In SSRS ther are two options you can set, when the credentials of the datasource are stored securely in the report server:
- Use as Windows crendentials when connecting to the datasource
This option must be checked, when you want to use “Windows Integrated Security Authentication” and not “SQL Authentication”
- Impersonate the authenticated user after a connection has been made to the datasource
This option must be checked, when you want to use the current user to query the database, instead of the given account. The given account is used to connect to the database, but after the connection has been made, the current user is used to query the database. If the current user does not have permissions an exception will occur.