How to Prevent Developer Roles and above from Manually Publishing Packages

Hi All,

I am attempting to setup the Package Registry for private projects so that packages can only be published to the Gitlab package registry via CICD pipelines. I am not able to find any setting which prevents any role from manually publishing to the project’s package registry.

Goal here is to have a review process before publishing the package. Currently, developers are able to publish directly publish to the projects package registry using their tokens.

How to prevent a Developer/Maintainer/Owner Role having write access to the package registry?

Thanks for any help or guidance,