The best solution would be to use the reportservice within CA PPM if it is acceptable to have to login to CA PPM -> This allows to use personalized reports rights, either the OOTB security views for adhoc reporting or your own rights queries for pixel perfect reporting.
Alternatively, you have to use a global user whose name and password are set in clear text in the URL via j_username and j_password.