You might consider a secure login for users affiliated to other instutitutions 
than your lab as well. Then you can implement a redirection to a set of IdPs 
with delegated permissions to authenticate users against your LDAP but also 
against many other LDAPs.

Feel free to come up with questions about this solution.


Nikolay Vazov, PhD
Department for Research Computing, University of Oslo
From: galaxy-dev <> on behalf of 
Dannon Baker <>
Sent: 29 September 2016 17:40
To: Simon Chang
Subject: Re: [galaxy-dev] Question about Galaxy integration with external 
access control

Hi Simon,

On Thu, Sep 29, 2016 at 11:22 AM, Simon Chang 
<<>> wrote:
1)  Assuming Galaxy can read LDAP directory service information, to what extent 
is access control enforced?  Is it on a file system level?

The 'galaxy' user, or whichever user is running the files is the normal way to 
handle this, with other system users not being able to access galaxy owned 
files directly.

2)  If a researcher logs into Galaxy with his LDAP credentials, runs some 
analyses and obtains the results, how exactly are these results protected from 
other researchers who may be prohibited from accessing these results due to 
institutional policies?  Accordingly, if a researcher wants to share the data 
product with another LDAP user, how is that done exactly apart from simply 
downloading and emailing it?

Check out for more information about 
galaxy's sharing abilities, and certainly feel free to ask more questions.  In 
short, there are systems built into Galaxy that allow users to share (or 
secure) Galaxy objects within the framework.

Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:

To search Galaxy mailing lists use the unified search at:

Reply via email to