Reputation: 205
Are SQL Reporting Services Hidden Parameters Secure?
If a make a @UserID hidden parameter in my SSRS report and set that server side in a ReportViewer control is that parameter then secure or could it be altered by the end user?
I am using SSRS 2017.
Upvotes: 0
Views: 269
Answers (1)
Reputation: 3195
The user would be able to run the report by passing in the parameter value in a URL to open the report. I wouldn't think most users have the technical skills to do so, but it is possible.
Here's a link to show you how they would have to create the URL. https://myserver/Reportserver?/SQL+Server+User+Education+Team/_ContentTeams/folder123/team+project+report&teamgrouping2=xgroup&teamgrouping1=ygroup
Here's the Microsoft documentation:
https://learn.microsoft.com/en-us/sql/reporting-services/pass-a-report-parameter-within-a-url
Upvotes: 1
Related Questions
- Security within SQL queries
- SSRS Parameters Hidden and Unhidden
- SSRS Hidden dataset from parameter in query is missing
- make SQL Report hidden parameter visible when creating subscription
- SSRS Hidden parameter results in "Parameter X is missing a value"
- Securing SSRS report parameter
- How can you hide/unhide Reporting Services report parameters via URL query string?
- ssrs parameters visibility
- SSRS 2005 Parameter Based Security
- SQL Reporting Services 2005 - Non-queried Report Parameters