Merge request approval settings

The settings for merge request approvals are found by going to Settings > General and expanding Merge request (MR) approvals.

Prevent overriding default approvals

Regardless of the approval rules you choose for your project, users can edit them in every merge request, overriding the rules you set as default. To prevent that from happening:

  1. Select the Prevent users from modifying MR approval rules in merge requests. checkbox.
  2. Click Save changes.

Resetting approvals on push

You can force all approvals on a merge request to be removed when new commits are pushed to the source branch of the merge request. If disabled, approvals persist even if there are changes added to the merge request. To enable this feature:

  1. Check the Require new approvals when new commits are added to an MR. checkbox.
  2. Click Save changes.
note Approvals do not get reset when rebasing a merge request from the UI. However, approvals are reset if the target branch is changed.

Allowing merge request authors to approve their own merge requests

Version history
  • Introduced in GitLab 11.3.
  • Moved to GitLab Premium in 13.9.

By default, projects are configured to prevent merge requests from being approved by their own authors. To change this setting:

  1. Go to your project’s Settings > General, expand Merge request (MR) approvals.
  2. Uncheck the Prevent MR approval by the author. checkbox.
  3. Click Save changes.

Note that users can edit the approval rules in every merge request and override pre-defined settings unless it’s set not to allow overrides.

You can prevent authors from approving their own merge requests at the instance level. When enabled, this setting is disabled on the project level, and not editable.

Prevent approval of merge requests by their committers

Version history
  • Introduced in GitLab 11.10.
  • Moved to GitLab Premium in 13.9.

You can prevent users who have committed to a merge request from approving it, though code authors can still approve. You can enable this feature at the instance level, which disables changes to this feature at the project level. If you prefer to manage this feature at the project level, you can:

  1. Check the Prevent MR approvals from users who make commits to the MR. checkbox. If this check box is disabled, this feature has been disabled at the instance level.
  2. Click Save changes.

Read the official Git documentation for an explanation of the differences between authors and committers.

Require authentication when approving a merge request

Version history
  • Introduced in GitLab 12.0.
  • Moved to GitLab Premium in 13.9.
note To require authentication when approving a merge request, you must enable Password authentication enabled for web interface under sign-in restrictions. in the Admin Area.

You can force the approver to enter a password in order to authenticate before adding the approval. This enables an Electronic Signature for approvals such as the one defined by CFR Part 11). To enable this feature:

  1. Check the Require user password for approvals. checkbox.
  2. Click Save changes.

Security approvals in merge requests

Merge request approvals can be configured to require approval from a member of your security team when a vulnerability would be introduced by a merge request.

For more information, see Security approvals in merge requests.