Standard reports¶
The Standard Reports section is the catalog of pre-configured reports Permission Assist ships out of the box. Each report below has a dedicated page with its narrative, use cases, output formats, sections, and full column reference — select a report name to open its detail page.
If you want to build a report from scratch by filtering current or reviewed permissions, see the DIY Reports page instead.
Identity reports¶
Reports scoped to one identity or many — useful for identity-level audits, lifecycle records, and access-model enrollment views.
| Report | What it covers |
|---|---|
| Identity Details | Every application and privilege an identity currently holds, with risk ratings — from the most recent import data. |
| Reviewed Privileges | An identity's privileges as captured by their most recent applicable review — the frozen snapshot of reviewed access. |
| Complete History | Every personnel event and access request across an identity's lifespan, available as a single summary or a ZIP package with attachments. |
| All Identities Summary | The organization-wide identity roster, with directory fields, classification, lifecycle dates, and any configured custom fields. |
| Approved Enrollments | Every active identity and the access models they are enrolled in, with optionality, expiration, and reason. |
Application reports¶
Reports scoped to a single application — for inventory, cleanup, and per-application audit work.
| Report | What it covers |
|---|---|
| Application Users | Every user account in an application, with the matched identity, account type, and credential hygiene; Summary or Details mode. |
| Orphaned Accounts | Application user accounts assigned to disabled or removed identities — the cleanup candidates when access wasn't fully revoked. |
| Ghost Accounts | Application user accounts with no matched identity — accounts with no known person behind them. |
| Identity Representation | Matched users, unmatched users, and unmatched identities for an application — coverage and gaps in one report. |
| Last Login Date | Application users with their last login, password expiration, and account expiration dates — the credential-hygiene snapshot. |
| Application Groups | Every group in an application; the Details mode expands each group with its enlisted users and privileges. |
| Reviewing Supervisors | Every application user and group with the supervisor responsible for reviewing them, including any reassignments. |
| Application Responsibilities | The organization-wide map of who owns and provisions each application (Application Manager and Provision Engineer assignments). |
Access model reports¶
| Report | What it covers |
|---|---|
| Detailed Export | A full configuration export of a single access model — conditions, enrolled identities, and per-application privilege definitions including any denied applications. |
Personnel event reports¶
Reports scoped to onboarding, offboarding, role-transition, and leave-of-absence activity — for lifecycle audit and active-work tracking.
| Report | What it covers |
|---|---|
| Onboarding | Onboarding events — currently open or all events from the last 18 months — with identity, status, assignee, and needed-by date. |
| Offboarding | Offboarding events — currently open or all events from the last 18 months — with identity, status, assignee, and revoke-at date. |
| Role Transitions | Role-transition events — currently open or all events from the last 18 months — with identity, status, assignee, needed-by, and overlapping-until dates. |
| Leaves of Absence | Leave-of-absence events — currently open or all events from the last 18 months — with identity, status, assignee, suspend-at, and restore-by dates. |
| Custom Audit Package | A ZIP audit package across multiple personnel events within a custom date range, with full event details, linked access requests, and attachments. |
Review reports¶
Reports scoped to a single review — for review-time audit, compliance evidence, and post-review analysis.
| Report | What it covers |
|---|---|
| Overview Summary | A high-level summary of a review — dates, type, statistics, approval workflow, and per-application completion. |
| All Review Items | The complete, item-by-item record of a review — every item with its status, ideal-access result, and full action history. |
| Flagged | Every flagged or remediated review item, with reviewer names, action dates, and the full action history. |
| Remediated | Every remediated review item paired with its linked remediation access request, with merged action history. |
| Has Comments | Every review item with at least one comment, including the full comment thread per item. |
| Self-Reviewed | Items where a reviewer approved their own access — the conflict-of-interest report every IAM audit asks for. |
| Single Reviewer | Approved items reviewed by exactly one person — useful for confirming review depth. |
| Stand-in Reviewers | Items reviewed by a surrogate when the original reviewer was unavailable. |
| Separation Rule Violations | Review items flagged by separation-of-duties rules, with reviewer names, action dates, and comments. |
| Ideal Access | Every review item compared to the user's ideal access — the four-value assessment of how each user's access measures up. |
| Last Login Date | Every application user in a review with their last login, password expiration, and account expiration dates. |
| Application Imports | A ZIP package containing the raw application-import files used in a review, plus per-import summary PDFs. |
| Application Audit Package | Every report and file for a single application in a review, bundled into one ZIP. |
| Complete Audit Package | Every report and file for all applications in a review, bundled into one ZIP — the full review audit artifact. |
| Reviewed Applications | An analytical summary of review activity across applications — pending, approved, flagged, and remediated counts for tracking trends over time. |