In Postman, access control on resources is built on the principle of role-based access control (RBAC). This means that users are assigned roles on resources, and roles map to particular permissions that allow the users to perform certain actions on these resources (team, workspace, collection, etc.).
Roles can be assigned to each team member at the team level based on their function in the organization. These roles and their capabilities in Postman are:
Admin: Manage team members and team settings
Billing: Manage team plan and payments
Developer: Access team resources and workspaces
Community Manager: Manage public visibility of workspaces and team profile
Developers and community managers can have further granular roles on specific workspaces. These roles are:
Admin: Manage workspace details and members
Collaborator: Work on team resources in a workspace like APIs, collections, environments, etc.
They can also have the “editor” or “viewer” role on individual Postman elements (collections, environments, APIs, monitors, and mock servers). Learn more about these roles here.
As an admin for a team, you can manage access for all your team members by assigning specific roles to them directly from the Manage Team page. In addition, as an editor of a Postman element or an admin of a workspace, you can assign roles on an element or workspace, respectively, to other members of the team.
However, with the growing number of users being added to and collaborating in teams, managing access to resources for each user individually can be hard and tedious for team admins and element editors.
With the new Postman groups feature, as an admin for a team, you can now organize your team members into functional groups to mimic your organizational structure and easily manage roles for all the members of a group. You can assign specific roles directly to these groups, enabling access to specific resources for all the members of the group. The subsequent addition of users to a group automatically provides them the required access to the right resources. Furthermore, any additional access can easily be granted to all group members by directly assigning the relevant role to the group itself, greatly reducing the need to constantly assign roles to individual users. Additionally, you can add a user to multiple groups, enabling them to gain access to all relevant resources to carry out their work.
Similarly, as an element editor, in addition to being able to assign a role on a Postman element to a user individually, you can choose to assign a role directly to a group. This makes access management on elements very easy and efficient.
An example use case
Imagine an admin creates an “Intern” group that is granted access to a few workspaces, APIs, and collections. New interns joining the organization just need to be added to this group to ensure that they have the right access to all relevant workspaces, APIs, and collections—no need to assign them each individually. Note that the admin only needs to make the decision about which roles to grant to the “Intern” group once rather than every time a new intern is added to the team. If additional roles need to be granted to interns, it just needs to be granted to the “Intern” group, and all the members will automatically have the added access. Moreover, while an intern is a part of the “Intern” group, the admin may choose to add them to the functional group they belong to, like security, design, development, etc., to grant them any additional access they may need to effectively carry out their work in Postman.
How to get started
Groups are available on Postman’s Enterprise plan (see all Postman plans). To use groups in Postman, head over to the “Groups” tab on the Manage Team page. As a team admin, you can create or delete groups, manage group membership (add or remove members), and assign roles to the group. Once set up, group roles can be managed in the same way as roles are presently managed for users. Learn more about groups here.