diff --git a/src/backend/routers/case_manager.test.ts b/src/backend/routers/case_manager.test.ts
index 438782b3..cf0b04e1 100644
--- a/src/backend/routers/case_manager.test.ts
+++ b/src/backend/routers/case_manager.test.ts
@@ -7,7 +7,7 @@ import {
 } from "@/backend/lib/db_helpers/case_manager";
 import { UserType } from "@/types/auth";
 
-test("getMyStudents", async (t) => {
+test("getMyStudents - can fetch students", async (t) => {
   const { trpc, db, seed } = await getTestServer(t, {
     authenticateAs: UserType.CaseManager,
   });
@@ -29,6 +29,20 @@ test("getMyStudents", async (t) => {
   t.is(myStudents[0].student_id, student_id);
 });
 
+test("getMyStudents - paras do not have access", async (t) => {
+  const { trpc } = await getTestServer(t, { authenticateAs: UserType.Para });
+
+  const error = await t.throwsAsync(async () => {
+    await trpc.case_manager.getMyStudents.query();
+  });
+
+  t.is(
+    error?.message,
+    "UNAUTHORIZED",
+    "Expected an 'unauthorized' error message"
+  );
+});
+
 test("getMyStudentsAndIepInfo - student does not have IEP", async (t) => {
   const { trpc, db, seed } = await getTestServer(t, {
     authenticateAs: UserType.CaseManager,
@@ -82,6 +96,20 @@ test("getMyStudentsAndIepInfo - student has IEP", async (t) => {
   t.deepEqual(myStudentsAfter[0].end_date, iep.end_date);
 });
 
+test("getMyStudentsAndIepInfo - paras do not have access", async (t) => {
+  const { trpc } = await getTestServer(t, { authenticateAs: UserType.Para });
+
+  const error = await t.throwsAsync(async () => {
+    await trpc.case_manager.getMyStudentsAndIepInfo.query();
+  });
+
+  t.is(
+    error?.message,
+    "UNAUTHORIZED",
+    "Expected an 'unauthorized' error message"
+  );
+});
+
 test("addStudent - student doesn't exist in db", async (t) => {
   const { trpc, db } = await getTestServer(t, {
     authenticateAs: UserType.CaseManager,
@@ -278,6 +306,25 @@ test("addStudent - invalid email", async (t) => {
   }
 });
 
+test("addStudent - paras do not have access", async (t) => {
+  const { trpc } = await getTestServer(t, { authenticateAs: UserType.Para });
+
+  const error = await t.throwsAsync(async () => {
+    await trpc.case_manager.addStudent.mutate({
+      first_name: "Foo",
+      last_name: "Bar",
+      email: "invalid-email",
+      grade: 6,
+    });
+  });
+
+  t.is(
+    error?.message,
+    "UNAUTHORIZED",
+    "Expected an 'unauthorized' error message"
+  );
+});
+
 test("removeStudent", async (t) => {
   const { trpc, db, seed } = await getTestServer(t, {
     authenticateAs: UserType.CaseManager,
@@ -306,6 +353,22 @@ test("removeStudent", async (t) => {
   t.is(after.length, 0);
 });
 
+test("removeStudent - paras do not have access", async (t) => {
+  const { trpc } = await getTestServer(t, { authenticateAs: UserType.Para });
+
+  const error = await t.throwsAsync(async () => {
+    await trpc.case_manager.removeStudent.mutate({
+      student_id: "student_id",
+    });
+  });
+
+  t.is(
+    error?.message,
+    "UNAUTHORIZED",
+    "Expected an 'unauthorized' error message"
+  );
+});
+
 test("getMyParas", async (t) => {
   const { trpc, db, seed } = await getTestServer(t, {
     authenticateAs: UserType.CaseManager,
@@ -326,6 +389,20 @@ test("getMyParas", async (t) => {
   t.is(myParas.length, 1);
 });
 
+test("getMyParas - paras do not have access", async (t) => {
+  const { trpc } = await getTestServer(t, { authenticateAs: UserType.Para });
+
+  const error = await t.throwsAsync(async () => {
+    await trpc.case_manager.getMyParas.query();
+  });
+
+  t.is(
+    error?.message,
+    "UNAUTHORIZED",
+    "Expected an 'unauthorized' error message"
+  );
+});
+
 test("addStaff", async (t) => {
   const { trpc } = await getTestServer(t, {
     authenticateAs: UserType.CaseManager,
@@ -351,6 +428,24 @@ test("addStaff", async (t) => {
   t.is(createdPara.email, newParaData.email);
 });
 
+test("addStaff - paras do not have access", async (t) => {
+  const { trpc } = await getTestServer(t, { authenticateAs: UserType.Para });
+
+  const error = await t.throwsAsync(async () => {
+    await trpc.case_manager.addStaff.mutate({
+      first_name: "Foo",
+      last_name: "Bar",
+      email: "foo@bar.com",
+    });
+  });
+
+  t.is(
+    error?.message,
+    "UNAUTHORIZED",
+    "Expected an 'unauthorized' error message"
+  );
+});
+
 test("addPara", async (t) => {
   const { trpc, seed } = await getTestServer(t, {
     authenticateAs: UserType.CaseManager,
@@ -367,6 +462,22 @@ test("addPara", async (t) => {
   t.is(myParas.length, 1);
 });
 
+test("addPara - paras do not have access", async (t) => {
+  const { trpc } = await getTestServer(t, { authenticateAs: UserType.Para });
+
+  const error = await t.throwsAsync(async () => {
+    await trpc.case_manager.addPara.mutate({
+      para_id: "para_id",
+    });
+  });
+
+  t.is(
+    error?.message,
+    "UNAUTHORIZED",
+    "Expected an 'unauthorized' error message"
+  );
+});
+
 test("removePara", async (t) => {
   const { trpc, db, seed } = await getTestServer(t, {
     authenticateAs: UserType.CaseManager,
@@ -390,3 +501,19 @@ test("removePara", async (t) => {
   myParas = await trpc.case_manager.getMyParas.query();
   t.is(myParas.length, 0);
 });
+
+test("removePara - paras do not have access", async (t) => {
+  const { trpc } = await getTestServer(t, { authenticateAs: UserType.Para });
+
+  const error = await t.throwsAsync(async () => {
+    await trpc.case_manager.removePara.mutate({
+      para_id: "para_id",
+    });
+  });
+
+  t.is(
+    error?.message,
+    "UNAUTHORIZED",
+    "Expected an 'unauthorized' error message"
+  );
+});