How to Mask a SQL Report Parameter Values

Posted on 2011-05-13
Last Modified: 2012-05-11
A SQL report is filtered by parameters values that are sensitive, such as bank account number and social security number. After the sensitive values are entered and [View Report] is clicked, the report renders the correct data, and continues to display the parameter values that were entered prior. I don't want someone who may be standing a few feet away to be able to note the sensitive values that appear in the parameter boxes. How can I mask these parameter values?

The idea would be similar to logging into a system and having to enter a username and password. The password would typically be masked by a series of characters, such as * instead of displaying the password in clear text. Is there a way that I can apply a similar mask to a report parameter?

If I review the XML behind the SQL report, I see tags like the following:
    <ReportParameter Name="prmSSN">
      <Prompt>Social Security #:</Prompt>
Are there other attributes, besides the Name attribute (Name="prmSSN") that I can utilize to mask the user input, such as:
    <ReportParameter Name="prmSSN" Mask="*">

Thanks a bunch
Question by:brian_appliedcpu
    LVL 7

    Expert Comment

    Hope you can do better but...

    (see answer from MS empolyee)
    LVL 7

    Expert Comment

    Here is a suggestion though,

    You could have a starting report that accepts the value. When the report is run, use a stored proc, passing the user and the secure field and store it into a table. Let all the other reports reference this table for field values. You could have another "report" that clears the values.
    LVL 2

    Accepted Solution

    Thanks for the help. I have decided to use the Visual Studio ReportViewer control.
    LVL 2

    Author Comment

    I've requested that this question be closed as follows:

    Accepted answer: 0 points for brian_appliedcpu's comment http:/Q_27036807.html#35933741

    for the following reason:

    it was the only viable solution
    LVL 7

    Expert Comment

    Though you may not have liked the answer, I answered the question.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Suggested Solutions

         When we have to pass multiple rows of data to SQL Server, the developers either have to send one row at a time or come up with other workarounds to meet requirements like using XML to pass data, which is complex and tedious to use. There is a …
    After restoring a Microsoft SQL Server database (.bak) from backup or attaching .mdf file, you may run into "Error '15023' User or role already exists in the current database" when you use the "User Mapping" SQL Management Studio functionality to al…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now