We have a security situation which we have to address very fast.
We had created a report in which an employee number was sent as a parameter and a report for that employee would get generated. The link for this report was sent to various employees on email. While this worked perfectly, the employees soon realiased that if they change the employee number in the link they could see the data of another employee.
I have a master table at the backend which stores the windows ad id for each employee. When the parameters are submitted to the SSRS report, i would like to check whether the windows ad id of the user who has sent the report request, is equal the the windows AD id of the employee code (as derived by a look up from the above table). if the two are not equal then the report should not fire, and should a message as 'Unauthorised Access'.
Is such a conditional execution of an SSRS report possible ? In which event would such checking be done ? Any sample code ?
An urgent reply would be highly appreciated.
Sanjay Shah