You might consider a secure login for users affiliated to other instutitutions
than your lab as well. Then you can implement a redirection to a set of IdPs
with delegated permissions to authenticate users against your LDAP but also
against many other LDAPs.
Feel free to come up with questions about this solution.
Nikolay Vazov, PhD
Department for Research Computing, University of Oslo
From: galaxy-dev <galaxy-dev-boun...@lists.galaxyproject.org> on behalf of
Dannon Baker <dannon.ba...@gmail.com>
Sent: 29 September 2016 17:40
To: Simon Chang
Subject: Re: [galaxy-dev] Question about Galaxy integration with external
On Thu, Sep 29, 2016 at 11:22 AM, Simon Chang
1) Assuming Galaxy can read LDAP directory service information, to what extent
is access control enforced? Is it on a file system level?
The 'galaxy' user, or whichever user is running the files is the normal way to
handle this, with other system users not being able to access galaxy owned
2) If a researcher logs into Galaxy with his LDAP credentials, runs some
analyses and obtains the results, how exactly are these results protected from
other researchers who may be prohibited from accessing these results due to
institutional policies? Accordingly, if a researcher wants to share the data
product with another LDAP user, how is that done exactly apart from simply
downloading and emailing it?
Check out https://wiki.galaxyproject.org/Learn/Share for more information about
galaxy's sharing abilities, and certainly feel free to ask more questions. In
short, there are systems built into Galaxy that allow users to share (or
secure) Galaxy objects within the framework.
Please keep all replies on the list by using "reply all"
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
To search Galaxy mailing lists use the unified search at: