Feature request: Disable ability to override global push rules at the project level

Release notes

Currently (as of GitLab 18.3) it is possible for the maintainer of a project to disable global push rules at the individual project level. This creates compliance issues for organizations which need to enforce push rules globally, such as rejecting unsigned commits.

We should allow GitLab administrators to block this ability.

Problem to solve

Maintainers of projects can circumvent global push rules at the project level.

Proposal

We should allow GitLab administrators to block the ability to disable globally-configured push rules in order to strengthen security posture,

Intended users

GitLab customers with strong compliance and auditing needs, such as government customers.

• Alex (Security Operations Engineer)
• Cameron (Compliance Manager)

Workaround

The current way to do this is via custom roles. One could give users lower level permissions, then elevate with the desired user permissions and exclude admin_push_rules.

Feature Usage Metrics

Does this feature require an audit event?