Manage team resources in Postman

As a Super Admin or Team Admin, you can manage resources in your workspaces, enabling you to align your workspaces with your organizational goals. Manage which team members can create internal workspaces, which Collection Editors can share collections with guest users, mock server privacy settings, and which external packages are allowed in scripts.

Manage internal workspaces

Managing internal workspaces is supported on Postman Enterprise plans.

An internal workspace is a type of workspace that enables you to share projects with collaborators and manage access to them within your team. As a Super Admin or Team Admin, you can limit or prohibit creation of new internal workspaces by users on your team. Learn more about creating workspaces.

Fellow Super Admins and Team Admins can always create workspaces. For other team members, you can specify which users and groups have permission to create workspaces.

If you specify users and groups, all other team members will require approval to create workspaces. A Super Admin, Team Admin, or user with permission to create workspaces can approve a request. The workspace's visibility will be set to Internal and Only you and invited people until the request is approved.

If you give all team members permission to create internal workspaces, team members won't need approval to create them.

Partners and Guests can't create internal workspaces.

Give permission to create internal workspaces

To specify users or groups who can create internal workspaces, do the following:

  1. Select Team > Team Settings in the Postman header.

  2. Select Team resources in the sidebar, then select Workspaces.

  3. Select Specific people or groups.

  4. Specify users or groups who can create workspaces.

  5. Select Save Changes.

    Specify users who can create internal workspaces

Remove permission to create internal workspaces

To remove permission to create internal workspaces from users or groups, do the following:

  1. Select Team > Team Settings in the Postman header.

  2. Select Team resources in the sidebar, then select Workspaces.

  3. Select the Specific people or groups section to edit it.

  4. Select Close icon next to a user or group.

    Remove users who can create internal workspaces
  5. Select Save Changes.

Give all team members permission to create internal workspaces

To give all team members permission to create internal workspaces, do the following:

  1. Select Team > Team Settings in the Postman header.

  2. Select Team resources in the sidebar, then select Workspaces.

  3. Select All team members.

  4. Select Save Changes.

    All team members can create internal workspaces

Approve workspace creation requests

To see all workspaces, on the Home page, select Workspaces. You can also select Workspaces > View all workspaces in the Postman header. A list of workspaces appears.

View all workspaces

To approve a request to create a workspace, select the Pending requests tab. This is where you can approve requests to change the visibility of a workspace, for example, when a user wants to make an existing workspace public.

Requests to create a public workspace are approved by Community Managers. Requests to create a Partner Workspace are approved by Partner Managers. If no Partner Manager role is assigned, the Team Admin is auto-assigned the Partner Manager role when they create their first Partner Workspace.

Community Managers can also approve requests to change a workspace's visibility to public from its workspace settings. Learn more about converting a workspace to a public workspace.

Approve request to change workspace visibility

Manage sharing collections with Guests

Managing sharing collections with Guests is supported on Postman Enterprise plans.

As a Super Admin or Team Admin, you can allow or prohibit Collection Editors from sharing collections with Guests in internal workspaces. Learn more about sharing collections with Guests.

Select Team > Team Settings in the Postman header, select Team resources in the sidebar, then select Collections. To manage whether Collection Editors can share collections with Guests, select the toggle next to Allow Editors to share collections with Guests. By default, Collection Editors are allowed to share collections with Guests.

Allow Editors to share collections with Guests

When you allow this, Collection Editors can choose whether Guests can view a specific collection and send requests in that collection. Guest users are assigned the Guest role at the team level and a limited Viewer role at the collection level.

When you prohibit this, Collection Editors don't have the option to choose whether Guests can view a specific collection. Guest users already assigned the Guest role will continue to have access to collections previously shared with them. New Guests can no longer be assigned the Guest role.

Manage mock server privacy

Managing mock server privacy is supported on Postman Enterprise plans.

As a Super Admin or Team Admin, you can enable or prohibit users from creating public mock servers.

To prohibit users from creating public mock servers, do the following:

  1. Select Team > Team Settings in the Postman header.
  2. Select Team resources in the sidebar, then select Mock servers.
  3. Select the toggle next to Disable creating public mock servers.

By default, users are able to create both public and private mock servers. However, new mock servers are set to public by default. Learn more about private and public mock servers.

Manage external packages

As a Super Admin or Team Admin, you can allow or prohibit packages from external package registries, such as npm and JSR, in your teammate's scripts. Admins can also configure access to private npm packages. Learn more about using external packages in Postman.

Allow packages from external package registries

Allowing packages from external registries is supported on Postman Enterprise plans.

You can allow or prohibit your team from using external npm and JSR packages in their scripts. You can also specify external packages your team members are allowed to use in scripts.

  1. Select Team > Team Settings in the Postman header.

  2. Select Team resources in the sidebar, then select External packages.

  3. Choose one of the following from the Allow using external packages dropdown list:

Allow specific packages in your team

After you've selected Allow selected packages in the dropdown list, enter external packages from npm or JSR you want to allow your team to use in their scripts. Note that your team members who aren't Admins can visit this page to view the external packages allowed in your team.

  1. Enter an external package using the following syntax:

  2. Select Add Package to add the external package to the list of allowed packages. You can also select Return or Enter to add the external package.

To remove an external package from the list of allowed packages, hover over the package and select Close icon Remove.

Allow selected external packages in your team

The following shows examples of how to specify allowed external packages. Note that Postman supports glob pattern syntax for specifying allowed external packages and their version numbers.

  • To allow a package from a specific registry with an exact major version number, you can use syntax like:

    npm:ajv@8.12.0
    
  • To allow a specific major version and any minor version number, you can use syntax like:

    npm:lodash@4.*
    
  • To allow all external package from a specific registry, you can use syntax like:

    jsr:*@*
    
  • To allow all external packages in a scope, you can use syntax like:

    npm:@types/*@*
    

Configure access to private packages

Configuring access to private packages is supported on Postman Professional and Enterprise plans.

Admins can configure your team's access to private npm packages in scripts. Create an access token in npm that can access the scope with your private packages. Then provide your access token and scope to configure your private packages in Postman.

Your access token is encrypted in Postman and only Admins have permission to access and configure it. Postman only decrypts your access token to import the package in your scripts.

Learn more about supported external packages before configuring access to a private package.

To configure access to a private npm package, do the following:

  1. Select Team > Team Settings in the Postman header.

  2. Select Team resources in the sidebar, then select External packages.

  3. Under Private npm packages, provide the following details:

    • Token - The access token that has access to the scope with your private packages. Note that you can't view or edit an access token later; you must delete the access token and then replace it.
    • Scope - The scopes with your private packages. Use the @scope syntax. You can specify multiple scopes with a comma-separate list. Make sure your token can access all of the scopes you provide.
  4. Select Save.

Configure private packages in your team

To replace your access token, select Delete icon Delete token, update the access token, then select Save.

To edit your scopes, update the scopes you provided and select Save.

Learn how to import private packages into your scripts.

Last modified: 2025/02/28