diff --git a/SharepointToolbox/Core/Models/UserAccessEntry.cs b/SharepointToolbox/Core/Models/UserAccessEntry.cs
new file mode 100644
index 0000000..7db095d
--- /dev/null
+++ b/SharepointToolbox/Core/Models/UserAccessEntry.cs
@@ -0,0 +1,33 @@
+namespace SharepointToolbox.Core.Models;
+
+/// <summary>
+/// Classifies how a user received a permission assignment.
+/// </summary>
+public enum AccessType
+{
+    /// <summary>User is directly assigned a role on the object.</summary>
+    Direct,
+    /// <summary>User is a member of a SharePoint group that has the role.</summary>
+    Group,
+    /// <summary>Permission is inherited from a parent object (not unique).</summary>
+    Inherited
+}
+
+/// <summary>
+/// One row in the User Access Audit results grid.
+/// Represents a single permission that a specific user holds on a specific object.
+/// </summary>
+public record UserAccessEntry(
+    string UserDisplayName,     // e.g. "Alice Smith"
+    string UserLogin,           // e.g. "alice@contoso.com" or "i:0#.f|membership|alice@contoso.com"
+    string SiteUrl,             // The site collection URL where this permission exists
+    string SiteTitle,           // The site collection title
+    string ObjectType,          // "Site Collection" | "Site" | "List" | "Folder"
+    string ObjectTitle,         // Name of the list/folder/site
+    string ObjectUrl,           // URL of the specific object
+    string PermissionLevel,     // e.g. "Full Control", "Contribute"
+    AccessType AccessType,      // Direct | Group | Inherited
+    string GrantedThrough,      // "Direct Permissions" | "SharePoint Group: Members" etc.
+    bool IsHighPrivilege,       // True for Full Control, Site Collection Administrator
+    bool IsExternalUser         // True if login contains #EXT#
+);