It would seem that SSRS is the poor stepchild in the Microsoft SQL Server hierarchy! The "warning" I was receiving, even after coding a .NET 2 Framework process to obtain User Groups is essentially saying that SSRS does not have permissions to do Active Directory queries. Some Googling quickly showed that to be the case, including statements from Microsoft staff.

Seems odd, since any user can do a NET USER /DOMAIN userid at the Command Prompt to get that information. Our company's intranet even features an "NTLookup" tool for anyone to use.

At any rate, I have designed two SSIS processes to address this whole issue. One reads our current SSRS report inventory from a list on SharePoint. (Another SSRS stumbling block, by the way - the SSRS catalog is kept in the master db of the report server, a place that is generally verboten to anyone other than DBAs in most large organizations!) Another table links reports to a table containing User Groups that can view the report and what the data filtering criteria is.

The second SSIS process does a daily rebuild of a table that lists all user IDs for members of the groups found in the report/group cross-reference table.

A prototype report was designed in which the logged-in user ID is used to find out what user groups the user might be in for this particular report, and ultimately what filter to put on the data.

A rather roundabout way of achieving what could be remedied by SSRS improvements! If UserID is a built in field, why not the User Groups as well?

Larry

United Health Group, UHG IT Infrastructure Services