Security and Protection (SSRS)
You can use information in this section to learn about the security features of SQL Server Reporting Services. This section also explains the authorization models and authentication providers supported in Reporting Services.
Extended Protection for Authentication
Beginning with SQL Server 2008 R2, support for Extended Protection for Authentication is available. The SQL Server feature supports the use of channel binding and service binding to enhance protection of authentication. The SQL Server features need to be used with an operating system that supports Extended Protection. For more information, see Extended Protection for Authentication with Reporting Services.
Authentication and Authorization
Reporting Services provides different authentication types for users and client applications to authenticate with the report server. Using the right authentication type for your report server enables your organization to achieve the appropriate level of security required by your organization. For more information, see Authentication with the Report Server.
Reporting Services also employs roles and permissions to control user access to content in the report server catalog (in other words, who can access what, and how s/he can access it). For more information, see Roles and Permissions (Reporting Services).
Configure the Secure Socket Layer (SSL) to secure client connections to the report server.