diff --git a/crates/analytics/src/opensearch.rs b/crates/analytics/src/opensearch.rs
index f0530b02be0f..2c75df7cff8c 100644
--- a/crates/analytics/src/opensearch.rs
+++ b/crates/analytics/src/opensearch.rs
@@ -79,6 +79,8 @@ pub enum OpenSearchError {
     DeserialisationError,
     #[error("Opensearch index access not present error: {0:?}")]
     IndexAccessNotPermittedError(SearchIndex),
+    #[error("Opensearch unknown error")]
+    UnknownError,
 }
 
 impl ErrorSwitch<OpenSearchError> for QueryBuildingError {
@@ -128,6 +130,12 @@ impl ErrorSwitch<ApiErrorResponse> for OpenSearchError {
                     None,
                 ))
             }
+            Self::UnknownError => ApiErrorResponse::InternalServerError(ApiError::new(
+                "IR",
+                4,
+                "Unknown error",
+                None,
+            )),
         }
     }
 }
diff --git a/crates/router/src/analytics.rs b/crates/router/src/analytics.rs
index 61c518ed663d..578e2b2e9f6f 100644
--- a/crates/router/src/analytics.rs
+++ b/crates/router/src/analytics.rs
@@ -20,13 +20,13 @@ pub mod routes {
     use error_stack::ResultExt;
 
     use crate::{
-        core::api_locking,
+        core::{api_locking, errors::user::UserErrors},
         db::user::UserInterface,
         routes::AppState,
         services::{
             api,
-            authentication::{self as auth, AuthenticationData, UserWithPermissions},
-            authorization::permissions::Permission,
+            authentication::{self as auth, AuthenticationData, UserFromToken},
+            authorization::{permissions::Permission, roles::RoleInfo},
             ApplicationResponse,
         },
         types::domain::UserEmail,
@@ -653,7 +653,13 @@ pub mod routes {
             state.clone(),
             &req,
             json_payload.into_inner(),
-            |state, auth: UserWithPermissions, req, _| async move {
+            |state, auth: UserFromToken, req, _| async move {
+                let role_id = auth.role_id;
+                let role_info = RoleInfo::from_role_id(&state, &role_id, &auth.merchant_id, &auth.org_id)
+                .await
+                    .change_context(UserErrors::InternalServerError)
+                    .change_context(OpenSearchError::UnknownError)?;
+                let permissions = role_info.get_permissions_set();
                 let accessible_indexes: Vec<_> = vec![
                     (
                         SearchIndex::PaymentAttempts,
@@ -673,7 +679,7 @@ pub mod routes {
                     ),
                 ]
                 .into_iter()
-                .filter(|(_, perm)| perm.iter().any(|p| auth.permissions.contains(p)))
+                .filter(|(_, perm)| perm.iter().any(|p| permissions.contains(p)))
                 .map(|i| i.0)
                 .collect();
 
@@ -709,7 +715,13 @@ pub mod routes {
             state.clone(),
             &req,
             indexed_req,
-            |state, auth: UserWithPermissions, req, _| async move {
+            |state, auth: UserFromToken, req, _| async move {
+                let role_id = auth.role_id;
+                let role_info = RoleInfo::from_role_id(&state, &role_id, &auth.merchant_id, &auth.org_id)
+                    .await
+                    .change_context(UserErrors::InternalServerError)
+                    .change_context(OpenSearchError::UnknownError)?;
+                let permissions = role_info.get_permissions_set();
                 let _ = vec![
                     (
                         SearchIndex::PaymentAttempts,
@@ -730,7 +742,7 @@ pub mod routes {
                 ]
                 .into_iter()
                 .filter(|(ind, _)| *ind == index)
-                .find(|i| i.1.iter().any(|p| auth.permissions.contains(p)))
+                .find(|i| i.1.iter().any(|p| permissions.contains(p)))
                 .ok_or(OpenSearchError::IndexAccessNotPermittedError(index))?;
                 analytics::search::search_results(&state.opensearch_client, req, &auth.merchant_id)
                     .await
diff --git a/crates/router/src/services/authentication.rs b/crates/router/src/services/authentication.rs
index ec62ea856963..e2224da29ea1 100644
--- a/crates/router/src/services/authentication.rs
+++ b/crates/router/src/services/authentication.rs
@@ -195,15 +195,6 @@ pub struct UserFromToken {
     pub org_id: String,
 }
 
-#[derive(Clone)]
-pub struct UserWithPermissions {
-    pub user_id: String,
-    pub merchant_id: String,
-    pub role_id: String,
-    pub org_id: String,
-    pub permissions: Vec<Permission>,
-}
-
 pub struct UserIdFromAuth {
     pub user_id: String,
 }
@@ -637,41 +628,6 @@ where
     }
 }
 
-#[cfg(feature = "olap")]
-#[async_trait]
-impl<A> AuthenticateAndFetch<UserWithPermissions, A> for JWTAuth
-where
-    A: SessionStateInfo + Sync,
-{
-    async fn authenticate_and_fetch(
-        &self,
-        request_headers: &HeaderMap,
-        state: &A,
-    ) -> RouterResult<(UserWithPermissions, AuthenticationType)> {
-        let payload = parse_jwt_payload::<A, AuthToken>(request_headers, state).await?;
-        if payload.check_in_blacklist(state).await? {
-            return Err(errors::ApiErrorResponse::InvalidJwtToken.into());
-        }
-
-        let permissions = authorization::get_permissions(state, &payload).await?;
-        authorization::check_authorization(&self.0, &permissions)?;
-
-        Ok((
-            UserWithPermissions {
-                user_id: payload.user_id.clone(),
-                merchant_id: payload.merchant_id.clone(),
-                org_id: payload.org_id,
-                role_id: payload.role_id,
-                permissions,
-            },
-            AuthenticationType::MerchantJwt {
-                merchant_id: payload.merchant_id,
-                user_id: Some(payload.user_id),
-            },
-        ))
-    }
-}
-
 pub struct JWTAuthMerchantFromRoute {
     pub merchant_id: String,
     pub required_permission: Permission,