SQL Server Reporting Services Column Level Security

By:   |   Comments   |   Related: > Reporting Services Security


Problem

In general, reports provide singular and comparative analysis and can be formatted as statistical, tabular or graphical. At times, confidential data should only be available to certain users. With SQL Server Reporting Services, how can we implement column level security in order to restrict users from viewing certain data.

Solution

SQL Server Reporting Services includes a feature called “Column Visibility” which can be used to implement column level security.  In this tip will we demonstrate column level security with the following steps:

  • First Step: Create a table to manage column level access to sensitive data on a per login basis.
  • Second Step: Create a stored procedure to return the login column security information.
  • Third Step: Build an SSRS report with a parameter to read the login column security information from the stored procedure created in step 2.
  • Fourth Step: Implement the “Column Visibility” feature to use the SSRS parameter to show or hide columns.

NOTE - This tip assumes you are proficient at building SQL Server Reporting Services Reports.  If you are new to the technology, check out this tutorial.

Step 0 - Setup a Sample Data Set

I have created a sample table called “Employee” with an identifier, name, age and salary.

Employee Table

I have also created a sample report of the Employee table to show all columns from the table:

SSRS Report with all of the Employee data

Step 1 - Sensitive Data Management

Create a second table called "FieldRules" which has three fields: UserName(nvarchar), FieldName(nvarchar) and IsVisible(bit). Once created, add a sample record. In this case, I have added a sample user with field name (i.e. Salary) to show/hide the visibility (i.e. set to false) as shown below.

Field Rules

Step 2 - Stored Procedure to Return Data Access

Create a stored procedure “ShowColumnInfo” to return the data access for the sensitive information for a specific UserID based on an input parameter:

CREATE PROCEDURE [dbo].[ShowColumnnInfo] @UserID nvarchar(100)
AS

SELECT * 
FROM FieldRules
WHERE UserName = @UserID
GO

Step 3 - Build the SQL Server Reporting Services Report

To start building the report, create a DataSource (i.e. “DataSource1” in this example) in the SSRS report to access the database. Next, create a dataset called “ShowFieldDataSet” which will access the data from the FieldRules table using the dbo.ShowColumnInfo stored procedure as shown below.

Show Field Data Set - 1

Show Field Data Set - 2

Also we have to create two parameters: UserID (to be passed as a parameter to stored procedure "ShowFieldDataset") which is shown above and FieldsToShow (which will pull “IsVisible” values from "ShowFieldDataSet") which is shown below.

UserID Parameter

FieldsToShow Parameter

Step 4 - Configure SQL Server Reporting Services Column Visibility

The last step is to configure the “Salary” column to show/hide depending upon the value from the “FieldsToShow” parameter. Select the column in the SSRS report, right-click and select "Column Visibility". Configure the expression as shown in the figure below.

Column Visibility in SQL Server Reporting Services

Expression to determine if the field should be displayed

Final SSRS Report Demonstration

Now enter the login name (i.e. User ID), and it will show/hide the "Salary" column. In this case, we have configured the logic to not show the "Salary" column for the user "Rahul".

Final Report with the Salary field not displayed
Next Steps


sql server categories

sql server webinars

subscribe to mssqltips

sql server tutorials

sql server white papers

next tip



About the author
MSSQLTips author Rahul Mehta Rahul Mehta is a Project Architect/Lead working at Tata Consultancy Services focusing on ECM.

This author pledges the content of this article is based on professional experience and not AI generated.

View all my tips



Comments For This Article

















get free sql tips
agree to terms