diff --git a/authz/src/permission.rs b/authz/src/permission.rs
index eb618e3cb2..1836e655cd 100644
--- a/authz/src/permission.rs
+++ b/authz/src/permission.rs
@@ -115,8 +115,8 @@ impl TryFrom<Permission> for proto::Permission {
 /// A resource is the object that a request is trying to access.
 #[derive(Clone, Debug, PartialEq)]
 pub enum Resource {
-    /// A namespace is a named IOx namespace.
-    Namespace(String),
+    /// A database is a named IOx database.
+    Database(String),
 }
 
 impl Resource {
@@ -125,8 +125,8 @@ impl Resource {
         ri: Option<String>,
     ) -> Result<Self, IncompatiblePermissionError> {
         match (rt, ri) {
-            (proto::resource_action_permission::ResourceType::Namespace, Some(s)) => {
-                Ok(Self::Namespace(s))
+            (proto::resource_action_permission::ResourceType::Database, Some(s)) => {
+                Ok(Self::Database(s))
             }
             _ => Err(IncompatiblePermissionError {}),
         }
@@ -142,8 +142,8 @@ impl Resource {
         IncompatiblePermissionError,
     > {
         match self {
-            Self::Namespace(s) => Ok((
-                proto::resource_action_permission::ResourceType::Namespace,
+            Self::Database(s) => Ok((
+                proto::resource_action_permission::ResourceType::Database,
                 Some(s),
             )),
         }
@@ -209,9 +209,9 @@ mod tests {
     #[test]
     fn resource_try_from_proto() {
         assert_eq!(
-            Resource::Namespace("ns1".into()),
+            Resource::Database("ns1".into()),
             Resource::try_from_proto(
-                proto::resource_action_permission::ResourceType::Namespace,
+                proto::resource_action_permission::ResourceType::Database,
                 Some("ns1".into())
             )
             .unwrap()
@@ -219,7 +219,7 @@ mod tests {
         assert_eq!(
             IncompatiblePermissionError {},
             Resource::try_from_proto(
-                proto::resource_action_permission::ResourceType::Namespace,
+                proto::resource_action_permission::ResourceType::Database,
                 None
             )
             .unwrap_err()
@@ -238,17 +238,17 @@ mod tests {
     fn resource_try_into_proto() {
         assert_eq!(
             (
-                proto::resource_action_permission::ResourceType::Namespace,
+                proto::resource_action_permission::ResourceType::Database,
                 Some("ns1".into())
             ),
-            Resource::Namespace("ns1".into()).try_into_proto().unwrap(),
+            Resource::Database("ns1".into()).try_into_proto().unwrap(),
         );
     }
 
     #[test]
     fn permission_try_from_proto() {
         assert_eq!(
-            Permission::ResourceAction(Resource::Namespace("ns2".into()), Action::Create),
+            Permission::ResourceAction(Resource::Database("ns2".into()), Action::Create),
             Permission::try_from(proto::Permission {
                 permission_one_of: Some(proto::permission::PermissionOneOf::ResourceAction(
                     proto::ResourceActionPermission {
@@ -301,7 +301,7 @@ mod tests {
                 ))
             },
             proto::Permission::try_from(Permission::ResourceAction(
-                Resource::Namespace("ns3".into()),
+                Resource::Database("ns3".into()),
                 Action::Create
             ))
             .unwrap()
diff --git a/generated_types/protos/influxdata/iox/authz/v1/authz.proto b/generated_types/protos/influxdata/iox/authz/v1/authz.proto
index 868003ee5d..67bb33d160 100644
--- a/generated_types/protos/influxdata/iox/authz/v1/authz.proto
+++ b/generated_types/protos/influxdata/iox/authz/v1/authz.proto
@@ -70,9 +70,9 @@ message ResourceActionPermission {
     RESOURCE_TYPE_UNSPECIFIED = 0;
 
     /*
-     * Permission to access a namespace.
+     * Permission to access a database.
      */
-    RESOURCE_TYPE_NAMESPACE = 1;
+    RESOURCE_TYPE_DATABASE = 1;
   }
 
   enum Action {
diff --git a/iox_query/src/exec.rs b/iox_query/src/exec.rs
index c5aa569aba..491dd7c5e4 100644
--- a/iox_query/src/exec.rs
+++ b/iox_query/src/exec.rs
@@ -15,7 +15,6 @@ use datafusion_util::config::register_iox_object_store;
 use executor::DedicatedExecutor;
 use object_store::DynObjectStore;
 use parquet_file::storage::StorageId;
-use trace::span::{SpanExt, SpanRecorder};
 mod cross_rt_stream;
 
 use std::{collections::HashMap, fmt::Display, num::NonZeroUsize, sync::Arc};
@@ -23,13 +22,11 @@ use std::{collections::HashMap, fmt::Display, num::NonZeroUsize, sync::Arc};
 use datafusion::{
     self,
     execution::{
-        context::SessionState,
         disk_manager::DiskManagerConfig,
         runtime_env::{RuntimeConfig, RuntimeEnv},
     },
     logical_expr::{expr_rewriter::normalize_col, Extension},
     logical_expr::{Expr, LogicalPlan},
-    prelude::SessionContext,
 };
 
 pub use context::{IOxSessionConfig, IOxSessionContext, SessionContextIOxExt};
@@ -203,18 +200,6 @@ impl Executor {
             .with_target_partitions(self.config.target_query_partitions)
     }
 
-    /// Get IOx context from DataFusion state.
-    pub fn new_context_from_df(
-        &self,
-        executor_type: ExecutorType,
-        state: &SessionState,
-    ) -> IOxSessionContext {
-        let inner = SessionContext::with_state(state.clone());
-        let exec = self.executor(executor_type).clone();
-        let recorder = SpanRecorder::new(state.span_ctx().child_span("Query Execution"));
-        IOxSessionContext::new(inner, exec, recorder)
-    }
-
     /// Create a new execution context, suitable for executing a new query or system task
     ///
     /// Note that this context (and all its clones) will be shut down once `Executor` is dropped.
diff --git a/iox_query/src/exec/context.rs b/iox_query/src/exec/context.rs
index 5678be8420..5be5f3cab7 100644
--- a/iox_query/src/exec/context.rs
+++ b/iox_query/src/exec/context.rs
@@ -678,6 +678,11 @@ impl IOxSessionContext {
         self.recorder.span()
     }
 
+    /// Returns a new child span of the current context
+    pub fn child_span(&self, name: &'static str) -> Option<Span> {
+        self.recorder.child_span(name)
+    }
+
     /// Number of currently active tasks.
     pub fn tasks(&self) -> usize {
         self.exec.tasks()
diff --git a/querier/src/namespace/query_access.rs b/querier/src/namespace/query_access.rs
index 7549b0df66..f8983a34c0 100644
--- a/querier/src/namespace/query_access.rs
+++ b/querier/src/namespace/query_access.rs
@@ -59,7 +59,7 @@ impl QueryNamespace for QuerierNamespace {
         let mut chunks = table
             .chunks(
                 predicate,
-                ctx.span().map(|span| span.child("querier table chunks")),
+                ctx.child_span("QuerierNamespace chunks"),
                 projection,
             )
             .await?;
@@ -360,7 +360,7 @@ mod tests {
         let span = traces
             .spans()
             .into_iter()
-            .find(|s| s.name == "querier table chunks")
+            .find(|s| s.name == "QuerierTable chunks")
             .expect("tracing span not found");
         assert_eq!(span.status, SpanStatus::Ok);
 
diff --git a/querier/src/table/query_access/mod.rs b/querier/src/table/query_access/mod.rs
index 80cc4af366..f29f3301c0 100644
--- a/querier/src/table/query_access/mod.rs
+++ b/querier/src/table/query_access/mod.rs
@@ -62,7 +62,7 @@ impl TableProvider for QuerierTable {
         let chunks = self
             .chunks(
                 &pruning_predicate,
-                ctx.child_span("querier table chunks"),
+                ctx.child_span("QuerierTable chunks"),
                 projection,
             )
             .await?;
diff --git a/router/src/server/http.rs b/router/src/server/http.rs
index 79fc4609d0..01212afe39 100644
--- a/router/src/server/http.rs
+++ b/router/src/server/http.rs
@@ -381,7 +381,7 @@ where
                 }
             });
         let perms = [Permission::ResourceAction(
-            Resource::Namespace(write_info.namespace.to_string()),
+            Resource::Database(write_info.namespace.to_string()),
             Action::Write,
         )];
         self.authz.require_any_permission(token, &perms).await?;
diff --git a/service_grpc_flight/src/lib.rs b/service_grpc_flight/src/lib.rs
index 819bbff5d5..8eb0a783b6 100644
--- a/service_grpc_flight/src/lib.rs
+++ b/service_grpc_flight/src/lib.rs
@@ -472,7 +472,7 @@ where
         let perms = match query {
             RunQuery::FlightSQL(cmd) => flightsql_permissions(namespace_name, cmd),
             RunQuery::Sql(_) | RunQuery::InfluxQL(_) => vec![authz::Permission::ResourceAction(
-                authz::Resource::Namespace(namespace_name.to_string()),
+                authz::Resource::Database(namespace_name.to_string()),
                 authz::Action::Read,
             )],
         };
@@ -733,7 +733,7 @@ fn get_flight_authz(metadata: &MetadataMap) -> Option<Vec<u8>> {
 }
 
 fn flightsql_permissions(namespace_name: &str, cmd: &FlightSQLCommand) -> Vec<authz::Permission> {
-    let resource = authz::Resource::Namespace(namespace_name.to_string());
+    let resource = authz::Resource::Database(namespace_name.to_string());
     let action = match cmd {
         FlightSQLCommand::CommandStatementQuery(_) => authz::Action::Read,
         FlightSQLCommand::CommandPreparedStatementQuery(_) => authz::Action::Read,
diff --git a/test_helpers_end_to_end/src/authz.rs b/test_helpers_end_to_end/src/authz.rs
index 6b60afbb55..2bbc9c7a04 100644
--- a/test_helpers_end_to_end/src/authz.rs
+++ b/test_helpers_end_to_end/src/authz.rs
@@ -81,7 +81,7 @@ impl Authorizer {
             .map(|a| Permission {
                 permission_one_of: Some(PermissionOneOf::ResourceAction(
                     ResourceActionPermission {
-                        resource_type: ResourceType::Namespace.into(),
+                        resource_type: ResourceType::Database.into(),
                         resource_id: Some(namespace_name.to_string()),
                         action: a.into(),
                     },