How to Ignore User Permissions in Profiles When Deploying Using a Yaml File

The first thing you need is to prepare the yaml file. Please find below the yaml file structure, regex and rule that you need.

Image 1

Use the Find & Replace Rule Editor button to upload the file as an attachment to your org. This button is available in the Pipeline and Environment objects. If you can’t see the button, check if it was added to the page layout. If your Salesforce instance doesn't have attachments and is using files instead, you still can upload the yaml file using the editor. By saving the file in the editor, it will be uploaded as type 'Attachment' to the record.

Depending on how you are deploying the profiles, you will have to upload the yaml file in the Pipeline record or in the Environment record to which you are deploying.

If the Copado.yml file is uploaded to a pipeline, the rules will apply to any deployments and commits of the environments and the branches of the pipeline. This is for committing files in user stories, promoting and deploying.

If the Copado.yml file is uploaded to an environment, the rules will apply to Metadata/Git Metadata deployments. This is for manual deployments with a Metadata step type.

When uploading the file, make sure it is uploaded as type Attachment and the name is Copado.yml. Do not use the Upload Files button to upload the file. If you do not have the Attach File button, use the editor as explained above.

Image 2
Image 3

IMPORTANT: Bear in mind that Copado works with Attachments instead of Files. If you are a Lightning Experience user, the files uploaded in this interface will be uploaded as a "file" by default even if the checkbox “Files uploaded to the Attachments related list on records are uploaded as Salesforce Files, not as attachments” is unflagged in your setup. You need to temporarily change to Classic interface, upload the file as an attachment and return to Lightning Experience or upload the file using the developer console.

Notes and Considerations

The yaml file will not remove user permissions in the destination org. The permissions will not be disabled in the destination org. The purpose of the yaml file is to exclude the user permissions in the profile file that is being deployed. When deploying a profile, if a user permission is not included in the file that is deployed, this user permission will just be ignored but not disabled in the destination (it will not be enabled either if it was enabled in the source org). The user permission stays as it was prior to the deployment.

The profiles you are moving must exist in the destination. If the profile doesn't exist in the destination and it's created with the deployment, the user permissions will be taken from the Standard Salesforce Profile. See below the information taken from the article Special Behavior in Metadata API Deployments.

"If a package includes a profile with a name that doesn't exist in the target org, a new profile is created with that name. If the deployed profile doesn't specify any permissions or settings, the resulting profile consists of all the permissions and settings in the Standard Profile."

You will find more information about this feature in our article Global Find and Replace Rules.

Please note that creating or editing rules and regex in this file is out of the scope of Copado Support. If you would like our Professional Services team to help you with this configuration, please let us know by sending an email to

How did we do?