Defining roles
Certain team options are only available on Postman Basic, Professional, and Enterprise plans. To see which roles are available on your plan, go to your web dashboard.
In Postman you can assign roles and permissions to provide access control.
Contents
Roles in Postman
As a team admin, you have the power to define Postman access at the team level. You can utilize Postman's role-based access control system to limit visibility of team resources, define your development workflow, and provide access to administrative and billing personnel.
Workspace admins can modify the admin and collaborator roles for the workspace. Editors of particular elements (APIs, collections, environments, monitors, and mock servers) can modify the editor and viewer role on the element.
With these roles, you and your teammates can manage access for each individual, or, if you are on a Postman Enterprise plan, for groups.
Team roles
You can assign one or more role types to team members: Admin, Billing, and Developer. If you are on a Postman Professional or Enterprise plan, you will also have the option of assigning the Community Manager role. If you are on a Postman Enterprise plan, you will additionally have the option to assign the Super Admin role.
Roles can be assigned based on the functions a team member requires:
- Super Admin: Manages everything within a team, including team settings, members, roles, and resources in public, team, or private workspaces. Team members with this role can perform all actions that Admin, Billing, Community Manager, and Developer roles can perform (Enterprise plans only).
- Admin: Manages team members and team settings.
- Billing: Manages team plan and payments.
- Developer: Has access to all team resources and workspaces.
- Community Manager: Manages public visibility of workspaces and team profile (Professional and Enterprise plans only).
Each user must have at least one role attached to them, and can hold multiple roles simultaneously.
Team roles provide high-level access control:
| Permission | Super Admin | Admin | Billing | Developer | Community Manager |
|---|---|---|---|---|---|
| Add users | ✔ | ✔ | |||
| Remove users | ✔ | ✔ | |||
| Manage team Admins and Developers | ✔ | ✔ | |||
| Manage SSO | ✔ | ✔ | |||
| Manage custom domains | ✔ | ✔ | |||
| View audit logs | ✔ | ✔ | ✔ | ||
| View usage data | ✔ | ✔ | ✔ | ✔ | ✔ |
| Manage Billing members | ✔ | ✔ | |||
| Manage payment | ✔ | ✔ | |||
| Change plan | ✔ | ✔ | |||
| View shared APIs, collections, environments, mock servers and monitors | ✔ | ✔ | ✔ | ||
| View and create team workspaces | ✔ | ✔ | ✔ | ||
| Change visibility of workspaces to team or public | ✔ | ✔* | ✔ | ||
| Approve requests to change workspace visibility** | ✔ | ✔ | |||
| Enable public team profile | ✔ | ✔ | ✔ |
* On Postman Basic and Free plans, any developer can change visibility of workspaces
** Enterprise and Professional plans only
Workspace roles
You can assign three role types in Postman workspaces: Admin, Editor and Viewer.
- Admin: Can manage workspace resources and settings
- Editor: Can create and edit workspace resources
- Viewer: Can view, fork, and export workspace resources
The following roles control access at a workspace level:
| Action | Admin | Editor | Viewer |
|---|---|---|---|
| Create workspaces | ✔ | ||
| Delete workspaces | ✔ | ||
| Edit workspace details | ✔ | ||
| Join and leave workspaces | ✔ | ✔ | ✔ |
| Add members | ✔ | ||
| Remove members | ✔ | ||
| Manage workspace roles | ✔ | ||
| Manage workspace visibility | ✔* | ||
| Add and remove APIs, collections, and environments | ✔ | ✔ | |
| Manage integrations | ✔ | ✔ | |
| Add monitors and mock servers | ✔ | ✔ | |
| Send requests | ✔ | ✔ | ✔ |
* On Professional and Enterprise plans, workspace admins must request to change a workspace's visibility to public. This request will go to the Community Manager. On Basic and Free plans, or if a team has no Community Manager assigned, workspace admins can control visibility.
API roles
You can assign two role types in Postman APIs: Editor and Viewer.
- Editor: edit APIs directly
- Viewer: view and export APIs
The following roles control access at an API level:
| APIs | Editor | Viewer |
|---|---|---|
| Edit and delete APIs | ✔ | |
| Manage roles on APIs | ✔ | |
| Share APIs | ✔ | ✔ |
| Comment on APIs | ✔ | ✔ |
| Create new API versions | ✔ | |
| Update schema | ✔ | |
| Generate collections from the schema | ✔ | ✔ |
| View reports for APIs | ✔ | ✔ |
| Add and remove API environments | ✔ | ✔ |
| Add and remove API documentation | ✔ | ✔ |
| Add and remove API test suites, integration tests, and contract tests | ✔ | ✔ |
| Add and remove API monitors | ✔ | ✔ |
| Add and remove API mock servers | ✔ | ✔ |
Collection roles
You can assign two role types in Postman collections: Editor and Viewer.
- Editor: edit collections directly
- Viewer: view, fork, and export collections
The following roles control access at a collection level:
| Collections | Editor | Viewer |
|---|---|---|
| Edit and delete collections | ✔ | |
| Manage roles on collections | ✔ | |
| Export collections | ✔ | ✔ |
| Fork collections | ✔ | ✔ |
| Merge forks on collections | ✔ | |
| Publish collection documentation and add to API Network | ✔ | |
| Share collections to a different workspace | ✔ | ✔ |
| Tag and restore collection versions | ✔ | |
| Add, edit, and delete mock servers | ✔ | |
| Add, edit, and delete monitors | ✔ |
Managing roles and permissions
To manage team roles, see Managing roles.
Roles FAQ
- Our only team member with billing/admin permissions left - what can I do?
Contact us via our Support Center for assistance.
- I'm an admin, why can't I assign the billing role?
Billing roles can be granted by a Super Admin or by a fellow team member with a billing role. If this is not possible, contact us via our Support Center for assistance.
- Our colleague left the organization, how can we access their collections?
You can remove a former colleague from your Postman team via your dashboard. When a collection owner is removed from your team, ownership of their shared collections is transferred to fellow team members and these collections will continue to exist in your Postman team.
- What are "support" roles?
A support-only account is one that holds an admin and/or billing role, but is not a developer. Teams can have up to two support-only accounts.
Next steps
Learn more about Working with your team.
Last modified: 2022/01/21