App Assignment Reporting
Answer "who has access to what?" instantly — pivot by app or by user, then export for audits.
Overview
During audits, offboarding, or license reviews, you need a clear answer to "who has access to what?" fast. App Assignment Reporting gives you a single view of every user-to-app relationship in your organization. Instead of cross-referencing spreadsheets, you get the answer in seconds.
The report supports two pivot modes — by app and by user — with search, pagination, and export to Google Sheets, CSV, TSV, or JSON.
How It Works
ShiftControl tracks app assignments continuously, whether they were made directly to a user or inherited through a group. The report aggregates that data into an expandable, searchable table. You choose the angle:
- Pivot by App — Start from an app, expand to see every user who has access and how they got it (direct assignment or via a specific group).
- Pivot by User — Start from a user, expand to see every app they can access and which group grants it.
Both views trace back to the assignment source, so you can see exactly why someone has access — not just that they do.
Common Scenarios
| Scenario | How the report helps |
|---|---|
| Compliance audit | Pivot by app to show auditors exactly who has access to a regulated system. Export as CSV for their records. |
| Offboarding | Pivot by user to see every app a departing employee holds. Cross-reference with their User Detail page to verify revocation. |
| License optimization | Pivot by app to identify users who hold seats in tools they no longer use. Reclaim those licenses — cross-reference with the App Spend Dashboard to see what each unused license costs. |
| Security review | Pivot by app for sensitive systems. Confirm access is granted only through approved groups, not ad-hoc direct assignments. |
Viewing Assignments by App
Toggle to App to see every app in your org. Expand any row to see:
- User name and email — who has access
- Title and department — context for whether this access makes sense
- Assignment method — direct assignment or inherited from a specific group (with group name shown)
If you see a user who shouldn't have access, you can click their name to go to their User Detail page and investigate which group is granting it.
Viewing Assignments by User
Toggle to User to start from people instead of apps. Expand any row to see every app that user can access and the assignment method for each.
This view is especially useful during offboarding — you can see at a glance every tool a departing employee has access to, and whether it's granted directly or through a group. If it's group-based, deactivating the user will revoke it automatically.
Exporting Data
Click Export to download the current view. Available formats:
- Google Sheets — opens directly in your Google Workspace
- CSV / TSV — for spreadsheet tools or compliance systems
- JSON (Flattened or Nested) — for programmatic consumption
Exports respect your active pivot and search filters, so you can generate targeted reports for specific apps, departments, or audit scopes.
Things to Know
- Both direct and group assignments are included. No need to run separate queries — the report shows the full picture.
- Toggling pivots preserves your search. Switch between App and User views without losing your filter.
- Reports reflect current state. For historical snapshots, export regularly or use your identity provider's audit logs.
- Group assignments trace back to the source group. If you need to change who has access to an app, the assignment method tells you whether to edit the user or the group.
Related Features
- User Detail — App Permissions tab — See and revoke individual OAuth grants for a specific user
- App Spend Dashboard — See the cost impact of app assignments
- Group Management — Manage the groups that drive most app assignments
- App Discovery — Find apps users are accessing that aren't yet in your managed app list