Granular Permissions Explained
Granular permissions are the foundation of any deal-grade VDR. They let the seller share with multiple bidders without exposing each to the other's data, segregate clean-team commercial data, and produce a defensible record of who saw what when.
Last updated: May 2026.
The Permission Model
A standard model: users belong to groups; groups have folder/document permissions; permissions cascade unless overridden. Effective permission for a document is the most restrictive of group + folder + document.
Common Patterns
- Per-bidder groups. Each bidder has its own group; folder access scoped per-bidder.
- Role templates. Per-role permission templates (legal, finance, tax) applied to each bidder's group members.
- Clean-team rooms. Sub-room with restricted membership; commercially sensitive data sits here.
- View-only with watermark. Default for sensitive documents.
- Time-locked access. Auto-revoke after offer deadlines.
Auditing Permissions
Best practice: weekly permission audits during the deal. Confirm each user is in the right group, each group has the right folders, and any non-default overrides are documented.
Frequently Asked Questions
What is a clean team in a VDR?
A small group of expert advisors with access to commercially sensitive data (typically pricing, customer-by-customer revenue, supplier-by-supplier cost) that cannot be shared with the bidder's commercial team. The VDR enforces the segregation through a dedicated sub-room with restricted permissions.