How to ignore user permissions in profiles when deploying using a yaml file

The first thing you need is to prepare the yaml file. Please find below the yaml file structure, regex and rule that you need. 

User-added image

Use the Find & Replace Rule Editor button to upload the file as an attachment to your org. The button is available in the Deployment Flow and Environment object. If you are not able to see the button, check if it was added to the page layout. If your Salesforce instance doesn't have Attachments, and instead is using Files, you still can upload the yaml file using the Editor. By saving the file in the Editor, it will be uploaded as Type Attachment to the record.

Depending on how you are deploying the profiles, you will have to upload the yaml file in the Deployment Flow record or in the Environment record you are deploying to.

If the Copado.yml file is uploaded in a Deployment Flow, the rules will apply to any deployments and commits of the Environments and the branches of the Deployment Flow. This is for Committing Files in user stories, promoting and deploying.

If the Copado.yml file is uploaded to an Environment, the rules will apply to Metadata/Git Metadata deployments. This is for manual deployments with Metadata step type.

When uploading the file, make sure it's uploaded as Attachment Type and the name is Copado.yaml. Do not use the Upload Files button to upload the file. If you do not have the Attach File button, use the Editor as explained above.

User-added image

User-added image

Notes and considerations:

The yaml file will not remove user permission in the target org. The permissions will not be disabled in the target org. The purpose of the yaml is to exclude the user permissions in the profile file that is being deployed. When deploying a profile, if a user permission is not included in the file that is deployed, the user permission is just ignored but it is not disabled in the target (it's not going to be enabled either if it was enabled in the source org). The user permission stays as it was previous to the deployment.

The profiles you are moving must exist in the target. If the profile doesn't exist in target and it's created with the deployment, the user permissions will be taken from the Standard Salesforce Profile. See below information from the Special Behavior in Metadata API Deployments.

"If a package includes a profile with a name that doesn't exist in the target org, a new profile is created with that name. If the deployed profile doesn't specify any permissions or settings, the resulting profile consists of all the permissions and settings in the Standard Profile."

You will find more information about this feature in our documentation:  Global Find and Replace Rules

Please note that creating or editing rules and regex in this file are out of scope of Copado Support.  If you would like our Professional Services team to help you with such configuration, please let us know by sending an email to

How did we do?