LabKey Server has a group- & role-based security model. This means that each user of the system belongs to one or more security groups, and each group has a specific set of permissions (aka "roles") in relation to projects and folders on the system. When you are considering how to secure your LabKey site or project, you need to think about which users belong to which groups, and which groups have what kind of access to which projects and folders.
A few best practices:
- Keep it simple.
- Take advantage of the permissions management tools in LabKey.
- Use the rule of least privilege: it is easier to expand access later than restrict it.
- Prioritize sensible data organization over folder structure.
- Iterate when necessary.
- Test after every change.
You may not need to understand every aspect of LabKey security architecture to use it effectively. In general the default security settings are adequate for many needs. However, it's helpful to be familiar with the options so that you understand how users are added, how groups are populated, and how permissions are assigned to groups.