Can you protect a postman collection?

Hi All,

I’m wondering if there is a way to ‘protect’ a postman collection so that changes to it can only be made using the ‘merge changes’ option and changes cannot be directly saved into the collection without going through the merge workflow.

I know that I can set other users to not have editing privileges and then they can request their changes be made through a pull request. However, one user still needs to be an editor to accept these changes. How do I ensure this editor user doesn’t accidentally save changes into the collection?

Many thanks,

Adam

Hi @adamislip.

Welcome to the Postman Community!

The flow you described perfectly works. Maintaining one single editor who reviews all changes make to the collection in a pull request. Since this reviewer will have editor or admin privileges, there isn’t a way to limit them from updating a collection manually. The reviewer needs to be careful not to unintentionally make updates to the collection.

Each element will have a Role Based Access Control, depending on the licence tier that you have, you can restrict access to an element to a certain person, team members with a certain role, group of users etc.

As well as this, there are a few options that can be applied to a element which can control when changes are merged.

Again, depending on plan type, you can have the ability to restore a Collection back to a previous point if changes are accidently saved to a Collection. This can be done via the Changelog.

This is a very basic example:

Thank you Gbadebo and Danny for both of your replies.

So it sounds like the user which is the editor of the collection really needs to take care not to accidentally save any changes to the collection.

My worry is that it is quite easy to unintentionally save changes to the endpoints when the editor user is testing endpoints (maybe they close POSTMAN tabs in the client and choose the save changes option by accident).

My primary concern is that if these collections are published any accidental changes by the editor would be made public. Is there any way we can change the publishing workflow so changes have to be approved before being made public?

Thanks!