Certain team options are only available on paid plans. To learn which roles are available on your plan, go to your web dashboard.
Roles define user permissions within a Postman team and a user's level of access to a Postman element, like a collection or an API.
With the Admin role, you have the power to define Postman access at the team level. You can use Postman's role-based access control system to limit visibility of team resources, define your development workflow, and give access to administrative and billing personnel. Each user on a team must have at least one role attached to them, and can hold multiple roles simultaneously.
You can assign one or more role types to team members, based on the functions those team members require:
If you are on a Postman Enterprise plan, you can also assign roles at the group level.
Team roles offer high-level access control:
Permission | Super Admin | Admin | Billing | Developer | Community Manager |
---|---|---|---|---|---|
Add users | ✔ | ✔ | |||
Remove users | ✔ | ✔ | |||
Update user email for other members of the team by SCIM | ✔ | ✔ | |||
Manage team Admins and Developers | ✔ | ✔ | |||
Manage SSO | ✔ | ✔ | |||
Add and edit custom domains | ✔ | ✔ | ✔ | ||
Delete custom domains | ✔ | ✔ | |||
View audit logs | ✔ | ✔ | ✔ | ||
View usage data | ✔ | ✔ | ✔ | ✔ | ✔ |
Manage Billing members | ✔ | ✔ | ✔ | ||
Manage payment | ✔ | ✔ | |||
Change plan | ✔ | ✔ | |||
View shared APIs, collections, environments, mock servers, monitors, and Flows | ✔ | ✔ | ✔ | ||
View and create team workspaces | ✔ | ✔ | ✔ | ||
Change visibility of workspaces to team or public | ✔** | ✔* | ✔** | ||
Enable public team profile | ✔ | ✔ | ✔ | ||
Manage a team's Private API Network*** | ✔ |
There are additional specialized roles for Enterprise teams:
* On Basic and Free plans, any developer can change the visibility of workspaces.
** On Enterprise and Professional plans, only Super Admins and Community Managers can change and approve requests to change the visibility of a workspace to team or public.
*** Enterprise plans only. Teams can allow users with the Folder Manager role to manage elements in specific folders in the Private API Network.
Postman support users. Team members with a Developer or Super Admin role consume a paid seat on your team. Team members who have only Admin or Billing roles become support users and don't consume paid seats. Each team can have two support users.
To learn how to manage team roles in Postman, see Manage your team.
You can assign three role types in Postman workspaces: Admin, Editor, and Viewer. Partner Workspaces offer an additional role type: Partner Lead.
Partners have different permissions for Workspace Editor and Viewer roles in Partner Workspaces (Enterprise plans only). To learn more, see Partner team and Partner Workspace roles.
You can use the Postman API to programmatically manage users and user groups for workspaces. For more information, see the Postman API collection.
The following roles control access at a workspace level:
Action | Admin | Editor | Viewer |
---|---|---|---|
Join and leave workspaces | ✔ | ✔ | ✔ |
Send requests | ✔ | ✔ | ✔ |
Add APIs, collections, environments, and Flows | ✔ | ✔ | |
Move and delete APIs, collections, environments, and Flows | ✔ | ✔* | |
Manage integrations | ✔ | ✔ | |
Add and delete monitors and mock servers | ✔ | ✔ | |
Move mock servers | ✔ | ✔ | |
Create and delete workspaces | ✔ | ||
Edit workspace details | ✔ | ||
Add and remove members | ✔ | ||
Manage workspace roles | ✔ | ||
Manage workspace visibility | ✔** |
* Workspace Editors can't move or delete any API. They must have the API Admin role on APIs they want to move or delete.
** On Professional and Enterprise plans, an Admin for a workspace must request to change its visibility to public. This request will go to the Community Manager. On Basic and Free plans, or if a team has no Community Manager assigned, an Admin for a workspace can control its visibility.
At the element level, you can assign roles to team members that decide their level of access to the following elements:
You can assign two role types in Postman collections: Editor and Viewer.
Partners have different permissions for Collection Editor and Viewer roles in Partner Workspaces (Enterprise plans only). To learn more, see Partner team and Partner Workspace roles.
You can assign a limited Viewer role to a coworker who isn't in your Postman team by allowing them to view specific collections. Users with this role can only view specific collections and send requests in the collections that have been shared with them.
The following roles control access at a collection level:
Collections | Editor | Viewer |
---|---|---|
Edit and delete collections | ✔ | |
Manage roles on collections | ✔ | |
Export collections | ✔ | ✔ |
Fork collections | ✔ | ✔ |
Merge forks on collections | ✔ | |
Publish collection documentation and add to API Network | ✔ | |
Share collections to a different workspace | ✔ | ✔ |
Tag and restore collection versions | ✔ | |
Add, edit, and delete mock servers | ✔ | |
Add, edit, and delete monitors | ✔ |
You can assign three role types in Postman APIs: Admin, Editor, and Viewer.
If you have the Workspace Admin role, you will automatically inherit Admin permissions for all APIs in the workspace, even if you are assigned the Editor or Viewer role for an API.
The following roles control access at an API level:
APIs | Admin | Editor | Viewer |
---|---|---|---|
Edit APIs and API definitions | ✔ | ✔ | |
Publish APIs | ✔ | ||
Move and delete APIs | ✔ | ||
Manage roles on APIs | ✔ | ✔* | |
Comment on APIs | ✔ | ✔ | |
Comment on published API versions | ✔ | ✔ | ✔ |
Share APIs | ✔ | ✔ | ✔ |
Generate collections from the API definition | ✔ | ✔ | |
Add and remove API documentation collections | ✔ | ✔ | |
Add and remove API test collections | ✔ | ✔ | |
Add and remove CI integrations | ✔ | ✔ | |
Add and remove APM integrations | ✔ | ✔ | |
Add and remove API gateway integrations | ✔ | ✔ | |
View reports for APIs | ✔ | ✔ | ✔ |
* API Editors can assign users the Viewer or Editor role. API Editors can't assign a user the Admin role, or change an Admin to an Editor or Viewer.
You can assign two role types for Postman environments: Editor and Viewer.
The following roles control access at an environment level:
Environment | Editor | Viewer |
---|---|---|
View environment | ✔ | ✔ |
Use environment | ✔ | ✔ |
Edit the current value of variables | ✔ | ✔ |
Edit and delete environments | ✔ | |
Manage environment roles | ✔ |
You can assign three role types for Postman Flows: Flow Editor, Flow Runner, and Flow Viewer.
The following roles control access at a Flow level:
Flows | Flow Editor | Flow Runner | Flow Viewer |
---|---|---|---|
View Flows | ✔ | ✔ | ✔ |
Run Flows | ✔ | ✔ | |
Create, edit, and delete Flows | ✔ | ||
Manage Flows roles | ✔ |
You can assign two role types for Postman mock servers: Editor and Viewer.
The following roles control access at the mock server level:
Mock server | Editor | Viewer |
---|---|---|
View mock server | ✔ | ✔ |
View mock server call logs and call log details | ✔ | ✔ |
View mock server metadata | ✔ | ✔ |
Edit and delete mock servers | ✔ | |
Manage mock server roles | ✔ |
You can assign four role types for Postman Monitors: Editor and Viewer.
Monitors | Super Admin | Admin | Editor | Viewer |
---|---|---|---|---|
View monitor | ✔ | ✔ | ✔ | ✔ |
View monitor metadata, results, activity, and summary metrics | ✔ | ✔ | ✔ | ✔ |
Create monitor read integrations | ✔ | ✔ | ||
View monitor based integrations | ✔ | ✔ | ||
Edit and delete monitor | ✔ | |||
Run, pause, and resume monitor | ✔ | ✔ | ✔ | |
Update monitor roles | ✔ |
Partner team and Partner Workspace roles relate to Partner Workspaces and are applied at the team, workspace, and collection levels. There are different team and Partner Workspace roles you can assign to team members and external partners:
For team members | For partners | |
---|---|---|
Team level | Partner Manager | Partner |
Workspace level | Admin, Viewer, Editor | Viewer, Editor Partner Lead (optional) |
Collection level | Viewer, Editor | Viewer, Editor |
You can assign the Partner Manager role to team members at the team level, and invite partners with the Partner role:
You can assign Partner Workspace roles to partners at the workspace level:
You can also assign Partner Workspace roles to partners at the collection level:
To learn more about collaborating as a team member or partner, see Collaborating in a Partner Workspace.
Your team must have available seats or Auto-Flex enabled to invite a partner as a Workspace Editor. Otherwise, the partner will be assigned the Workspace Viewer role, giving the partner permission to view all workspace resources. Also, your team must have available seats to assign a partner as a Collection Editor. Assigning a partner the Workspace Viewer or Collection Viewer roles doesn't consume paid seats.
Network roles related to the Private API Network are applied at the team and folder level.
You can assign network roles at the team level:
You can also assign network roles at the folder level:
After learning about the roles available to team members, you can manage your team's level of access and control more effectively.
Last modified: 2024/07/22
Additional resources
Videos
Blog posts
Case Studies