Permissions control who can access a data room and what actions they can perform.
They can be applied at multiple levels and are inherited by default, allowing you to share documents broadly or restrict access to specific folders or files where required.
Permission levels
Data rooms use four permission levels:
View: Access the data room and preview its contents.
Upload: Add documents and create folders.
Download: Download documents and export content.
Edit: Manage the data room structure and content, including renaming, deleting and reorganising items.
Note: Users with View permission can preview files in the browser. Previewing downloads the file to the browser cache but does not grant Download permission
How permission levels relate to each other
Permissions are independent, but View access is always required to interact with a data room.
Upload, Download and Edit include View access.
Edit does not automatically include Upload or Download.
Upload and Download do not automatically include Edit.
This means you can, for example:
Allow a user to upload documents without allowing them to reorganise folders.
Allow a user to download documents without allowing them to upload new versions.
Grant Edit access while separately controlling whether uploads or downloads are permitted.
Permissions must be combined intentionally to reflect each user’s role.
Where permissions can be applied
Permissions can be applied at three levels:
Data room level: Controls access to the entire data room.
Folder level: Controls access to a specific folder and everything within it.
File level: Controls access to an individual document.
By default, permissions are inherited from the parent level. This means folders and files inherit permissions from the data room unless they are explicitly overridden.
Overriding inherited permissions
Lower-level permissions can be used to restrict access relative to the parent level.
For example:
A user has Edit permission at the data room level.
A specific folder is set to View only.
In this case:
The folder-level restriction applies.
The user can view the folder but cannot upload, edit or move content within it.
The folder is treated as restricted for edit actions.
If a user attempts to move files or folders into a restricted location, the action is blocked and an error message is displayed.
Note: Data room-level Edit permission does not override folder or file-level restrictions
This ensures sensitive content can be protected even when broader permissions exist elsewhere in the data room.
Applying permissions during setup
Many admins choose to:
Build the folder structure first.
Upload documents.
Apply permissions once the structure is finalised.
This approach reduces the risk of accidentally sharing incomplete or incorrectly structured content.
Matter admin access
Matter Admins always retain full access to all data rooms within the matter.
This ensures that:
Misconfigured permissions can be corrected.
Accidental lockouts can be resolved.
Administrative oversight is maintained.
No additional override rules are required. Matter Admins can always regain access if needed.