Access control is the single most important capability a data room has. Most platforms ship either a blunt all-or-nothing model or a permissions matrix so complex you'd need an admin to run it. CAPLINK threads the needle with a cascading, inheritance-based model that mirrors how fundraises actually run.
Grant a folder and everything inside it is granted, unless you explicitly exclude a sibling or a subfolder. Excluded roots and per-file overrides always win over inherited grants. That lets you set up a tight permission tree in minutes — and adjust it without re-auditing the whole room.
Advisors get access through engagements. An engagement defines the scope (usually whatever the hiring investor sees) and the duration. When it closes, the advisor's access is revoked automatically — no manual cleanup, no forgotten ex-advisor with persistent access to your forecast.
Instant revoke is just that: invalidates active signed URLs, hides folders from the investor's UI, and is recorded in the audit log with the actor and reason. Useful when a process dies; essential when something goes wrong.
Stop running access via a tracking spreadsheet. Run it in the same room where the files live.