How to secure your Project Server Reporting Services Reports

It seems SQL Server Reporting Services (SSRS) is broadly used today in Project Server deployments to build custom reports and extract all the gold nuggets from our relational and decisional data stores (SQL Server Analysis Services cubes), specially when I see the success on this post: Services Sample Reports for Project Server

This week I was asked this very good question:

We are planning to develop custom reports in SQL Server Reporting Services for Project Server and the data available in custom reports should be based on the Groups , Categories and dynamic rules defined for that resource in Project Web Access. please provide any ways to achieve this.

So in summary how can I leverage the out of the box Project Server security model and authorization mechanism to secure access to custom SSRS reports?

At the last Project Conference in Seattle and Madrid I had a slide on the subject with the following:

Securing Your SSRS Report

• Filter data based on SSRS User!UserID
• Does not support Form Authentication Out of the Box
• Leverage the Project Server security model using a custom PSI extension (web service)
• Refer to Implementing a Security Extension

So in the end it will require some extra work but it can be easily done by overriding the CheckAccess method from SSRS and leverage the standard PSI security class to ensure a user has access to the reports, check this: Authorization in Reporting Services