Code Owners as eligible approvers: should Developers be able to approve by default?

Summary

Code Owners as eligible approvers: only Maintainers + Code Owners should be able to approve merge requests

Steps to reproduce

  1. Set up code owners using this guide

  2. Remove any existing approval rules so that the settings look like below:

image

Example Project

N/A

What is the current bug behavior?

All member with Developer role or higher + code owners are allowed to approve the merge request.

What is the expected correct behavior?

All member with Maintainer role or higher + code owners are allowed to approve the merge request.

Details

(GitLab EE Starter customer)

We have a repo set up where only a limited number of Maintainers have had access until now. The other people working on the project have been set up as Developers; they were able to submit Merge Requests, they were able to merge features where one of the project maintainers had approved their merge request. Only a designated set of people were allowed to approve merge requests.

Now, we are trying to reduce bottlenecks and expand on this a bit by using the Code Owners functionality. For the directories in the repository which these Developers are marked as owners, they should also be able to approve the merge requests. Anything else should only be approvable by Maintainers.

But: the problem is that this doesn't work. If we set remove the approval rules for the project, it goes back to the state which is displayed in the screenshot above. The problem is that this means that any Developer can approve any merge request.

I am thinking about whether one potential workaround could be to demote these Developers to the Reporter role. But it feels odd to give people who are clearly "developers" in nature the "Reporter" role to me.

Are there any other ways to workaround this, or what is the proper process for granting a set of people limited access to merge approvals, in GitLab EE Starter?

Thanks in advance. I know this is not necessarily a bug per, se (it's perhaps a feature 😏) but nonetheless trying to reach out this way to help resolve this particular issue for us.

Results of GitLab environment info

12.4.2-ee (a3170599)