When I was about to create a new workspace I tried ticking the checkbox to limit visibility of the workspace, but got the message the workspace was visible for everyone (when you don’t have enterprise accounts).
What does this mean in practice? Does that mean that all requests I make, including tokens I may hardcode into them during testing, can be inspected in real-time by others that casually might inspect my workspace? That would be such a security hole.
Or does it simply mean people can view the members of my workspace? That would not be that critical.
@fatso83 it means that the data is visible only to your team. No data would be visible to people outside your team unless published.
If you’d like for team members not to see any of your data, you can work in a Personal workspace and not share anything that you don’t want.
If you’re working with others but you’d still like to protect your tokens, you can use the current value of variables to store them. These aren’t synced and hence would not be shared. This workflow is described here - https://blog.getpostman.com/2018/08/09/sessions-faq/
Enterprise plan gives you the ability to control who can see and join the workspace, even within your team.
If I misunderstood something or if you have more questions, happy to answer them!
Welcome to the Postman community ! Anyone who is a part of your Postman team(Users who are invited to join by the Admin) can join and view any of the workspaces created by other team members.
There is a way for you to ensure that you keep tokens and secrets local only to your instance and invisible to everyone else by storing your secrets in the current values field of the environment and adding a placeholder in the initial values(which is synced to the cloud and visible to other team members) field as shown in the below image:
