ozontech · Gwynbleidd0241 · Apr 16, 2026 · Apr 16, 2026 · Apr 17, 2026 · Apr 17, 2026
diff --git a/api/admin/v1/admin.proto b/api/admin/v1/admin.proto
@@ -0,0 +1,77 @@
+syntax = "proto3";
+
+package admin.v1;
+
+option go_package = "github.com/ozontech/seq-ui/pkg/admin/v1;admin";
+
+service AdminService {
+  rpc CreateRole(CreateRoleRequest) returns (CreateRoleResponse);
+
+  rpc AddUsersToRole(AddUsersToRoleRequest) returns (AddUsersToRoleResponse);
+
+  rpc GetRoles(GetRolesRequest) returns (GetRolesResponse);
+
+  rpc GetRole(GetRoleRequest) returns (GetRoleResponse);
+
+  rpc UpdateRole(UpdateRoleRequest) returns (UpdateRoleResponse);
+
+  rpc DeleteRole(DeleteRoleRequest) returns (DeleteRoleResponse);
+}
+
+message Role {
+  int32 id = 1;
+  string name = 2;
+  repeated uint64 permissions = 3;
+}
+
+message CreateRoleRequest {
+  string name = 1;
+  repeated uint64 permissions = 2;
+}
+
+message CreateRoleResponse {
+  int32 role_id = 1;
+}
+
+message AddUsersToRoleRequest {
+  int32 role_id = 1;
+  repeated string usernames = 2;
+}
+
+message AddUsersToRoleResponse {}
+
+message GetRolesRequest {}
+
+message GetRolesResponse {
+  message Permission {
+    uint64 value = 1;
+    string name = 2;
+    optional string description = 3;
+  }
+
+  repeated Role roles = 1;
+  repeated Permission available_permissions = 2;
+}
+
+message GetRoleRequest {
+  int32 id = 1;
+}
+
+message GetRoleResponse {
+  repeated string usernames = 1;
+}
+
+message UpdateRoleRequest {
+  int32 id = 1;
+  optional string name = 2;
+  repeated uint64 permissions = 3;
+}
+
+message UpdateRoleResponse {}
+
+message DeleteRoleRequest {
+  int32 id = 1;
+  optional int32 replacement_role_id = 2;
+}
+
+message DeleteRoleResponse {}
diff --git a/api/userprofile/v1/userprofile.proto b/api/userprofile/v1/userprofile.proto
@@ -26,6 +26,7 @@ message GetUserProfileResponse {
   string timezone = 1;
   string onboarding_version = 2;
   LogColumns log_columns = 3;
+  optional int32 role_id = 4;
 }
 
 message UpdateUserProfileRequest {
@@ -36,7 +37,6 @@ message UpdateUserProfileRequest {
 
 message UpdateUserProfileResponse {}
 
-
 message GetFavoriteQueriesRequest {}
 
 message GetFavoriteQueriesResponse {
@@ -66,7 +66,6 @@ message DeleteFavoriteQueryRequest {
 
 message DeleteFavoriteQueryResponse {}
 
-
 message GetDashboardsRequest {}
 
 message GetDashboardsResponse {
@@ -109,4 +108,4 @@ message DeleteDashboardRequest {
   string uuid = 1;
 }
 
-message DeleteDashboardResponse {}
+message DeleteDashboardResponse {}
diff --git a/cmd/seq-ui/main.go b/cmd/seq-ui/main.go
@@ -16,6 +16,7 @@ import (
 	"github.com/jackc/pgx/v5/pgxpool"
 	"github.com/joho/godotenv"
 	"github.com/ozontech/seq-ui/internal/api"
+	admin_v1 "github.com/ozontech/seq-ui/internal/api/admin/v1"
 	dashboards_v1 "github.com/ozontech/seq-ui/internal/api/dashboards/v1"
 	errorgroups_v1 "github.com/ozontech/seq-ui/internal/api/errorgroups/v1"
 	massexport_v1 "github.com/ozontech/seq-ui/internal/api/massexport/v1"
@@ -152,6 +153,7 @@ func initApp(ctx context.Context, cfg config.Config) *api.Registrar {
 	var (
 		asyncSearchesService *asyncsearches.Service
 		p                    *profiles.Profiles
+		adminV1              *admin_v1.Admin
 		userProfileV1        *userprofile_v1.UserProfile
 		dashboardsV1         *dashboards_v1.Dashboards
 	)
@@ -164,6 +166,10 @@ func initApp(ctx context.Context, cfg config.Config) *api.Registrar {
 		dashboardsV1 = dashboards_v1.New(svc, p)
 
 		asyncSearchesService = asyncsearches.New(ctx, repo, defaultClient, cfg.Handlers.AsyncSearch)
+
+		if cfg.Handlers.Admin != nil {
+			adminV1 = admin_v1.New(svc)
+		}
 	}
 
 	seqApiV1 := seqapi_v1.New(cfg.Handlers.SeqAPI, seqDBClients, inmemWithRedisCache, redisCache, asyncSearchesService, p)
@@ -182,7 +188,7 @@ func initApp(ctx context.Context, cfg config.Config) *api.Registrar {
 		errorGroupsV1 = errorgroups_v1.New(svc)
 	}
 
-	return api.NewRegistrar(seqApiV1, userProfileV1, dashboardsV1, massExportV1, errorGroupsV1)
+	return api.NewRegistrar(adminV1, seqApiV1, userProfileV1, dashboardsV1, massExportV1, errorGroupsV1)
 }
 
 func initSeqDBClients(ctx context.Context, cfg config.Config) (map[string]seqdb.Client, error) {

diff --git a/docs/en/02-configuration.md b/docs/en/02-configuration.md
@@ -507,6 +507,7 @@ handlers:
   error_groups:
   mass_export:
   async_search:
+  admin:
 ```
 
 ### SeqAPI
@@ -829,6 +830,18 @@ Configuration for async search request.
 
   Maximum length of `request.query` in async searches list responses. Requests exceeding the limit will be truncated to it
 
+### Admin
+
+**`admin`** *`Admin`* *`optional`*
+
+Configuration for `/admin` API.
+
+`Admin` fields:
+
++ **`super_users`** *`[]string`* *`required`*
+
+  List of users with full access to admin features.
+
 ## Tracing
 
 The tracing configuration is set through environment variables.

diff --git a/docs/ru/02-configuration.md b/docs/ru/02-configuration.md
@@ -507,6 +507,7 @@ handlers:
   error_groups:
   mass_export:
   async_search:
+  admin:
 ```
 
 ### SeqAPI
@@ -515,7 +516,7 @@ handlers:
 
 Конфигурация `/seqapi` API.
 
-`SeqAPI` fields:
+Поля `SeqAPI`:
 
 + **`max_search_limit`** *`int`* *`default=0`*
 
@@ -829,6 +830,18 @@ handlers:
 
   Максимальная длина `request.query` в ответе списка отложенных запросов. Запросы, превышающие лимит, будут обрезаны до этого значения.
 
+### Admin
+
+**`admin`** *`Admin`* *`optional`*
+
+Конфигурация `/admin` API.
+
+Поля `Admin`:
+
++ **`super_users`** *`[]string`* *`required`*
+
+  Список пользователей с полным доступом к административным функциям.
+
 ## Tracing
 
 Конфигурация трейсинга задается переменными окружения.

diff --git a/internal/api/admin/v1/admin.go b/internal/api/admin/v1/admin.go
@@ -0,0 +1,28 @@
+package admin_v1
+
+import (
+	"github.com/go-chi/chi/v5"
+	grpc_api "github.com/ozontech/seq-ui/internal/api/admin/v1/grpc"
+	http_api "github.com/ozontech/seq-ui/internal/api/admin/v1/http"
+	"github.com/ozontech/seq-ui/internal/pkg/service"
+)
+
+type Admin struct {
+	grpcAPI *grpc_api.API
+	httpAPI *http_api.API
+}
+
+func New(svc service.Service) *Admin {
+	return &Admin{
+		grpcAPI: grpc_api.New(svc),
+		httpAPI: http_api.New(svc),
+	}
+}
+
+func (a *Admin) GRPCServer() *grpc_api.API {
+	return a.grpcAPI
+}
+
+func (a *Admin) HTTPRouter() chi.Router {
+	return a.httpAPI.Router()
+}
diff --git a/internal/api/admin/v1/grpc/api.go b/internal/api/admin/v1/grpc/api.go
@@ -0,0 +1,18 @@
+package grpc
+
+import (
+	"github.com/ozontech/seq-ui/internal/pkg/service"
+	"github.com/ozontech/seq-ui/pkg/admin/v1"
+)
+
+type API struct {
+	admin.UnimplementedAdminServiceServer
+
+	service service.Service
+}
+
+func New(svc service.Service) *API {
+	return &API{
+		service: svc,
+	}
+}
diff --git a/internal/api/admin/v1/grpc/roles.go b/internal/api/admin/v1/grpc/roles.go
@@ -0,0 +1,31 @@
+package grpc
+
+import (
+	"context"
+
+	"github.com/ozontech/seq-ui/pkg/admin/v1"
+)
+
+func (a *API) CreateRole(ctx context.Context, req *admin.CreateRoleRequest) (*admin.CreateRoleResponse, error) {
+	return &admin.CreateRoleResponse{}, nil
+}
+
+func (a *API) GetRoles(ctx context.Context, req *admin.GetRolesRequest) (*admin.GetRolesResponse, error) {
+	return &admin.GetRolesResponse{}, nil
+}
+
+func (a *API) AddUsersToRole(ctx context.Context, req *admin.AddUsersToRoleRequest) (*admin.AddUsersToRoleResponse, error) {
+	return &admin.AddUsersToRoleResponse{}, nil
+}
+
+func (a *API) GetRole(ctx context.Context, req *admin.GetRoleRequest) (*admin.GetRoleResponse, error) {
+	return &admin.GetRoleResponse{}, nil
+}
+
+func (a *API) UpdateRole(ctx context.Context, req *admin.UpdateRoleRequest) (*admin.UpdateRoleResponse, error) {
+	return &admin.UpdateRoleResponse{}, nil
+}
+
+func (a *API) DeleteRole(ctx context.Context, req *admin.DeleteRoleRequest) (*admin.DeleteRoleResponse, error) {
+	return &admin.DeleteRoleResponse{}, nil
+}
diff --git a/internal/api/admin/v1/http/api.go b/internal/api/admin/v1/http/api.go
@@ -0,0 +1,34 @@
+package http
+
+import (
+	"github.com/go-chi/chi/v5"
+	"github.com/ozontech/seq-ui/internal/pkg/service"
+)
+
+type API struct {
+	service service.Service
+}
+
+func New(svc service.Service) *API {
+	return &API{
+		service: svc,
+	}
+}
+
+func (a *API) Router() chi.Router {
+	mux := chi.NewMux()
+
+	mux.Route("/roles", func(r chi.Router) {
+		r.Post("/", a.serveCreateRole)
+		r.Get("/", a.serveGetRoles)
+
+		r.Route("/{id}", func(r chi.Router) {
+			r.Post("/users", a.serveAddUsersToRole)
+			r.Get("/", a.serveGetRole)
+			r.Patch("/", a.serveUpdateRole)
+			r.Delete("/", a.serveDeleteRole)
+		})
+	})
+
+	return mux
+}
diff --git a/internal/api/admin/v1/http/roles.go b/internal/api/admin/v1/http/roles.go
@@ -0,0 +1,31 @@
+package http
+
+import (
+	"net/http"
+
+	"github.com/ozontech/seq-ui/internal/api/httputil"
+)
+
+func (a *API) serveCreateRole(w http.ResponseWriter, r *http.Request) {
+	httputil.NewWriter(w).WriteHeader(http.StatusNotImplemented)
+}
+
+func (a *API) serveGetRoles(w http.ResponseWriter, r *http.Request) {
+	httputil.NewWriter(w).WriteHeader(http.StatusNotImplemented)
+}
+
+func (a *API) serveAddUsersToRole(w http.ResponseWriter, r *http.Request) {
+	httputil.NewWriter(w).WriteHeader(http.StatusNotImplemented)
+}
+
+func (a *API) serveGetRole(w http.ResponseWriter, r *http.Request) {
+	httputil.NewWriter(w).WriteHeader(http.StatusNotImplemented)
+}
+
+func (a *API) serveUpdateRole(w http.ResponseWriter, r *http.Request) {
+	httputil.NewWriter(w).WriteHeader(http.StatusNotImplemented)
+}
+
+func (a *API) serveDeleteRole(w http.ResponseWriter, r *http.Request) {
+	httputil.NewWriter(w).WriteHeader(http.StatusNotImplemented)
+}