DataSource via parameter + security

Maybe Expression-based Connection Strings help here?

The docs have a pretty clear example, like a connection string like:

="data source=" & Parameters!ServerName.Value & ";initial catalog=AdventureWorks

      

        
        
        
      

    

This allows you to still pass a parameter to define the data source, but it also allows you to keep the credentials separate, so you don't have to pass any security information when you call the report.

Added after comment:

Here is a sample report with an expression-based connection string.

You can see that the Connection string uses a parameter to determine exactly where it connects; this can be updated as needed.

Credentials are stored in the data source; you can save the credentials (see screenshot above) or you can choose any other option that suits eg. Integrated Windows Security.

So this may not suit you, but it is built-in SSRS functionality for this type of custom data source requirement.

Second edit:

The example above is Parameters!ServerName.Value

indeed a report parameter, you just create it like you would any other. Depending on how your reports run, you can make it a hidden parameter and handle the actual value sent in the code; it's just a matter of implementation and is really up to you.

For expression-based connection strings, the data source must be saved in the report and its connection string determined at run time.

This way you can create whatever you want based on one or more parameters - it's just a string value you create so you can do whatever you want, you can point it to any combination of servers / bases data. Please clarify if this does not answer your question.