diff --git a/lib/access.go b/lib/access.go
index 77b4a85..66ff8b5 100644
--- a/lib/access.go
+++ b/lib/access.go
@@ -329,13 +329,43 @@ func EnsureCategoryEntry(dossierID string, category int) (string, error) {
 }
 
 // CanAccessDossier returns true if accessor can read dossier (for quick checks)
+// Falls back to old dossier_access for backward compatibility
 func CanAccessDossier(accessorID, dossierID string) bool {
-	return CheckAccess(accessorID, dossierID, "", 'r') == nil
+	// Check new RBAC system first
+	if CheckAccess(accessorID, dossierID, "", 'r') == nil {
+		return true
+	}
+
+	// Fallback: check old dossier_access table
+	var result []struct {
+		Status int `db:"status"`
+	}
+	err := Query(
+		"SELECT status FROM dossier_access WHERE accessor_dossier_id = ? AND target_dossier_id = ? AND status = 1",
+		[]any{accessorID, dossierID},
+		&result,
+	)
+	return err == nil && len(result) > 0 && result[0].Status == 1
 }
 
 // CanManageDossier returns true if accessor can manage permissions for dossier
+// Falls back to old dossier_access.can_edit for backward compatibility
 func CanManageDossier(accessorID, dossierID string) bool {
-	return CheckAccess(accessorID, dossierID, "", 'm') == nil
+	// Check new RBAC system first
+	if CheckAccess(accessorID, dossierID, "", 'm') == nil {
+		return true
+	}
+
+	// Fallback: check old dossier_access table
+	var result []struct {
+		CanEdit int `db:"can_edit"`
+	}
+	err := Query(
+		"SELECT can_edit FROM dossier_access WHERE accessor_dossier_id = ? AND target_dossier_id = ? AND status = 1",
+		[]any{accessorID, dossierID},
+		&result,
+	)
+	return err == nil && len(result) > 0 && result[0].CanEdit == 1
 }
 
 // GrantAccess creates an access grant