### Context You can use the GitLab Package Registry to publish and store packages right alongside your source code and pipelines. A Developer in the respective project may publish new versions of a package using GitLab CI or the command line. However, similar to protected branches, there are many cases where only a Project Admin should be allowed to update or delete a given package. The following features are already available to protect the release process: * [Protected Branches](https://docs.gitlab.com/ee/user/project/protected_branches.html) * [Protected Tags](https://docs.gitlab.com/ee/user/project/protected_tags.html) * [Protected Environments](https://docs.gitlab.com/ee/ci/environments/protected_environments.html) * [Protecting Pipeline Settings by hosting .gilab-ci.yml in a separate project](https://docs.gitlab.com/ee/user/project/pipelines/settings.html#custom-ci-configuration-path) However, there is no way to do the same for packages. This means that we are protecting all of the components responsible for creating a package but not the output. ### Proposal For each package manager format add configuration options for restricting all actions except read (create, update and delete) similar to the existing [Protected Branches](https://docs.gitlab.com/ee/user/project/protected_branches.html), [Protected Tags](https://docs.gitlab.com/ee/user/project/protected_tags.html) and [Protected Environments](https://docs.gitlab.com/ee/ci/environments/protected_environments.html). #### Details This epic will have an issue for each format and we'll prioritize them in the following order: 1. Maven 1. npm 1. PyPI 1. NuGet 1. Generic packages 1. RubyGems 1. Conan 1. Composer 1. Debian 1. Go