Share a dataroom with an investor group
Create a viewer group, grant per-document permissions, and share it with one group link.
A dataroom rarely has one audience. The lead investor sees everything, the co-investors see the deck and the financials, and nobody outside the cap table sees the term sheet. Groups model exactly that: each group is a named audience with its own members and its own per-document view/download permissions, shared through its own link.
The script: create the group, add members, grant permissions, mint a group link. Two things to know up front:
- A new group sees nothing until you grant permissions.
- Group links are always email-gated; a viewer must be a member
(by email or domain) to get in, unless the group has
allow_all.
DR_ID=dr_K8mN2pQr
# 1. Create the group. Domain members are implicit: anyone
# @sequoia.com counts without being listed.
GID=$(papermark datarooms groups create "$DR_ID" \
--name "Co-investors" \
--domains sequoia.com \
--json | jq -r '.data.id')
# 2. Add explicit members (idempotent, no emails are sent)
papermark datarooms groups members add "$DR_ID" "$GID" \
-e jane@fund.vc,joe@angel.dev
# 3. Grant access. Item ids come from `datarooms documents`;
# ancestor folders of visible items are shown automatically.
papermark datarooms documents "$DR_ID" # find the item ids
papermark datarooms groups permissions set "$DR_ID" "$GID" \
--item ddoc_deck --type document --view on --download on
papermark datarooms groups permissions set "$DR_ID" "$GID" \
--item fld_financials --type folder --view on
# 4. Mint the group link (email protection is forced on)
papermark links create --dataroom "$DR_ID" --group "$GID" \
--name "Co-investor access" \
--allow-downloadEveryone in the group opens the same URL and sees only the deck and the financials folder. Later changes to the group's permissions or members apply to the existing link immediately, no re-sharing.
Audit who got in with
papermark datarooms viewers
or per-link views via
papermark views list.
TOKEN=pm_live_…
DR_ID=dr_K8mN2pQr
# 1. Create the group
GID=$(curl -sX POST "https://api.papermark.com/v1/datarooms/$DR_ID/groups" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"name":"Co-investors","domains":["sequoia.com"]}' \
| jq -r '.id')
# 2. Add explicit members
curl -sX POST "https://api.papermark.com/v1/datarooms/$DR_ID/groups/$GID/members" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"emails":["jane@fund.vc","joe@angel.dev"]}'
# 3. Grant per-item permissions (delta semantics: omitted items
# keep their state; ancestors of visible items auto-show)
curl -sX PUT "https://api.papermark.com/v1/datarooms/$DR_ID/groups/$GID/permissions" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"permissions": [
{"item_id": "ddoc_deck", "item_type": "dataroom_document", "can_view": true, "can_download": true},
{"item_id": "fld_financials", "item_type": "dataroom_folder", "can_view": true, "can_download": false}
]
}'
# 4. Create the group link
curl -X POST https://api.papermark.com/v1/links \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d "{
\"dataroom_id\": \"$DR_ID\",
\"audience_type\": \"group\",
\"group_id\": \"$GID\",
\"name\": \"Co-investor access\",
\"allow_download\": true
}"Required scopes: datarooms.write, links.write. See the
API reference for the full request and
response shapes.
In my "Acme Series B" Papermark dataroom, create a viewer group called "Co-investors". Add jane@fund.vc and joe@angel.dev, and admit anyone with a sequoia.com email. Give the group view and download access to the pitch deck and view-only access to the Financials folder, then create a share link for the group with downloads enabled.
The agent chains search_datarooms → create_dataroom_group →
add_dataroom_group_members → list_dataroom_documents /
list_dataroom_folders (to resolve item ids) →
set_dataroom_group_permissions → create_link with
audience_type: "group".
One-off links without a group
If one recipient needs a custom file selection and a group is
overkill, set permissions directly on a link instead:
papermark links permissions set
(or PUT /v1/links/{id}/permissions). Link permissions are
full-replace and apply to that link only; on group links they are
ignored because the group's permissions win.
Removing access
- Remove one member:
papermark datarooms groups members remove <id> <gid> <memberId>. They lose access on their next visit. - Hide a document from the group: re-send it with
--view off --download off. - Delete the group: this also deletes every link pointing at it, cutting off the whole audience at once.