In this article, we explain how you can set the permissions for the Portfolio and Pending Portfolio pages. The permissions control which companies a user can see in their Portfolio and Pending Portfolio, and they are set based on user groups.

How to open data.json5 for editing

Before beginning these instructions, please follow this guide:How to upload files via WebDAV so you are able to connect to your Boss Insights Portal via WebDAV.

The portal server contains code and configuration files that run your Boss Insights portal. Please do not make any unnecessary changes to any files.

  1. Connect to your Boss Insights Portal via WebDAV. The guide linked above has detailed instructions for doing this. Once connected, you should see a screen showing you the folders/files on your Portal.

  2. Click to expand ‘public/dashboard' folder. There should be a file there named ‘data.json5’. This is the file that must be edited to change portfolio permissions. Create a backup copy of the file by right-clicking and selecting 'Duplicate’. Use the default suggested name for the duplicate file. Never make changes to the data.json5 file without first creating a backup copy.

  3. Right-click on the ‘data.json5’ file and select ‘Edit With’, and choose your preferred text editor from the list. The data.json5 file will be opened in the selected text editor, and any time you save changes to the file, your copy will immediately overwrite the data.json5 file on the server.

How to change Portfolio permissions in data.json5

Permissions are configured by user groups. You can read more about user groups and how to use them here: https://bossinsights.atlassian.net/wiki/spaces/SC/pages/56164354/Users+Groups#Group-Management

  1. Press ctrl+F and search for the word “portfolio” until you find a section of the file that looks similar to this:

      portfolio: {
        owners: [
          'admins',
          'users'
        ],
        permissions: [
          {
            groups: [
              'admins'
            ],
            access: {
              view: 'all',
              edit: true
            }
          },
          {
            groups: [
              'users'
            ],
            access: {
              view: 'own'
            }
          }
        ],
        fields: [
        ...
    JSON

  2. Configure who can be an ‘Owner’ of a portfolio company by adding or removing groups in the “owners” array. Any user that belongs to a group in the “owners” array can be selected as an Owner of a portfolio company.

  3. The “permissions” array is an array of objects, where each object can be thought of as a permissions policy. The ‘policy’ object has a “groups” array which is a list of groups that the policy applies to, and an “access” object which determines the permissions granted by the policy. Create as many policy objects as is needed for your use case, whether that is a single policy that applies to all groups, or one policy per group.

        ...
        permissions: [
          {
            groups: [   // list of groups that the following access permissions apply to
              'admins'
            ],
            access: {
              view: 'all', // what companies are visible in the portfolio? 'all' or 'own'
              edit: true // can they use the 'Change Owner' button? true or false (or not set)
            }
          },
          {
            groups: [
              'users'
            ],
            access: {
              view: 'own'
            }
          }
        ],
          ...
    CODE

  4. Configure which companies are visible in the portfolio using the “access”->”view” setting. If ”view” is set to ‘all’, users in the applicable group will be able to see any and all companies in their portfolio. If ”view” is set to ‘own’, they will only be able to see companies for which they are the ‘Owner’. If ”view” is not set, they will not see any companies in their portfolio.

  5. Configure who can use the ‘Change Owner’ button using the “access”->”edit” setting. If ”edit” is set to true, users in the applicable group will be able to edit the Owners of portfolio companies using the ‘Change Owner’ button at the top right of the portfolio. If ”edit” is set to false, or not set at all, they will not have access to the ‘Change Owner’ button.

  6. Once you have made all of your changes, put them live on your Boss Insights Portal by using WebDAV. If you opened data.json5 using WebDAV’s “Edit With” option, simply save your file by pressing ctrl+S or going to File->Save, and your file will be automatically uploaded to your Portal server. If you downloaded data.json5, you can upload your modified version by dragging and dropping it into your WebDAV window, and confirming that you want to overwrite the existing data.json5.

How to Change Pending Portfolio Permissions in data.json5

Permissions are configured by user groups. You can read more about user groups and how to use them here: https://bossinsights.atlassian.net/wiki/spaces/SC/pages/56164354/Users+Groups#Group-Management

  1. Press ctrl+F and search for the word “invitations” until you find a section of the file that looks similar to this:

      invitations: {
        uniqueJoinField: 'company-legal-name',
        owners: [
          'admins',
          'users'
        ],
        permissions: [
          {
            groups: [
              'admins'
            ],
            access: {
              view: 'all',
              add: true
            }
          },
          {
            groups: [
              'users'
            ],
            access: {
              view: 'own',
              add: true
            }
          }
        ],
        fields: [
        ...
    JSON

  2. Configure who can be an ‘Owner’ of an invitation by adding or removing groups in the “owners” array. Any user that belongs to a group in the “owners” array can be selected as an Owner of an invitation.

  3. The “permissions” array is an array of objects, where each object can be thought of as a permissions policy. The ‘policy’ object has a “groups” array which is a list of groups that the policy applies to, and an “access” object which determines the permissions granted by the policy. Create as many policy objects as is needed for your use case, whether that is a single policy that applies to all groups, or one policy per group.

        ...
        permissions: [
          {
            groups: [   // list of groups that the following access permissions apply to
              'admins'
            ],
            access: {
              view: 'all', // what invitations are visible in the pending portfolio? 'all' or 'own'
              add: true // can they use the 'Invite Account' and 'Upload Account List' buttons? true or false (or not set)
            }
          },
          {
            groups: [
              'users'
            ],
            access: {
              view: 'own',
              add: true
            }
          }
        ],
          ...
    CODE

  4. Configure which invitations are visible in the pending portfolio using the “access”->”view” setting. If ”view” is set to ‘all’, users in the applicable group will be able to see any and all invitations in their pending portfolio. If ”view” is set to ‘own’, they will only be able to see invitations for which they are the ‘Owner’. If ”view” is not set, they will not see any invitations in their pending portfolio.

  5. Configure who can use the 'Invite Account' and 'Upload Account List' buttons using the “access”->”edit” setting. If ”edit” is set to true, users in the applicable group will be able to create new invitations using the 'Invite Account' and 'Upload Account List' buttons at the top right of the pending portfolio. If ”edit” is set to false, or not set at all, they will not have access to the 'Invite Account' and 'Upload Account List' buttons.

  6. Once you have made all of your changes, put them live on your Boss Insights Portal by using WebDAV. If you opened data.json5 using WebDAV’s “Edit With” option, simply save your file by pressing ctrl+S or going to File->Save, and your file will be automatically uploaded to your Portal server. If you downloaded data.json5, you can upload your modified version by dragging and dropping it into your WebDAV window, and confirming that you want to overwrite the existing data.json5.