Advanced role based access for Copado


Get our monthly newsletter for the latest business insights.

This is the first part in a series of blogs (read the second part here) on advanced topics of Copado on how you can fit Copado seamlessly into your Software Development Life Cycle.

Current Licensing model of Copado

With the current setup of Copado, the access is restricted based on licenses to the following categories:

  1. Copado Admin
  2. Copado User
  3. Copado Guest
  1. Copado Admin 1: It is assigned to designated Release Administrators along with Copado User permission set. This license allows deployment to production. It is expected that all customers should possess a minimum of one Copado Admin license to operate Copado and deploy to production (this license is also required for authentication of deployments against production). All Guest and Copado User features are available in Copado Admin, too. This license is a user-dependent one with access to features that use up credits.
  2. Copado User or CCM License2: This license is limited to user story functionality, where users assigned to this license will supply to the pipeline, and these users are allowed to execute deployments to all types of sandboxes, except production. They just interact with the user stories, add metadata to them, and thus, supply to the deployment pipeline.
  3. Copado Guest or Agile Delivery License3: The Guest license gives you access to Copado User’s basic functionality such as user stories, sprints, epics, etc. However, you will be unable to commit changes to user stories, deploy user stories or add information related to deployment to user stories.

Problem Statement

The agile delivery license allows users related to non-deployment to define or work on user stories within the same system as developers. Hence, there is a need for advanced restriction.

Extending Salesforce to bring more flexibility in role based access for Copado

This approach is useful if we want to restrict developers (users with Copado User License) from deploying beyond certain environments.

For this approach to work, the following are the required steps:

  1. Create a new Custom Permission named ‘Copado Release Admin’
  2. Create a Custom Permission set named ‘Copado Release Admin’ and assign it to Designated Release Administrators
  3. Open previously created permission set in step 1 and go to Custom Permission and assign Custom Permission created in step 2 under Available Permission
  4. Create a new field on Environment Object named ‘Environment Type’ (picklist) and give Read and Write access to Copado Permission set.
  1. Values :
  1. Developer Sandbox
  2. QA
  3. INT
  4. UAT

*****   The values can be set as per the requirement.

  1. Create a Validation rule on User Story object, which will prevent Developers from deploying beyond specified environment.
  2. Update the existing Environment records, with appropriate values for Environment Type field. For this step, switch to Classic mode.

Here is the step-by-step guide to the above-mentioned process:

1. Create a custom permission named Copado release admin

2. Create a permission set named Copado release admin and click on manage assignment and assign it to designated release admin

3. Create a validation rule on user story object

Once the story is in INT (for this example) and when developer will click on “promote and deploy”, error message will be shown


With our Copado solution, ensure the right segregation of responsibilities for Copado users and restrict developers (users with Copado User License) from deploying beyond certain environments.

Contact Us to Extend Salesforce to Bring the Right SDLC Process to Your Salesforce Practice with Copado.

1 Copado Admin,
2 Copado Admin,
3 Copado Admin,

About CloudFulcrum

CloudFulcrum has been a part of multiple successful Copado implementations worldwide with customers ranging from BFSI, Health Care, Retail, to Real Estate, and Technology verticals.

CloudFulcrum has launched ‘Copado as a Service’ with the following key capabilities:

  • CloudFulcrum Copado COE: The company has built a strong Copado Center of Excellence with Certified experts constantly innovating on the platform. The COE teams with a deeper understanding of Copado architecture are spread across all major geographies offering advisory as well as managed services for Copado Customers.
  • End-to-End Change and Release Management: CloudFulcrum offers end-to-end change and release management services for Salesforce customers using Copado with the following, but not limited to:
  • Setup, monitoring, and promotion of user stories through the Copado Pipeline
  • Back-Promotion and handling of merge conflicts.
  • Sandbox Refresh and Data Management including CPQ templates.
  • Extending Copado to meet SDLC needs as required.
  • Create and maintain Enterprise DevOps Reports and Dashboards built on Salesforce.

Business Enquiries

To understand more on how you can get more value and ROI with Copado, please contact us for a free discovery session at


Leave A Comment