diff --git a/crates/api_models/src/user_role.rs b/crates/api_models/src/user_role.rs
index 78df1d6823..215227b91a 100644
--- a/crates/api_models/src/user_role.rs
+++ b/crates/api_models/src/user_role.rs
@@ -29,7 +29,6 @@ pub enum Permission {
     MerchantAccountWrite,
     MerchantConnectorAccountRead,
     MerchantConnectorAccountWrite,
-    ForexRead,
     RoutingRead,
     RoutingWrite,
     DisputeRead,
@@ -38,8 +37,6 @@ pub enum Permission {
     MandateWrite,
     CustomerRead,
     CustomerWrite,
-    FileRead,
-    FileWrite,
     Analytics,
     ThreeDsDecisionManagerWrite,
     ThreeDsDecisionManagerRead,
@@ -55,14 +52,12 @@ pub enum PermissionModule {
     Payments,
     Refunds,
     MerchantAccount,
-    Forex,
     Connectors,
     Routing,
     Analytics,
     Mandates,
     Customer,
     Disputes,
-    Files,
     ThreeDsDecisionManager,
     SurchargeDecisionManager,
     AccountCreate,
diff --git a/crates/common_enums/src/enums.rs b/crates/common_enums/src/enums.rs
index 82569579cf..b8168fc532 100644
--- a/crates/common_enums/src/enums.rs
+++ b/crates/common_enums/src/enums.rs
@@ -2167,3 +2167,51 @@ pub enum ConnectorStatus {
     Inactive,
     Active,
 }
+
+#[derive(
+    Clone,
+    Copy,
+    Debug,
+    Eq,
+    PartialEq,
+    serde::Deserialize,
+    serde::Serialize,
+    strum::Display,
+    strum::EnumString,
+)]
+#[router_derive::diesel_enum(storage_type = "db_enum")]
+#[serde(rename_all = "snake_case")]
+#[strum(serialize_all = "snake_case")]
+pub enum RoleScope {
+    Merchant,
+    Organization,
+}
+
+#[derive(
+    Clone,
+    Copy,
+    Debug,
+    Eq,
+    PartialEq,
+    serde::Serialize,
+    serde::Deserialize,
+    strum::Display,
+    strum::EnumString,
+)]
+#[router_derive::diesel_enum(storage_type = "text")]
+#[serde(rename_all = "snake_case")]
+#[strum(serialize_all = "snake_case")]
+pub enum PermissionGroup {
+    OperationsView,
+    OperationsManage,
+    ConnectorsView,
+    ConnectorsManage,
+    WorkflowsView,
+    WorkflowsManage,
+    AnalyticsView,
+    UsersView,
+    UsersManage,
+    MerchantDetailsView,
+    MerchantDetailsManage,
+    OrganizationManage,
+}
diff --git a/crates/diesel_models/src/enums.rs b/crates/diesel_models/src/enums.rs
index 4ca5b4c986..3ee7e81187 100644
--- a/crates/diesel_models/src/enums.rs
+++ b/crates/diesel_models/src/enums.rs
@@ -501,53 +501,3 @@ pub enum DashboardMetadata {
     IsMultipleConfiguration,
     IsChangePasswordRequired,
 }
-
-#[derive(
-    Clone,
-    Copy,
-    Debug,
-    Eq,
-    PartialEq,
-    serde::Deserialize,
-    serde::Serialize,
-    strum::Display,
-    strum::EnumString,
-    frunk::LabelledGeneric,
-)]
-#[diesel_enum(storage_type = "db_enum")]
-#[serde(rename_all = "snake_case")]
-#[strum(serialize_all = "snake_case")]
-pub enum RoleScope {
-    Merchant,
-    Organization,
-}
-
-#[derive(
-    Clone,
-    Copy,
-    Debug,
-    Eq,
-    PartialEq,
-    serde::Serialize,
-    serde::Deserialize,
-    strum::Display,
-    strum::EnumString,
-    frunk::LabelledGeneric,
-)]
-#[diesel_enum(storage_type = "text")]
-#[serde(rename_all = "snake_case")]
-#[strum(serialize_all = "snake_case")]
-pub enum PermissionGroup {
-    OperationsView,
-    OperationsManage,
-    ConnectorsView,
-    ConnectorsManage,
-    WorkflowsView,
-    WorkflowsManage,
-    AnalyticsView,
-    UsersView,
-    UsersManage,
-    MerchantDetailsView,
-    MerchantDetailsManage,
-    OrganizationManage,
-}
diff --git a/crates/diesel_models/src/query/role.rs b/crates/diesel_models/src/query/role.rs
index b8704aebbd..a54576cc91 100644
--- a/crates/diesel_models/src/query/role.rs
+++ b/crates/diesel_models/src/query/role.rs
@@ -21,6 +21,23 @@ impl Role {
         .await
     }
 
+    pub async fn find_by_role_id_in_merchant_scope(
+        conn: &PgPooledConn,
+        role_id: &str,
+        merchant_id: &str,
+        org_id: &str,
+    ) -> StorageResult<Self> {
+        generics::generic_find_one::<<Self as HasTable>::Table, _, _>(
+            conn,
+            dsl::role_id.eq(role_id.to_owned()).and(
+                dsl::merchant_id.eq(merchant_id.to_owned()).or(dsl::org_id
+                    .eq(org_id.to_owned())
+                    .and(dsl::scope.eq(RoleScope::Organization))),
+            ),
+        )
+        .await
+    }
+
     pub async fn update_by_role_id(
         conn: &PgPooledConn,
         role_id: &str,
diff --git a/crates/router/src/core/user.rs b/crates/router/src/core/user.rs
index 54fbecc64f..e7639af391 100644
--- a/crates/router/src/core/user.rs
+++ b/crates/router/src/core/user.rs
@@ -617,9 +617,9 @@ async fn handle_invitation(
     user_from_token: &auth::UserFromToken,
     request: &user_api::InviteUserRequest,
 ) -> UserResult<InviteMultipleUserResponse> {
-    let inviter_user = user_from_token.get_user(state).await?;
+    let inviter_user = user_from_token.get_user_from_db(state).await?;
 
-    if inviter_user.email == request.email {
+    if inviter_user.get_email() == request.email {
         return Err(UserErrors::InvalidRoleOperationWithMessage(
             "User Inviting themselves".to_string(),
         )
@@ -926,7 +926,7 @@ pub async fn switch_merchant_id(
         .filter(|role| role.status == UserStatus::Active)
         .collect::<Vec<_>>();
 
-    let user = user_from_token.get_user(&state).await?.into();
+    let user = user_from_token.get_user_from_db(&state).await?;
 
     let (token, role_id) = if utils::user_role::is_internal_role(&user_from_token.role_id) {
         let key_store = state
@@ -995,7 +995,7 @@ pub async fn create_merchant_account(
     user_from_token: auth::UserFromToken,
     req: user_api::UserMerchantCreate,
 ) -> UserResponse<()> {
-    let user_from_db: domain::UserFromStorage = user_from_token.get_user(&state).await?.into();
+    let user_from_db = user_from_token.get_user_from_db(&state).await?;
 
     let new_user = domain::NewUser::try_from((user_from_db, req, user_from_token))?;
     let new_merchant = new_user.get_new_merchant();
diff --git a/crates/router/src/core/user/dashboard_metadata.rs b/crates/router/src/core/user/dashboard_metadata.rs
index 7318f9973f..3f6180158a 100644
--- a/crates/router/src/core/user/dashboard_metadata.rs
+++ b/crates/router/src/core/user/dashboard_metadata.rs
@@ -459,8 +459,8 @@ async fn insert_metadata(
 
             #[cfg(feature = "email")]
             {
-                let user_data = user.get_user(state).await?;
-                let user_email = domain::UserEmail::from_pii_email(user_data.email.clone())
+                let user_data = user.get_user_from_db(state).await?;
+                let user_email = domain::UserEmail::from_pii_email(user_data.get_email())
                     .change_context(UserErrors::InternalServerError)?
                     .get_secret()
                     .expose();
diff --git a/crates/router/src/core/user_role.rs b/crates/router/src/core/user_role.rs
index 14be9bb699..16047bc3eb 100644
--- a/crates/router/src/core/user_role.rs
+++ b/crates/router/src/core/user_role.rs
@@ -172,7 +172,7 @@ pub async fn transfer_org_ownership(
     auth::blacklist::insert_user_in_blacklist(&state, user_to_be_updated.get_user_id()).await?;
     auth::blacklist::insert_user_in_blacklist(&state, &user_from_token.user_id).await?;
 
-    let user_from_db = domain::UserFromStorage::from(user_from_token.get_user(&state).await?);
+    let user_from_db = user_from_token.get_user_from_db(&state).await?;
     let user_role = user_from_db
         .get_role_from_db_by_merchant_id(&state, &user_from_token.merchant_id)
         .await
diff --git a/crates/router/src/db/kafka_store.rs b/crates/router/src/db/kafka_store.rs
index 0897deb87e..213417b131 100644
--- a/crates/router/src/db/kafka_store.rs
+++ b/crates/router/src/db/kafka_store.rs
@@ -2274,6 +2274,17 @@ impl RoleInterface for KafkaStore {
         self.diesel_store.find_role_by_role_id(role_id).await
     }
 
+    async fn find_role_by_role_id_in_merchant_scope(
+        &self,
+        role_id: &str,
+        merchant_id: &str,
+        org_id: &str,
+    ) -> CustomResult<storage::Role, errors::StorageError> {
+        self.diesel_store
+            .find_role_by_role_id_in_merchant_scope(role_id, merchant_id, org_id)
+            .await
+    }
+
     async fn update_role_by_role_id(
         &self,
         role_id: &str,
diff --git a/crates/router/src/db/role.rs b/crates/router/src/db/role.rs
index da2abf15ff..90e1e97e37 100644
--- a/crates/router/src/db/role.rs
+++ b/crates/router/src/db/role.rs
@@ -1,3 +1,4 @@
+use common_enums::enums;
 use diesel_models::role as storage;
 use error_stack::{IntoReport, ResultExt};
 
@@ -20,6 +21,13 @@ pub trait RoleInterface {
         role_id: &str,
     ) -> CustomResult<storage::Role, errors::StorageError>;
 
+    async fn find_role_by_role_id_in_merchant_scope(
+        &self,
+        role_id: &str,
+        merchant_id: &str,
+        org_id: &str,
+    ) -> CustomResult<storage::Role, errors::StorageError>;
+
     async fn update_role_by_role_id(
         &self,
         role_id: &str,
@@ -59,6 +67,19 @@ impl RoleInterface for Store {
             .into_report()
     }
 
+    async fn find_role_by_role_id_in_merchant_scope(
+        &self,
+        role_id: &str,
+        merchant_id: &str,
+        org_id: &str,
+    ) -> CustomResult<storage::Role, errors::StorageError> {
+        let conn = connection::pg_connection_write(self).await?;
+        storage::Role::find_by_role_id_in_merchant_scope(&conn, role_id, merchant_id, org_id)
+            .await
+            .map_err(Into::into)
+            .into_report()
+    }
+
     async fn update_role_by_role_id(
         &self,
         role_id: &str,
@@ -149,6 +170,30 @@ impl RoleInterface for MockDb {
             )
     }
 
+    async fn find_role_by_role_id_in_merchant_scope(
+        &self,
+        role_id: &str,
+        merchant_id: &str,
+        org_id: &str,
+    ) -> CustomResult<storage::Role, errors::StorageError> {
+        let roles = self.roles.lock().await;
+        roles
+            .iter()
+            .find(|role| {
+                role.role_id == role_id
+                    && (role.merchant_id == merchant_id
+                        || (role.org_id == org_id && role.scope == enums::RoleScope::Organization))
+            })
+            .cloned()
+            .ok_or(
+                errors::StorageError::ValueNotFound(format!(
+                    "No role available in merchant scope for role_id = {role_id}, \
+                    merchant_id = {merchant_id} and org_id = {org_id}"
+                ))
+                .into(),
+            )
+    }
+
     async fn update_role_by_role_id(
         &self,
         role_id: &str,
diff --git a/crates/router/src/routes/currency.rs b/crates/router/src/routes/currency.rs
index 1e18585171..74a559e88e 100644
--- a/crates/router/src/routes/currency.rs
+++ b/crates/router/src/routes/currency.rs
@@ -4,7 +4,7 @@ use router_env::Flow;
 use crate::{
     core::{api_locking, currency},
     routes::AppState,
-    services::{api, authentication as auth, authorization::permissions::Permission},
+    services::{api, authentication as auth},
 };
 
 pub async fn retrieve_forex(state: web::Data<AppState>, req: HttpRequest) -> HttpResponse {
@@ -17,7 +17,7 @@ pub async fn retrieve_forex(state: web::Data<AppState>, req: HttpRequest) -> Htt
         |state, _auth: auth::AuthenticationData, _| currency::retrieve_forex(state),
         auth::auth_type(
             &auth::ApiKeyAuth,
-            &auth::JWTAuth(Permission::ForexRead),
+            &auth::DashboardNoPermissionAuth,
             req.headers(),
         ),
         api_locking::LockAction::NotApplicable,
@@ -49,7 +49,7 @@ pub async fn convert_forex(
         },
         auth::auth_type(
             &auth::ApiKeyAuth,
-            &auth::JWTAuth(Permission::ForexRead),
+            &auth::DashboardNoPermissionAuth,
             req.headers(),
         ),
         api_locking::LockAction::NotApplicable,
diff --git a/crates/router/src/routes/files.rs b/crates/router/src/routes/files.rs
index 95f4007cb9..63dfb38c61 100644
--- a/crates/router/src/routes/files.rs
+++ b/crates/router/src/routes/files.rs
@@ -2,7 +2,7 @@ use actix_multipart::Multipart;
 use actix_web::{web, HttpRequest, HttpResponse};
 use router_env::{instrument, tracing, Flow};
 
-use crate::{core::api_locking, services::authorization::permissions::Permission};
+use crate::core::api_locking;
 pub mod transformers;
 
 use super::app::AppState;
@@ -47,7 +47,7 @@ pub async fn files_create(
         |state, auth, req| files_create_core(state, auth.merchant_account, auth.key_store, req),
         auth::auth_type(
             &auth::ApiKeyAuth,
-            &auth::JWTAuth(Permission::FileWrite),
+            &auth::DashboardNoPermissionAuth,
             req.headers(),
         ),
         api_locking::LockAction::NotApplicable,
@@ -89,7 +89,7 @@ pub async fn files_delete(
         |state, auth, req| files_delete_core(state, auth.merchant_account, req),
         auth::auth_type(
             &auth::ApiKeyAuth,
-            &auth::JWTAuth(Permission::FileWrite),
+            &auth::DashboardNoPermissionAuth,
             req.headers(),
         ),
         api_locking::LockAction::NotApplicable,
@@ -131,7 +131,7 @@ pub async fn files_retrieve(
         |state, auth, req| files_retrieve_core(state, auth.merchant_account, auth.key_store, req),
         auth::auth_type(
             &auth::ApiKeyAuth,
-            &auth::JWTAuth(Permission::FileRead),
+            &auth::DashboardNoPermissionAuth,
             req.headers(),
         ),
         api_locking::LockAction::NotApplicable,
diff --git a/crates/router/src/services/authentication.rs b/crates/router/src/services/authentication.rs
index 990e078530..1004982d29 100644
--- a/crates/router/src/services/authentication.rs
+++ b/crates/router/src/services/authentication.rs
@@ -749,6 +749,48 @@ where
     }
 }
 
+#[async_trait]
+impl<A> AuthenticateAndFetch<AuthenticationData, A> for DashboardNoPermissionAuth
+where
+    A: AppStateInfo + Sync,
+{
+    async fn authenticate_and_fetch(
+        &self,
+        request_headers: &HeaderMap,
+        state: &A,
+    ) -> RouterResult<(AuthenticationData, AuthenticationType)> {
+        let payload = parse_jwt_payload::<A, AuthToken>(request_headers, state).await?;
+
+        let key_store = state
+            .store()
+            .get_merchant_key_store_by_merchant_id(
+                &payload.merchant_id,
+                &state.store().get_master_key().to_vec().into(),
+            )
+            .await
+            .change_context(errors::ApiErrorResponse::Unauthorized)
+            .attach_printable("Failed to fetch merchant key store for the merchant id")?;
+
+        let merchant = state
+            .store()
+            .find_merchant_account_by_merchant_id(&payload.merchant_id, &key_store)
+            .await
+            .to_not_found_response(errors::ApiErrorResponse::Unauthorized)?;
+
+        let auth = AuthenticationData {
+            merchant_account: merchant,
+            key_store,
+        };
+        Ok((
+            auth.clone(),
+            AuthenticationType::MerchantJwt {
+                merchant_id: auth.merchant_account.merchant_id.clone(),
+                user_id: Some(payload.user_id),
+            },
+        ))
+    }
+}
+
 pub trait ClientSecretFetch {
     fn get_client_secret(&self) -> Option<&String>;
 }
diff --git a/crates/router/src/services/authorization/info.rs b/crates/router/src/services/authorization/info.rs
index 450a5a738c..d982317e02 100644
--- a/crates/router/src/services/authorization/info.rs
+++ b/crates/router/src/services/authorization/info.rs
@@ -31,13 +31,11 @@ pub enum PermissionModule {
     Refunds,
     MerchantAccount,
     Connectors,
-    Forex,
     Routing,
     Analytics,
     Mandates,
     Customer,
     Disputes,
-    Files,
     ThreeDsDecisionManager,
     SurchargeDecisionManager,
     AccountCreate,
@@ -51,12 +49,10 @@ impl PermissionModule {
             Self::MerchantAccount => "Accounts module permissions allow the user to view and update account details, configure webhooks and much more",
             Self::Connectors => "All connector related actions - like configuring new connectors, viewing and updating connector configuration lies with this module",
             Self::Routing => "All actions related to new, active, and past routing stacks take place here",
-            Self::Forex => "Forex module permissions allow the user to view and query the forex rates",
             Self::Analytics => "Permission to view and analyse the data relating to payments, refunds, sdk etc.",
             Self::Mandates => "Everything related to mandates - like creating and viewing mandate related information are within this module",
             Self::Customer => "Everything related to customers - like creating and viewing customer related information are within this module",
             Self::Disputes => "Everything related to disputes - like creating and viewing dispute related information are within this module",
-            Self::Files => "Permissions for uploading, deleting and viewing files for disputes",
             Self::ThreeDsDecisionManager => "View and configure 3DS decision rules configured for a merchant",
             Self::SurchargeDecisionManager =>"View and configure surcharge decision rules configured for a merchant",
             Self::AccountCreate => "Create new account within your organization"
@@ -108,11 +104,6 @@ impl ModuleInfo {
                     Permission::MerchantConnectorAccountWrite,
                 ]),
             },
-            PermissionModule::Forex => Self {
-                module: module_name,
-                description,
-                permissions: PermissionInfo::new(&[Permission::ForexRead]),
-            },
             PermissionModule::Routing => Self {
                 module: module_name,
                 description,
@@ -150,11 +141,6 @@ impl ModuleInfo {
                     Permission::DisputeWrite,
                 ]),
             },
-            PermissionModule::Files => Self {
-                module: module_name,
-                description,
-                permissions: PermissionInfo::new(&[Permission::FileRead, Permission::FileWrite]),
-            },
             PermissionModule::ThreeDsDecisionManager => Self {
                 module: module_name,
                 description,
diff --git a/crates/router/src/services/authorization/permissions.rs b/crates/router/src/services/authorization/permissions.rs
index 5c5e3ecce3..3e022e8f66 100644
--- a/crates/router/src/services/authorization/permissions.rs
+++ b/crates/router/src/services/authorization/permissions.rs
@@ -12,7 +12,6 @@ pub enum Permission {
     MerchantAccountWrite,
     MerchantConnectorAccountRead,
     MerchantConnectorAccountWrite,
-    ForexRead,
     RoutingRead,
     RoutingWrite,
     DisputeRead,
@@ -21,8 +20,6 @@ pub enum Permission {
     MandateWrite,
     CustomerRead,
     CustomerWrite,
-    FileRead,
-    FileWrite,
     Analytics,
     ThreeDsDecisionManagerWrite,
     ThreeDsDecisionManagerRead,
@@ -50,7 +47,6 @@ impl Permission {
             Self::MerchantConnectorAccountWrite => {
                 "Create, update, verify and delete connector configurations"
             }
-            Self::ForexRead => "Query Forex data",
             Self::RoutingRead => "View routing configuration",
             Self::RoutingWrite => "Create and activate routing configurations",
             Self::DisputeRead => "View disputes",
@@ -59,8 +55,6 @@ impl Permission {
             Self::MandateWrite => "Create and update mandates",
             Self::CustomerRead => "View customers",
             Self::CustomerWrite => "Create, update and delete customers",
-            Self::FileRead => "View files",
-            Self::FileWrite => "Create, update and delete files",
             Self::Analytics => "Access to analytics module",
             Self::ThreeDsDecisionManagerWrite => "Create and update 3DS decision rules",
             Self::ThreeDsDecisionManagerRead => {
diff --git a/crates/router/src/services/authorization/predefined_permissions.rs b/crates/router/src/services/authorization/predefined_permissions.rs
index fd98d90c19..bd0f37e2a0 100644
--- a/crates/router/src/services/authorization/predefined_permissions.rs
+++ b/crates/router/src/services/authorization/predefined_permissions.rs
@@ -50,7 +50,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
                 Permission::MerchantConnectorAccountWrite,
                 Permission::RoutingRead,
                 Permission::RoutingWrite,
-                Permission::ForexRead,
                 Permission::ThreeDsDecisionManagerWrite,
                 Permission::ThreeDsDecisionManagerRead,
                 Permission::SurchargeDecisionManagerWrite,
@@ -61,8 +60,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
                 Permission::MandateWrite,
                 Permission::CustomerRead,
                 Permission::CustomerWrite,
-                Permission::FileRead,
-                Permission::FileWrite,
                 Permission::Analytics,
                 Permission::UsersRead,
                 Permission::UsersWrite,
@@ -84,14 +81,12 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
                 Permission::MerchantAccountRead,
                 Permission::MerchantConnectorAccountRead,
                 Permission::RoutingRead,
-                Permission::ForexRead,
                 Permission::ThreeDsDecisionManagerRead,
                 Permission::SurchargeDecisionManagerRead,
                 Permission::Analytics,
                 Permission::DisputeRead,
                 Permission::MandateRead,
                 Permission::CustomerRead,
-                Permission::FileRead,
                 Permission::UsersRead,
             ],
             name: None,
@@ -117,7 +112,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
                 Permission::MerchantConnectorAccountWrite,
                 Permission::RoutingRead,
                 Permission::RoutingWrite,
-                Permission::ForexRead,
                 Permission::ThreeDsDecisionManagerWrite,
                 Permission::ThreeDsDecisionManagerRead,
                 Permission::SurchargeDecisionManagerWrite,
@@ -128,8 +122,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
                 Permission::MandateWrite,
                 Permission::CustomerRead,
                 Permission::CustomerWrite,
-                Permission::FileRead,
-                Permission::FileWrite,
                 Permission::Analytics,
                 Permission::UsersRead,
                 Permission::UsersWrite,
@@ -156,7 +148,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
                 Permission::MerchantAccountRead,
                 Permission::MerchantAccountWrite,
                 Permission::MerchantConnectorAccountRead,
-                Permission::ForexRead,
                 Permission::MerchantConnectorAccountWrite,
                 Permission::RoutingRead,
                 Permission::RoutingWrite,
@@ -170,8 +161,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
                 Permission::MandateWrite,
                 Permission::CustomerRead,
                 Permission::CustomerWrite,
-                Permission::FileRead,
-                Permission::FileWrite,
                 Permission::Analytics,
                 Permission::UsersRead,
                 Permission::UsersWrite,
@@ -190,7 +179,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
                 Permission::RefundRead,
                 Permission::ApiKeyRead,
                 Permission::MerchantAccountRead,
-                Permission::ForexRead,
                 Permission::MerchantConnectorAccountRead,
                 Permission::RoutingRead,
                 Permission::ThreeDsDecisionManagerRead,
@@ -198,7 +186,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
                 Permission::DisputeRead,
                 Permission::MandateRead,
                 Permission::CustomerRead,
-                Permission::FileRead,
                 Permission::Analytics,
                 Permission::UsersRead,
             ],
@@ -216,7 +203,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
                 Permission::RefundRead,
                 Permission::ApiKeyRead,
                 Permission::MerchantAccountRead,
-                Permission::ForexRead,
                 Permission::MerchantConnectorAccountRead,
                 Permission::RoutingRead,
                 Permission::ThreeDsDecisionManagerRead,
@@ -224,7 +210,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
                 Permission::DisputeRead,
                 Permission::MandateRead,
                 Permission::CustomerRead,
-                Permission::FileRead,
                 Permission::Analytics,
                 Permission::UsersRead,
                 Permission::UsersWrite,
@@ -244,7 +229,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
                 Permission::ApiKeyRead,
                 Permission::ApiKeyWrite,
                 Permission::MerchantAccountRead,
-                Permission::ForexRead,
                 Permission::MerchantConnectorAccountRead,
                 Permission::RoutingRead,
                 Permission::ThreeDsDecisionManagerRead,
@@ -252,7 +236,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
                 Permission::DisputeRead,
                 Permission::MandateRead,
                 Permission::CustomerRead,
-                Permission::FileRead,
                 Permission::Analytics,
                 Permission::UsersRead,
             ],
@@ -272,7 +255,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
                 Permission::RefundWrite,
                 Permission::ApiKeyRead,
                 Permission::MerchantAccountRead,
-                Permission::ForexRead,
                 Permission::MerchantConnectorAccountRead,
                 Permission::MerchantConnectorAccountWrite,
                 Permission::RoutingRead,
@@ -284,7 +266,6 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
                 Permission::DisputeRead,
                 Permission::MandateRead,
                 Permission::CustomerRead,
-                Permission::FileRead,
                 Permission::Analytics,
                 Permission::UsersRead,
             ],
@@ -301,15 +282,12 @@ pub static PREDEFINED_PERMISSIONS: Lazy<HashMap<&'static str, RoleInfo>> = Lazy:
                 Permission::PaymentRead,
                 Permission::RefundRead,
                 Permission::RefundWrite,
-                Permission::ForexRead,
                 Permission::DisputeRead,
                 Permission::DisputeWrite,
                 Permission::MerchantAccountRead,
                 Permission::MerchantConnectorAccountRead,
                 Permission::MandateRead,
                 Permission::CustomerRead,
-                Permission::FileRead,
-                Permission::FileWrite,
                 Permission::Analytics,
             ],
             name: Some("Customer Support"),
diff --git a/crates/router/src/types/domain/user.rs b/crates/router/src/types/domain/user.rs
index 468fa8e4cd..ab32febf9b 100644
--- a/crates/router/src/types/domain/user.rs
+++ b/crates/router/src/types/domain/user.rs
@@ -802,14 +802,12 @@ impl From<info::PermissionModule> for user_role_api::PermissionModule {
             info::PermissionModule::Payments => Self::Payments,
             info::PermissionModule::Refunds => Self::Refunds,
             info::PermissionModule::MerchantAccount => Self::MerchantAccount,
-            info::PermissionModule::Forex => Self::Forex,
             info::PermissionModule::Connectors => Self::Connectors,
             info::PermissionModule::Routing => Self::Routing,
             info::PermissionModule::Analytics => Self::Analytics,
             info::PermissionModule::Mandates => Self::Mandates,
             info::PermissionModule::Customer => Self::Customer,
             info::PermissionModule::Disputes => Self::Disputes,
-            info::PermissionModule::Files => Self::Files,
             info::PermissionModule::ThreeDsDecisionManager => Self::ThreeDsDecisionManager,
             info::PermissionModule::SurchargeDecisionManager => Self::SurchargeDecisionManager,
             info::PermissionModule::AccountCreate => Self::AccountCreate,
diff --git a/crates/router/src/utils/user.rs b/crates/router/src/utils/user.rs
index 9c2d2c1fd3..86b298822a 100644
--- a/crates/router/src/utils/user.rs
+++ b/crates/router/src/utils/user.rs
@@ -48,13 +48,13 @@ impl UserFromToken {
         Ok(merchant_account)
     }
 
-    pub async fn get_user(&self, state: &AppState) -> UserResult<diesel_models::user::User> {
+    pub async fn get_user_from_db(&self, state: &AppState) -> UserResult<UserFromStorage> {
         let user = state
             .store
             .find_user_by_id(&self.user_id)
             .await
             .change_context(UserErrors::InternalServerError)?;
-        Ok(user)
+        Ok(user.into())
     }
 }
 
diff --git a/crates/router/src/utils/user_role.rs b/crates/router/src/utils/user_role.rs
index 9c7150c08d..b677e89269 100644
--- a/crates/router/src/utils/user_role.rs
+++ b/crates/router/src/utils/user_role.rs
@@ -38,7 +38,6 @@ impl From<Permission> for user_role_api::Permission {
             Permission::MerchantAccountWrite => Self::MerchantAccountWrite,
             Permission::MerchantConnectorAccountRead => Self::MerchantConnectorAccountRead,
             Permission::MerchantConnectorAccountWrite => Self::MerchantConnectorAccountWrite,
-            Permission::ForexRead => Self::ForexRead,
             Permission::RoutingRead => Self::RoutingRead,
             Permission::RoutingWrite => Self::RoutingWrite,
             Permission::DisputeRead => Self::DisputeRead,
@@ -47,8 +46,6 @@ impl From<Permission> for user_role_api::Permission {
             Permission::MandateWrite => Self::MandateWrite,
             Permission::CustomerRead => Self::CustomerRead,
             Permission::CustomerWrite => Self::CustomerWrite,
-            Permission::FileRead => Self::FileRead,
-            Permission::FileWrite => Self::FileWrite,
             Permission::Analytics => Self::Analytics,
             Permission::ThreeDsDecisionManagerWrite => Self::ThreeDsDecisionManagerWrite,
             Permission::ThreeDsDecisionManagerRead => Self::ThreeDsDecisionManagerRead,