CODEWITHSUNDEEP
reporting-services
Jesse Taber
Jesse Taber

Reputation: 2386

How can I determine what AD security groups the current user is in from within an SSRS report?

I have a need to determine what security group(s) a user is a member of from within a SQL Server Reporting Services report. Access to the report will be driven by membership to one of two groups: 'report_name_summary' and 'report_name_detail'. Once the user is executing the report, we want to be able to use their membership (or lack of membership) in the 'report_name_detail' group to determine whether or not a "drill down" should be allowed.

I don't know of any way out of the box to access the current user's AD security group membership, but am open to any suggestions for being able to access this info from within the report.

Upvotes: 4

Views: 7604

Answers (2)

Ralph177
Ralph177

Reputation: 201

In Reporting Services just use :

Public Function IsMemberOfGroup() As Boolean

If System.Threading.Thread.CurrentPrincipal.IsInRole("MyADGroup") Then
    Return True
Else
    Return False
End If

End Function

as indicated in this posting

Note: This works once the report is deployed to server but not in the IDE.

Upvotes: 1

PJ8
PJ8

Reputation: 1278

You can add custom code to a report. This link has some examples.

Theoretically, you should be able to write some code like this, and then use the return value to show/hide what you want. You may have permissions problems with this method, though.

Public Function ShouldReportBeHidden() As Boolean
Dim Principal As New System.Security.Principal.WindowsPrincipal(System.Security.Principal.WindowsIdentity.GetCurrent())
If (Principal.IsInRole("MyADGroup")) Then
    Return False
Else
    Return True
End If
End Function

Alternatively, you could add your detail report as a subreport of your summary report. Then you could use the security functionality built in to SSRS to restrict access to your sub report.

Upvotes: 6

Related Questions