Data security is becoming increasingly important as the Grid matures. The advances of the Grid have allowed scientists and researchers to build a data grid where they can share and exchange research-related data and information. In reality, however, these specialists do not benefit enough from this data grid. The reason is that the current Grid does not have sufficiently robust and flexible data security. We investigate a medical data-sharing environment where medical doctors and scientists can securely share clinical and medical research data. We show medical data sharing that takes advantage of PERMIS, or an RBAC-based authorization system that achieves XML element level access control. We also describe the lessons learnt in designing the environment as well as a comparison with other existing authorization mechanisms.