Biomedical database systems need not only to address the issues of managing complex data, but also to provide data
security and access control to the system. These include not only system level security, but also instance level access
control such as access of documents, schemas, or aggregation of information. The latter is becoming more important
as multiple users can share a single scientific data management system to conduct their research, while data have to be
protected before they are published or IP-protected. This problem is challenging as users' needs for data security vary
dramatically from one application to another, in terms of who to share with, what resources to be shared, and at what
access level. We develop a comprehensive data access framework for a biomedical data management system SciPort.
SciPort provides fine-grained multi-level space based access control of resources at not only object level (documents and
schemas), but also space level (resources set aggregated in a hierarchy way). Furthermore, to simplify the management
of users and privileges, customizable role-based user model is developed. The access control is implemented efficiently
by integrating access privileges into the backend XML database, thus efficient queries are supported. The secure access
approach we take makes it possible for multiple users to share the same biomedical data management system with flexible
access management and high data security.