How do I allow a group of people to approve PRs but let all with write access merge?

I have a repo owned by our organisation and I have used the CODEOWNERS file to specify that any change to a file under /policies/* must be approved by a member of our infosec team:

policies @tombolaltd/infosec-team

This then tells me that I need an approved reviewer from our infosec-team - once I get that, my colleague gets the below screen. It says he must be a collaborator and he must have write access. We added that person to the repo as a member of a team and that team has write access. Adding everyone as a collaborator is not what we want to do. This person should be able to merge, can someone help with where we may be going wrong?

Since you’re asking about configuration on a private repository and, I suspect, non-public teams and organization members, you’ll need to contact GitHub Support directly so that they can take a look at the private organization details. You can contact GitHub Support through the contact form at

I hope that helps!

1 Like