0

If a make a @UserID hidden parameter in my SSRS report and set that server side in a ReportViewer control is that parameter then secure or could it be altered by the end user?

I am using SSRS 2017.

LarsHJ
  • 205
  • 1
  • 11

1 Answers1

1

The user would be able to run the report by passing in the parameter value in a URL to open the report. I wouldn't think most users have the technical skills to do so, but it is possible.

Here's a link to show you how they would have to create the URL. https://myserver/Reportserver?/SQL+Server+User+Education+Team/_ContentTeams/folder123/team+project+report&teamgrouping2=xgroup&teamgrouping1=ygroup

Here's the Microsoft documentation:

https://learn.microsoft.com/en-us/sql/reporting-services/pass-a-report-parameter-within-a-url

aduguid
  • 3,099
  • 6
  • 18
  • 37
  • 1
    Possible is enough to not do this with a UserId. Apparantly it seems I might be able to use internal parameter instead. I was originally of the impression you couldn't set those values outside the report itself, but read some people saying you can still set internal through ReportViewer control. If so that will be the way to go for me instead, currently testing. – LarsHJ Jan 15 '18 at 12:06