If I create a data driven subscription in SSRS and use the query to return some value for the username and password, how "safe" is this password? Let me explain.
I am looking to set up a data source on the SSRS Web Portal that uses Credentials stored securely in the report server and Use as Windows credentials when connecting to the data source. This data source, in turn, would be used in the data driven subscription. The user setting up the data driven subscription would not have access to the data source's credential password.
I would then like to permit the user to pull a username and password using this shared data source and then use in their subscription as the user/pass to save the file to a shared file area… without the user knowing what the user/pass is.
Make sense? If so, is this a risky thing to do, security-wise?
(Ultimately I am thinking about using this as a way to consolidate the password for shared file area subscriptions into one place.)
Thanks!
Addendum 3/26 – I like to think the lack of feedback means this is a fantastic idea, but I'd rather get some validation that I'm not treading in dangerous territory here. So let's try a rephrase:
Is there any way a user can view the raw results of the query associated with a data driven subscription?
Best Answer
I just thought of an issue. A user could take the column that contains the password and use it as the subject of an email. Silly me! I am not sure why I didn't think of this before.
Oh, well - documented here for others' future reference!