diff --git a/api/restHandler/BulkUpdateRestHandler.go b/api/restHandler/BulkUpdateRestHandler.go
index 61b65644b7..3a6d7d2b24 100644
--- a/api/restHandler/BulkUpdateRestHandler.go
+++ b/api/restHandler/BulkUpdateRestHandler.go
@@ -19,11 +19,13 @@ package restHandler
 import (
 	"encoding/json"
 	"fmt"
+	bean4 "github.com/devtron-labs/devtron/pkg/auth/user/bean"
 	"github.com/devtron-labs/devtron/pkg/build/git/gitMaterial/repository"
 	"github.com/devtron-labs/devtron/pkg/build/git/gitProvider"
 	"github.com/devtron-labs/devtron/pkg/bulkAction/bean"
 	"github.com/devtron-labs/devtron/pkg/bulkAction/service"
 	"github.com/devtron-labs/devtron/pkg/cluster/environment"
+	"github.com/devtron-labs/devtron/util"
 	"net/http"
 	"strconv"
 	"strings"
@@ -212,9 +214,14 @@ func (handler BulkUpdateRestHandlerImpl) CheckAuthForBulkUpdate(AppId int, EnvId
 
 }
 func (handler BulkUpdateRestHandlerImpl) BulkUpdate(w http.ResponseWriter, r *http.Request) {
+	userId, err := handler.userAuthService.GetLoggedInUser(r)
+	if userId == 0 || err != nil {
+		common.WriteJsonResp(w, err, "Unauthorized User", http.StatusUnauthorized)
+		return
+	}
 	decoder := json.NewDecoder(r.Body)
 	var script bean.BulkUpdateScript
-	err := decoder.Decode(&script)
+	err = decoder.Decode(&script)
 	if err != nil {
 		common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
 		return
@@ -250,8 +257,14 @@ func (handler BulkUpdateRestHandlerImpl) BulkUpdate(w http.ResponseWriter, r *ht
 			common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), "Unauthorized User", http.StatusForbidden)
 		}
 	}
-
-	response := handler.bulkUpdateService.BulkUpdate(script.Spec)
+	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
+	userEmail := util.GetEmailFromContext(r.Context())
+	userMetadata := &bean4.UserMetadata{
+		UserEmailId:      userEmail,
+		IsUserSuperAdmin: isSuperAdmin,
+		UserId:           userId,
+	}
+	response := handler.bulkUpdateService.BulkUpdate(script.Spec, userMetadata)
 	common.WriteJsonResp(w, nil, response, http.StatusOK)
 }
 
@@ -261,7 +274,15 @@ func (handler BulkUpdateRestHandlerImpl) BulkHibernate(w http.ResponseWriter, r
 		return // response already written by the helper on error.
 	}
 	token := r.Header.Get("token")
-	response, err := handler.bulkUpdateService.BulkHibernate(request, r.Context(), w, token, handler.checkAuthForBulkHibernateAndUnhibernate)
+	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
+	userEmail := util.GetEmailFromContext(r.Context())
+	userMetadata := &bean4.UserMetadata{
+		UserEmailId:      userEmail,
+		IsUserSuperAdmin: isSuperAdmin,
+		UserId:           request.UserId,
+	}
+
+	response, err := handler.bulkUpdateService.BulkHibernate(r.Context(), request, handler.checkAuthForBulkHibernateAndUnhibernate, userMetadata)
 	if err != nil {
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
 		return
@@ -298,7 +319,14 @@ func (handler BulkUpdateRestHandlerImpl) BulkUnHibernate(w http.ResponseWriter,
 		return // response already written by the helper on error.
 	}
 	token := r.Header.Get("token")
-	response, err := handler.bulkUpdateService.BulkUnHibernate(request, r.Context(), w, token, handler.checkAuthForBulkHibernateAndUnhibernate)
+	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
+	userEmail := util.GetEmailFromContext(r.Context())
+	userMetadata := &bean4.UserMetadata{
+		UserEmailId:      userEmail,
+		IsUserSuperAdmin: isSuperAdmin,
+		UserId:           request.UserId,
+	}
+	response, err := handler.bulkUpdateService.BulkUnHibernate(r.Context(), request, handler.checkAuthForBulkHibernateAndUnhibernate, userMetadata)
 	if err != nil {
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
 		return
@@ -326,7 +354,14 @@ func (handler BulkUpdateRestHandlerImpl) BulkDeploy(w http.ResponseWriter, r *ht
 		common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
 		return
 	}
-	response, err := handler.bulkUpdateService.BulkDeploy(&request, token, handler.checkAuthBatch)
+	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
+	userEmail := util.GetEmailFromContext(r.Context())
+	userMetadata := &bean4.UserMetadata{
+		UserEmailId:      userEmail,
+		IsUserSuperAdmin: isSuperAdmin,
+		UserId:           userId,
+	}
+	response, err := handler.bulkUpdateService.BulkDeploy(&request, token, handler.checkAuthBatch, userMetadata)
 	if err != nil {
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
 		return
diff --git a/api/restHandler/ConfigMapRestHandler.go b/api/restHandler/ConfigMapRestHandler.go
index 8a4dcddce5..85d57e2784 100644
--- a/api/restHandler/ConfigMapRestHandler.go
+++ b/api/restHandler/ConfigMapRestHandler.go
@@ -19,6 +19,7 @@ package restHandler
 import (
 	"encoding/json"
 	"fmt"
+	"github.com/devtron-labs/devtron/pkg/auth/user/util"
 	"github.com/devtron-labs/devtron/pkg/pipeline/draftAwareConfigService"
 	"net/http"
 	"strconv"
@@ -125,12 +126,8 @@ func (handler ConfigMapRestHandlerImpl) CMGlobalAddUpdate(w http.ResponseWriter,
 	//RBAC END
 	ctx := r.Context()
 	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
-	userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
-	if err != nil {
-		common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
-		return
-	}
-	res, err := handler.draftAwareResourceService.CMGlobalAddUpdate(ctx, &configMapRequest, isSuperAdmin, userEmail)
+	userMetadata := util.GetUserMetadata(r.Context(), userId, isSuperAdmin)
+	res, err := handler.draftAwareResourceService.CMGlobalAddUpdate(ctx, &configMapRequest, userMetadata)
 	if err != nil {
 		handler.Logger.Errorw("service err, CMGlobalAddUpdate", "err", err, "payload", configMapRequest)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
@@ -175,12 +172,8 @@ func (handler ConfigMapRestHandlerImpl) CMEnvironmentAddUpdate(w http.ResponseWr
 	//RBAC END
 	ctx := r.Context()
 	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
-	userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
-	if err != nil {
-		common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
-		return
-	}
-	res, err := handler.draftAwareResourceService.CMEnvironmentAddUpdate(ctx, &configMapRequest, isSuperAdmin, userEmail)
+	userMetadata := util.GetUserMetadata(r.Context(), userId, isSuperAdmin)
+	res, err := handler.draftAwareResourceService.CMEnvironmentAddUpdate(ctx, &configMapRequest, userMetadata)
 	if err != nil {
 		handler.Logger.Errorw("service err, CMEnvironmentAddUpdate", "err", err, "payload", configMapRequest)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
@@ -378,12 +371,8 @@ func (handler ConfigMapRestHandlerImpl) CSGlobalAddUpdate(w http.ResponseWriter,
 	//RBAC END
 	ctx := r.Context()
 	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
-	userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
-	if err != nil {
-		common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
-		return
-	}
-	res, err := handler.draftAwareResourceService.CSGlobalAddUpdate(ctx, &configMapRequest, isSuperAdmin, userEmail)
+	userMetadata := util.GetUserMetadata(r.Context(), userId, isSuperAdmin)
+	res, err := handler.draftAwareResourceService.CSGlobalAddUpdate(ctx, &configMapRequest, userMetadata)
 	if err != nil {
 		handler.Logger.Errorw("service err, CSGlobalAddUpdate", "err", err, "payload", configMapRequest)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
@@ -429,12 +418,8 @@ func (handler ConfigMapRestHandlerImpl) CSEnvironmentAddUpdate(w http.ResponseWr
 	//RBAC END
 	ctx := r.Context()
 	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
-	userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
-	if err != nil {
-		common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
-		return
-	}
-	res, err := handler.draftAwareResourceService.CSEnvironmentAddUpdate(ctx, &configMapRequest, isSuperAdmin, userEmail)
+	userMetadata := util.GetUserMetadata(r.Context(), userId, isSuperAdmin)
+	res, err := handler.draftAwareResourceService.CSEnvironmentAddUpdate(ctx, &configMapRequest, userMetadata)
 	if err != nil {
 		handler.Logger.Errorw("service err, CSEnvironmentAddUpdate", "err", err, "payload", configMapRequest)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
@@ -548,17 +533,13 @@ func (handler ConfigMapRestHandlerImpl) CMGlobalDelete(w http.ResponseWriter, r
 	//RBAC END
 	ctx := r.Context()
 	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
-	userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
-	if err != nil {
-		common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
-		return
-	}
+	userMetadata := util.GetUserMetadata(r.Context(), userId, isSuperAdmin)
 	deleteReq := &bean.ConfigDataRequest{
 		Id:     id,
 		AppId:  appId,
 		UserId: userId,
 	}
-	res, err := handler.draftAwareResourceService.CMGlobalDelete(ctx, name, deleteReq, isSuperAdmin, userEmail)
+	res, err := handler.draftAwareResourceService.CMGlobalDelete(ctx, name, deleteReq, userMetadata)
 	if err != nil {
 		handler.Logger.Errorw("service err, CMGlobalDelete", "err", err, "appId", appId, "id", id, "name", name)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
@@ -614,17 +595,13 @@ func (handler ConfigMapRestHandlerImpl) CMEnvironmentDelete(w http.ResponseWrite
 	//RBAC END
 	ctx := r.Context()
 	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
-	userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
-	if err != nil {
-		common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
-		return
-	}
+	userMetadata := util.GetUserMetadata(r.Context(), userId, isSuperAdmin)
 	deleteReq := &bean.ConfigDataRequest{
 		Id:     id,
 		AppId:  appId,
 		UserId: userId,
 	}
-	res, err := handler.draftAwareResourceService.CMEnvironmentDelete(ctx, name, deleteReq, isSuperAdmin, userEmail)
+	res, err := handler.draftAwareResourceService.CMEnvironmentDelete(ctx, name, deleteReq, userMetadata)
 	if err != nil {
 		handler.Logger.Errorw("service err, CMEnvironmentDelete", "err", err, "appId", appId, "envId", envId, "id", id)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
@@ -666,17 +643,13 @@ func (handler ConfigMapRestHandlerImpl) CSGlobalDelete(w http.ResponseWriter, r
 	//RBAC END
 	ctx := r.Context()
 	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
-	userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
-	if err != nil {
-		common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
-		return
-	}
+	userMetadata := util.GetUserMetadata(r.Context(), userId, isSuperAdmin)
 	deleteReq := &bean.ConfigDataRequest{
 		Id:     id,
 		AppId:  appId,
 		UserId: userId,
 	}
-	res, err := handler.draftAwareResourceService.CSGlobalDelete(ctx, name, deleteReq, isSuperAdmin, userEmail)
+	res, err := handler.draftAwareResourceService.CSGlobalDelete(ctx, name, deleteReq, userMetadata)
 	if err != nil {
 		handler.Logger.Errorw("service err, CSGlobalDelete", "err", err, "appId", appId, "id", id, "name", name)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
@@ -732,17 +705,13 @@ func (handler ConfigMapRestHandlerImpl) CSEnvironmentDelete(w http.ResponseWrite
 	//RBAC END
 	ctx := r.Context()
 	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
-	userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
-	if err != nil {
-		common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
-		return
-	}
+	userMetadata := util.GetUserMetadata(r.Context(), userId, isSuperAdmin)
 	deleteReq := &bean.ConfigDataRequest{
 		Id:     id,
 		AppId:  appId,
 		UserId: userId,
 	}
-	res, err := handler.draftAwareResourceService.CSEnvironmentDelete(ctx, name, deleteReq, isSuperAdmin, userEmail)
+	res, err := handler.draftAwareResourceService.CSEnvironmentDelete(ctx, name, deleteReq, userMetadata)
 	if err != nil {
 		handler.Logger.Errorw("service err, CSEnvironmentDelete", "err", err, "appId", appId, "envId", envId, "id", id)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
diff --git a/api/restHandler/app/appList/AppListingRestHandler.go b/api/restHandler/app/appList/AppListingRestHandler.go
index 3862d4c4b9..311958b984 100644
--- a/api/restHandler/app/appList/AppListingRestHandler.go
+++ b/api/restHandler/app/appList/AppListingRestHandler.go
@@ -38,6 +38,7 @@ import (
 	util4 "github.com/devtron-labs/devtron/pkg/appStore/util"
 	"github.com/devtron-labs/devtron/pkg/auth/authorisation/casbin"
 	"github.com/devtron-labs/devtron/pkg/auth/user"
+	"github.com/devtron-labs/devtron/pkg/auth/user/bean"
 	bean5 "github.com/devtron-labs/devtron/pkg/cluster/bean"
 	bean2 "github.com/devtron-labs/devtron/pkg/cluster/environment/bean"
 	common2 "github.com/devtron-labs/devtron/pkg/deployment/common"
@@ -49,6 +50,7 @@ import (
 	k8sApplication "github.com/devtron-labs/devtron/pkg/k8s/application"
 	"github.com/devtron-labs/devtron/pkg/pipeline"
 	bean6 "github.com/devtron-labs/devtron/pkg/team/bean"
+	util2 "github.com/devtron-labs/devtron/util"
 	"github.com/devtron-labs/devtron/util/rbac"
 	"github.com/go-pg/pg"
 	"github.com/gorilla/mux"
@@ -469,6 +471,11 @@ func (handler AppListingRestHandlerImpl) FetchOverviewAppsByEnvironment(w http.R
 }
 
 func (handler AppListingRestHandlerImpl) FetchAppDetailsV2(w http.ResponseWriter, r *http.Request) {
+	userId, err := handler.userService.GetLoggedInUser(r)
+	if userId == 0 || err != nil {
+		common.WriteJsonResp(w, err, "Unauthorized User", http.StatusUnauthorized)
+		return
+	}
 	vars := mux.Vars(r)
 	token := r.Header.Get("token")
 	appId, err := strconv.Atoi(vars["app-id"])
@@ -486,6 +493,13 @@ func (handler AppListingRestHandlerImpl) FetchAppDetailsV2(w http.ResponseWriter
 		common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), nil, http.StatusForbidden)
 		return
 	}
+	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
+	userEmail := util2.GetEmailFromContext(r.Context())
+	userMetadata := &bean.UserMetadata{
+		UserEmailId:      userEmail,
+		IsUserSuperAdmin: isSuperAdmin,
+		UserId:           userId,
+	}
 	appDetail, err := handler.appListingService.FetchAppDetails(r.Context(), appId, envId)
 	if err != nil {
 		handler.logger.Errorw("service err, FetchAppDetailsV2", "err", err, "appId", appId, "envId", envId)
@@ -493,7 +507,7 @@ func (handler AppListingRestHandlerImpl) FetchAppDetailsV2(w http.ResponseWriter
 		return
 	}
 
-	appDetail, err = handler.updateApprovalConfigDataInAppDetailResp(appDetail, appId, envId)
+	appDetail, err = handler.updateApprovalConfigDataInAppDetailResp(r.Context(), appDetail, appId, envId, userMetadata)
 	if err != nil {
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
 		return
diff --git a/api/restHandler/app/appList/AppListingRestHandler_ent.go b/api/restHandler/app/appList/AppListingRestHandler_ent.go
index 48ff9ff1f7..7b80a6489b 100644
--- a/api/restHandler/app/appList/AppListingRestHandler_ent.go
+++ b/api/restHandler/app/appList/AppListingRestHandler_ent.go
@@ -1,7 +1,9 @@
 package appList
 
 import (
+	"context"
 	"github.com/devtron-labs/devtron/api/bean/AppView"
+	userBean "github.com/devtron-labs/devtron/pkg/auth/user/bean"
 	"net/http"
 )
 
@@ -14,6 +16,6 @@ func (handler AppListingRestHandlerImpl) FetchAutocompleteJobCiPipelines(w http.
 func (handler AppListingRestHandlerImpl) GetAllAppEnvsFromResourceNames(w http.ResponseWriter, r *http.Request) {
 }
 
-func (handler AppListingRestHandlerImpl) updateApprovalConfigDataInAppDetailResp(appDetail AppView.AppDetailContainer, appId, envId int) (AppView.AppDetailContainer, error) {
+func (handler AppListingRestHandlerImpl) updateApprovalConfigDataInAppDetailResp(ctx context.Context, appDetail AppView.AppDetailContainer, appId, envId int, userMetadata *userBean.UserMetadata) (AppView.AppDetailContainer, error) {
 	return appDetail, nil
 }
diff --git a/api/restHandler/app/pipeline/configure/DeploymentPipelineRestHandler.go b/api/restHandler/app/pipeline/configure/DeploymentPipelineRestHandler.go
index 67e78a7ccf..89f95436ed 100644
--- a/api/restHandler/app/pipeline/configure/DeploymentPipelineRestHandler.go
+++ b/api/restHandler/app/pipeline/configure/DeploymentPipelineRestHandler.go
@@ -22,6 +22,8 @@ import (
 	"errors"
 	"fmt"
 	models2 "github.com/devtron-labs/devtron/internal/sql/models"
+	bean4 "github.com/devtron-labs/devtron/pkg/auth/user/bean"
+	util3 "github.com/devtron-labs/devtron/pkg/auth/user/util"
 	bean3 "github.com/devtron-labs/devtron/pkg/chart/bean"
 
 	devtronAppGitOpConfigBean "github.com/devtron-labs/devtron/pkg/chart/gitOpsConfig/bean"
@@ -177,13 +179,9 @@ func (handler *PipelineConfigRestHandlerImpl) ConfigureDeploymentTemplateForApp(
 		}(ctx.Done(), cn.CloseNotify())
 	}
 	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
-	userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
-	if err != nil {
-		common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
-		return
-	}
+	userMetadata := util3.GetUserMetadata(r.Context(), userId, isSuperAdmin)
 
-	createResp, err := handler.draftAwareResourceService.Create(ctx, templateRequest, isSuperAdmin, userEmail)
+	createResp, err := handler.draftAwareResourceService.Create(ctx, templateRequest, userMetadata)
 	if err != nil {
 		handler.Logger.Errorw("service err, ConfigureDeploymentTemplateForApp", "err", err, "payload", templateRequest)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
@@ -412,8 +410,14 @@ func (handler *PipelineConfigRestHandlerImpl) HandleChangeDeploymentRequest(w ht
 	// Retrieve argocd token
 
 	ctx := r.Context()
-
-	resp, err := handler.pipelineBuilder.ChangeDeploymentType(ctx, deploymentAppTypeChangeRequest)
+	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
+	userEmail := util2.GetEmailFromContext(ctx)
+	userMetadata := &bean4.UserMetadata{
+		UserEmailId:      userEmail,
+		IsUserSuperAdmin: isSuperAdmin,
+		UserId:           userId,
+	}
+	resp, err := handler.pipelineBuilder.ChangeDeploymentType(ctx, deploymentAppTypeChangeRequest, userMetadata)
 
 	if err != nil {
 		nErr := errors.New("failed to change deployment type with error msg: " + err.Error())
@@ -464,7 +468,14 @@ func (handler *PipelineConfigRestHandlerImpl) HandleChangeDeploymentTypeRequest(
 	}
 
 	ctx := r.Context()
-	resp, err := handler.pipelineBuilder.ChangePipelineDeploymentType(ctx, deploymentTypeChangeRequest)
+	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
+	userEmail := util2.GetEmailFromContext(ctx)
+	userMetadata := &bean4.UserMetadata{
+		UserEmailId:      userEmail,
+		IsUserSuperAdmin: isSuperAdmin,
+		UserId:           userId,
+	}
+	resp, err := handler.pipelineBuilder.ChangePipelineDeploymentType(ctx, deploymentTypeChangeRequest, userMetadata)
 
 	if err != nil {
 		handler.Logger.Errorw(err.Error(), "payload", deploymentTypeChangeRequest, "err", err)
@@ -513,7 +524,14 @@ func (handler *PipelineConfigRestHandlerImpl) HandleTriggerDeploymentAfterTypeCh
 	}
 
 	ctx := r.Context()
-	resp, err := handler.pipelineBuilder.TriggerDeploymentAfterTypeChange(ctx, deploymentAppTriggerRequest)
+	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
+	userEmail := util2.GetEmailFromContext(ctx)
+	userMetadata := &bean4.UserMetadata{
+		UserEmailId:      userEmail,
+		IsUserSuperAdmin: isSuperAdmin,
+		UserId:           userId,
+	}
+	resp, err := handler.pipelineBuilder.TriggerDeploymentAfterTypeChange(ctx, deploymentAppTriggerRequest, userMetadata)
 
 	if err != nil {
 		handler.Logger.Errorw(err.Error(),
@@ -663,12 +681,8 @@ func (handler *PipelineConfigRestHandlerImpl) EnvConfigOverrideCreate(w http.Res
 		}(ctx.Done(), cn.CloseNotify())
 	}
 	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
-	userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
-	if err != nil {
-		common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
-		return
-	}
-	createResp, err := handler.draftAwareResourceService.CreateEnvironmentPropertiesAndBaseIfNeeded(ctx, &envConfigProperties, isSuperAdmin, userEmail)
+	userMetadata := util3.GetUserMetadata(r.Context(), userId, isSuperAdmin)
+	createResp, err := handler.draftAwareResourceService.CreateEnvironmentPropertiesAndBaseIfNeeded(ctx, &envConfigProperties, userMetadata)
 	if err != nil {
 		handler.Logger.Errorw("service err, CreateEnvironmentPropertiesAndBaseIfNeeded", "payload", envConfigProperties, "err", err)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
@@ -735,12 +749,8 @@ func (handler *PipelineConfigRestHandlerImpl) EnvConfigOverrideUpdate(w http.Res
 	}
 	ctx := r.Context()
 	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
-	userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
-	if err != nil {
-		common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
-		return
-	}
-	createResp, err := handler.draftAwareResourceService.UpdateEnvironmentProperties(ctx, &envConfigProperties, token, isSuperAdmin, userEmail)
+	userMetadata := util3.GetUserMetadata(r.Context(), userId, isSuperAdmin)
+	createResp, err := handler.draftAwareResourceService.UpdateEnvironmentProperties(ctx, &envConfigProperties, token, userMetadata)
 	if err != nil {
 		handler.Logger.Errorw("service err, EnvConfigOverrideUpdate", "err", err, "payload", envConfigProperties)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
@@ -1337,14 +1347,10 @@ func (handler *PipelineConfigRestHandlerImpl) UpdateAppOverride(w http.ResponseW
 		return
 	}
 	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
-	userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
-	if err != nil {
-		common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
-		return
-	}
+	userMetadata := util3.GetUserMetadata(r.Context(), userId, isSuperAdmin)
 
 	_, span = otel.Tracer("orchestrator").Start(ctx, "chartService.UpdateAppOverride")
-	createResp, err := handler.draftAwareResourceService.UpdateAppOverride(ctx, &templateRequest, token, isSuperAdmin, userEmail)
+	createResp, err := handler.draftAwareResourceService.UpdateAppOverride(ctx, &templateRequest, token, userMetadata)
 	span.End()
 	if err != nil {
 		handler.Logger.Errorw("service err, UpdateAppOverride", "err", err, "payload", templateRequest)
@@ -1486,18 +1492,14 @@ func (handler *PipelineConfigRestHandlerImpl) EnvConfigOverrideReset(w http.Resp
 	}
 	ctx := r.Context()
 	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
-	userEmail, err := handler.userAuthService.GetActiveEmailById(userId)
-	if err != nil {
-		common.WriteJsonResp(w, fmt.Errorf("userEmail not found by userId"), "userEmail not found by userId", http.StatusNotFound)
-		return
-	}
+	userMetadata := util3.GetUserMetadata(r.Context(), userId, isSuperAdmin)
 	envProperties := &pipelineBean.EnvironmentProperties{
 		Id:            id,
 		EnvironmentId: environmentId,
 		UserId:        userId,
 		AppId:         appId,
 	}
-	isSuccess, err := handler.draftAwareResourceService.ResetEnvironmentProperties(ctx, envProperties, isSuperAdmin, userEmail)
+	isSuccess, err := handler.draftAwareResourceService.ResetEnvironmentProperties(ctx, envProperties, userMetadata)
 	if err != nil {
 		handler.Logger.Errorw("service err, EnvConfigOverrideReset", "err", err, "appId", appId, "environmentId", environmentId)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
diff --git a/api/restHandler/app/pipeline/trigger/PipelineTriggerRestHandler.go b/api/restHandler/app/pipeline/trigger/PipelineTriggerRestHandler.go
index 8fab862852..d7a7e1015f 100644
--- a/api/restHandler/app/pipeline/trigger/PipelineTriggerRestHandler.go
+++ b/api/restHandler/app/pipeline/trigger/PipelineTriggerRestHandler.go
@@ -20,6 +20,7 @@ import (
 	"encoding/json"
 	"fmt"
 	util2 "github.com/devtron-labs/devtron/internal/util"
+	bean5 "github.com/devtron-labs/devtron/pkg/auth/user/bean"
 	"github.com/devtron-labs/devtron/pkg/deployment/deployedApp"
 	bean2 "github.com/devtron-labs/devtron/pkg/deployment/deployedApp/bean"
 	"github.com/devtron-labs/devtron/pkg/deployment/trigger/devtronApps"
@@ -140,7 +141,14 @@ func (handler PipelineTriggerRestHandlerImpl) OverrideConfig(w http.ResponseWrit
 	triggerContext := bean3.TriggerContext{
 		Context: ctx,
 	}
-	mergeResp, helmPackageName, _, err := handler.cdHandlerService.ManualCdTrigger(triggerContext, &overrideRequest)
+	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
+	userEmail := util.GetEmailFromContext(ctx)
+	userMetadata := &bean5.UserMetadata{
+		UserEmailId:      userEmail,
+		IsUserSuperAdmin: isSuperAdmin,
+		UserId:           userId,
+	}
+	mergeResp, helmPackageName, _, err := handler.cdHandlerService.ManualCdTrigger(triggerContext, &overrideRequest, userMetadata)
 	span.End()
 	if err != nil {
 		handler.logger.Errorw("request err, OverrideConfig", "err", err, "payload", overrideRequest)
@@ -184,7 +192,14 @@ func (handler PipelineTriggerRestHandlerImpl) RotatePods(w http.ResponseWriter,
 		common.WriteJsonResp(w, fmt.Errorf("unauthorized user"), "Unauthorized User", http.StatusForbidden)
 		return
 	}
-	rotatePodResponse, err := handler.deployedAppService.RotatePods(r.Context(), &podRotateRequest)
+	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
+	userEmail := util.GetEmailFromContext(r.Context())
+	userMetadata := &bean5.UserMetadata{
+		UserEmailId:      userEmail,
+		IsUserSuperAdmin: isSuperAdmin,
+		UserId:           userId,
+	}
+	rotatePodResponse, err := handler.deployedAppService.RotatePods(r.Context(), &podRotateRequest, userMetadata)
 	if err != nil {
 		handler.logger.Errorw("service err, RotatePods", "err", err, "payload", podRotateRequest)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
@@ -229,7 +244,14 @@ func (handler PipelineTriggerRestHandlerImpl) StartStopApp(w http.ResponseWriter
 	}
 	//rback block ends here
 	ctx := r.Context()
-	mergeResp, err := handler.deployedAppService.StopStartApp(ctx, &overrideRequest)
+	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
+	userEmail := util.GetEmailFromContext(ctx)
+	userMetadata := &bean5.UserMetadata{
+		UserEmailId:      userEmail,
+		IsUserSuperAdmin: isSuperAdmin,
+		UserId:           userId,
+	}
+	mergeResp, err := handler.deployedAppService.StopStartApp(ctx, &overrideRequest, userMetadata)
 	if err != nil {
 		handler.logger.Errorw("service err, StartStopApp", "err", err, "payload", overrideRequest)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
@@ -283,7 +305,14 @@ func (handler PipelineTriggerRestHandlerImpl) StartStopDeploymentGroup(w http.Re
 		return
 	}
 	//rback block ends here
-	res, err := handler.workflowEventPublishService.TriggerBulkHibernateAsync(stopDeploymentGroupRequest)
+	isSuperAdmin := handler.enforcer.Enforce(token, casbin.ResourceGlobal, casbin.ActionCreate, "*")
+	userEmail := util.GetEmailFromContext(r.Context())
+	userMetadata := &bean5.UserMetadata{
+		UserEmailId:      userEmail,
+		IsUserSuperAdmin: isSuperAdmin,
+		UserId:           userId,
+	}
+	res, err := handler.workflowEventPublishService.TriggerBulkHibernateAsync(stopDeploymentGroupRequest, userMetadata)
 	if err != nil {
 		handler.logger.Errorw("service err, StartStopDeploymentGroup", "err", err, "payload", stopDeploymentGroupRequest)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
diff --git a/client/events/EventBuilder.go b/client/events/EventBuilder.go
index 4464d7aa98..45eac8855d 100644
--- a/client/events/EventBuilder.go
+++ b/client/events/EventBuilder.go
@@ -171,6 +171,7 @@ func (impl *EventSimpleFactoryImpl) BuildExtraCDData(event Event, wfr *pipelineC
 		payload.TriggeredBy = user.EmailId
 		event.Payload = payload
 	}
+	event = impl.addExtraCdDataForEnterprise(event, wfr)
 	return event
 }
 
diff --git a/client/events/EventBuilder_ent.go b/client/events/EventBuilder_ent.go
new file mode 100644
index 0000000000..c6e2b95e1c
--- /dev/null
+++ b/client/events/EventBuilder_ent.go
@@ -0,0 +1,7 @@
+package client
+
+import "github.com/devtron-labs/devtron/internal/sql/repository/pipelineConfig"
+
+func (impl *EventSimpleFactoryImpl) addExtraCdDataForEnterprise(event Event, wfr *pipelineConfig.CdWorkflowRunner) Event {
+	return event
+}
diff --git a/internal/sql/repository/pipelineConfig/CdWorfkflowRepository.go b/internal/sql/repository/pipelineConfig/CdWorfkflowRepository.go
index 9569be90c6..ab452429f4 100644
--- a/internal/sql/repository/pipelineConfig/CdWorfkflowRepository.go
+++ b/internal/sql/repository/pipelineConfig/CdWorfkflowRepository.go
@@ -24,6 +24,7 @@ import (
 	"github.com/devtron-labs/devtron/internal/sql/repository/pipelineConfig/bean/workflow"
 	"github.com/devtron-labs/devtron/internal/sql/repository/pipelineConfig/bean/workflow/cdWorkflow"
 	"github.com/devtron-labs/devtron/internal/util"
+	"github.com/devtron-labs/devtron/pkg/deployment/trigger/devtronApps/constants"
 	"github.com/devtron-labs/devtron/pkg/sql"
 	"github.com/go-pg/pg"
 	"go.opentelemetry.io/otel"
@@ -105,27 +106,28 @@ type CdWorkflowRunnerWithExtraFields struct {
 }
 
 type CdWorkflowRunner struct {
-	tableName               struct{}                        `sql:"cd_workflow_runner" pg:",discard_unknown_columns"`
-	Id                      int                             `sql:"id,pk"`
-	Name                    string                          `sql:"name"`
-	WorkflowType            apiBean.WorkflowType            `sql:"workflow_type"` // pre,post,deploy
-	ExecutorType            cdWorkflow.WorkflowExecutorType `sql:"executor_type"` // awf, system
-	Status                  string                          `sql:"status"`
-	PodStatus               string                          `sql:"pod_status"`
-	Message                 string                          `sql:"message"`
-	StartedOn               time.Time                       `sql:"started_on"`
-	FinishedOn              time.Time                       `sql:"finished_on"`
-	Namespace               string                          `sql:"namespace"`
-	LogLocation             string                          `sql:"log_file_path"`
-	CdArtifactLocation      string                          `sql:"cd_artifact_location"`
-	IsArtifactUploaded      workflow.ArtifactUploadedType   `sql:"is_artifact_uploaded"`
-	TriggeredBy             int32                           `sql:"triggered_by"`
-	CdWorkflowId            int                             `sql:"cd_workflow_id"`
-	PodName                 string                          `sql:"pod_name"`
-	BlobStorageEnabled      bool                            `sql:"blob_storage_enabled,notnull"`
-	RefCdWorkflowRunnerId   int                             `sql:"ref_cd_workflow_runner_id,notnull"`
-	ImagePathReservationIds []int                           `sql:"image_path_reservation_ids" pg:",array,notnull"`
-	ReferenceId             *string                         `sql:"reference_id"`
+	tableName               struct{}                            `sql:"cd_workflow_runner" pg:",discard_unknown_columns"`
+	Id                      int                                 `sql:"id,pk"`
+	Name                    string                              `sql:"name"`
+	WorkflowType            apiBean.WorkflowType                `sql:"workflow_type"` // pre,post,deploy
+	ExecutorType            cdWorkflow.WorkflowExecutorType     `sql:"executor_type"` // awf, system
+	Status                  string                              `sql:"status"`
+	PodStatus               string                              `sql:"pod_status"`
+	Message                 string                              `sql:"message"`
+	StartedOn               time.Time                           `sql:"started_on"`
+	FinishedOn              time.Time                           `sql:"finished_on"`
+	Namespace               string                              `sql:"namespace"`
+	LogLocation             string                              `sql:"log_file_path"`
+	CdArtifactLocation      string                              `sql:"cd_artifact_location"`
+	IsArtifactUploaded      workflow.ArtifactUploadedType       `sql:"is_artifact_uploaded"`
+	TriggeredBy             int32                               `sql:"triggered_by"`
+	CdWorkflowId            int                                 `sql:"cd_workflow_id"`
+	PodName                 string                              `sql:"pod_name"`
+	BlobStorageEnabled      bool                                `sql:"blob_storage_enabled,notnull"`
+	RefCdWorkflowRunnerId   int                                 `sql:"ref_cd_workflow_runner_id,notnull"`
+	ImagePathReservationIds []int                               `sql:"image_path_reservation_ids" pg:",array,notnull"`
+	ReferenceId             *string                             `sql:"reference_id"`
+	ImageState              constants.ImageStateWhileDeployment `sql:"image_state"` // image_state currently not utilized in oss
 	CdWorkflow              *CdWorkflow
 	sql.AuditLog
 }
diff --git a/pkg/auth/user/bean/bean.go b/pkg/auth/user/bean/bean.go
index 01235fce1a..2b03b0ad49 100644
--- a/pkg/auth/user/bean/bean.go
+++ b/pkg/auth/user/bean/bean.go
@@ -142,3 +142,9 @@ const (
 	ApplicationBasedKey MergingBaseKey = "application"
 	EnvironmentBasedKey MergingBaseKey = "environment"
 )
+
+type UserMetadata struct {
+	UserEmailId      string
+	IsUserSuperAdmin bool
+	UserId           int32
+}
diff --git a/pkg/auth/user/util/util.go b/pkg/auth/user/util/util.go
index cdd7b4d2c9..d958dc5418 100644
--- a/pkg/auth/user/util/util.go
+++ b/pkg/auth/user/util/util.go
@@ -16,7 +16,12 @@
 
 package util
 
-import "strings"
+import (
+	"context"
+	"github.com/devtron-labs/devtron/pkg/auth/user/bean"
+	util2 "github.com/devtron-labs/devtron/util"
+	"strings"
+)
 
 const (
 	ApiTokenPrefix = "API-TOKEN:"
@@ -39,3 +44,15 @@ func CheckIfAdminOrApiToken(email string) bool {
 func CheckIfApiToken(email string) bool {
 	return strings.HasPrefix(email, ApiTokenPrefix)
 }
+
+func GetUserMetadata(ctx context.Context, userId int32, isSuperAdmin bool) *bean.UserMetadata {
+	// Get user email from context
+	userEmail := util2.GetEmailFromContext(ctx)
+
+	// Create and return the UserMetadata object
+	return &bean.UserMetadata{
+		UserEmailId:      userEmail,
+		IsUserSuperAdmin: isSuperAdmin,
+		UserId:           userId,
+	}
+}
diff --git a/pkg/bulkAction/adaptor/adaptor.go b/pkg/bulkAction/adaptor/adaptor.go
new file mode 100644
index 0000000000..8662ade5bd
--- /dev/null
+++ b/pkg/bulkAction/adaptor/adaptor.go
@@ -0,0 +1,22 @@
+package adaptor
+
+import "github.com/devtron-labs/devtron/pkg/bulkAction/bean"
+
+func GetCmAndSecretBulkUpdateResponseForOneApp(appId int, appName string, envId int, names []string, message string) *bean.CmAndSecretBulkUpdateResponseForOneApp {
+	return &bean.CmAndSecretBulkUpdateResponseForOneApp{
+		AppId:   appId,
+		AppName: appName,
+		EnvId:   envId,
+		Names:   names,
+		Message: message,
+	}
+}
+
+func GetDeploymentTemplateBulkUpdateResponseForOneApp(appId int, appName string, envId int, message string) *bean.DeploymentTemplateBulkUpdateResponseForOneApp {
+	return &bean.DeploymentTemplateBulkUpdateResponseForOneApp{
+		AppId:   appId,
+		AppName: appName,
+		EnvId:   envId,
+		Message: message,
+	}
+}
diff --git a/pkg/bulkAction/bean/bean.go b/pkg/bulkAction/bean/bean.go
index 1b4306d8c3..e59c06eab8 100644
--- a/pkg/bulkAction/bean/bean.go
+++ b/pkg/bulkAction/bean/bean.go
@@ -16,6 +16,8 @@
 
 package bean
 
+import "errors"
+
 type NameIncludesExcludes struct {
 	Names []string `json:"names"`
 }
@@ -159,3 +161,5 @@ type PipelineAndWfBulkActionResponseDto struct {
 	CiPipelineRespDtos  []*CiBulkActionResponseDto `json:"ciPipelines"`
 	AppWfRespDtos       []*WfBulkActionResponseDto `json:"appWorkflows"`
 }
+
+var ErrConfigProtectionEnabled = errors.New("config protection enabled")
diff --git a/pkg/bulkAction/service/BulkUpdateService.go b/pkg/bulkAction/service/BulkUpdateService.go
index 3e6c0f7f78..6513e76ba8 100644
--- a/pkg/bulkAction/service/BulkUpdateService.go
+++ b/pkg/bulkAction/service/BulkUpdateService.go
@@ -34,6 +34,7 @@ import (
 	"github.com/devtron-labs/devtron/internal/sql/repository/pipelineConfig"
 	"github.com/devtron-labs/devtron/internal/util"
 	appWorkflow2 "github.com/devtron-labs/devtron/pkg/appWorkflow"
+	bean6 "github.com/devtron-labs/devtron/pkg/auth/user/bean"
 	bean2 "github.com/devtron-labs/devtron/pkg/bean"
 	"github.com/devtron-labs/devtron/pkg/build/trigger"
 	bean4 "github.com/devtron-labs/devtron/pkg/bulkAction/bean"
@@ -69,15 +70,15 @@ type BulkUpdateService interface {
 	FindBulkUpdateReadme(operation string) (response *bean4.BulkUpdateSeeExampleResponse, err error)
 	GetBulkAppName(bulkUpdateRequest *bean4.BulkUpdatePayload) (*bean4.ImpactedObjectsResponse, error)
 	ApplyJsonPatch(patch jsonpatch.Patch, target string) (string, error)
-	BulkUpdateDeploymentTemplate(bulkUpdatePayload *bean4.BulkUpdatePayload) *bean4.DeploymentTemplateBulkUpdateResponse
-	BulkUpdateConfigMap(bulkUpdatePayload *bean4.BulkUpdatePayload) *bean4.CmAndSecretBulkUpdateResponse
-	BulkUpdateSecret(bulkUpdatePayload *bean4.BulkUpdatePayload) *bean4.CmAndSecretBulkUpdateResponse
-	BulkUpdate(bulkUpdateRequest *bean4.BulkUpdatePayload) (bulkUpdateResponse *bean4.BulkUpdateResponse)
+	BulkUpdateDeploymentTemplate(bulkUpdatePayload *bean4.BulkUpdatePayload, userMetadata *bean6.UserMetadata) *bean4.DeploymentTemplateBulkUpdateResponse
+	BulkUpdateConfigMap(bulkUpdatePayload *bean4.BulkUpdatePayload, userMetadata *bean6.UserMetadata) *bean4.CmAndSecretBulkUpdateResponse
+	BulkUpdateSecret(bulkUpdatePayload *bean4.BulkUpdatePayload, userMetadata *bean6.UserMetadata) *bean4.CmAndSecretBulkUpdateResponse
+	BulkUpdate(bulkUpdateRequest *bean4.BulkUpdatePayload, userMetadata *bean6.UserMetadata) (bulkUpdateResponse *bean4.BulkUpdateResponse)
 	// BulkHibernate deprecated
-	BulkHibernate(request *bean4.BulkApplicationForEnvironmentPayload, ctx context.Context, w http.ResponseWriter, token string, checkAuthForBulkActions func(token string, appObject string, envObject string) bool) (*bean4.BulkApplicationHibernateUnhibernateForEnvironmentResponse, error)
-	BulkHibernateV1(request *bean4.BulkApplicationForEnvironmentPayload, ctx context.Context, w http.ResponseWriter, token string, checkAuthForBulkActions func(token string, appObject string, envObject string) bool) (*bean4.BulkApplicationHibernateUnhibernateForEnvironmentResponse, error)
-	BulkUnHibernate(request *bean4.BulkApplicationForEnvironmentPayload, ctx context.Context, w http.ResponseWriter, token string, checkAuthForBulkActions func(token string, appObject string, envObject string) bool) (*bean4.BulkApplicationHibernateUnhibernateForEnvironmentResponse, error)
-	BulkDeploy(request *bean4.BulkApplicationForEnvironmentPayload, token string, checkAuthBatch func(token string, appObject []string, envObject []string) (map[string]bool, map[string]bool)) (*bean4.BulkApplicationForEnvironmentResponse, error)
+	BulkHibernate(ctx context.Context, request *bean4.BulkApplicationForEnvironmentPayload, checkAuthForBulkActions func(token string, appObject string, envObject string) bool, userMetadata *bean6.UserMetadata) (*bean4.BulkApplicationHibernateUnhibernateForEnvironmentResponse, error)
+	BulkHibernateV1(ctx context.Context, request *bean4.BulkApplicationForEnvironmentPayload, checkAuthForBulkActions func(token string, appObject string, envObject string) bool, userMetadata *bean6.UserMetadata) (*bean4.BulkApplicationHibernateUnhibernateForEnvironmentResponse, error)
+	BulkUnHibernate(ctx context.Context, request *bean4.BulkApplicationForEnvironmentPayload, checkAuthForBulkActions func(token string, appObject string, envObject string) bool, userMetadata *bean6.UserMetadata) (*bean4.BulkApplicationHibernateUnhibernateForEnvironmentResponse, error)
+	BulkDeploy(request *bean4.BulkApplicationForEnvironmentPayload, token string, checkAuthBatch func(token string, appObject []string, envObject []string) (map[string]bool, map[string]bool), userMetadata *bean6.UserMetadata) (*bean4.BulkApplicationForEnvironmentResponse, error)
 	BulkBuildTrigger(request *bean4.BulkApplicationForEnvironmentPayload, ctx context.Context, w http.ResponseWriter, token string, checkAuthForBulkActions func(token string, appObject string, envObject string) bool) (*bean4.BulkApplicationForEnvironmentResponse, error)
 
 	GetBulkActionImpactedPipelinesAndWfs(dto *bean4.CdBulkActionRequestDto) ([]*pipelineConfig.Pipeline, []int, []int, error)
@@ -383,7 +384,7 @@ func (impl BulkUpdateServiceImpl) ApplyJsonPatch(patch jsonpatch.Patch, target s
 	}
 	return string(modified), err
 }
-func (impl BulkUpdateServiceImpl) BulkUpdateDeploymentTemplate(bulkUpdatePayload *bean4.BulkUpdatePayload) *bean4.DeploymentTemplateBulkUpdateResponse {
+func (impl BulkUpdateServiceImpl) BulkUpdateDeploymentTemplate(bulkUpdatePayload *bean4.BulkUpdatePayload, userMetadata *bean6.UserMetadata) *bean4.DeploymentTemplateBulkUpdateResponse {
 	deploymentTemplateBulkUpdateResponse := &bean4.DeploymentTemplateBulkUpdateResponse{}
 	var appNameIncludes []string
 	var appNameExcludes []string
@@ -548,7 +549,7 @@ func (impl BulkUpdateServiceImpl) BulkUpdateDeploymentTemplate(bulkUpdatePayload
 	return deploymentTemplateBulkUpdateResponse
 }
 
-func (impl BulkUpdateServiceImpl) BulkUpdateConfigMap(bulkUpdatePayload *bean4.BulkUpdatePayload) *bean4.CmAndSecretBulkUpdateResponse {
+func (impl BulkUpdateServiceImpl) BulkUpdateConfigMap(bulkUpdatePayload *bean4.BulkUpdatePayload, userMetadata *bean6.UserMetadata) *bean4.CmAndSecretBulkUpdateResponse {
 	configMapBulkUpdateResponse := &bean4.CmAndSecretBulkUpdateResponse{}
 	var appNameIncludes []string
 	var appNameExcludes []string
@@ -753,7 +754,7 @@ func (impl BulkUpdateServiceImpl) BulkUpdateConfigMap(bulkUpdatePayload *bean4.B
 	}
 	return configMapBulkUpdateResponse
 }
-func (impl BulkUpdateServiceImpl) BulkUpdateSecret(bulkUpdatePayload *bean4.BulkUpdatePayload) *bean4.CmAndSecretBulkUpdateResponse {
+func (impl BulkUpdateServiceImpl) BulkUpdateSecret(bulkUpdatePayload *bean4.BulkUpdatePayload, userMetadata *bean6.UserMetadata) *bean4.CmAndSecretBulkUpdateResponse {
 	secretBulkUpdateResponse := &bean4.CmAndSecretBulkUpdateResponse{}
 	var appNameIncludes []string
 	var appNameExcludes []string
@@ -970,19 +971,19 @@ func (impl BulkUpdateServiceImpl) BulkUpdateSecret(bulkUpdatePayload *bean4.Bulk
 	}
 	return secretBulkUpdateResponse
 }
-func (impl BulkUpdateServiceImpl) BulkUpdate(bulkUpdatePayload *bean4.BulkUpdatePayload) *bean4.BulkUpdateResponse {
+func (impl BulkUpdateServiceImpl) BulkUpdate(bulkUpdatePayload *bean4.BulkUpdatePayload, userMetadata *bean6.UserMetadata) *bean4.BulkUpdateResponse {
 	bulkUpdateResponse := &bean4.BulkUpdateResponse{}
 	var deploymentTemplateBulkUpdateResponse *bean4.DeploymentTemplateBulkUpdateResponse
 	var configMapBulkUpdateResponse *bean4.CmAndSecretBulkUpdateResponse
 	var secretBulkUpdateResponse *bean4.CmAndSecretBulkUpdateResponse
 	if bulkUpdatePayload.DeploymentTemplate != nil && bulkUpdatePayload.DeploymentTemplate.Spec != nil && bulkUpdatePayload.DeploymentTemplate.Spec.PatchJson != "" {
-		deploymentTemplateBulkUpdateResponse = impl.BulkUpdateDeploymentTemplate(bulkUpdatePayload)
+		deploymentTemplateBulkUpdateResponse = impl.BulkUpdateDeploymentTemplate(bulkUpdatePayload, userMetadata)
 	}
 	if bulkUpdatePayload.ConfigMap != nil && bulkUpdatePayload.ConfigMap.Spec != nil && len(bulkUpdatePayload.ConfigMap.Spec.Names) != 0 && bulkUpdatePayload.ConfigMap.Spec.PatchJson != "" {
-		configMapBulkUpdateResponse = impl.BulkUpdateConfigMap(bulkUpdatePayload)
+		configMapBulkUpdateResponse = impl.BulkUpdateConfigMap(bulkUpdatePayload, userMetadata)
 	}
 	if bulkUpdatePayload.Secret != nil && bulkUpdatePayload.Secret.Spec != nil && len(bulkUpdatePayload.Secret.Spec.Names) != 0 && bulkUpdatePayload.Secret.Spec.PatchJson != "" {
-		secretBulkUpdateResponse = impl.BulkUpdateSecret(bulkUpdatePayload)
+		secretBulkUpdateResponse = impl.BulkUpdateSecret(bulkUpdatePayload, userMetadata)
 	}
 
 	bulkUpdateResponse.DeploymentTemplate = deploymentTemplateBulkUpdateResponse
@@ -991,7 +992,8 @@ func (impl BulkUpdateServiceImpl) BulkUpdate(bulkUpdatePayload *bean4.BulkUpdate
 	return bulkUpdateResponse
 }
 
-func (impl BulkUpdateServiceImpl) BulkHibernate(request *bean4.BulkApplicationForEnvironmentPayload, ctx context.Context, w http.ResponseWriter, token string, checkAuthForBulkActions func(token string, appObject string, envObject string) bool) (*bean4.BulkApplicationHibernateUnhibernateForEnvironmentResponse, error) {
+func (impl BulkUpdateServiceImpl) BulkHibernate(ctx context.Context, request *bean4.BulkApplicationForEnvironmentPayload, checkAuthForBulkActions func(token string, appObject string, envObject string) bool,
+	userMetadata *bean6.UserMetadata) (*bean4.BulkApplicationHibernateUnhibernateForEnvironmentResponse, error) {
 	var pipelines []*pipelineConfig.Pipeline
 	var err error
 	if len(request.AppIdIncludes) > 0 {
@@ -1026,7 +1028,7 @@ func (impl BulkUpdateServiceImpl) BulkHibernate(request *bean4.BulkApplicationFo
 		}
 		appObject := impl.enforcerUtil.GetAppRBACNameByAppId(pipeline.AppId)
 		envObject := impl.enforcerUtil.GetEnvRBACNameByAppId(pipeline.AppId, pipeline.EnvironmentId)
-		isValidAuth := checkAuthForBulkActions(token, appObject, envObject)
+		isValidAuth := checkAuthForBulkActions(util2.GetTokenFromContext(ctx), appObject, envObject)
 		if !isValidAuth {
 			//skip hibernate for the app if user does not have access on that
 			pipelineResponse := response[appKey]
@@ -1056,7 +1058,7 @@ func (impl BulkUpdateServiceImpl) BulkHibernate(request *bean4.BulkApplicationFo
 			UserId:        request.UserId,
 			RequestType:   bean5.STOP,
 		}
-		_, hibernateReqError = impl.deployedAppService.StopStartApp(ctx, stopRequest)
+		_, hibernateReqError = impl.deployedAppService.StopStartApp(ctx, stopRequest, userMetadata)
 		if hibernateReqError != nil {
 			impl.logger.Errorw("error in hibernating application", "err", hibernateReqError, "pipeline", pipeline)
 			pipelineResponse := response[appKey]
@@ -1147,7 +1149,8 @@ func (impl BulkUpdateServiceImpl) buildHibernateUnHibernateRequestForHelmPipelin
 	}
 	return appIdentifier, hibernateRequest, nil
 }
-func (impl BulkUpdateServiceImpl) BulkUnHibernate(request *bean4.BulkApplicationForEnvironmentPayload, ctx context.Context, w http.ResponseWriter, token string, checkAuthForBulkActions func(token string, appObject string, envObject string) bool) (*bean4.BulkApplicationHibernateUnhibernateForEnvironmentResponse, error) {
+func (impl BulkUpdateServiceImpl) BulkUnHibernate(ctx context.Context, request *bean4.BulkApplicationForEnvironmentPayload, checkAuthForBulkActions func(token string, appObject string, envObject string) bool,
+	userMetadata *bean6.UserMetadata) (*bean4.BulkApplicationHibernateUnhibernateForEnvironmentResponse, error) {
 	var pipelines []*pipelineConfig.Pipeline
 	var err error
 	if len(request.AppIdIncludes) > 0 {
@@ -1181,7 +1184,7 @@ func (impl BulkUpdateServiceImpl) BulkUnHibernate(request *bean4.BulkApplication
 		}
 		appObject := impl.enforcerUtil.GetAppRBACNameByAppId(pipeline.AppId)
 		envObject := impl.enforcerUtil.GetEnvRBACNameByAppId(pipeline.AppId, pipeline.EnvironmentId)
-		isValidAuth := checkAuthForBulkActions(token, appObject, envObject)
+		isValidAuth := checkAuthForBulkActions(util2.GetTokenFromContext(ctx), appObject, envObject)
 		if !isValidAuth {
 			//skip hibernate for the app if user does not have access on that
 			pipelineResponse := response[appKey]
@@ -1212,7 +1215,7 @@ func (impl BulkUpdateServiceImpl) BulkUnHibernate(request *bean4.BulkApplication
 			UserId:        request.UserId,
 			RequestType:   bean5.START,
 		}
-		_, hibernateReqError = impl.deployedAppService.StopStartApp(ctx, stopRequest)
+		_, hibernateReqError = impl.deployedAppService.StopStartApp(ctx, stopRequest, userMetadata)
 		if hibernateReqError != nil {
 			impl.logger.Errorw("error in un-hibernating application", "err", hibernateReqError, "pipeline", pipeline)
 			pipelineResponse := response[appKey]
@@ -1252,7 +1255,8 @@ func (impl BulkUpdateServiceImpl) BulkUnHibernate(request *bean4.BulkApplication
 	return bulkOperationResponse, nil
 }
 
-func (impl BulkUpdateServiceImpl) BulkDeploy(request *bean4.BulkApplicationForEnvironmentPayload, token string, checkAuthBatch func(token string, appObject []string, envObject []string) (map[string]bool, map[string]bool)) (*bean4.BulkApplicationForEnvironmentResponse, error) {
+func (impl BulkUpdateServiceImpl) BulkDeploy(request *bean4.BulkApplicationForEnvironmentPayload, token string, checkAuthBatch func(token string, appObject []string, envObject []string) (map[string]bool, map[string]bool),
+	userMetadata *bean6.UserMetadata) (*bean4.BulkApplicationForEnvironmentResponse, error) {
 	var pipelines []*pipelineConfig.Pipeline
 	var err error
 
@@ -1365,7 +1369,7 @@ func (impl BulkUpdateServiceImpl) BulkDeploy(request *bean4.BulkApplicationForEn
 			continue
 		}
 		artifact := artifacts[0]
-		err = impl.cdPipelineEventPublishService.PublishBulkTriggerTopicEvent(pipeline.Id, pipeline.AppId, artifact.Id, request.UserId)
+		err = impl.cdPipelineEventPublishService.PublishBulkTriggerTopicEvent(pipeline.Id, pipeline.AppId, artifact.Id, userMetadata)
 		if err != nil {
 			impl.logger.Errorw("error, PublishBulkTriggerTopicEvent", "err", err, "pipeline", pipeline)
 			pipelineResponse := response[appKey]
diff --git a/pkg/bulkAction/service/BulkUpdateService_ent.go b/pkg/bulkAction/service/BulkUpdateService_ent.go
index a3b9d266db..6d7da4c498 100644
--- a/pkg/bulkAction/service/BulkUpdateService_ent.go
+++ b/pkg/bulkAction/service/BulkUpdateService_ent.go
@@ -2,10 +2,11 @@ package service
 
 import (
 	"context"
+	bean2 "github.com/devtron-labs/devtron/pkg/auth/user/bean"
 	"github.com/devtron-labs/devtron/pkg/bulkAction/bean"
-	"net/http"
 )
 
-func (impl BulkUpdateServiceImpl) BulkHibernateV1(request *bean.BulkApplicationForEnvironmentPayload, ctx context.Context, w http.ResponseWriter, token string, checkAuthForBulkActions func(token string, appObject string, envObject string) bool) (*bean.BulkApplicationHibernateUnhibernateForEnvironmentResponse, error) {
+func (impl BulkUpdateServiceImpl) BulkHibernateV1(ctx context.Context, request *bean.BulkApplicationForEnvironmentPayload, checkAuthForBulkActions func(token string, appObject string, envObject string) bool,
+	userMetadata *bean2.UserMetadata) (*bean.BulkApplicationHibernateUnhibernateForEnvironmentResponse, error) {
 	return nil, nil
 }
diff --git a/pkg/deployment/deployedApp/DeployedAppService.go b/pkg/deployment/deployedApp/DeployedAppService.go
index 83107b22fa..b12713d7d0 100644
--- a/pkg/deployment/deployedApp/DeployedAppService.go
+++ b/pkg/deployment/deployedApp/DeployedAppService.go
@@ -25,6 +25,7 @@ import (
 	bean2 "github.com/devtron-labs/devtron/api/bean"
 	"github.com/devtron-labs/devtron/internal/sql/models"
 	"github.com/devtron-labs/devtron/internal/sql/repository/pipelineConfig"
+	bean6 "github.com/devtron-labs/devtron/pkg/auth/user/bean"
 	"github.com/devtron-labs/devtron/pkg/cluster/environment/repository"
 	bean5 "github.com/devtron-labs/devtron/pkg/deployment/common/bean"
 	"github.com/devtron-labs/devtron/pkg/deployment/deployedApp/bean"
@@ -37,10 +38,10 @@ import (
 )
 
 type DeployedAppService interface {
-	StopStartApp(ctx context.Context, stopRequest *bean.StopAppRequest) (int, error)
-	RotatePods(ctx context.Context, podRotateRequest *bean.PodRotateRequest) (*bean4.RotatePodResponse, error)
-	StopStartAppV1(ctx context.Context, stopRequest *bean.StopAppRequest) (int, error)
-	HibernationPatch(ctx context.Context, appId, envId int) (*bean.HibernationPatchResponse, error)
+	StopStartApp(ctx context.Context, stopRequest *bean.StopAppRequest, userMetadata *bean6.UserMetadata) (int, error)
+	RotatePods(ctx context.Context, podRotateRequest *bean.PodRotateRequest, userMetadata *bean6.UserMetadata) (*bean4.RotatePodResponse, error)
+	StopStartAppV1(ctx context.Context, stopRequest *bean.StopAppRequest, userMetadata *bean6.UserMetadata) (int, error)
+	HibernationPatch(ctx context.Context, appId, envId int, userMetadata *bean6.UserMetadata) (*bean.HibernationPatchResponse, error)
 }
 
 type DeployedAppServiceImpl struct {
@@ -68,11 +69,11 @@ func NewDeployedAppServiceImpl(logger *zap.SugaredLogger,
 	}
 }
 
-func (impl *DeployedAppServiceImpl) StopStartApp(ctx context.Context, stopRequest *bean.StopAppRequest) (int, error) {
-	return impl.stopStartApp(ctx, stopRequest)
+func (impl *DeployedAppServiceImpl) StopStartApp(ctx context.Context, stopRequest *bean.StopAppRequest, userMetadata *bean6.UserMetadata) (int, error) {
+	return impl.stopStartApp(ctx, stopRequest, userMetadata)
 }
 
-func (impl *DeployedAppServiceImpl) stopStartApp(ctx context.Context, stopRequest *bean.StopAppRequest) (int, error) {
+func (impl *DeployedAppServiceImpl) stopStartApp(ctx context.Context, stopRequest *bean.StopAppRequest, userMetadata *bean6.UserMetadata) (int, error) {
 	pipelines, err := impl.pipelineRepository.FindActiveByAppIdAndEnvironmentId(stopRequest.AppId, stopRequest.EnvironmentId)
 	if err != nil {
 		impl.logger.Errorw("error in fetching pipeline", "app", stopRequest.AppId, "env", stopRequest.EnvironmentId, "err", err)
@@ -98,7 +99,7 @@ func (impl *DeployedAppServiceImpl) stopStartApp(ctx context.Context, stopReques
 		impl.logger.Errorw("error in fetching latest release", "err", err)
 		return 0, err
 	}
-	err = impl.checkForFeasibilityBeforeStartStop(stopRequest.AppId, stopRequest.EnvironmentId, stopRequest.UserId)
+	err = impl.checkForFeasibilityBeforeStartStop(ctx, stopRequest.AppId, stopRequest.EnvironmentId, userMetadata)
 	if err != nil {
 		impl.logger.Errorw("error in checking for feasibility before hibernating and un hibernating", "stopRequest", stopRequest, "err", err)
 		return 0, err
@@ -127,7 +128,7 @@ func (impl *DeployedAppServiceImpl) stopStartApp(ctx context.Context, stopReques
 		Context:     ctx,
 		ReferenceId: stopRequest.ReferenceId,
 	}
-	id, _, _, err := impl.cdHandlerService.ManualCdTrigger(triggerContext, overrideRequest)
+	id, _, _, err := impl.cdHandlerService.ManualCdTrigger(triggerContext, overrideRequest, userMetadata)
 	if err != nil {
 		impl.logger.Errorw("error in stopping app", "err", err, "appId", stopRequest.AppId, "envId", stopRequest.EnvironmentId)
 		return 0, err
@@ -135,7 +136,7 @@ func (impl *DeployedAppServiceImpl) stopStartApp(ctx context.Context, stopReques
 	return id, err
 }
 
-func (impl *DeployedAppServiceImpl) RotatePods(ctx context.Context, podRotateRequest *bean.PodRotateRequest) (*bean4.RotatePodResponse, error) {
+func (impl *DeployedAppServiceImpl) RotatePods(ctx context.Context, podRotateRequest *bean.PodRotateRequest, userMetadata *bean6.UserMetadata) (*bean4.RotatePodResponse, error) {
 	impl.logger.Infow("rotate pod request", "payload", podRotateRequest)
 	//extract cluster id and namespace from env id
 	environmentId := podRotateRequest.EnvironmentId
@@ -144,7 +145,7 @@ func (impl *DeployedAppServiceImpl) RotatePods(ctx context.Context, podRotateReq
 		impl.logger.Errorw("error occurred while fetching env details", "envId", environmentId, "err", err)
 		return nil, err
 	}
-	err = impl.checkForFeasibilityBeforeStartStop(podRotateRequest.AppId, podRotateRequest.EnvironmentId, podRotateRequest.UserId)
+	err = impl.checkForFeasibilityBeforeStartStop(ctx, podRotateRequest.AppId, podRotateRequest.EnvironmentId, userMetadata)
 	if err != nil {
 		impl.logger.Errorw("error in checking for feasibility in Rotating pods", "podRotateRequest", podRotateRequest, "err", err)
 		return nil, err
diff --git a/pkg/deployment/deployedApp/DeployedAppService_ent.go b/pkg/deployment/deployedApp/DeployedAppService_ent.go
index 8429762833..514303365d 100644
--- a/pkg/deployment/deployedApp/DeployedAppService_ent.go
+++ b/pkg/deployment/deployedApp/DeployedAppService_ent.go
@@ -2,20 +2,21 @@ package deployedApp
 
 import (
 	"context"
+	bean6 "github.com/devtron-labs/devtron/pkg/auth/user/bean"
 	"github.com/devtron-labs/devtron/pkg/deployment/deployedApp/bean"
 )
 
 func (impl *DeployedAppServiceImpl) getTemplate(stopRequest *bean.StopAppRequest) (string, error) {
 	return "", nil
 }
-func (impl *DeployedAppServiceImpl) checkForFeasibilityBeforeStartStop(appId, envId int, userId int32) error {
+func (impl *DeployedAppServiceImpl) checkForFeasibilityBeforeStartStop(ctx context.Context, appId, envId int, userMetadata *bean6.UserMetadata) error {
 	return nil
 }
 
-func (impl *DeployedAppServiceImpl) StopStartAppV1(ctx context.Context, stopRequest *bean.StopAppRequest) (int, error) {
+func (impl *DeployedAppServiceImpl) StopStartAppV1(ctx context.Context, stopRequest *bean.StopAppRequest, userMetadata *bean6.UserMetadata) (int, error) {
 	return 0, nil
 }
 
-func (impl *DeployedAppServiceImpl) HibernationPatch(ctx context.Context, appId, envId int) (*bean.HibernationPatchResponse, error) {
+func (impl *DeployedAppServiceImpl) HibernationPatch(ctx context.Context, appId, envId int, userMetadata *bean6.UserMetadata) (*bean.HibernationPatchResponse, error) {
 	return nil, nil
 }
diff --git a/pkg/deployment/trigger/devtronApps/HandlerService.go b/pkg/deployment/trigger/devtronApps/HandlerService.go
index c92a009134..4382f14ff0 100644
--- a/pkg/deployment/trigger/devtronApps/HandlerService.go
+++ b/pkg/deployment/trigger/devtronApps/HandlerService.go
@@ -38,6 +38,7 @@ import (
 	"github.com/devtron-labs/devtron/pkg/app/status"
 	"github.com/devtron-labs/devtron/pkg/attributes"
 	"github.com/devtron-labs/devtron/pkg/auth/user"
+	userBean "github.com/devtron-labs/devtron/pkg/auth/user/bean"
 	"github.com/devtron-labs/devtron/pkg/build/git/gitMaterial/read"
 	pipeline2 "github.com/devtron-labs/devtron/pkg/build/pipeline"
 	chartRepoRepository "github.com/devtron-labs/devtron/pkg/chartRepo/repository"
@@ -94,7 +95,7 @@ type HandlerService interface {
 
 	TriggerStageForBulk(triggerRequest bean.TriggerRequest) error
 
-	ManualCdTrigger(triggerContext bean.TriggerContext, overrideRequest *bean3.ValuesOverrideRequest) (int, string, *bean4.ManifestPushTemplate, error)
+	ManualCdTrigger(triggerContext bean.TriggerContext, overrideRequest *bean3.ValuesOverrideRequest, userMetadata *userBean.UserMetadata) (int, string, *bean4.ManifestPushTemplate, error)
 	TriggerAutomaticDeployment(request bean.TriggerRequest) error
 
 	TriggerRelease(ctx context.Context, overrideRequest *bean3.ValuesOverrideRequest, envDeploymentConfig *bean9.DeploymentConfig, triggeredAt time.Time, triggeredBy int32) (releaseNo int, manifestPushTemplate *bean4.ManifestPushTemplate, err error)
diff --git a/pkg/deployment/trigger/devtronApps/constants/constant.go b/pkg/deployment/trigger/devtronApps/constants/constant.go
new file mode 100644
index 0000000000..f51c0c7b24
--- /dev/null
+++ b/pkg/deployment/trigger/devtronApps/constants/constant.go
@@ -0,0 +1,3 @@
+package constants
+
+type ImageStateWhileDeployment string
diff --git a/pkg/deployment/trigger/devtronApps/deployStageHandlerCode.go b/pkg/deployment/trigger/devtronApps/deployStageHandlerCode.go
index c0d8a204a1..70f7620216 100644
--- a/pkg/deployment/trigger/devtronApps/deployStageHandlerCode.go
+++ b/pkg/deployment/trigger/devtronApps/deployStageHandlerCode.go
@@ -36,6 +36,7 @@ import (
 	"github.com/devtron-labs/devtron/pkg/app"
 	bean4 "github.com/devtron-labs/devtron/pkg/app/bean"
 	statusBean "github.com/devtron-labs/devtron/pkg/app/status/bean"
+	userBean "github.com/devtron-labs/devtron/pkg/auth/user/bean"
 	bean2 "github.com/devtron-labs/devtron/pkg/bean"
 	"github.com/devtron-labs/devtron/pkg/deployment/common"
 	bean9 "github.com/devtron-labs/devtron/pkg/deployment/common/bean"
@@ -152,7 +153,7 @@ func (impl *HandlerServiceImpl) validateDeploymentTriggerRequest(ctx context.Con
 }
 
 // TODO: write a wrapper to handle auto and manual trigger
-func (impl *HandlerServiceImpl) ManualCdTrigger(triggerContext bean.TriggerContext, overrideRequest *bean3.ValuesOverrideRequest) (int, string, *bean4.ManifestPushTemplate, error) {
+func (impl *HandlerServiceImpl) ManualCdTrigger(triggerContext bean.TriggerContext, overrideRequest *bean3.ValuesOverrideRequest, userMetadata *userBean.UserMetadata) (int, string, *bean4.ManifestPushTemplate, error) {
 
 	triggerContext.TriggerType = bean.Manual
 	// setting triggeredAt variable to have consistent data for various audit log places in db for deployment time
diff --git a/pkg/eventProcessor/bean/cdPipelineEventBean.go b/pkg/eventProcessor/bean/cdPipelineEventBean.go
index a9e795861e..a6aef049c2 100644
--- a/pkg/eventProcessor/bean/cdPipelineEventBean.go
+++ b/pkg/eventProcessor/bean/cdPipelineEventBean.go
@@ -16,9 +16,13 @@
 
 package bean
 
-import "github.com/devtron-labs/devtron/api/bean"
+import (
+	"github.com/devtron-labs/devtron/api/bean"
+	bean2 "github.com/devtron-labs/devtron/pkg/auth/user/bean"
+)
 
 type BulkCDDeployEvent struct {
 	ValuesOverrideRequest *bean.ValuesOverrideRequest `json:"valuesOverrideRequest"` //TODO migrate this
 	UserId                int32                       `json:"userId"`
+	UserMetadata          *bean2.UserMetadata         `json:"userMetadata"`
 }
diff --git a/pkg/eventProcessor/in/CDPipelineEventProcessorService.go b/pkg/eventProcessor/in/CDPipelineEventProcessorService.go
index cb18e00066..131eb321f9 100644
--- a/pkg/eventProcessor/in/CDPipelineEventProcessorService.go
+++ b/pkg/eventProcessor/in/CDPipelineEventProcessorService.go
@@ -78,7 +78,7 @@ func (impl *CDPipelineEventProcessorImpl) SubscribeCDBulkTriggerTopic() error {
 			ReferenceId: pointer.String(msg.MsgId),
 			Context:     context2.Background(),
 		}
-		_, _, _, err = impl.cdHandlerService.ManualCdTrigger(triggerContext, event.ValuesOverrideRequest)
+		_, _, _, err = impl.cdHandlerService.ManualCdTrigger(triggerContext, event.ValuesOverrideRequest, event.UserMetadata)
 		if err != nil {
 			impl.logger.Errorw("Error triggering CD", "topic", pubsub.CD_BULK_DEPLOY_TRIGGER_TOPIC, "msg", msg.Data, "err", err)
 		}
diff --git a/pkg/eventProcessor/in/WorkflowEventProcessorService.go b/pkg/eventProcessor/in/WorkflowEventProcessorService.go
index 113ce26ff6..7012b20adf 100644
--- a/pkg/eventProcessor/in/WorkflowEventProcessorService.go
+++ b/pkg/eventProcessor/in/WorkflowEventProcessorService.go
@@ -375,7 +375,7 @@ func (impl *WorkflowEventProcessorImpl) SubscribeHibernateBulkAction() error {
 			ReferenceId:   pointer.String(msg.MsgId),
 		}
 		ctx := context.Background()
-		_, err = impl.deployedAppService.StopStartApp(ctx, stopAppRequest)
+		_, err = impl.deployedAppService.StopStartApp(ctx, stopAppRequest, deploymentGroupAppWithEnv.UserMetadata)
 		if err != nil {
 			impl.logger.Errorw("error in stop app request", "err", err)
 			return
diff --git a/pkg/eventProcessor/out/CDPipelineEventPublishService.go b/pkg/eventProcessor/out/CDPipelineEventPublishService.go
index b4c8b9fece..78d26e7feb 100644
--- a/pkg/eventProcessor/out/CDPipelineEventPublishService.go
+++ b/pkg/eventProcessor/out/CDPipelineEventPublishService.go
@@ -20,13 +20,14 @@ import (
 	"encoding/json"
 	pubsub "github.com/devtron-labs/common-lib/pubsub-lib"
 	bean2 "github.com/devtron-labs/devtron/api/bean"
+	bean3 "github.com/devtron-labs/devtron/pkg/auth/user/bean"
 	"github.com/devtron-labs/devtron/pkg/eventProcessor/bean"
 	"go.uber.org/zap"
 )
 
 type CDPipelineEventPublishService interface {
 	PublishBulkTriggerTopicEvent(pipelineId, appId,
-		artifactId int, userId int32) error
+		artifactId int, userMetadata *bean3.UserMetadata) error
 
 	PublishArgoTypePipelineSyncEvent(pipelineId, installedAppVersionId int,
 		userId int32, isAppStoreApplication bool) error
@@ -46,16 +47,17 @@ func NewCDPipelineEventPublishServiceImpl(logger *zap.SugaredLogger,
 }
 
 func (impl *CDPipelineEventPublishServiceImpl) PublishBulkTriggerTopicEvent(pipelineId, appId,
-	artifactId int, userId int32) error {
+	artifactId int, userMetadata *bean3.UserMetadata) error {
 	event := &bean.BulkCDDeployEvent{
 		ValuesOverrideRequest: &bean2.ValuesOverrideRequest{
 			PipelineId:     pipelineId,
 			AppId:          appId,
 			CiArtifactId:   artifactId,
-			UserId:         userId,
+			UserId:         userMetadata.UserId,
 			CdWorkflowType: bean2.CD_WORKFLOW_TYPE_DEPLOY,
 		},
-		UserId: userId,
+		UserId:       userMetadata.UserId,
+		UserMetadata: userMetadata,
 	}
 	payload, err := json.Marshal(event)
 	if err != nil {
diff --git a/pkg/eventProcessor/out/WorkflowEventPublishService.go b/pkg/eventProcessor/out/WorkflowEventPublishService.go
index 4f7d228616..43c212a8e9 100644
--- a/pkg/eventProcessor/out/WorkflowEventPublishService.go
+++ b/pkg/eventProcessor/out/WorkflowEventPublishService.go
@@ -28,6 +28,7 @@ import (
 	"github.com/devtron-labs/devtron/pkg/app"
 	appBean "github.com/devtron-labs/devtron/pkg/app/bean"
 	"github.com/devtron-labs/devtron/pkg/app/status"
+	bean2 "github.com/devtron-labs/devtron/pkg/auth/user/bean"
 	eventProcessorBean "github.com/devtron-labs/devtron/pkg/eventProcessor/bean"
 	"github.com/devtron-labs/devtron/pkg/eventProcessor/celEvaluator"
 	"github.com/devtron-labs/devtron/pkg/eventProcessor/out/bean"
@@ -40,7 +41,7 @@ import (
 )
 
 type WorkflowEventPublishService interface {
-	TriggerBulkHibernateAsync(request bean.StopDeploymentGroupRequest) (interface{}, error)
+	TriggerBulkHibernateAsync(request bean.StopDeploymentGroupRequest, userMetadata *bean2.UserMetadata) (interface{}, error)
 	TriggerAsyncRelease(userDeploymentRequestId int, overrideRequest *apiBean.ValuesOverrideRequest, valuesOverrideResponse *app.ValuesOverrideResponse, ctx context.Context, triggeredBy int32) (releaseNo int, manifestPushTemplate *appBean.ManifestPushTemplate, err error)
 	TriggerBulkDeploymentAsync(requests []*bean.BulkTriggerRequest, UserId int32) (interface{}, error)
 }
@@ -86,7 +87,7 @@ func NewWorkflowEventPublishServiceImpl(logger *zap.SugaredLogger,
 	return impl, nil
 }
 
-func (impl *WorkflowEventPublishServiceImpl) TriggerBulkHibernateAsync(request bean.StopDeploymentGroupRequest) (interface{}, error) {
+func (impl *WorkflowEventPublishServiceImpl) TriggerBulkHibernateAsync(request bean.StopDeploymentGroupRequest, userMetadata *bean2.UserMetadata) (interface{}, error) {
 	dg, err := impl.groupRepository.FindByIdWithApp(request.DeploymentGroupId)
 	if err != nil {
 		impl.logger.Errorw("error while fetching dg", "err", err)
@@ -101,6 +102,7 @@ func (impl *WorkflowEventPublishServiceImpl) TriggerBulkHibernateAsync(request b
 			Active:            dg.Active,
 			UserId:            request.UserId,
 			RequestType:       request.RequestType,
+			UserMetadata:      userMetadata,
 		}
 
 		data, err := json.Marshal(deploymentGroupAppWithEnv)
diff --git a/pkg/eventProcessor/out/bean/bean.go b/pkg/eventProcessor/out/bean/bean.go
index 7252b043d9..b2606f6f2e 100644
--- a/pkg/eventProcessor/out/bean/bean.go
+++ b/pkg/eventProcessor/out/bean/bean.go
@@ -17,6 +17,7 @@
 package bean
 
 import (
+	userBean "github.com/devtron-labs/devtron/pkg/auth/user/bean"
 	bean4 "github.com/devtron-labs/devtron/pkg/deployment/deployedApp/bean"
 	"time"
 )
@@ -33,12 +34,13 @@ type StopDeploymentGroupRequest struct {
 }
 
 type DeploymentGroupAppWithEnv struct {
-	EnvironmentId     int               `json:"environmentId"`
-	DeploymentGroupId int               `json:"deploymentGroupId"`
-	AppId             int               `json:"appId"`
-	Active            bool              `json:"active"`
-	UserId            int32             `json:"userId"`
-	RequestType       bean4.RequestType `json:"requestType" validate:"oneof=START STOP"`
+	EnvironmentId     int                    `json:"environmentId"`
+	DeploymentGroupId int                    `json:"deploymentGroupId"`
+	AppId             int                    `json:"appId"`
+	Active            bool                   `json:"active"`
+	UserId            int32                  `json:"userId"`
+	RequestType       bean4.RequestType      `json:"requestType" validate:"oneof=START STOP"`
+	UserMetadata      *userBean.UserMetadata `json:"-"`
 }
 
 type CdPipelineDeleteEvent struct {
diff --git a/pkg/pipeline/AppDeploymentTypeChangeManager.go b/pkg/pipeline/AppDeploymentTypeChangeManager.go
index bcca8290be..ef883e835a 100644
--- a/pkg/pipeline/AppDeploymentTypeChangeManager.go
+++ b/pkg/pipeline/AppDeploymentTypeChangeManager.go
@@ -30,6 +30,7 @@ import (
 	"github.com/devtron-labs/devtron/internal/sql/repository/pipelineConfig/bean/workflow/cdWorkflow"
 	"github.com/devtron-labs/devtron/internal/util"
 	app2 "github.com/devtron-labs/devtron/pkg/app"
+	userBean "github.com/devtron-labs/devtron/pkg/auth/user/bean"
 	"github.com/devtron-labs/devtron/pkg/bean"
 	chartService "github.com/devtron-labs/devtron/pkg/chart"
 	"github.com/devtron-labs/devtron/pkg/chart/read"
@@ -53,13 +54,13 @@ type AppDeploymentTypeChangeManager interface {
 	// ChangeDeploymentType : takes in DeploymentAppTypeChangeRequest struct and
 	// deletes all the cd pipelines for that deployment type in all apps that belongs to
 	// that environment and updates the db with desired deployment app type
-	ChangeDeploymentType(ctx context.Context, request *bean.DeploymentAppTypeChangeRequest) (*bean.DeploymentAppTypeChangeResponse, error)
+	ChangeDeploymentType(ctx context.Context, request *bean.DeploymentAppTypeChangeRequest, userMetadata *userBean.UserMetadata) (*bean.DeploymentAppTypeChangeResponse, error)
 	// ChangePipelineDeploymentType : takes in DeploymentAppTypeChangeRequest struct and
 	// deletes all the cd pipelines for that deployment type in all apps that belongs to
 	// that environment and updates the db with desired deployment app type
-	ChangePipelineDeploymentType(ctx context.Context, request *bean.DeploymentAppTypeChangeRequest) (*bean.DeploymentAppTypeChangeResponse, error)
+	ChangePipelineDeploymentType(ctx context.Context, request *bean.DeploymentAppTypeChangeRequest, userMetadata *userBean.UserMetadata) (*bean.DeploymentAppTypeChangeResponse, error)
 	// TriggerDeploymentAfterTypeChange : triggers a new deployment after type change
-	TriggerDeploymentAfterTypeChange(ctx context.Context, request *bean.DeploymentAppTypeChangeRequest) (*bean.DeploymentAppTypeChangeResponse, error)
+	TriggerDeploymentAfterTypeChange(ctx context.Context, request *bean.DeploymentAppTypeChangeRequest, userMetadata *userBean.UserMetadata) (*bean.DeploymentAppTypeChangeResponse, error)
 	// DeleteDeploymentApps : takes in a list of pipelines and delete the applications
 	DeleteDeploymentApps(ctx context.Context, pipelines []*pipelineConfig.Pipeline, deploymentConfig []*bean4.DeploymentConfig, userId int32) *bean.DeploymentAppTypeChangeResponse
 	// DeleteDeploymentAppsForEnvironment : takes in environment id and current deployment app type
@@ -117,7 +118,7 @@ func NewAppDeploymentTypeChangeManagerImpl(
 }
 
 func (impl *AppDeploymentTypeChangeManagerImpl) ChangeDeploymentType(ctx context.Context,
-	request *bean.DeploymentAppTypeChangeRequest) (*bean.DeploymentAppTypeChangeResponse, error) {
+	request *bean.DeploymentAppTypeChangeRequest, userMetadata *userBean.UserMetadata) (*bean.DeploymentAppTypeChangeResponse, error) {
 
 	var response *bean.DeploymentAppTypeChangeResponse
 	var deleteDeploymentType bean3.DeploymentType
@@ -252,7 +253,7 @@ func (impl *AppDeploymentTypeChangeManagerImpl) ChangeDeploymentType(ctx context
 }
 
 func (impl *AppDeploymentTypeChangeManagerImpl) ChangePipelineDeploymentType(ctx context.Context,
-	request *bean.DeploymentAppTypeChangeRequest) (*bean.DeploymentAppTypeChangeResponse, error) {
+	request *bean.DeploymentAppTypeChangeRequest, userMetadata *userBean.UserMetadata) (*bean.DeploymentAppTypeChangeResponse, error) {
 
 	response := &bean.DeploymentAppTypeChangeResponse{
 		EnvId:                 request.EnvId,
@@ -369,7 +370,7 @@ func (impl *AppDeploymentTypeChangeManagerImpl) ChangePipelineDeploymentType(ctx
 }
 
 func (impl *AppDeploymentTypeChangeManagerImpl) TriggerDeploymentAfterTypeChange(ctx context.Context,
-	request *bean.DeploymentAppTypeChangeRequest) (*bean.DeploymentAppTypeChangeResponse, error) {
+	request *bean.DeploymentAppTypeChangeRequest, userMetadata *userBean.UserMetadata) (*bean.DeploymentAppTypeChangeResponse, error) {
 
 	response := &bean.DeploymentAppTypeChangeResponse{
 		EnvId:                 request.EnvId,
diff --git a/pkg/pipeline/draftAwareConfigService/DraftAwareConfigService.go b/pkg/pipeline/draftAwareConfigService/DraftAwareConfigService.go
index cf5ff23884..99f646aea7 100644
--- a/pkg/pipeline/draftAwareConfigService/DraftAwareConfigService.go
+++ b/pkg/pipeline/draftAwareConfigService/DraftAwareConfigService.go
@@ -2,6 +2,7 @@ package draftAwareConfigService
 
 import (
 	"context"
+	userBean "github.com/devtron-labs/devtron/pkg/auth/user/bean"
 	chartService "github.com/devtron-labs/devtron/pkg/chart"
 	bean3 "github.com/devtron-labs/devtron/pkg/chart/bean"
 	"github.com/devtron-labs/devtron/pkg/pipeline"
@@ -12,38 +13,38 @@ import (
 type DraftAwareConfigMapService interface {
 	// below methods operate on cm creation and updation
 
-	CMGlobalAddUpdate(ctx context.Context, configMapRequest *bean.ConfigDataRequest, isSuperAdmin bool, userEmail string) (*bean.ConfigDataRequest, error)
-	CMEnvironmentAddUpdate(ctx context.Context, configMapRequest *bean.ConfigDataRequest, isSuperAdmin bool, userEmail string) (*bean.ConfigDataRequest, error)
+	CMGlobalAddUpdate(ctx context.Context, configMapRequest *bean.ConfigDataRequest, userMetadata *userBean.UserMetadata) (*bean.ConfigDataRequest, error)
+	CMEnvironmentAddUpdate(ctx context.Context, configMapRequest *bean.ConfigDataRequest, userMetadata *userBean.UserMetadata) (*bean.ConfigDataRequest, error)
 	// below methods operate on cm deletion
 
-	CMGlobalDelete(ctx context.Context, name string, deleteReq *bean.ConfigDataRequest, isSuperAdmin bool, userEmail string) (bool, error)
-	CMEnvironmentDelete(ctx context.Context, name string, deleteReq *bean.ConfigDataRequest, isSuperAdmin bool, userEmail string) (bool, error)
+	CMGlobalDelete(ctx context.Context, name string, deleteReq *bean.ConfigDataRequest, userMetadata *userBean.UserMetadata) (bool, error)
+	CMEnvironmentDelete(ctx context.Context, name string, deleteReq *bean.ConfigDataRequest, userMetadata *userBean.UserMetadata) (bool, error)
 }
 
 type DraftAwareSecretService interface {
 	// below methods operate on cm creation and updation
 
-	CSGlobalAddUpdate(ctx context.Context, configMapRequest *bean.ConfigDataRequest, isSuperAdmin bool, userEmail string) (*bean.ConfigDataRequest, error)
-	CSEnvironmentAddUpdate(ctx context.Context, configMapRequest *bean.ConfigDataRequest, isSuperAdmin bool, userEmail string) (*bean.ConfigDataRequest, error)
+	CSGlobalAddUpdate(ctx context.Context, configMapRequest *bean.ConfigDataRequest, userMetadata *userBean.UserMetadata) (*bean.ConfigDataRequest, error)
+	CSEnvironmentAddUpdate(ctx context.Context, configMapRequest *bean.ConfigDataRequest, userMetadata *userBean.UserMetadata) (*bean.ConfigDataRequest, error)
 	// below methods operate on cm deletion
 
-	CSGlobalDelete(ctx context.Context, name string, deleteReq *bean.ConfigDataRequest, isSuperAdmin bool, userEmail string) (bool, error)
-	CSEnvironmentDelete(ctx context.Context, name string, deleteReq *bean.ConfigDataRequest, isSuperAdmin bool, userEmail string) (bool, error)
+	CSGlobalDelete(ctx context.Context, name string, deleteReq *bean.ConfigDataRequest, userMetadata *userBean.UserMetadata) (bool, error)
+	CSEnvironmentDelete(ctx context.Context, name string, deleteReq *bean.ConfigDataRequest, userMetadata *userBean.UserMetadata) (bool, error)
 }
 
 type DraftAwareDeploymentTemplateService interface {
 	// below methods operate on deployment template
 
 	// Create here is used for publishing base deployment template while saving dt for the first time.
-	Create(ctx context.Context, templateRequest bean3.TemplateRequest, isSuperAdmin bool, userEmail string) (*bean3.TemplateRequest, error)
+	Create(ctx context.Context, templateRequest bean3.TemplateRequest, userMetadata *userBean.UserMetadata) (*bean3.TemplateRequest, error)
 	// UpdateAppOverride here is used for updating base deployment template.
-	UpdateAppOverride(ctx context.Context, templateRequest *bean3.TemplateRequest, token string, isSuperAdmin bool, userEmail string) (*bean3.TemplateRequest, error)
+	UpdateAppOverride(ctx context.Context, templateRequest *bean3.TemplateRequest, token string, userMetadata *userBean.UserMetadata) (*bean3.TemplateRequest, error)
 	// UpdateEnvironmentProperties here is used for updating and saving deployment template at env override level
-	UpdateEnvironmentProperties(ctx context.Context, propertiesRequest *bean.EnvironmentProperties, token string, isSuperAdmin bool, userEmail string) (*bean.EnvironmentProperties, error)
+	UpdateEnvironmentProperties(ctx context.Context, propertiesRequest *bean.EnvironmentProperties, token string, userMetadata *userBean.UserMetadata) (*bean.EnvironmentProperties, error)
 	// ResetEnvironmentProperties method handles flow when a user deletes the deployment template env override.
-	ResetEnvironmentProperties(ctx context.Context, propertiesRequest *bean.EnvironmentProperties, isSuperAdmin bool, userEmail string) (bool, error)
+	ResetEnvironmentProperties(ctx context.Context, propertiesRequest *bean.EnvironmentProperties, userMetadata *userBean.UserMetadata) (bool, error)
 	// CreateEnvironmentPropertiesAndBaseIfNeeded is utilized when the deployment template chart version is updated and saved
-	CreateEnvironmentPropertiesAndBaseIfNeeded(ctx context.Context, environmentProperties *bean.EnvironmentProperties, isSuperAdmin bool, userEmail string) (*bean.EnvironmentProperties, error)
+	CreateEnvironmentPropertiesAndBaseIfNeeded(ctx context.Context, environmentProperties *bean.EnvironmentProperties, userMetadata *userBean.UserMetadata) (*bean.EnvironmentProperties, error)
 }
 
 type DraftAwareConfigService interface {
@@ -71,7 +72,7 @@ func NewDraftAwareResourceServiceImpl(logger *zap.SugaredLogger,
 	}
 }
 
-func (impl *DraftAwareConfigServiceImpl) CMGlobalAddUpdate(ctx context.Context, configMapRequest *bean.ConfigDataRequest, isSuperAdmin bool, userEmail string) (*bean.ConfigDataRequest, error) {
+func (impl *DraftAwareConfigServiceImpl) CMGlobalAddUpdate(ctx context.Context, configMapRequest *bean.ConfigDataRequest, userMetadata *userBean.UserMetadata) (*bean.ConfigDataRequest, error) {
 	resp, err := impl.configMapService.CMGlobalAddUpdate(configMapRequest)
 	if err != nil {
 		impl.logger.Errorw("error in CMGlobalAddUpdate", "configMapRequest", configMapRequest, "err", err)
@@ -81,7 +82,7 @@ func (impl *DraftAwareConfigServiceImpl) CMGlobalAddUpdate(ctx context.Context,
 	return resp, nil
 }
 
-func (impl *DraftAwareConfigServiceImpl) CMEnvironmentAddUpdate(ctx context.Context, configMapRequest *bean.ConfigDataRequest, isSuperAdmin bool, userEmail string) (*bean.ConfigDataRequest, error) {
+func (impl *DraftAwareConfigServiceImpl) CMEnvironmentAddUpdate(ctx context.Context, configMapRequest *bean.ConfigDataRequest, userMetadata *userBean.UserMetadata) (*bean.ConfigDataRequest, error) {
 	resp, err := impl.configMapService.CMEnvironmentAddUpdate(configMapRequest)
 	if err != nil {
 		impl.logger.Errorw("error in CMEnvironmentAddUpdate", "configMapRequest", configMapRequest, "err", err)
@@ -91,7 +92,7 @@ func (impl *DraftAwareConfigServiceImpl) CMEnvironmentAddUpdate(ctx context.Cont
 	return resp, nil
 }
 
-func (impl *DraftAwareConfigServiceImpl) CSGlobalAddUpdate(ctx context.Context, configMapRequest *bean.ConfigDataRequest, isSuperAdmin bool, userEmail string) (*bean.ConfigDataRequest, error) {
+func (impl *DraftAwareConfigServiceImpl) CSGlobalAddUpdate(ctx context.Context, configMapRequest *bean.ConfigDataRequest, userMetadata *userBean.UserMetadata) (*bean.ConfigDataRequest, error) {
 	resp, err := impl.configMapService.CSGlobalAddUpdate(configMapRequest)
 	if err != nil {
 		impl.logger.Errorw("error in CSGlobalAddUpdate", "err", err)
@@ -101,7 +102,7 @@ func (impl *DraftAwareConfigServiceImpl) CSGlobalAddUpdate(ctx context.Context,
 	return resp, nil
 }
 
-func (impl *DraftAwareConfigServiceImpl) CSEnvironmentAddUpdate(ctx context.Context, configMapRequest *bean.ConfigDataRequest, isSuperAdmin bool, userEmail string) (*bean.ConfigDataRequest, error) {
+func (impl *DraftAwareConfigServiceImpl) CSEnvironmentAddUpdate(ctx context.Context, configMapRequest *bean.ConfigDataRequest, userMetadata *userBean.UserMetadata) (*bean.ConfigDataRequest, error) {
 	resp, err := impl.configMapService.CSEnvironmentAddUpdate(configMapRequest)
 	if err != nil {
 		impl.logger.Errorw("error in CSGlobalAddUpdate", "err", err)
@@ -112,7 +113,7 @@ func (impl *DraftAwareConfigServiceImpl) CSEnvironmentAddUpdate(ctx context.Cont
 
 }
 
-func (impl *DraftAwareConfigServiceImpl) CMGlobalDelete(ctx context.Context, name string, deleteReq *bean.ConfigDataRequest, isSuperAdmin bool, userEmail string) (bool, error) {
+func (impl *DraftAwareConfigServiceImpl) CMGlobalDelete(ctx context.Context, name string, deleteReq *bean.ConfigDataRequest, userMetadata *userBean.UserMetadata) (bool, error) {
 	resp, err := impl.configMapService.CMGlobalDelete(name, deleteReq.Id, deleteReq.UserId)
 	if err != nil {
 		impl.logger.Errorw("service err, CMGlobalDelete", "appId", deleteReq.AppId, "id", deleteReq.Id, "name", name, "err", err)
@@ -122,7 +123,7 @@ func (impl *DraftAwareConfigServiceImpl) CMGlobalDelete(ctx context.Context, nam
 	return resp, nil
 }
 
-func (impl *DraftAwareConfigServiceImpl) CMEnvironmentDelete(ctx context.Context, name string, deleteReq *bean.ConfigDataRequest, isSuperAdmin bool, userEmail string) (bool, error) {
+func (impl *DraftAwareConfigServiceImpl) CMEnvironmentDelete(ctx context.Context, name string, deleteReq *bean.ConfigDataRequest, userMetadata *userBean.UserMetadata) (bool, error) {
 	resp, err := impl.configMapService.CMEnvironmentDelete(name, deleteReq.Id, deleteReq.UserId)
 	if err != nil {
 		impl.logger.Errorw("service err, CMEnvironmentDelete", "appId", deleteReq.AppId, "envId", deleteReq.EnvironmentId, "id", deleteReq.Id, "err", err)
@@ -132,7 +133,7 @@ func (impl *DraftAwareConfigServiceImpl) CMEnvironmentDelete(ctx context.Context
 	return resp, nil
 }
 
-func (impl *DraftAwareConfigServiceImpl) CSGlobalDelete(ctx context.Context, name string, deleteReq *bean.ConfigDataRequest, isSuperAdmin bool, userEmail string) (bool, error) {
+func (impl *DraftAwareConfigServiceImpl) CSGlobalDelete(ctx context.Context, name string, deleteReq *bean.ConfigDataRequest, userMetadata *userBean.UserMetadata) (bool, error) {
 	resp, err := impl.configMapService.CSGlobalDelete(name, deleteReq.Id, deleteReq.UserId)
 	if err != nil {
 		impl.logger.Errorw("service err, CSGlobalDelete", "appId", deleteReq.AppId, "id", deleteReq.Id, "name", name, "err", err)
@@ -142,7 +143,7 @@ func (impl *DraftAwareConfigServiceImpl) CSGlobalDelete(ctx context.Context, nam
 	return resp, nil
 }
 
-func (impl *DraftAwareConfigServiceImpl) CSEnvironmentDelete(ctx context.Context, name string, deleteReq *bean.ConfigDataRequest, isSuperAdmin bool, userEmail string) (bool, error) {
+func (impl *DraftAwareConfigServiceImpl) CSEnvironmentDelete(ctx context.Context, name string, deleteReq *bean.ConfigDataRequest, userMetadata *userBean.UserMetadata) (bool, error) {
 	resp, err := impl.configMapService.CSEnvironmentDelete(name, deleteReq.Id, deleteReq.UserId)
 	if err != nil {
 		impl.logger.Errorw("service err, CSEnvironmentDelete", "appId", deleteReq.AppId, "id", deleteReq.Id, "name", name, "err", err)
@@ -152,7 +153,7 @@ func (impl *DraftAwareConfigServiceImpl) CSEnvironmentDelete(ctx context.Context
 	return resp, nil
 }
 
-func (impl *DraftAwareConfigServiceImpl) Create(ctx context.Context, templateRequest bean3.TemplateRequest, isSuperAdmin bool, userEmail string) (*bean3.TemplateRequest, error) {
+func (impl *DraftAwareConfigServiceImpl) Create(ctx context.Context, templateRequest bean3.TemplateRequest, userMetadata *userBean.UserMetadata) (*bean3.TemplateRequest, error) {
 	resp, err := impl.chartService.Create(templateRequest, ctx)
 	if err != nil {
 		impl.logger.Errorw("error in creating base deployment template", "appId", templateRequest.AppId, "err", err)
@@ -162,7 +163,7 @@ func (impl *DraftAwareConfigServiceImpl) Create(ctx context.Context, templateReq
 	return resp, nil
 }
 
-func (impl *DraftAwareConfigServiceImpl) UpdateAppOverride(ctx context.Context, templateRequest *bean3.TemplateRequest, token string, isSuperAdmin bool, userEmail string) (*bean3.TemplateRequest, error) {
+func (impl *DraftAwareConfigServiceImpl) UpdateAppOverride(ctx context.Context, templateRequest *bean3.TemplateRequest, token string, userMetadata *userBean.UserMetadata) (*bean3.TemplateRequest, error) {
 	resp, err := impl.chartService.UpdateAppOverride(ctx, templateRequest)
 	if err != nil {
 		impl.logger.Errorw("error in updating base deployment template", "chartId", templateRequest.Id, "appId", templateRequest.AppId, "err", err)
@@ -172,7 +173,7 @@ func (impl *DraftAwareConfigServiceImpl) UpdateAppOverride(ctx context.Context,
 	return resp, nil
 }
 
-func (impl *DraftAwareConfigServiceImpl) UpdateEnvironmentProperties(ctx context.Context, propertiesRequest *bean.EnvironmentProperties, token string, isSuperAdmin bool, userEmail string) (*bean.EnvironmentProperties, error) {
+func (impl *DraftAwareConfigServiceImpl) UpdateEnvironmentProperties(ctx context.Context, propertiesRequest *bean.EnvironmentProperties, token string, userMetadata *userBean.UserMetadata) (*bean.EnvironmentProperties, error) {
 	resp, err := impl.propertiesConfigService.UpdateEnvironmentProperties(propertiesRequest.AppId, propertiesRequest, propertiesRequest.UserId)
 	if err != nil {
 		impl.logger.Errorw("error in creating/updating env level deployment template", "appId", propertiesRequest.AppId, "envId", propertiesRequest.EnvironmentId, "err", err)
@@ -182,7 +183,7 @@ func (impl *DraftAwareConfigServiceImpl) UpdateEnvironmentProperties(ctx context
 	return resp, nil
 }
 
-func (impl *DraftAwareConfigServiceImpl) ResetEnvironmentProperties(ctx context.Context, propertiesRequest *bean.EnvironmentProperties, isSuperAdmin bool, userEmail string) (bool, error) {
+func (impl *DraftAwareConfigServiceImpl) ResetEnvironmentProperties(ctx context.Context, propertiesRequest *bean.EnvironmentProperties, userMetadata *userBean.UserMetadata) (bool, error) {
 	isSuccess, err := impl.propertiesConfigService.ResetEnvironmentProperties(propertiesRequest.Id, propertiesRequest.UserId)
 	if err != nil {
 		impl.logger.Errorw("service err, ResetEnvironmentProperties", "chartEnvConfigOverrideId", propertiesRequest.Id, "userId", propertiesRequest.UserId, "err", err)
@@ -192,7 +193,7 @@ func (impl *DraftAwareConfigServiceImpl) ResetEnvironmentProperties(ctx context.
 	return isSuccess, nil
 }
 
-func (impl *DraftAwareConfigServiceImpl) CreateEnvironmentPropertiesAndBaseIfNeeded(ctx context.Context, environmentProperties *bean.EnvironmentProperties, isSuperAdmin bool, userEmail string) (*bean.EnvironmentProperties, error) {
+func (impl *DraftAwareConfigServiceImpl) CreateEnvironmentPropertiesAndBaseIfNeeded(ctx context.Context, environmentProperties *bean.EnvironmentProperties, userMetadata *userBean.UserMetadata) (*bean.EnvironmentProperties, error) {
 	resp, err := impl.propertiesConfigService.CreateEnvironmentPropertiesAndBaseIfNeeded(ctx, environmentProperties.AppId, environmentProperties)
 	if err != nil {
 		impl.logger.Errorw("error, CreateEnvironmentPropertiesAndBaseIfNeeded", "appId", environmentProperties.AppId, "req", environmentProperties, "err", err)
diff --git a/scripts/sql/33103500_alter_cd_workflow_runner.down.sql b/scripts/sql/33103500_alter_cd_workflow_runner.down.sql
new file mode 100644
index 0000000000..31b83aab0c
--- /dev/null
+++ b/scripts/sql/33103500_alter_cd_workflow_runner.down.sql
@@ -0,0 +1,10 @@
+ALTER TABLE cd_workflow_runner DROP COLUMN IF EXISTS image_state;
+
+---- update notification template for CD trigger ses
+UPDATE notification_templates
+SET template_payload = '{"from": "{{fromEmail}}", "to": "{{toEmail}}","subject": "▶️ Deployment pipeline triggered | Application: {{appName}} | Environment:  {{envName}}","html":"<table cellpadding=0 style=\"font-family:Arial,Verdana,Helvetica;width:600px;height:485px;border-collapse:inherit;border-spacing:0;border:1px solid #d0d4d9;border-radius:8px;padding:16px 20px;margin:20px auto;box-shadow:0 0 8px 0 rgba(0,0,0,.1)\"><tr><td colspan=3><div style=\"padding-bottom:16px;margin-bottom:20px;border-bottom:1px solid #edf1f5;max-width:600px\"><img src=https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/devtron/devtron-logo.png style=max-width:122px alt=cd-triggered></div><tr><td colspan=3><div style=\"background-color:#e5f2ff;border-top-left-radius:8px;border-top-right-radius:8px;padding:20px 20px 16px 20px;display:flex;justify-content:space-between\"><div style=width:90%><div style=font-size:16px;line-height:24px;font-weight:600;margin-bottom:6px;color:#000a14>▶️ Deployment pipeline triggered</div><span style=font-size:14px;line-height:20px;color:#000a14>{{eventTime}}</span><br><div><span style=font-size:14px;line-height:20px;color:#000a14>by</span><span style=font-size:14px;line-height:20px;color:#06c;margin-left:4px>{{triggeredBy}}</span></div></div><div><img src=https://cdn.devtron.ai/images/image_deploy_notification.png style=height:72px;width:72px></div></div><tr><td colspan=3><div style=display:flex><div style=\"width:124px;background-color:#e5f2ff;border-bottom-left-radius:8px;padding:0 0 20px 20px\">{{#deploymentHistoryLink}}<a href={{&deploymentHistoryLink}} style=\"height:32px;padding:7px 12px;line-height:32px;font-size:12px;font-weight:600;border-radius:4px;text-decoration:none;outline:0;min-width:64px;text-transform:capitalize;text-align:center;background:#06c;color:#fff;border:1px solid transparent;cursor:pointer\">View Pipeline</a>{{/deploymentHistoryLink}}</div><div style=\"width:90%;background-color:#e5f2ff;border-bottom-right-radius:8px;padding:0 0 20px 20px\">{{#appDetailsLink}}<a href={{&appDetailsLink}} style=\"height:32px;padding:7px 12px;line-height:32px;font-size:12px;font-weight:600;border-radius:4px;text-decoration:none;outline:0;min-width:64px;text-transform:capitalize;text-align:center;border:1px solid #d0d4d9;color:#06c;cursor:pointer;width:90%\">App Details</a>{{/appDetailsLink}}</div></div><tr><td><br><tr><td colspan=3><div style=\"display:flex;font-weight:600;border-radius:4px;border:1px solid #fde7e7;background:#fff;padding:8px 16px;margin-bottom:16px;display:{{deploymentWindowCommentStyle}};\"><img src=https://cdn.devtron.ai/images/shield-image.png style=margin-right:4px;height:16px;width:16px>{{deploymentWindowComment}}</div><tr><td><div style=color:#3b444c;font-size:13px>Application</div><td colspan=2><div style=color:#3b444c;font-size:13px>Environment</div><tr><td><div style=color:#000a14;font-size:14px>{{appName}}</div><td><div style=color:#000a14;font-size:14px>{{envName}}</div><tr><td><div style=color:#3b444c;font-size:13px;margin-top:12px>Stage</div><tr><td><div style=color:#000a14;font-size:14px>{{stage}}</div><tr><tr><td colspan=3><div style=\"font-weight:600;margin-top:20px;width:100%;border-top:1px solid #edf1f5;padding:16px 0 12px;font-size:14px\">Source Code</div></tr>{{#ciMaterials}} {{^webhookType}}<tr><td><div style=color:#3b444c;font-size:13px>Branch</div><td colspan=2><div style=color:#3b444c;font-size:13px>Commit</div><tr><tr><td><div style=color:#000a14;font-size:14px>{{appName}}/{{branch}}</div><td><div style=color:#000a14;font-size:14px>{{commit}}</div></tr>{{/webhookType}} {{/ciMaterials}}<tr><td colspan=3><div style=\"font-weight:600;margin-top:20px;width:100%;border-top:1px solid #edf1f5;padding:16px 0 12px;font-size:14px\">Image Details</div><tr><td><div style=color:#3b444c;font-size:13px>Image tag</div><tr><td><div style=color:#000a14;font-size:14px>{{dockerImg}}</div><tr><td><br><tr><td colspan=3><div style=\"border-top:1px solid #edf1f5;margin:20px 0 16px 0;height:1px\"></div><tr><td colspan=2 style=display:flex><span><a href=https://twitter.com/DevtronL style=cursor:pointer;text-decoration:none;padding-right:12px;display:flex target=_blank><div><img src=https://cdn.devtron.ai/images/twitter_social_dark.png style=width:20px></div></a></span><span><a href=https://www.linkedin.com/company/devtron-labs/mycompany/ style=cursor:pointer;text-decoration:none;padding-right:12px;display:flex target=_blank><div><img src=https://cdn.devtron.ai/images/linkedin_social_dark.png style=width:20px></div></a></span><span><a href=https://devtron.ai/blog/ style=color:#000a14;font-size:13px;line-height:20px;cursor:pointer;text-decoration:underline;padding-right:12px target=_blank>Blog</a></span><span><a href=https://devtron.ai/ style=color:#000a14;font-size:13px;line-height:20px;cursor:pointer;text-decoration:underline target=_blank>Website</a></span><td colspan=2 style=text-align:right><div style=color:#767d84;font-size:13px;line-height:20px>© Devtron Labs 2024</div></table>"}'
+WHERE node_type = 'CD'
+  AND event_type_id = 1
+  AND channel_type='ses';
+
+ALTER TABLE global_policy DROP COLUMN IF EXISTS policy_revision;
diff --git a/scripts/sql/33103500_alter_cd_workflow_runner.up.sql b/scripts/sql/33103500_alter_cd_workflow_runner.up.sql
new file mode 100644
index 0000000000..705cf9d8a7
--- /dev/null
+++ b/scripts/sql/33103500_alter_cd_workflow_runner.up.sql
@@ -0,0 +1,12 @@
+ALTER TABLE cd_workflow_runner ADD COLUMN IF NOT EXISTS image_state varchar(50);
+
+---- update notification template for CD trigger ses
+UPDATE notification_templates
+SET template_payload = '{"from": "{{fromEmail}}", "to": "{{toEmail}}","subject": "▶️ Deployment pipeline triggered | Application: {{appName}} | Environment:  {{envName}}","html":"<table cellpadding=0 style=\"font-family:Arial,Verdana,Helvetica;width:600px;height:485px;border-collapse:inherit;border-spacing:0;border:1px solid #d0d4d9;border-radius:8px;padding:16px 20px;margin:20px auto;box-shadow:0 0 8px 0 rgba(0,0,0,.1)\"><tr><td colspan=3><div style=\"padding-bottom:16px;margin-bottom:20px;border-bottom:1px solid #edf1f5;max-width:600px\"><img src=https://devtron-public-asset.s3.us-east-2.amazonaws.com/images/devtron/devtron-logo.png style=max-width:122px alt=cd-triggered></div><tr><td colspan=3><div style=\"background-color:#e5f2ff;border-top-left-radius:8px;border-top-right-radius:8px;padding:20px 20px 16px 20px;display:flex;justify-content:space-between\"><div style=width:90%><div style=font-size:16px;line-height:24px;font-weight:600;margin-bottom:6px;color:#000a14>▶️ Deployment pipeline triggered</div><span style=font-size:14px;line-height:20px;color:#000a14>{{eventTime}}</span><br><div><span style=font-size:14px;line-height:20px;color:#000a14>by</span><span style=font-size:14px;line-height:20px;color:#06c;margin-left:4px>{{triggeredBy}}</span></div></div><div><img src=https://cdn.devtron.ai/images/image_deploy_notification.png style=height:72px;width:72px></div></div><tr><td colspan=3><div style=display:flex><div style=\"width:124px;background-color:#e5f2ff;border-bottom-left-radius:8px;padding:0 0 20px 20px\">{{#deploymentHistoryLink}}<a href={{&deploymentHistoryLink}} style=\"height:32px;padding:7px 12px;line-height:32px;font-size:12px;font-weight:600;border-radius:4px;text-decoration:none;outline:0;min-width:64px;text-transform:capitalize;text-align:center;background:#06c;color:#fff;border:1px solid transparent;cursor:pointer\">View Pipeline</a>{{/deploymentHistoryLink}}</div><div style=\"width:90%;background-color:#e5f2ff;border-bottom-right-radius:8px;padding:0 0 20px 20px\">{{#appDetailsLink}}<a href={{&appDetailsLink}} style=\"height:32px;padding:7px 12px;line-height:32px;font-size:12px;font-weight:600;border-radius:4px;text-decoration:none;outline:0;min-width:64px;text-transform:capitalize;text-align:center;border:1px solid #d0d4d9;color:#06c;cursor:pointer;width:90%\">App Details</a>{{/appDetailsLink}}</div></div><tr><td><br><tr><td colspan=3><div style=\"display:flex;font-weight:600;border-radius:4px;border:1px solid #fde7e7;background:#fff;padding:8px 16px;margin-bottom:16px;display:{{deploymentWindowCommentStyle}};\"><img src=https://cdn.devtron.ai/images/shield-image.png style=margin-right:4px;height:16px;width:16px>{{deploymentWindowComment}}</div><div style=\"display:flex;font-weight:600;border-radius:4px;border:1px solid #fde7e7;background:#fff;padding:8px 16px;margin-bottom:16px;display:{{triggeredWithoutApprovalStyle}};\"><img src=https://cdn.devtron.ai/images/shield-image.png style=margin-right:4px;height:16px;width:16px>{{triggeredWithoutApproval}}</div><tr><td><div style=color:#3b444c;font-size:13px>Application</div><td colspan=2><div style=color:#3b444c;font-size:13px>Environment</div><tr><td><div style=color:#000a14;font-size:14px>{{appName}}</div><td><div style=color:#000a14;font-size:14px>{{envName}}</div><tr><td><div style=color:#3b444c;font-size:13px;margin-top:12px>Stage</div><tr><td><div style=color:#000a14;font-size:14px>{{stage}}</div><tr><tr><td colspan=3><div style=\"font-weight:600;margin-top:20px;width:100%;border-top:1px solid #edf1f5;padding:16px 0 12px;font-size:14px\">Source Code</div></tr>{{#ciMaterials}} {{^webhookType}}<tr><td><div style=color:#3b444c;font-size:13px>Branch</div><td colspan=2><div style=color:#3b444c;font-size:13px>Commit</div><tr><tr><td><div style=color:#000a14;font-size:14px>{{appName}}/{{branch}}</div><td><div style=color:#000a14;font-size:14px>{{commit}}</div></tr>{{/webhookType}} {{/ciMaterials}}<tr><td colspan=3><div style=\"font-weight:600;margin-top:20px;width:100%;border-top:1px solid #edf1f5;padding:16px 0 12px;font-size:14px\">Image Details</div><tr><td><div style=color:#3b444c;font-size:13px>Image tag</div><tr><td><div style=color:#000a14;font-size:14px>{{dockerImg}}</div><tr><td><br><tr><td colspan=3><div style=\"border-top:1px solid #edf1f5;margin:20px 0 16px 0;height:1px\"></div><tr><td colspan=2 style=display:flex><span><a href=https://twitter.com/DevtronL style=cursor:pointer;text-decoration:none;padding-right:12px;display:flex target=_blank><div><img src=https://cdn.devtron.ai/images/twitter_social_dark.png style=width:20px></div></a></span><span><a href=https://www.linkedin.com/company/devtron-labs/mycompany/ style=cursor:pointer;text-decoration:none;padding-right:12px;display:flex target=_blank><div><img src=https://cdn.devtron.ai/images/linkedin_social_dark.png style=width:20px></div></a></span><span><a href=https://devtron.ai/blog/ style=color:#000a14;font-size:13px;line-height:20px;cursor:pointer;text-decoration:underline;padding-right:12px target=_blank>Blog</a></span><span><a href=https://devtron.ai/ style=color:#000a14;font-size:13px;line-height:20px;cursor:pointer;text-decoration:underline target=_blank>Website</a></span><td colspan=2 style=text-align:right><div style=color:#767d84;font-size:13px;line-height:20px>© Devtron Labs 2024</div></table>"}'
+WHERE node_type = 'CD'
+  AND event_type_id = 1
+  AND channel_type='ses';
+
+--adding resource_version to global_policy table for maintaining optimistic concurrency control
+ALTER TABLE global_policy ADD COLUMN IF NOT EXISTS policy_revision text;
+
diff --git a/util/HttpUtil.go b/util/HttpUtil.go
index d5d5c91269..afe951cfaf 100644
--- a/util/HttpUtil.go
+++ b/util/HttpUtil.go
@@ -17,6 +17,7 @@
 package util
 
 import (
+	"context"
 	"crypto/tls"
 	"errors"
 	"fmt"
@@ -30,6 +31,11 @@ import (
 	"time"
 )
 
+const (
+	EmailId  = "emailId"
+	TokenKey = "token"
+)
+
 func ReadFromUrlWithRetry(url string) ([]byte, error) {
 	var (
 		err      error
@@ -152,3 +158,13 @@ func getCertFileName() string {
 	randomName := fmt.Sprintf("%v.crt", GetRandomName())
 	return randomName
 }
+
+func GetTokenFromContext(ctx context.Context) string {
+	token, _ := ctx.Value(TokenKey).(string)
+	return token
+}
+
+func GetEmailFromContext(ctx context.Context) string {
+	email, _ := ctx.Value(EmailId).(string)
+	return email
+}