Secure Development (Reporting Services)
For SQL Server 2008 R2, there have been no changes to the content that is listed in this topic.
The Microsoft .NET Framework provides a robust security system that can run code in tightly constrained, administrator-defined security contexts. Reporting Services uses the .NET Framework security system, known as code access security (or evidence-based security). Under code access security, a user may be trusted to access a resource, but if the code the user executes is not trusted, access to the resource will be denied.
Security based on code, as opposed to specific users, permits security to be expressed for custom assemblies or data, delivery, rendering, and security extensions that you develop for Reporting Services. Your extension code may be executed by any number of Reporting Services users, all of whom are unknown at development time. The custom assemblies or extensions that you develop require specific security policies in Reporting Services. These security policies are represented as types in the .NET Framework. For a more information about code access security, see "Code Access Security" in the .NET Framework documentation.