How to disable creating public workspace

How to disable creating public workspace:

One of my team member created a public workspace and imported a collection having OAuth keys. It is exposed to public and resulted in security breach. As a preventive measure, we would like to disable creating public workspaces.

Could you please let me know if there is an option to prevent users selecting ‘Anyone on the internet’ option during workspace creation.

Thank you,

Hey @spaceflight-cosmona3 :wave:

Welcome to the Postman community :postman:

There are specific roles at the Enterprise tier which control that flow and limit the creation of Public elements to a certain role (Community Manager), this is done via a request visibility change flow which is approved or denied.

We have various measures and messages, along the way before anyone makes anything public at every tier though.

The screenshot that you shared highlights this but they are also in other place where a Workspace or Collection can be made public.

Once something is made public, you will also received an in-app and email notification from the secret scanner, about any exposed sensitive information. This is something that the team admin would have also seen.

I would highly recommend making use of the Postman Vault to store sensitive data such as tokens and API Keys, these can be referenced use the Postman variable syntax.

Also, ensure that you use the current value and not the initial value for variables, if these hold sensitive information that you don’t want to be synced.