I'm not sure if I am fully understanding what you truly want to do, but I'll tell you what I did - right or wrong.
For the datasource of my reports for a specific application, I set the datasource credentials to a userid/password in that SQL database - as opposed to using windows authentication.
In Active Directory, I created a group and add members who should have access to the reports to this group. I also created a group for administrators of the reports and assign appropriate users.
In the Report Manager, I set the security so that the "viewers" group has "browser" access and the "administrators" group has "content manager" access.
This way, I only have to maintain one userid in the sql database to have access to the data and a couple groups in Active Directory to control access to the reports.
Hope that helps, otherwise, sorry for the confusion.
-Megan