Block commits if user is not in a particular group


I’m trying to use gitlabCI but I have to ensure that no one off our admin group can change the .gitlab-ci.yml file, unfortunately this is a company rule and we cannot change.

We tried to do this via pre_receive git Hook but we can only validate the git username and git email, but this won’t stop users change their username to match anyone with access and modify the file.

Is there any way to only allow only a group of gitlab users to change this file?!

We are using Gitlab Enterprise.