Restricting Git Operations

Updated 3 months ago by Copado Solutions

Adding Restrictions to Git Operations

By default, users have access to all Git operations. However, there might be occasions when you want to restrict users access to certain Git operations.

Copado allows you to prevent users or profiles from accessing specific Git operations by adding a record to a custom setting called Git Operation Restriction. For example, if you only want users to see the Recommit Files option, simply add Recommit Files to this custom setting. In this case, users will just see Commit Files, which is always available, and Recommit Files (the Destructive Changes and Full Profiles & Permission Sets operations will not be visible).

The Commit Files operation is the default Git operation and cannot be restricted with this feature.

To restrict Git operations, follow the steps below:

  1. Go to Setup -> Custom Settings.
  2. Click on Manage in the Git Operation Restriction custom setting.
  3. Click on New.
  4. Select Profile or User from Location.
  5. Write the specific Git operation(s) that should be visible in a semi-colon-separated list, (e.g. if you want your users to see Recommit Files and Destructive Changes enter Recommit Files;Destructive Changes in the Git Operation Name field):

  1. Check the Active checkbox.
  2. Click on Save.

Now your selected profile or user will only see the Git operation(s) you entered in the custom setting.

Removing Git Operation Restrictions

To remove a restriction follow the steps below:

  1. Uncheck the Active checkbox from the related Git Operation Restriction record and click on Save.
  2. Delete the related Git Operation Restriction record.

Considerations on Restricting Git Operations

Restrictions work from user level to profile level and then to default organization level.

Let's say there is a developer profile in your production organization that has been assigned to two different users, Dave and Ana, and you want all users with this profile except for Dave to have access to Destructive Changes. Additionally, you want to grant Dave, and no one else with the developer profile, access to Full Profiles & Permission Sets. This is how you can set this up:

Organization default level: Recommit Files.

Profile level (developer profile): Recommit Files; Destructive Changes.

User level (Dave): Recommit Files; Full Profiles & Permission Sets.

If Dave opens the Commit Changes page, he will see the Commit Changes, Recommit Files and Full Profiles & Permission Sets Git operations.

If Ana opens the Commit Changes page, she will see the Commit Changes, Recommit Files and Destructive Changes Git operations.

How did we do?