CLI Menu

Command Line Interface (CLI) CLI QuickStart GuideCommand Line Interface (CLI) ExamplesUsing the CLI with High Assurance Resources


globus endpoint permission create - Create an access control rule


globus endpoint permission create ['OPTIONS'] --permissions* '[r|rw]' 'ENDPOINT_ID:PATH'


The globus endpoint permission create creates a new access control on the the target endpoint granting users new permissions on the given path.

The target endpoint must be a shared endpoint or an s3 endpoint, as only these use access control lists to manage permissions.

The permissions option is required, and exactly one of --all-authenticated --anonymous --group or identity is required to know who to give what permissions to.


--permissions '[r|rw]'

Permissions to add. Read-Only or Read/Write. Required.


Give this permission to anyone who has logged in.


Give this permission to anyone even if they aren’t logged in.

--group 'GROUP_ID'

Give this permission to anyone in the given group.

--identity 'IDENTITY_ID_OR_NAME'

Give this permission to a specific identity in Globus Auth.

--notify-email 'EMAIL_ADDRESS'

An email address to notify that the permission has been added.

--notify-message 'TEXT'

A custom message to add to email notifications.

--map-http-status 'TEXT'

Map non success HTTP response codes to exit codes other than 1. e.g. "--map-http-satus 403=0,404=0" would exit with 0 even if a 403 or 404 http error code was received. Valid exit codes are 0,1,50-99.

-F, --format '[json|text]'

Set the output format for stdout. Defaults to "text".

--jq, --jmespath 'EXPR'

Supply a JMESPath expression to apply to json output. Takes precedence over any specified '--format' and forces the format to be json processed by this expression.

A full specification of the JMESPath language for querying JSON structures may be found at

-h, --help

Show help text for this command.

-v, --verbose

Control the level of output.

Use -v or --verbose to show warnings and any additional text output.

Use -vv to add informative logging.

Use -vvv to add debug logging and full stack on any errors. (equivalent to -v --debug)


Give anyone read access to a directory.

$ ep_id=ddb59aef-6d04-11e5-ba46-22000b92c6ec
$ globus endpoint permission create $ep_id:/dir --permissions r --anonymous

Give read and write access to a specific user.

$ ep_id=ddb59aef-6d04-11e5-ba46-22000b92c6ec
$ globus endpoint permission create $ep_id:/ --permissions rw --identity


0 on success.

1 if a network or server error occurred, unless --map-http-status has been used to change exit behavior on http error codes.

2 if the command was used improperly.

© 2010- The University of Chicago Legal