Restricting Git Operations

Updated 6 months ago by Copado Solutions

Adding Restrictions to Git Operations

All Git operations are visible to users by default. You can restrict users or profiles to access only certain Git operations by adding a record to a custom setting called Git Operation Restriction. For example, if you only want users to see the Recommit Files option, simply add Recommit Files in this custom setting. In this example, the users will see Commit Files (always available) and Recommit Files (The Destructive Changes and Full Profiles & Permission Sets operations will not be visible).

The Commit Files operation is the default Git operation and cannot be restricted with this feature.

The process for restricting Git operations is as follows:

  1. Go to Setup -> Custom Settings.
  2. Click on Manage in the Git Operation Restriction custom setting.
  3. Click on New.
  4. Select Profile or User from Location.
  5. Write the specific Git operation(s) that should be visible in a semi-colon-separated list, (e.g. if you want your users to see Recommit Files and Destructive Changes enter Recommit Files;Destructive Changes in the Git Operation Name field).
  6. Check the Active checkbox.
  7. Click on Save.

Now your selected profile or user will only see the Git operation(s) you entered in the Custom Setting.

Removing Restrictions from Git Operations

To remove a restriction follow the steps below:

  1. Uncheck the Active checkbox from the related Git Operation Restriction record and click on Save.
  2. Delete the related Git Operation Restriction record.

Considerations on Restricting Git Operations

Restriction works from User Level to Profile Level and then to Default Organization Level restrictions. As an example, in your production organization there is a Developer Profile that has been assigned to two different users called Dave and Ana, and you would like users with the Developer Profile to have access to the Destructive Changes Git operation except for Dave. You also would like Dave, but not the other users with the Developer Profile, to have access to the Full Profiles & Permission Sets operation. Then you could do the following:

Organization Default Level: Recommit Files.

Profile Level (Developer Profile): Recommit Files; Destructive Changes.

User Level (Dave): Recommit Files; Full Profiles & Permission Sets.

When Dave opens the Commit Changes page, he will see the Commit Changes, Recommit Files, Full Profiles & Permission Sets Git operations.

When Ana opens the Commit Changes page, she will see the Commit Changes, Recommit Files, Destructive Changes Git operations.

How did we do?