Skip to content

Roles

Why this matters

A role defines a user's general level in ImmCase: which modules they can see, which actions they can perform. Without roles, the whole team would have access to everything — including system configuration and sensitive financial data not everyone should see.

ImmCase ships with base roles (Super Admin, Admin, Manager, Consultant, etc.) and lets you create custom roles for your practice's needs.

Base roles that ship with ImmCase

  • Super Admin — full access to everything, including system configuration. Bypasses all permissions. Assign to 1-2 people max.
  • Admin — access to configuration and all data. No Super Admin bypass, but operates with broad permissions.
  • Manager — manages teams and reports. No technical config access.
  • Sales Rep / RCIC Consultant — daily use of cases, applicants, communication. No config access.
  • Support Rep — for the helpdesk. Cases assigned to support, no broad access.
  • Viewer — read-only. Useful for external auditors.

Create a custom role

  1. Sidebar → SettingsRolesCreate.
  2. Fill in:
  3. Name of the role (for example, "Junior Paralegal", "External Accountant").
  4. Short description.
  5. Parent role — you inherit its permissions as a base.
  6. Save.

Now add specific permissions via profiles. More in Profiles.

Role hierarchy

Roles can have a parent role, forming a hierarchy:

Super Admin
  └── Admin
        └── Manager
              ├── Senior RCIC Consultant
              │     └── Junior RCIC Consultant
              ├── Senior Paralegal
              │     └── Junior Paralegal
              └── Administrative Staff

When a role inherits from another, it gets its permissions as a base. You can add more permissions to the child role, but it can't have less than the parent (because of inheritance).

This lets you define "Junior RCIC Consultant" as "Senior RCIC Consultant but with fewer permissions" by adding restrictions.

Screenshot: role hierarchy tree with parent/child relationships

Assign a role to a user

When creating or editing a user → Role field → pick from the catalog. Each user has one primary role (only one).

For additional permissions without changing the primary role, use Profiles (a user can have several profiles).

Modify an existing role

Be careful modifying a role that has users assigned:

  1. Any change affects immediately every user with that role.
  2. Removing a permission can break in-flight workflows (the user editing a case loses the Save button).

Best practice:

  • For small changes: do them during low-activity periods.
  • For big changes: create a new role, test with one user, adjust, then migrate the rest.

Roles + Spatie under the hood

For technical administrators: ImmCase uses the Spatie library for roles and permissions. Each role maps to specific database permissions. To understand the technical detail, see docs/ROLES_PERMISSIONS_PROFILES.md in the developer documentation.

Watch out for

  • Don't delete a role with users assigned. Reassign users to another role first, then delete.
  • Super Admin isn't for everyone who says "I need full access". Ask first what they need to do — it's almost always solved with a specific profile, not Super Admin.
  • Renaming a role doesn't break anything, but it confuses people used to the old name. Announce the change.

Where to next

  • Profiles — more granular permissions that stack on top of the role.
  • Modules — which modules exist to assign permissions on.