I have never had to deal with SQL reporting, but...
0) There doesn't appear to be a Rest API that provides that functionality.
1) You can use ADO.Net to submit that query to the report server.
2) I suggest changing the query to this, so you can verify that the found user name is indeed the specified user name:
3) Third, you should use a parameterized query to avoid SQL injection.
SELECT u.Username, c.*
FROM Catalog AS c
INNER JOIN Policies AS p ON p.PolicyID = c.PolicyID
INNER JOIN PolicyUserRole AS pur ON pur.PolicyID = c.PolicyID
INNER JOIN Users AS u ON u.UserID = pur.UserID
INNER JOIN Roles AS r ON r.RoleID = pur.RoleID
WHERE u.Username LIKE '%'+@username
AND HIDDEN = 0
Again, I don't know anything about report server, so YMMV.