2021-06-08 01:23:25 +05:30
---
stage: Create
group: Source Code
info: "To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments"
type: reference, concepts
---
2021-11-18 22:05:49 +05:30
# Merge request approval settings **(PREMIUM)**
2021-06-08 01:23:25 +05:30
You can configure the settings for [merge request approvals ](index.md ) to
ensure the approval rules meet your use case. You can also configure
[approval rules ](rules.md ), which define the number and type of users who must
approve work before it's merged. Merge request approval settings define how
those rules are applied as a merge request moves toward completion.
## Edit merge request approval settings
To view or edit merge request approval settings:
1. Go to your project and select **Settings > General** .
1. Expand **Merge request (MR) approvals** .
2021-10-27 15:23:28 +05:30
In this section of general settings, you can configure the following settings:
2021-06-08 01:23:25 +05:30
2021-10-27 15:23:28 +05:30
| Setting | Description |
| ------ | ------ |
| [Prevent approval by author ](#prevent-approval-by-author ) | When enabled, the author of a merge request cannot approve it. |
| [Prevent approvals by users who add commits ](#prevent-approvals-by-users-who-add-commits ) | When enabled, users who have committed to a merge request cannot approve it. |
| [Prevent editing approval rules in merge requests ](#prevent-editing-approval-rules-in-merge-requests ) | When enabled, users can't override the project's approval rules on merge requests. |
| [Require user password to approve ](#require-user-password-to-approve ) | Force potential approvers to first authenticate with a password. |
| [Remove all approvals when commits are added to the source branch ](#remove-all-approvals-when-commits-are-added-to-the-source-branch ) | When enabled, remove all existing approvals on a merge request when more changes are added to it. |
2021-06-08 01:23:25 +05:30
2021-11-18 22:05:49 +05:30
## Prevent approval by author
2021-06-08 01:23:25 +05:30
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3349) in GitLab 11.3.
> - Moved to GitLab Premium in 13.9.
By default, the author of a merge request cannot approve it. To change this setting:
1. Go to your project and select **Settings > General** .
1. Expand **Merge request (MR) approvals** .
2021-12-11 22:18:48 +05:30
1. Clear the **Prevent approval by author** checkbox.
2021-06-08 01:23:25 +05:30
1. Select **Save changes** .
Authors can edit the approval rule in an individual merge request and override
this setting, unless you configure one of these options:
2021-10-27 15:23:28 +05:30
- [Prevent overrides of default approvals ](#prevent-editing-approval-rules-in-merge-requests ) at
2021-06-08 01:23:25 +05:30
the project level.
- *(Self-managed instances only)* Prevent overrides of default approvals
[at the instance level ](../../../admin_area/merge_requests_approvals.md ). When configured
at the instance level, you can't edit this setting at the project or individual
merge request levels.
2021-11-18 22:05:49 +05:30
## Prevent approvals by users who add commits
2021-06-08 01:23:25 +05:30
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10441) in GitLab 11.10.
> - Moved to GitLab Premium in 13.9.
By default, users who commit to a merge request can still approve it. At both
the project level or [instance level ](../../../admin_area/merge_requests_approvals.md )
you can prevent committers from approving merge requests that are partially
their own. To do this:
1. Go to your project and select **Settings > General** .
1. Expand **Merge request (MR) approvals** .
2021-12-11 22:18:48 +05:30
1. Select the **Prevent approvals by users who add commits** checkbox.
2021-06-08 01:23:25 +05:30
If this checkbox is cleared, an administrator has disabled it
[at the instance level ](../../../admin_area/merge_requests_approvals.md ), and
it can't be changed at the project level.
1. Select **Save changes** .
2021-12-11 22:18:48 +05:30
Depending on your version of GitLab, [code owners ](../../code_owners.md ) who commit
to a merge request may or may not be able to approve the work:
- In GitLab 13.10 and earlier, [code owners ](../../code_owners.md ) who commit
to a merge request can approve it, even if the merge request affects files they own.
- In [GitLab 13.11 and later ](https://gitlab.com/gitlab-org/gitlab/-/issues/331548 ),
[code owners ](../../code_owners.md ) who commit
to a merge request cannot approve it, when the merge request affects files they own.
2021-06-08 01:23:25 +05:30
To learn more about the [differences between authors and committers ](https://git-scm.com/book/en/v2/Git-Basics-Viewing-the-Commit-History ),
read the official Git documentation for an explanation.
2021-10-27 15:23:28 +05:30
## Prevent editing approval rules in merge requests
By default, users can override the approval rules you [create for a project ](rules.md )
on a per-merge request basis. If you don't want users to change approval rules
on merge requests, you can disable this setting:
1. Go to your project and select **Settings > General** .
1. Expand **Merge request (MR) approvals** .
2021-12-11 22:18:48 +05:30
1. Select the **Prevent editing approval rules in merge requests** checkbox.
2021-10-27 15:23:28 +05:30
1. Select **Save changes** .
This change affects all open merge requests.
## Require user password to approve
2021-06-08 01:23:25 +05:30
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/5981) in GitLab 12.0.
> - Moved to GitLab Premium in 13.9.
You can force potential approvers to first authenticate with a password. This
permission enables an electronic signature for approvals, such as the one defined by
[Code of Federal Regulations (CFR) Part 11 ](https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=11&showFR=1&subpartNode=21:1.0.1.1.8.3 )):
1. Enable password authentication for the web interface, as described in the
[sign-in restrictions documentation ](../../../admin_area/settings/sign_in_restrictions.md#password-authentication-enabled ).
1. Go to your project and select **Settings > General** .
1. Expand **Merge request (MR) approvals** .
2021-12-11 22:18:48 +05:30
1. Select the **Require user password to approve** checkbox.
2021-06-08 01:23:25 +05:30
1. Select **Save changes** .
2021-10-27 15:23:28 +05:30
## Remove all approvals when commits are added to the source branch
By default, an approval on a merge request remains in place, even if you add more changes
after the approval. If you want to remove all existing approvals on a merge request
when more changes are added to it:
1. Go to your project and select **Settings > General** .
1. Expand **Merge request (MR) approvals** .
2021-12-11 22:18:48 +05:30
1. Select the **Remove all approvals when commits are added to the source branch** checkbox.
2021-10-27 15:23:28 +05:30
1. Select **Save changes** .
Approvals aren't reset when a merge request is [rebased from the UI ](../fast_forward_merge.md )
However, approvals are reset if the target branch is changed.
2021-06-08 01:23:25 +05:30
## Security approvals in merge requests **(ULTIMATE)**
You can require that a member of your security team approves a merge request if a
2021-09-30 23:02:18 +05:30
merge request could introduce a vulnerability.
To learn more, see [Security approvals in merge requests ](../../../application_security/index.md#security-approvals-in-merge-requests ).
2021-11-18 22:05:49 +05:30
## Code coverage check approvals
2021-09-30 23:02:18 +05:30
You can require specific approvals if a merge request would result in a decline in code test
coverage.
To learn more, see [Coverage check approval rule ](../../../../ci/pipelines/settings.md#coverage-check-approval-rule ).
2021-06-08 01:23:25 +05:30
2021-12-11 22:18:48 +05:30
## Settings cascading
2021-11-18 22:05:49 +05:30
2021-12-11 22:18:48 +05:30
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/285410) in GitLab 14.4. [Deployed behind the `group_merge_request_approval_settings_feature_flag` flag](../../../../administration/feature_flags.md), disabled by default.
> - [Enabled by default](https://gitlab.com/gitlab-org/gitlab/-/issues/285410) in GitLab 14.5.
2021-11-18 22:05:49 +05:30
FLAG:
2021-12-11 22:18:48 +05:30
On self-managed GitLab, by default this feature is available. To hide the feature per group, ask an administrator to [disable the feature flag ](../../../../administration/feature_flags.md ) named `group_merge_request_approval_settings_feature_flag` . On GitLab.com, this feature is available.
2021-11-18 22:05:49 +05:30
You can also enforce merge request approval settings:
2021-12-11 22:18:48 +05:30
- At the [instance level ](../../../admin_area/merge_requests_approvals.md ), which apply to all groups
on an instance and, therefore, all projects.
- On a [top-level group ](../../../group/index.md#group-approval-rules ), which apply to all subgroups
and projects.
2021-11-18 22:05:49 +05:30
2021-12-11 22:18:48 +05:30
If the settings are inherited by a group or project, they cannot be changed in the group or project
that inherited them.
2021-11-18 22:05:49 +05:30
2022-01-26 12:08:38 +05:30
## Related topics
2021-06-08 01:23:25 +05:30
- [Instance-level merge request approval settings ](../../../admin_area/merge_requests_approvals.md )
2021-10-27 15:23:28 +05:30
- [Compliance report ](../../../compliance/compliance_report/index.md )
2021-06-08 01:23:25 +05:30
- [Merge request approvals API ](../../../../api/merge_request_approvals.md )
