SQL Server Reporting Services Column Level Security
In general, reports provide singular and comparative analysis and can be formatted as statistical, tabular or graphical. At times, confidential data should only be available to certain users. With SQL Server Reporting Services, how can we implement column level security in order to restrict users from viewing certain data.
SQL Server Reporting Services includes a feature called “Column Visibility” which can be used to implement column level security. In this tip will we demonstrate column level security with the following steps:
- First Step: Create a table to manage column level access to sensitive data on a per login basis.
- Second Step: Create a stored procedure to return the login column security information.
- Third Step: Build an SSRS report with a parameter to read the login column security information from the stored procedure created in step 2.
- Fourth Step: Implement the “Column Visibility” feature to use the SSRS parameter to show or hide columns.
NOTE - This tip assumes you are proficient at building SQL Server Reporting Services Reports. If you are new to the technology, check out this tutorial.
Step 0 - Setup a Sample Data Set
I have created a sample table called “Employee” with an identifier, name, age and salary.
I have also created a sample report of the Employee table to show all columns from the table:
Step 1 - Sensitive Data Management
Create a second table called "FieldRules" which has three fields: UserName(nvarchar), FieldName(nvarchar) and IsVisible(bit). Once created, add a sample record. In this case, I have added a sample user with field name (i.e. Salary) to show/hide the visibility (i.e. set to false) as shown below.
Step 2 - Stored Procedure to Return Data Access
Create a stored procedure “ShowColumnInfo” to return the data access for the sensitive information for a specific UserID based on an input parameter:
CREATE PROCEDURE [dbo].[ShowColumnnInfo] @UserID nvarchar(100) AS SELECT * FROM FieldRules WHERE UserName = @UserID GO
Step 3 - Build the SQL Server Reporting Services Report
To start building the report, create a DataSource (i.e. “DataSource1” in this example) in the SSRS report to access the database. Next, create a dataset called “ShowFieldDataSet” which will access the data from the FieldRules table using the dbo.ShowColumnInfo stored procedure as shown below.
Also we have to create two parameters: UserID (to be passed as a parameter to stored procedure "ShowFieldDataset") which is shown above and FieldsToShow (which will pull “IsVisible” values from "ShowFieldDataSet") which is shown below.
Step 4 - Configure SQL Server Reporting Services Column Visibility
The last step is to configure the “Salary” column to show/hide depending upon the value from the “FieldsToShow” parameter. Select the column in the SSRS report, right-click and select "Column Visibility". Configure the expression as shown in the figure below.
Final SSRS Report Demonstration
Now enter the login name (i.e. User ID), and it will show/hide the "Salary" column. In this case, we have configured the logic to not show the "Salary" column for the user "Rahul".
- This is one technique to address column level security and with this option security can be implemented per user or with other parameters within SSRS reports.
- For more information check out:
About the author
View all my tips