
-			authtypes.Relation{Verb: coretypes.VerbAssignee},
-			coretypes.NewResourceRole(),
+			authtypes.RelationAssignee,
+			authtypes.TypeableRole,
 			selectors,
 			selectors,
 		)
@@ -186,7 +185,7 @@ func (middleware *AuthZ) OpenAccess(next http.HandlerFunc) http.HandlerFunc {
 	})
 }
 
-func (middleware *AuthZ) Check(next http.HandlerFunc, relation authtypes.Relation, typeable coretypes.Resource, cb authtypes.SelectorCallbackWithClaimsFn, roles []string) http.HandlerFunc {
+func (middleware *AuthZ) Check(next http.HandlerFunc, relation authtypes.Relation, typeable authtypes.Typeable, cb authtypes.SelectorCallbackWithClaimsFn, roles []string) http.HandlerFunc {
 	return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
 		ctx := req.Context()
 		claims, err := authtypes.ClaimsFromContext(ctx)
@@ -201,9 +200,9 @@ func (middleware *AuthZ) Check(next http.HandlerFunc, relation authtypes.Relatio
 			return
 		}
 
-		roleSelectors := []coretypes.Selector{}
+		roleSelectors := []authtypes.Selector{}
 		for _, role := range roles {
-			roleSelectors = append(roleSelectors, coretypes.TypeRole.MustSelector(role))
+			roleSelectors = append(roleSelectors, authtypes.MustNewSelector(authtypes.TypeRole, role))
 		}
 
 		err = middleware.authzService.CheckWithTupleCreation(ctx, claims, valuer.MustNewUUID(claims.OrgID), relation, typeable, selectors, roleSelectors)
@@ -216,77 +215,7 @@ func (middleware *AuthZ) Check(next http.HandlerFunc, relation authtypes.Relatio
 	})
 }
 
-// AuthZCheckDef groups the parameters for a single permission check.
-type AuthZCheckDef struct {
-	Relation         authtypes.Relation
-	Resource         coretypes.Resource
-	SelectorCallback authtypes.SelectorCallbackWithClaimsFn
-	Roles            []string
-}
-
-// AuthZCheckGroup is a set of checks OR'd together.
-// At least one check in the group must pass for the group to pass.
-type AuthZCheckGroup []AuthZCheckDef
-
-// CheckAll verifies groups of permission checks.
-// Within each group, checks are OR'd (any check passing = group passes).
-// Across groups, results are AND'd (all groups must pass).
-//
-// This model expresses any combination:
-//   - Single check:          []AuthZCheckGroup{{checkA}}
-//   - Pure AND:              []AuthZCheckGroup{{checkA}, {checkB}}
-//   - Cross-resource OR:     []AuthZCheckGroup{{checkA, checkB}}
-//   - Mixed (A OR B) AND C:  []AuthZCheckGroup{{checkA, checkB}, {checkC}}
-func (middleware *AuthZ) CheckAll(next http.HandlerFunc, groups []AuthZCheckGroup) http.HandlerFunc {
-	return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
-		ctx := req.Context()
-		claims, err := authtypes.ClaimsFromContext(ctx)
-		if err != nil {
-			render.Error(rw, err)
-			return
-		}
-
-		orgID := valuer.MustNewUUID(claims.OrgID)
-
-		for _, group := range groups {
-			groupPassed := false
-			var lastErr error
-
-			for _, check := range group {
-				selectors, err := check.SelectorCallback(req, claims)
-				if err != nil {
-					render.Error(rw, err)
-					return
-				}
-
-				roleSelectors := make([]coretypes.Selector, len(check.Roles))
-				for i, role := range check.Roles {
-					roleSelectors[i] = coretypes.TypeRole.MustSelector(role)
-				}
-
-				err = middleware.authzService.CheckWithTupleCreation(
-					ctx, claims, orgID,
-					check.Relation, check.Resource,
-					selectors, roleSelectors,
-				)
-				if err == nil {
-					groupPassed = true
-					break
-				}
-				lastErr = err
-			}
-
-			if !groupPassed {
-				render.Error(rw, lastErr)
-				return
-			}
-		}
-
-		next(rw, req)
-	})
-}
-
-func (middleware *AuthZ) CheckWithoutClaims(next http.HandlerFunc, relation authtypes.Relation, typeable coretypes.Resource, cb authtypes.SelectorCallbackWithoutClaimsFn, roles []string) http.HandlerFunc {
+func (middleware *AuthZ) CheckWithoutClaims(next http.HandlerFunc, relation authtypes.Relation, typeable authtypes.Typeable, cb authtypes.SelectorCallbackWithoutClaimsFn, roles []string) http.HandlerFunc {
 	return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
 		ctx := req.Context()
 		orgs, err := middleware.orgGetter.ListByOwnedKeyRange(ctx)
@@ -301,9 +230,9 @@ func (middleware *AuthZ) CheckWithoutClaims(next http.HandlerFunc, relation auth
 			return
 		}
 
-		roleSelectors := []coretypes.Selector{}
+		roleSelectors := []authtypes.Selector{}
 		for _, role := range roles {
-			roleSelectors = append(roleSelectors, coretypes.TypeRole.MustSelector(role))
+			roleSelectors = append(roleSelectors, authtypes.MustNewSelector(authtypes.TypeRole, role))
 		}
 
 		err = middleware.authzService.CheckWithTupleCreationWithoutClaims(ctx, orgId, relation, typeable, selectors, roleSelectors)

pkg/modules/dashboard/dashboard.go

@@ -4,9 +4,10 @@ import (
 	"context"
 	"net/http"
 
+	"github.com/SigNoz/signoz/pkg/authz"
 	"github.com/SigNoz/signoz/pkg/statsreporter"
 	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/coretypes"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
 	"github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
 	"github.com/SigNoz/signoz/pkg/valuer"
@@ -26,7 +27,7 @@ type Module interface {
 	GetPublicWidgetQueryRange(context.Context, valuer.UUID, uint64, uint64, uint64) (*querybuildertypesv5.QueryRangeResponse, error)
 
 	// gets the selectors and org for the given public dashboard
-	GetPublicDashboardSelectorsAndOrg(context.Context, valuer.UUID, []*types.Organization) ([]coretypes.Selector, valuer.UUID, error)
+	GetPublicDashboardSelectorsAndOrg(context.Context, valuer.UUID, []*types.Organization) ([]authtypes.Selector, valuer.UUID, error)
 
 	// updates the public sharing config for a dashboard
 	UpdatePublic(context.Context, valuer.UUID, *dashboardtypes.PublicDashboard) error
@@ -49,6 +50,26 @@ type Module interface {
 	GetByMetricNames(ctx context.Context, orgID valuer.UUID, metricNames []string) (map[string][]map[string]string, error)
 
 	statsreporter.StatsCollector
+
+	authz.RegisterTypeable
+
+	// ════════════════════════════════════════════════════════════════════════
+	// v2 dashboard methods
+	// ════════════════════════════════════════════════════════════════════════
+
+	CreateV2(ctx context.Context, orgID valuer.UUID, createdBy string, creator valuer.UUID, postable dashboardtypes.PostableDashboardV2) (*dashboardtypes.DashboardV2, error)
+
+	GetV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*dashboardtypes.DashboardV2, error)
+
+	UpdateV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, updateable dashboardtypes.UpdateableDashboardV2) (*dashboardtypes.DashboardV2, error)
+
+	PatchV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, patch dashboardtypes.PatchableDashboardV2) (*dashboardtypes.DashboardV2, error)
+
+	LockUnlockV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, isAdmin bool, lock bool) error
+
+	CreatePublicV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, postable dashboardtypes.PostablePublicDashboard) (*dashboardtypes.DashboardV2, error)
+
+	UpdatePublicV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatable dashboardtypes.UpdatablePublicDashboard) (*dashboardtypes.DashboardV2, error)
 }
 
 type Handler interface {
@@ -71,4 +92,23 @@ type Handler interface {
 	LockUnlock(http.ResponseWriter, *http.Request)
 
 	Delete(http.ResponseWriter, *http.Request)
+
+	// ════════════════════════════════════════════════════════════════════════
+	// v2 dashboard methods
+	// ════════════════════════════════════════════════════════════════════════
+	CreateV2(http.ResponseWriter, *http.Request)
+
+	GetV2(http.ResponseWriter, *http.Request)
+
+	UpdateV2(http.ResponseWriter, *http.Request)
+
+	PatchV2(http.ResponseWriter, *http.Request)
+
+	LockV2(http.ResponseWriter, *http.Request)
+
+	UnlockV2(http.ResponseWriter, *http.Request)
+
+	CreatePublicV2(http.ResponseWriter, *http.Request)
+
+	UpdatePublicV2(http.ResponseWriter, *http.Request)
 }