Home/ Questions/Q 7436535
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-29T10:15:17+00:00

I am developing a stored proc for an SSRS 2008 report, but I want

  • 0

I am developing a stored proc for an SSRS 2008 report, but I want to limit the data output according to the role of the user running the report. How do I do this? What I wanted to do was to retrieve the Windows user name and filter the records based on this, but users are using the “sa” account to login to the server. So now I’m thinking I should use the AD login instead.

I’ve also seen how security can be setup in SSRS instead of the T-SQL sproc so that users have access to appropriate folders. But this second approach sounds much more cumbersome since we have many different reports and because I want users to have access to all reports, but just access to different parts of the data.

Is it better to implement security via SSRS groups and folders on the report server or else inside the T-SQL sproc?

I looked at that link for the “(=User.UserID)” solution, but am having trouble implementing this. What I did: I created a dataset in SSRS by selecting the text query:

select people_id from people_rv where last_name like 'd%'

This returns a list of people_id’s

Then, I created a new parameter and set it equal to the above dataset for available values. And I made it Text datatype and allow Null and Blank values. No default values. Finally, I set visibility for the tablix:

=iif(Parameters!staff_id.Value in (select people_id from users),1,0)

But this generates an error. How can I reformulate this tablix expression?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Regardless of the method used to access the data source you can still retrieve the user ID (=User.UserID) that is accessing the report. Set this to an internal parameter in SSRS, and you can then incorporate security into your queries very easily.

    Check out the answer to this question submitted a few minutes after yours.

    More specific details of implementation using BIDS and SSRS 2008R2 (2008 should be identical)

    1. Create a parameter, let’s call it “UserID”. Type should be Text, and parameter visibility should be “Internal”
    2. The Default value for this parameter should be set to Specify Values, and add a value: =User.UserID
    3. As a temporary debugging aid, drag the parameter to your design surface to create a textbox with the value of the UserID. (Preview the report and see that this is getting set to your user ID if you’d like to confirm.)

    4. Create a dataset for your next parameter: Create a dataset that will only list available values for this user. The query might be something like:

      SELECT
   CategoryName,
   CategoryID
FROM
   Categories c
INNER JOIN
   CategoryPermissions cp
ON c.ID = cp.CategoryID
INNER JOIN
   Users u
ON cp.UserID = u.People_ID
WHERE u.WindowsAccount = @UserID

    5. Set up a parameter that you will display to the user. It should get its available values from the query in the previous step.

    6. Set up your main dataset. It should both use the value of the parameter from step 5 as well as the permissions query from step 4. Something like:

      SELECT
  *
FROM
   Products p
INNER JOIN
   Categories c
ON p.CategoryID = c.ID
INNER JOIN
   CategoryPermissions cp
ON c.ID = cp.CategoryID
INNER JOIN
   Users u
ON cp.UserID = u.People_ID
WHERE u.WindowsAccount = @UserID
AND c.CategoryName in ( @Categories )

      (This double checks that the user has the permission to see this category.)

    • 0