How can I configure the collection to require a PR? No direct write access
According to copilot I should be able to:
Restrict Direct Edits
- Change the main collection’s permissions:
- Assign Viewer access to all contributors (including Editors).
- Only allow a few trusted Admins or Leads to retain Editor access.
- This prevents direct edits and forces contributors to fork and submit PRs.
but I’m not seeing any options to set collection permissions.
To require a pull request before changes are merged into a collection—such as a branch in a GitHub repository—you need to configure branch protection rules or rulesets by navigating to your repository’s settings, selecting “Branches” or “Rulesets,” and adding a rule for your desired branch (e.g., main); then, enable the “Require a pull request before merging” option, which prevents direct write access and ensures all changes go through PRs, with additional options available for requiring reviews, status checks, or code owner approvals, and after saving these settings, collaborators will only be able to push changes via pull requests, not directly to the protected branch—note that this setup applies to GitHub repositories, while Postman collections do not currently support PR-style workflows, so collaboration there relies on workspace roles and sharing permissions.
it does: Create a pull request to contribute to an element you forked | Postman Docs
what am I missing? 
Postman now supports a pull request–like workflow for collections and APIs. To contribute changes, you first need to fork the collection or API into your own workspace, make your updates in the fork, and then use the “Contribute” or “Create Pull Request” option in the Postman web app, which sends a contribution request to the original owner for review and merging. Direct write access to the original element is only available to workspace collaborators with edit permissions, so if you are not a collaborator, you must use the fork-and-contribute workflow. If you do not see the “Contribute” or “Create Pull Request” option, ensure you are working in a forked version of the collection or API, as this feature is only available for forks.
This is what I understood from the docs
Hi @mdepouw-rj 
.
Welcome to the Postman Community 
.
TL;DR
You need to accurately configure permissions and follow POLP(Principle of Least Privilege).
Long Answer
Enforcing the right permissions at the Workspace level is really the right way to go here. If you click on the name of a Workspace and navigate to the Workspace settings tab, you will see the options to configure specific roles there. You can choose to add members of your team as viewers in that Workspace and give admin(or editor) access to certain people.
See how to manage workspace roles in Postman
Once permissions are appropriately set up, only people with editor or admin access can modify artifacts in that workspace. These include environments, collections, APIs, monitors, etc.
Just like a repository on GitHub, a Collection is a collaborative element that can be forked. Because members of your team do not have write access to your collections, this means that they need to first fork that collection to a different Workspace to contribute to it. When they are done making changes, they can create a Pull Request and select specific reviewers.
A reviewer who is an admin/editor on the base Workspace can review this pull request, see a diff of what was changed, leave comments, and approve/reject the Pull request accordingly.
See how version control is done in Postman
so those user(s) still have direct write access, bummer. I wash hoping there was a way to force everyone to submit a PR.
thanks for the detailed response!
@mdepouw-rj The only way to do this is to revamp RBAC at the Workspace level. Everyone one will be forced to make a PR is they only had view access to the Workspace