Guest Access is crippled

Without the ability to save variables or create an environment, the guest access feature is completely handicapped and useless.

Our collections use variables to switch hostname between our development and production servers. So the syntax of a request is like this:

https://{{hostname}}/users/login

We cannot find a way to make this work because there is no environment or variable storage in the collection (or globally in the guest account). So we cannot just tell the guest to make a onetime change to define the hostname variable in their environment and have it apply to all requests in a collection.

Not only that, our requests use an inherited Bearer Token defined at the collection level during login. The initial login runs a post-response script to populate the token value in the environment, like this:

var jsonData = JSON.parse(responseBody);
postman.setEnvironmentVariable(“token”, jsonData.token);

So this also won’t work because there’s no environment. This means the login credentials have to be applied to each and ever request. This is frustrating.

Hi @wmclaxton. Welcome to the Postman Community .

A Guest invited to any collection has view-only access to that collection, and collection artifacts like environments and variables are not shared with the guest. An environment in Postman is tied to a workspace and not to a specific collection; therefore, giving a guest access to that environment can give them access to variables used on other collections that are not very relevant to the users themselves.

I recommend that the guests fork this specific collection and set up their own environments. They only need to do this the first time.

Alternatively, if you’re comfortable with it, you can invite them to your workspace with viewer only access. This should give them access to environments in that Workspace. If you do this, remember to store variables you want to share across your team as “initial values” and not “current values” as current values are not synced with Postman Cloud and hence will not be shared with anyone with access to that Workspace.

You said: “I recommend that the guests fork this specific collection and set up their own environments.” Guests cannot edit or fork anything. Perhaps you are suggesting that I export JSON data and send it to my colleague, rather than making them a guest?

You also said: “invite them to your workspace with viewer only access”. Isn’t this what Guest access is - viewer only? And what are ‘initial values’ and ‘current values’. I can’t see any variables in the guest account. Initial values seems to be a feature of private workspaces only. Could you be more specific about how to create viewer only access with variables?

Another thing I would like to point out is that inviting my guests to become team members is also problematic because there is no privacy. That is, any team member can see and edit any collection in any team workspace. Even if I wanted to limit a team member to a specific workspace, there is no way to accomplish it in Postman.

Hi @wmclaxton.

A guest can “fork” a collection they’ve been shared access to. Is the fork Icon not working for you? See the screenshot below.

Screenshot 2024-10-31 at 17.58.503818×2088 469 KB

A guest has access to variables in a collection that has been shared with them. If you click on the name of the collection and navigate to the “variables” tab, you should see this screen.

image1920×1050 80.4 KB

You can learn about initial and current variable values here

Roles can be managed at the team level as well as at the workspace level. You can see here to learn how you can manage roles at the workspace level.

I was hoping to use this feature to share collections for colleagues / partners who just need to run the collections occasionally and don’t need to edit or contribute back.

I’ve hit a couple of issues. The environment is not shared as you have mentioned above.

But the bigger issue for us is we have started using the Package Library to reduce duplicated code and this is also not supported for guests.

I thought this was going to be a great feature until I’ve drilled into it. Hopefully it will become more usable over time.

Hi @cruxto.

Yes, the package library isn’t shared with guests. It’s a relatively new feature that we are constantly improving and making better and I’ll do well to relay this feedback to the relevant team. They’ve been actively looking into sharing access for the package library and right now, you need to have write access to the collection(editor role upwards) to atleast see scripts in the package library.

I am not trying to be argumentative or annoying, but I have to respond to your assertions.

1. You said: “A guest can “fork” a collection”. Indeed, the fork icon is visible to guests. However when selecting this icon, the following text is displayed: “You need to request for a role change to perform more actions on this collection.” So clearly, guests cannot fork any shared collection.

2. Thank you for clarifying what is meant by ‘initial values’ and ‘current values’ of variables. I now understand what you mean when you say: “current values are not synced with Postman Cloud”.

3. You said “Roles can be managed at the… workspace level”. You need to qualify this as only available to those with Enterprise Plans. Otherwise the ability to ‘Change Access’ is limited to ‘only me’, ‘team members’ and ‘public’. Since the collection is already accessable to the team, the only real choice is to make it private, which voids the sharing. As I said previously, there is no collection or workspace privacy because any team member can see and edit any collection in any team workspace.

4. You said: “A guest has access to variables in a collection that has been shared with them.” To test this, I added a variable called ‘server’ to a collection in a team workspace, set the initial value and then created a guest link (ie- a Shared URL with permission to request an upgrade to a team member). In another browser I opened the guest link. When I clicked on the name of the collection and navigated to the “variables tab” I saw the message “No variables in this collection - Request additional access to this collection to add variables” which is clearly an upsell to become a team member. I stand by my assertion that there is no environment or variable storage in a collection when accessed using the guest feature.

So in my testing I find that most of your assertions are not valid, at least for those not having the luxury of an enterprise plan.

1. Yes. This is correct. Before a guest can fork the collection, the team admin first needs to approve the fork requests, and the guest needs to be converted to a developer on the team.
2. To give viewer-only access to a Workspace, you need at least a professional license.
3. I am not able to replicate this on my end. If you take a look at the screenshots I shared above, you will see that the variables are viewable, but only the current values are modifiable.

One thing you could do here that won’t require you to obtain a license is “share your collection via the API.” This option provides the guest with the collection in JSON format, and they can import it into a separate Workspace using that same URL by clicking the import button to the right of the name of the Workspace.

Thanks for your response @gbadebo-bello,

For now we are working arround it for now by merging environment variables in to the collection variables and removing any references to the package library and adding those functions to the collection too.

I know it’s not ideal, as it more work maintaining two collections when sharing work, but at least we don’t have to export the collection & environment data and pass it arround that way.

Small wins