Define roles and permissions within Postman

Certain team options are only available with paid plans. To learn which roles are available with your plan, go to your web dashboard.

Roles define user permissions within Postman and levels of access to a Postman element, like a collection or an API.

Organization roles

Postman Organizations is available with Postman Enterprise plans.

Each team within an organization has its own set of independent roles:

Team role	Capabilities
Organization Manager (Super Admin)	Has edit access to all elements within the organization and can edit the settings. Manages the entire organization, including its users (add/remove/invite/assign) and resources (view/edit/manage).
Team Manager (Admin)	Has edit access to all elements on the team. Manages the team and its resources. Automatically has access to all team workspaces.
Team Member-Developer	Can have edit access to all elements on the organization or team, but doesn’t automatically have access to workspaces, collections, and other elements unless given a role on that element. Can view all shared resources and can have Editor or Viewer access to any workspace or resource within the team. Automatically has access to all workspaces that are shared to the team when the workspace is set to Everyone in TeamName.
Collaborator	Can have a Developer or Viewer role. Developers can directly edit the element they’re assigned, while Viewers can only view or fork the element they’re assigned. Additionally, workspaces shared with the Team in the Workspace Access settings aren’t automatically shared with Collaborators. Must be granted access to workspaces either by setting the workspace to Everyone in OrgName or by being invited directly through a user or a team or group they belong to.

Only a Team Member can create workspaces in the team.
Sharing an element with a new user triggers the process of adding that user to the Team’s user list.
Any time a Team Member or Collaborator is removed from the Team’s user list, they lose access to everything in the Team (until they’re added back).

Team roles

With the Admin role, you have the power to define Postman access at the team level. You can use Postman’s role-based access control system to limit visibility of team resources, define your development workflow, and give access to administrative and billing personnel. Each user on a team must have at least one role attached to them, and can hold multiple roles simultaneously.

You can assign one or more role types to team members, based on the functions those team members require:

Super Admin (Enterprise plans only) - Manages everything within a team, including team settings, members, roles, and resources. This role can view and manage all elements in internal and public workspaces. Super Admins can perform all actions that other roles can perform. For information on assigning this role, see Manage Super Admins.
Admin - Manages team members and team settings. Can also view monitor metadata and pause and resume monitors.
Billing - Manages team plan and payments. Billing roles can be granted by a Super Admin, Admin, or by a fellow team member with a Billing role.
Developer - Has access to all team resources and workspaces.
Community Manager (Enterprise plans only) - Manages the public visibility of workspaces and team profile.
Partner Manager (Internal, Enterprise plans only) - Manages all Partner Workspaces within an organization. Controls Partner Workspace settings and visibility, and can invite, remove, and manage partners. To learn more, see Partner team and Partner Workspace roles.

Partner (External, Enterprise plans only) - All partners are automatically granted the Partner role at the team level. Partners can only access the Partner Workspaces they’ve been invited to. To learn more, see Partner team and Partner Workspace roles.
Guest (Internal) - Views collections and sends requests in collections that have been shared with them. This role can’t be directly assigned to a user. To learn more, see Share collections with guest users.

If you are on a Postman Enterprise plan, you can also assign roles at the group level.

Team roles offer high-level access control:

Permission	Super Admin	Admin	Billing	Developer	Community Manager
Add users	✔	✔
Remove users	✔	✔
Update user email for other members of the team by SCIM	✔	✔
Manage Admins and Developers	✔	✔
Manage SSO	✔	✔
Add and edit custom domains	✔	✔			✔
Delete custom domains	✔	✔
View audit logs	✔	✔			✔
View usage data	✔	✔	✔	✔	✔
Manage Billing members	✔	✔	✔
Manage payment	✔		✔
Change plan	✔		✔
View shared APIs, collections, environments, mock servers, monitors, and flows	✔			✔	✔
View and create internal workspaces	✔			✔	✔
Change visibility of workspaces to internal or public	✔**			✔*	✔**
Enable public team profile	✔	✔			✔
Manage a team’s Private API Network***	✔

There are additional specialized roles for Enterprise teams:

API Network Manager - Manages a team’s Private API Network. To learn more, see Network roles.
API Governance Manager - Manages API governance within a team, including governance rules, functions, and governance groups. Also manages reusable components in the Postman Component Library.

* On non-Enterprise plans, any developer can change the visibility of workspaces.

** On Enterprise plans, only Super Admins and Community Managers can change and approve requests to change the visibility of a workspace to internal or public.

*** Enterprise plans only. Teams can allow users with the Folder Manager role to manage elements in specific folders in your team’s Private API Network.

Important

Team members with a Developer or Super Admin role consume a paid seat on your team. Team members who have only Admin or Billing roles become support users and don’t consume paid seats. Each team can have two support users.

Managing team roles

To learn how to manage team roles in Postman, see Manage your team.

Workspace roles

You can assign three role types in Postman workspaces: Admin, Editor, and Viewer. Partner Workspaces offer an additional role type: Partner Lead.

Admin - Can manage workspace resources and settings.
Editor (Enterprise plans only) - Can create and edit workspace resources.
Viewer (Enterprise plans only) - Can view, fork, and export workspace resources.
Partner Lead (External, Enterprise plans only) - Can invite other partners from their organization to join a Partner Workspace. To learn more, see Partner team and Partner Workspace roles.

Partners have different permissions for Workspace Editor and Viewer roles in Partner Workspaces (Enterprise plans only). To learn more, see Partner team and Partner Workspace roles.

You can use the Postman API to programmatically manage users and user groups for workspaces. For more information, see the Postman API collection.

The following roles control access at a workspace level:

Action	Admin	Editor	Viewer
Join and leave workspaces	✔	✔	✔
Send requests	✔	✔	✔
Add collections, environments, flows, and specifications	✔	✔
Edit and delete specifications	✔	✔
Move and delete collections, environments, and flows	✔	✔
Restore and permanently delete collections	✔	✔
Manage integrations	✔	✔
Add and delete monitors and mock servers	✔	✔
Move mock servers	✔	✔
Create and delete workspaces	✔
Edit workspace details	✔
Add and remove members	✔
Manage workspace roles	✔
Manage workspace visibility	✔*

* Workspace Editors can’t move or delete any API. They must have the API Admin role on APIs they want to move or delete.

** On Enterprise plans, an Admin for a workspace must request to change its visibility to public. This request will go to the Community Manager. On Team plans, if a team has no Community Manager assigned, an Admin for a workspace can control its visibility.

Element-based roles

At the element level, you can assign roles to team members that decide their level of access to the following elements:

Collection roles

You can assign two role types in Postman collections: Editor and Viewer.

Editor - Can edit collections directly
Viewer - Can view, fork, and export collections

Partners have different permissions for Collection Editor and Viewer roles in Partner Workspaces (Enterprise plans only). To learn more, see Partner team and Partner Workspace roles.

You can assign a limited Viewer role to a coworker who isn’t in your Postman team by allowing them to view specific collections. Users with this role can only view specific collections and send requests in the collections that have been shared with them.

The following roles control access at a collection level:

Collections	Editor	Viewer
Edit, delete, and restore collections	✔
View deleted collections	✔	✔
Manage roles on collections	✔
Export collections	✔	✔
Fork collections	✔	✔
Merge forks on collections	✔
Publish collection documentation and add to API Network	✔
Share collection variables	✔
Share collections to a different workspace	✔	✔
Tag collections	✔
Add, edit, and delete mock servers	✔

Environment roles

You can assign two role types for Postman environments: Editor and Viewer.

Editor - Can edit and manage environments
Viewer - Can view and use environments

The following roles control access at an environment level:

Environment	Editor	Viewer
View environment	✔	✔
Use environment	✔	✔
Edit environment variables	✔	✔
Share environment variables	✔
Edit and delete environments	✔
Manage environment roles	✔

Mock server roles

You can assign two role types for Postman mock servers: Editor and Viewer.

Editor - Can edit and manage mock servers
Viewer - Can view mock servers and associated metadata

The following roles control access at the mock server level:

Mock server	Editor	Viewer
View mock server	✔	✔
View mock server call logs and call log details	✔	✔
View mock server metadata	✔	✔
Edit and delete mock servers	✔
Manage mock server roles	✔

Monitor roles

You can assign two role types for Postman Monitors: Editor and Viewer.

Editor - Can view monitor metadata, metrics, jobs, and runs. Can also run, update, delete, pause, and resume the monitor.
Viewer - Can view monitor metadata, metrics, jobs, and runs.

Monitors	Editor	Viewer
View monitor	✔	✔
View monitor metadata, results, activity, and summary metrics	✔	✔
Create monitor read integrations	✔	✔
View monitor based integrations	✔	✔
Edit and delete monitor	✔
Run, pause, and resume monitor	✔
Update monitor roles	✔
Publish monitor reports	✔

Partner team and Partner Workspace roles

Partner team and Partner Workspace roles are available with Postman Enterprise plans. For more information, see the pricing page.

Partner team and Partner Workspace roles relate to Partner Workspaces and are applied at the team, workspace, and collection levels. There are different team and Partner Workspace roles you can assign to team members and external partners:

	For team members	For partners
Team level	Partner Manager	Partner
Workspace level	Admin, Viewer, Editor	Viewer, Editor Partner Lead (optional)
Collection level	Viewer, Editor	Viewer, Editor

You can assign the Partner Manager role to team members at the team level, and invite partners with the Partner role:

Partner Manager - Manages all Partner Workspaces within an organization. Controls Partner Workspace settings and visibility, and can send invites to partners. If no Partner Manager role is assigned, the Admin is auto-assigned the Partner Manager role when they create their first Partner Workspace.
Partner - Can only access the Partner Workspaces they’ve been invited to. All partners are assigned Workspace Editor or Viewer roles when invited to a Partner Workspace. You can edit Partner Workspace permissions for partners at the workspace and collection levels.

You can assign Partner Workspace roles to partners at the workspace level:

Partner Lead - Can invite other partners from their organization to join a Partner Workspace.
Editor - Partners can create and edit Partner Workspace resources, import and export elements, and fork elements to Partner Workspaces within the same team.
Viewer - Partners can view Partner Workspace resources and fork elements to another Partner Workspace within the same team where they’re assigned the Workspace Editor role.

You can also assign Partner Workspace roles to partners at the collection level:

Editor - Partners can export collections. They can also fork collections within the same Partner Workspace or to another Partner Workspace within the same team. They can’t fork collections outside the team.
Viewer - Partners can fork collections to another Partner Workspace within the same team where they’re assigned the Workspace Editor role. They can’t fork elements outside the team. Also, they can’t export collections.

To learn more about collaborating as a team member or partner, see Collaborate in a Partner Workspace.

Network roles

Network roles are available with Postman Enterprise plans.

Network roles related to your Private API Network are applied at the team and folder level.

You can assign the following role at the team level:

API Network Manager - Manages a team’s Private API Network, including adding elements and reviewing requests to add them.

Next steps

After learning about the roles available to team members, you can manage your team’s level of access and control more effectively.

To learn more about team management, including managing team roles and inviting collaborators to join your team, visit the Team management overview.

Certain team options are only available with paid plans. To learn which roles are available with your plan, go to your web dashboard.

Roles define user permissions within Postman and levels of access to a Postman element, like a collection or an API.

Organization roles

Postman Organizations is available with Postman Enterprise plans.

Each team within an organization has its own set of independent roles:

Team role	Capabilities
Organization Manager (Super Admin)	Has edit access to all elements within the organization and can edit the settings. Manages the entire organization, including its users (add/remove/invite/assign) and resources (view/edit/manage).
Team Manager (Admin)	Has edit access to all elements on the team. Manages the team and its resources. Automatically has access to all team workspaces.
Team Member-Developer	Can have edit access to all elements on the organization or team, but doesn’t automatically have access to workspaces, collections, and other elements unless given a role on that element. Can view all shared resources and can have Editor or Viewer access to any workspace or resource within the team. Automatically has access to all workspaces that are shared to the team when the workspace is set to Everyone in TeamName.
Collaborator	Can have a Developer or Viewer role. Developers can directly edit the element they’re assigned, while Viewers can only view or fork the element they’re assigned. Additionally, workspaces shared with the Team in the Workspace Access settings aren’t automatically shared with Collaborators. Must be granted access to workspaces either by setting the workspace to Everyone in OrgName or by being invited directly through a user or a team or group they belong to.

Only a Team Member can create workspaces in the team.
Sharing an element with a new user triggers the process of adding that user to the Team’s user list.
Any time a Team Member or Collaborator is removed from the Team’s user list, they lose access to everything in the Team (until they’re added back).

Team roles

You can assign one or more role types to team members, based on the functions those team members require:

Super Admin (Enterprise plans only) - Manages everything within a team, including team settings, members, roles, and resources. This role can view and manage all elements in internal and public workspaces. Super Admins can perform all actions that other roles can perform. For information on assigning this role, see Manage Super Admins.
Admin - Manages team members and team settings. Can also view monitor metadata and pause and resume monitors.
Billing - Manages team plan and payments. Billing roles can be granted by a Super Admin, Admin, or by a fellow team member with a Billing role.
Developer - Has access to all team resources and workspaces.
Community Manager (Enterprise plans only) - Manages the public visibility of workspaces and team profile.
Partner Manager (Internal, Enterprise plans only) - Manages all Partner Workspaces within an organization. Controls Partner Workspace settings and visibility, and can invite, remove, and manage partners. To learn more, see Partner team and Partner Workspace roles.

Partner (External, Enterprise plans only) - All partners are automatically granted the Partner role at the team level. Partners can only access the Partner Workspaces they’ve been invited to. To learn more, see Partner team and Partner Workspace roles.
Guest (Internal) - Views collections and sends requests in collections that have been shared with them. This role can’t be directly assigned to a user. To learn more, see Share collections with guest users.

If you are on a Postman Enterprise plan, you can also assign roles at the group level.

Team roles offer high-level access control:

Permission	Super Admin	Admin	Billing	Developer	Community Manager
Add users	✔	✔
Remove users	✔	✔
Update user email for other members of the team by SCIM	✔	✔
Manage Admins and Developers	✔	✔
Manage SSO	✔	✔
Add and edit custom domains	✔	✔			✔
Delete custom domains	✔	✔
View audit logs	✔	✔			✔
View usage data	✔	✔	✔	✔	✔
Manage Billing members	✔	✔	✔
Manage payment	✔		✔
Change plan	✔		✔
View shared APIs, collections, environments, mock servers, monitors, and flows	✔			✔	✔
View and create internal workspaces	✔			✔	✔
Change visibility of workspaces to internal or public	✔**			✔*	✔**
Enable public team profile	✔	✔			✔
Manage a team’s Private API Network***	✔

There are additional specialized roles for Enterprise teams:

API Network Manager - Manages a team’s Private API Network. To learn more, see Network roles.
API Governance Manager - Manages API governance within a team, including governance rules, functions, and governance groups. Also manages reusable components in the Postman Component Library.

* On non-Enterprise plans, any developer can change the visibility of workspaces.

** On Enterprise plans, only Super Admins and Community Managers can change and approve requests to change the visibility of a workspace to internal or public.

*** Enterprise plans only. Teams can allow users with the Folder Manager role to manage elements in specific folders in your team’s Private API Network.

Important

Managing team roles

To learn how to manage team roles in Postman, see Manage your team.

Workspace roles

You can assign three role types in Postman workspaces: Admin, Editor, and Viewer. Partner Workspaces offer an additional role type: Partner Lead.

Admin - Can manage workspace resources and settings.
Editor (Enterprise plans only) - Can create and edit workspace resources.
Viewer (Enterprise plans only) - Can view, fork, and export workspace resources.
Partner Lead (External, Enterprise plans only) - Can invite other partners from their organization to join a Partner Workspace. To learn more, see Partner team and Partner Workspace roles.

Partners have different permissions for Workspace Editor and Viewer roles in Partner Workspaces (Enterprise plans only). To learn more, see Partner team and Partner Workspace roles.

You can use the Postman API to programmatically manage users and user groups for workspaces. For more information, see the Postman API collection.

The following roles control access at a workspace level:

Action	Admin	Editor	Viewer
Join and leave workspaces	✔	✔	✔
Send requests	✔	✔	✔
Add collections, environments, flows, and specifications	✔	✔
Edit and delete specifications	✔	✔
Move and delete collections, environments, and flows	✔	✔
Restore and permanently delete collections	✔	✔
Manage integrations	✔	✔
Add and delete monitors and mock servers	✔	✔
Move mock servers	✔	✔
Create and delete workspaces	✔
Edit workspace details	✔
Add and remove members	✔
Manage workspace roles	✔
Manage workspace visibility	✔*

* Workspace Editors can’t move or delete any API. They must have the API Admin role on APIs they want to move or delete.

Element-based roles

At the element level, you can assign roles to team members that decide their level of access to the following elements:

Collection roles

You can assign two role types in Postman collections: Editor and Viewer.

Editor - Can edit collections directly
Viewer - Can view, fork, and export collections

Partners have different permissions for Collection Editor and Viewer roles in Partner Workspaces (Enterprise plans only). To learn more, see Partner team and Partner Workspace roles.

The following roles control access at a collection level:

Collections	Editor	Viewer
Edit, delete, and restore collections	✔
View deleted collections	✔	✔
Manage roles on collections	✔
Export collections	✔	✔
Fork collections	✔	✔
Merge forks on collections	✔
Publish collection documentation and add to API Network	✔
Share collection variables	✔
Share collections to a different workspace	✔	✔
Tag collections	✔
Add, edit, and delete mock servers	✔

Environment roles

You can assign two role types for Postman environments: Editor and Viewer.

Editor - Can edit and manage environments
Viewer - Can view and use environments

The following roles control access at an environment level:

Environment	Editor	Viewer
View environment	✔	✔
Use environment	✔	✔
Edit environment variables	✔	✔
Share environment variables	✔
Edit and delete environments	✔
Manage environment roles	✔

Mock server roles

You can assign two role types for Postman mock servers: Editor and Viewer.

Editor - Can edit and manage mock servers
Viewer - Can view mock servers and associated metadata

The following roles control access at the mock server level:

Mock server	Editor	Viewer
View mock server	✔	✔
View mock server call logs and call log details	✔	✔
View mock server metadata	✔	✔
Edit and delete mock servers	✔
Manage mock server roles	✔

Monitor roles

You can assign two role types for Postman Monitors: Editor and Viewer.

Editor - Can view monitor metadata, metrics, jobs, and runs. Can also run, update, delete, pause, and resume the monitor.
Viewer - Can view monitor metadata, metrics, jobs, and runs.

Monitors	Editor	Viewer
View monitor	✔	✔
View monitor metadata, results, activity, and summary metrics	✔	✔
Create monitor read integrations	✔	✔
View monitor based integrations	✔	✔
Edit and delete monitor	✔
Run, pause, and resume monitor	✔
Update monitor roles	✔
Publish monitor reports	✔

Partner team and Partner Workspace roles

Partner team and Partner Workspace roles are available with Postman Enterprise plans. For more information, see the pricing page.

	For team members	For partners
Team level	Partner Manager	Partner
Workspace level	Admin, Viewer, Editor	Viewer, Editor Partner Lead (optional)
Collection level	Viewer, Editor	Viewer, Editor

You can assign the Partner Manager role to team members at the team level, and invite partners with the Partner role:

Partner Manager - Manages all Partner Workspaces within an organization. Controls Partner Workspace settings and visibility, and can send invites to partners. If no Partner Manager role is assigned, the Admin is auto-assigned the Partner Manager role when they create their first Partner Workspace.
Partner - Can only access the Partner Workspaces they’ve been invited to. All partners are assigned Workspace Editor or Viewer roles when invited to a Partner Workspace. You can edit Partner Workspace permissions for partners at the workspace and collection levels.

You can assign Partner Workspace roles to partners at the workspace level:

Partner Lead - Can invite other partners from their organization to join a Partner Workspace.
Editor - Partners can create and edit Partner Workspace resources, import and export elements, and fork elements to Partner Workspaces within the same team.
Viewer - Partners can view Partner Workspace resources and fork elements to another Partner Workspace within the same team where they’re assigned the Workspace Editor role.

You can also assign Partner Workspace roles to partners at the collection level:

Editor - Partners can export collections. They can also fork collections within the same Partner Workspace or to another Partner Workspace within the same team. They can’t fork collections outside the team.
Viewer - Partners can fork collections to another Partner Workspace within the same team where they’re assigned the Workspace Editor role. They can’t fork elements outside the team. Also, they can’t export collections.

To learn more about collaborating as a team member or partner, see Collaborate in a Partner Workspace.

Network roles

Network roles are available with Postman Enterprise plans.

Network roles related to your Private API Network are applied at the team and folder level.

You can assign the following role at the team level:

API Network Manager - Manages a team’s Private API Network, including adding elements and reviewing requests to add them.

Next steps

After learning about the roles available to team members, you can manage your team’s level of access and control more effectively.

To learn more about team management, including managing team roles and inviting collaborators to join your team, visit the Team management overview.