![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 18%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIG%3C/text%3E%3C/svg%3E)
SQL Server Reporting Services
A SQL Server technology that supports the creation, management, and delivery of both traditional, paper-oriented reports and interactive, web-based reports.
2,798 questions
Hi,
I assume that you're concerned about security of SSRS.
I'm not familiar with session,state,token.
However I find some official documentations for you.
Reporting Services uses role-based security to grant user access to a report server. On a new report server installation, only users who are members of the local Administrators group have permissions to report server content and operations.
To make the report server available to other users, you must create role assignments that map user or group accounts to a predefined role that specifies a collection of tasks.
Which means if you do not have the permission of the report, you can't see the resources in the report server.
Nor can you access other reports by modifying the parameter of the url.
grant-user-access-to-a-report-server
granting-permissions-on-a-native-mode-report-server
There is also an extended protection for Authentication with Reporting Services.
extended-protection-for-authentication-with-reporting-services
Regards,
Zoe