I have a workaround - there does not seem to be an answer from Sage other than user specific security settings at the database level, which is just way too much to expect a customer to manage if more than one person needs to run the report (and that person(s) may change over time, etc.).
Workaround: I created a VB.Net program as a wrapper for the report, and put that program on the Sage 300 desktop. You do need to install the Crystal runtime for dotNet (use 32bit, the 64bit version can be flaky) on each workstation where the program/report will be run.