How do I prevent a User to deploy to a specific Org (eg Production)

There are different ways of preventing a Copado user from deploying to a certain environment, eg production:

  1. Make sure the user doesn’t have access to a sys admin user in production, regardless of the access to Copado.
  2. Make sure the Org Credential custom object is set to private (this is private by default).
  3. Using standard Salesforce security, the user won’t have visibility of any record he doesn't own.
  4. Make sure the Deployment is set to private (this is private  by default).

You can add extra security, if necessary, with validation rules. For example, you can set up a rule to prevent certain users from deploying to production if the production org is selected as destination org and the running user is not [user X]. The error ‘you can’t deploy to production’ will be displayed.

How did we do?