IMMICASERole-Based Access Control for Immigration Firms
Not everyone on your team needs to see everything. Immigration cases contain highly sensitive personal information, and Canadian privacy law requires that access to this data be limited to those who need it. Immicase provides granular, role-based access control with five distinct user roles, consultant case isolation, and PII protection built in.
Why Access Control Is Non-Negotiable for Immigration Practices
Immigration case files contain some of the most sensitive personal information imaginable: passport numbers, social insurance numbers, medical examination results, criminal background check outcomes, financial records, and detailed personal histories. Under the Personal Information Protection and Electronic Documents Act (PIPEDA), Canadian immigration firms have a legal obligation to limit access to personal information to those individuals who need it to perform their duties.
Beyond legal compliance, access control is essential for maintaining client trust. Clients share deeply personal information with their immigration consultant, and they expect that information to be protected. A firm where every employee can see every client's file -- regardless of whether they work on that case -- is not meeting this expectation.
Immicase addresses these requirements with a role-based access control system that limits what each team member can see and do based on their role in the firm and their assignment to specific cases. This is not a bolt-on feature -- it is a foundational architectural decision that governs every interaction with the platform.
Five User Roles Designed for Immigration Firms
Immicase provides five pre-configured roles that reflect the typical structure of a Canadian immigration firm. Each role has a carefully defined set of permissions that balance productivity with data protection.
Owner
The firm owner has unrestricted access to every feature, case, and setting in Immicase. Owners can manage billing, add or remove team members, configure firm-wide settings, and access all reports and audit logs. This role is designed for the principal consultant or managing partner who bears ultimate responsibility for the firm's operations and regulatory compliance.
Key Permissions
- Full access to all cases, clients, and documents
- User management: invite, deactivate, and assign roles
- Billing and subscription management
- Firm-wide settings and configuration
- All reports, analytics, and audit trail exports
- Data export and backup management
Admin
Administrators have broad access similar to the Owner but without billing and subscription management. This role is ideal for office managers, practice managers, or senior team members who need to oversee day-to-day operations, manage team assignments, and access reporting without full ownership-level control.
Key Permissions
- Access to all cases and client records
- Team task assignment and workload management
- Report generation and analytics access
- Document template management
- Audit trail viewing and export
- User invitation and role assignment (except Owner)
Consultant
Consultants see only the cases assigned to them, ensuring client confidentiality and case isolation. This role is designed for RCICs and immigration lawyers who manage their own caseload. Consultants can perform all case-related actions on their assigned files but cannot access cases belonging to other consultants in the firm.
Key Permissions
- Full case management for assigned cases only
- Document upload, review, and approval on own cases
- Client communication and timeline management
- Task creation and completion on own cases
- Invoice creation for own cases
- Personal workload and deadline views
Assistant
Assistants support consultants with document management, scheduling, and administrative tasks. They can view case details and update documents but cannot make case status decisions, approve documents, or access financial information. This role is designed for paralegals, case coordinators, and administrative staff.
Key Permissions
- View case details for cases they are assigned to support
- Upload and manage documents on assigned cases
- Create and update tasks on assigned cases
- Log communications and timeline entries
- No access to financial data or invoicing
- No authority to change case status or approve documents
Auditor
Auditors have read-only access to case records, audit trails, and compliance reports. This role is designed for internal compliance officers, external auditors, or regulatory reviewers who need to review firm records without the ability to modify any data. Auditors cannot create, edit, or delete any information in the system.
Key Permissions
- Read-only access to all case records and timelines
- Full audit trail viewing and export
- Compliance report generation
- Document viewing without download or modification rights
- No ability to create, edit, or delete any records
- Activity limited to viewing and exporting for review purposes
Consultant Case Isolation
One of the most important access control features in Immicase is consultant case isolation. When a consultant logs in, they see only the cases assigned to them. They cannot browse, search for, or access cases belonging to other consultants in the firm. This is not a UI filter that can be bypassed -- it is enforced at the data access layer, meaning that the system physically prevents unauthorized case access.
Case isolation is critical for multi-consultant firms where different RCICs manage independent caseloads. It ensures that each consultant's clients enjoy the confidentiality they expect, even within a shared platform. If a consultant leaves the firm, their cases can be reassigned to another consultant by an Admin or Owner, at which point the new consultant gains access and the departing consultant's access is revoked.
For cases that require collaboration between consultants -- for example, a complex file that involves both an LMIA specialist and an Express Entry consultant -- the Admin or Owner can grant shared access to specific cases without opening up the consultant's entire caseload. This granular approach ensures that collaboration does not come at the expense of confidentiality.
PII Protection and Data Security
Personally Identifiable Information (PII) in immigration files demands the highest level of protection. Immicase implements multiple layers of security to ensure that sensitive client data is protected both from external threats and from unauthorized internal access.
Encryption at Rest
All data stored in Immicase is encrypted at rest using industry-standard AES-256 encryption. Even if storage media were physically compromised, the data would be unreadable without the encryption keys.
Encryption in Transit
All data transmitted between your browser and the Immicase servers is encrypted using TLS 1.3. This prevents interception of sensitive information during transit over the internet.
Canadian Data Residency
All Immicase data is stored on Canadian-hosted infrastructure. Your clients' personal information never leaves Canadian jurisdiction, meeting PIPEDA requirements for data residency.
Session Management
Automatic session timeout after periods of inactivity. Concurrent session limits prevent unauthorized access from multiple locations. All sessions are logged in the audit trail.
Protect your clients' data with confidence
Immicase provides role-based access control with consultant case isolation, PII protection, and Canadian data residency. Give your team access to what they need -- and nothing more.