This article explains how role-based access control works in the Leapwork Performance Portal.
This page covers the Performance Portal only. It does not cover Admin Portal functions such as user invitation, role assignment.
Overview
Leapwork Performance Portal permissions are applied by role and by portal area.
The current portal areas covered by RBAC are:
-
Projects
-
Folders
-
Sequences
-
Timelines
-
Run results
-
Data items
-
Settings
Permission legend:
|
Permission |
Meaning |
|---|---|
|
Create |
Create new items or start new actions in that area |
|
Read |
Open and view items in that area |
|
Update |
Edit or change items in that area |
|
Delete |
Remove items in that area |
Current role model
In the current version of the Performance Portal RBAC model, these roles are included in the portal permission matrix:
-
Leapwork Admin
-
Super Admin
-
Admin
-
User
-
Viewer
Permission matrix
|
Portal area |
Leapwork Admin |
Super Admin |
Admin |
User |
Viewer |
|---|---|---|---|---|---|
|
Projects |
Create, Read, Update, Delete |
Create, Read, Update, Delete |
Create, Read, Update, Delete |
Read |
Read |
|
Folders |
Create, Read, Update, Delete |
Create, Read, Update, Delete |
Create, Read, Update, Delete |
Create, Read, Update, Delete |
Read |
|
Sequences |
Create, Read, Update, Delete |
Create, Read, Update, Delete |
Create, Read, Update, Delete |
Create, Read, Update, Delete |
Read |
|
Timelines |
Create, Read, Update, Delete |
Create, Read, Update, Delete |
Create, Read, Update, Delete |
Create, Read, Update, Delete |
Read |
|
Run results |
Create, Read, Update, Delete |
Create, Read, Update, Delete |
Create, Read, Update, Delete |
Create, Read, Update, Delete |
Read |
|
Data items |
Create, Read, Update, Delete |
Create, Read, Update, Delete |
Create, Read, Update, Delete |
Create, Read, Update, Delete |
Read |
|
Settings |
Create, Read, Update, Delete |
Create, Read, Update, Delete |
Create, Read, Update, Delete |
Read |
Read |
What this means in practice
Leapwork Admin, Super Admin, and Admin
These three roles currently have the same level of access inside the Performance Portal. They can create, view, edit, and delete content across all supported portal areas.
User
The User role can fully work with:
-
Folders
-
Sequences
-
Timelines
-
Run results
-
Data items
The User role has view-only access to:
-
Projects
-
Settings
Viewer
The Viewer role has view-only access across all supported portal areas. Viewers can open and inspect content, but they cannot create, edit, run, or delete content.
Portal behavior
When a role does not have access to an action, Leapwork Performance Portal applies that restriction in the product experience.
Depending on the page and action, the portal may:
-
hide unavailable actions from menus
-
show content in read-only mode
-
block edit interactions
-
reject unauthorized requests on the server side
This means access control is enforced both in the user interface and in backend request handling.
Scope note
This article is intentionally limited to RBAC behavior inside the Leapwork Performance Portal.