Hi Simon,

On Thu, Sep 29, 2016 at 11:22 AM, Simon Chang <simonychang.hutlab@gmail.com> wrote:
1)  Assuming Galaxy can read LDAP directory service information, to what extent is access control enforced?  Is it on a file system level?

The 'galaxy' user, or whichever user is running the files is the normal way to handle this, with other system users not being able to access galaxy owned files directly.

2)  If a researcher logs into Galaxy with his LDAP credentials, runs some analyses and obtains the results, how exactly are these results protected from other researchers who may be prohibited from accessing these results due to institutional policies?  Accordingly, if a researcher wants to share the data product with another LDAP user, how is that done exactly apart from simply downloading and emailing it?

Check out https://wiki.galaxyproject.org/Learn/Share for more information about galaxy's sharing abilities, and certainly feel free to ask more questions.  In short, there are systems built into Galaxy that allow users to share (or secure) Galaxy objects within the framework.

-Dannon