Define roles and permissions within a Postman team

Certain team options are only available on Postman paid plans. To learn which roles are available on your plan, go to your web dashboard.

Roles define user permissions within a Postman team and a user's level of access to a Postman element, like a collection or an API.

Contents

Team roles

With the Admin role, you have the power to define Postman access at the team level. You can use Postman's role-based access control system to limit visibility of team resources, define your development workflow, and give access to administrative and billing personnel. Each user on a team must have at least one role attached to them, and can hold multiple roles simultaneously.

You can assign one or more role types to team members, based on the functions those team members require:

If you are on a Postman Enterprise plan, you can also assign roles at the group level.

Team roles offer high-level access control:

PermissionSuper AdminAdminBillingDeveloperCommunity Manager
Add users
Remove users
Manage team Admins and Developers
Manage SSO
Add and edit custom domains
Delete custom domains
View audit logs
View usage data
Manage Billing members
Manage payment
Change plan
View shared APIs, collections, environments, mock servers and monitors
View and create team workspaces
Change visibility of workspaces to team or public✔*
Approve requests to change workspace visibility**
Enable public team profile
Manage a team's Private API Network***

There are additional specialized roles for Enterprise teams:

* On Postman Basic and Free plans, any developer can change visibility of workspaces.

** Enterprise and Professional plans only.

*** Enterprise plans only. Teams can allow users with the Folder Manager role to manage elements in specific folders in the Private API Network.

Postman support users. Team members with a Developer or Super Admin role consume a paid seat on your team. Team members who have only Admin or Billing roles become support users and don’t consume paid seats. Each team can have two support users.

Managing team roles

To learn how to manage team roles in Postman, see Manage your team.

Workspace roles

You can assign three role types in Postman workspaces: Admin, Editor, and Viewer. Partner Workspaces offer an additional role type: Partner Lead.

Partners have different permissions for Workspace Editor and Viewer roles in Partner Workspaces (Enterprise Ultimate plans only). To learn more, see Partner team and Partner Workspace roles.

You can use the Postman API to programmatically manage users and user groups for workspaces. For more information, see the Postman API collection.

The following roles control access at a workspace level:

ActionAdminEditorViewer
Join and leave workspaces
Send requests
Add and remove APIs, collections, and environments
Manage integrations
Add monitors and mock servers
Create and delete workspaces
Edit workspace details
Add and remove members
Manage workspace roles
Manage workspace visibility✔*

* On Professional and Enterprise plans, an Admin for a workspace must request to change its visibility to public. This request will go to the Community Manager. On Basic and Free plans, or if a team has no Community Manager assigned, an Admin for a workspace can control its visibility.

Element-based roles

At the element level, you can assign roles to team members that decide their level of access to Postman collections, APIs, mock servers, and monitors.

Collection roles

You can assign two role types in Postman collections: Editor and Viewer.

  • Editor - Can edit collections directly
  • Viewer - Can view, fork, and export collections

Partners have different permissions for Collection Editor and Viewer roles in Partner Workspaces (Enterprise Ultimate plans only). To learn more, see Partner team and Partner Workspace roles.

You can assign a limited Viewer role to an external user who isn't in your Postman team by allowing them to view specific collections. Users with this role can only view collections and send requests in the collections that have been shared with them.

The following roles control access at a collection level:

CollectionsEditorViewer
Edit and delete collections
Manage roles on collections
Export collections
Fork collections
Merge forks on collections
Publish collection documentation and add to API Network
Share collections to a different workspace
Tag and restore collection versions
Add, edit, and delete mock servers
Add, edit, and delete monitors

API roles

You can assign three role types in Postman APIs: Admin, Editor, and Viewer.

  • Admin - Can publish, move, and delete APIs
  • Editor - Can edit APIs and API definitions
  • Viewer - Can view published API versions

If you have the Workspace Admin role, you will automatically inherit Admin permissions for all APIs in the workspace, even if you are assigned the Editor or Viewer role for an API.

The following roles control access at an API level:

APIsAdminEditorViewer
Edit APIs and API definitions
Publish APIs
Move and delete APIs
Manage roles on APIs✔*
Comment on APIs
Comment on published API versions
Share APIs
Generate collections from the API definition
Add and remove API documentation collections
Add and remove API test collections
Add and remove CI integrations
Add and remove APM integrations
Add and remove API gateway integrations
View reports for APIs

* API Editors can assign users the Viewer or Editor role. API Editors can't assign a user the Admin role, or change an Admin to an Editor or Viewer.

Environment roles

You can assign two role types for Postman environments: Editor and Viewer.

  • Editor - Can edit and manage environments
  • Viewer - Can view and use environments

The following roles control access at an environment level:

EnvironmentEditorViewer
View environment
Use environment
Edit the current value of variables
Edit and delete environments
Manage environment roles
Move environment

Mock server roles

You can assign two role types for Postman mock servers: Editor and Viewer.

  • Editor - Can edit and manage mock servers
  • Viewer - Can view mock servers and associated metadata

The following roles control access at the mock server level:

Mock serverEditorViewer
View mock server
View mock server call logs and call log details
View mock server metadata
Edit and delete mock servers
Manage mock server roles
Move mock server

Monitor roles

You can assign four role types for Postman Monitors: Editor and Viewer.

  • Super Admin - Can view monitor metadata and run, pause, and resume monitors.
  • Admin - Can view monitor metadata and run, pause, and resume monitors.
  • Editor - Can view monitor metadata, metrics, jobs, and runs. Can run, update, delete, pause, and resume the monitor.
  • Viewer - Can view monitor metadata, metrics, jobs, and runs.
MonitorsSuper AdminAdminEditorViewer
View monitor
View monitor metadata, results, activity, and summary metrics
Create monitor read integrations
View monitor based integrations
Edit and delete monitor
Run, pause, and resume monitor
Move monitor
Update monitor roles

Partner team and Partner Workspace roles

Partner team and Partner Workspace roles are available on Postman Enterprise Ultimate plans.

Partner team and Partner Workspace roles relate to Partner Workspaces and are applied at the team, workspace, and collection levels. There are different team and Partner Workspace roles you can assign to team members and external partners:

For team membersFor partners
Team levelPartner ManagerPartner
Workspace levelAdmin, Viewer, EditorViewer, Editor
Partner Lead (optional)
Collection levelViewer, EditorViewer, Editor

You can assign the Partner Manager role to team members at the team level, and invite partners with the Partner role:

  • Partner Manager - Manages all Partner Workspaces within an organization. Controls Partner Workspace settings and visibility, and can send invites to partners.
  • Partner - Can only access the Partner Workspaces they've been invited to. All partners are assigned Workspace Editor or Viewer roles when invited to a Partner Workspace. You can edit Partner Workspace permissions for partners at the workspace and collection levels.

You can assign Partner Workspace roles to partners at the workspace level:

  • Partner Lead - Can invite other partners from their organization to join a Partner Workspace.
  • Editor - Partners can create and edit Partner Workspace resources, import and export elements, and fork elements to Partner Workspaces within the same team.
  • Viewer - Partners can view Partner Workspace resources and fork elements to another Partner Workspace within the same team where they're assigned the Workspace Editor role.

You can also assign Partner Workspace roles to partners at the collection level:

  • Editor - Partners can export collections. They can also fork collections within the same Partner Workspace or to another Partner Workspace within the same team. They can't fork collections outside the team.
  • Viewer - Partners can fork collections to another Partner Workspace within the same team where they're assigned the Workspace Editor role. They can't fork elements outside the team. Also, they can't export collections.

To learn more about collaborating as a team member or partner, see Collaborating in a Partner Workspace.

Your team must have available seats or Auto-Flex enabled to invite a partner as a Workspace Editor. Otherwise, the partner will be assigned the Workspace Viewer role, giving the partner permission to view all workspace resources. Also, your team must have available seats to assign a partner as a Collection Editor. Assigning a partner the Workspace Viewer or Collection Viewer roles doesn't consume paid seats.

Network roles

Network roles are available on Postman Enterprise plans.

Network roles related to the Private API Network are applied at the team and folder level.

You can assign network roles at the team level:

  • API Network Manager - Manages a team's Private API Network, including adding elements and reviewing requests to add them.

You can also assign network roles at the folder level:

  • Folder Manager - Manages specific folders and the elements in them in a team's Private API Network. Team members with this role can perform all actions that API Network Manager role can perform but only in folders they have permission to manage.

Next steps

After learning about the roles available to team members, you can manage your team's level of access and control more effectively.

  • To learn more about team management, including managing team roles and inviting collaborators to join your team, visit the Team management overview.

Last modified: 2022/12/19