We are using a crosstable (in Excel) with the users on the left side, the application-name on the right and an identifyer, whether the user is allowed to access
Then with a script like
LET sFile = CHR(39) & UPPER(DocumentName) & CHR(39); // current filename in Apostrophs
UsersAll: CROSSTABLE (FileName, AccessAllowed) LOAD * FROM ....; // Load entire data
Users: LOAD 'USER' AS ACCESS, UserName WHERE AccessAllowed = 'Y' AND MATCH(FileName, $(sFile)); // Select only users being allowed the access for this particular app.
Typically we have stored the above in a textscript and insert in each application only the line
$(Include=\\......\qv-security$\QV Access Script.txt);
edit: we usually use NT-names, which makes the identification even easier.