CLI Menu

Command Line Interface (CLI) CLI QuickStart GuideCommand Line Interface (CLI) ExamplesUsing the CLI with High Assurance Resources


globus endpoint role create - Add a role to an endpoint


globus endpoint role create ['OPTIONS'] 'ENDPOINT_ID'


The globus endpoint role create command adds a role to an endpoint. You must have sufficient privileges to modify the roles on the endpoint.

Either --group or --identity is required. You may not pass both. Which one of these options you use will determine the 'Principal Type' on the role, and the value given will be the 'Principal' of the resulting role. The term "Principal" is used in the sense of "a security principal", an entity which has some privileges associated with it.


--group 'GROUP_ID'

Group to use as a security principal.

--identity 'IDENTITY_ID_OR_NAME'

Identity (either the ID or identity username) to use as a security principal

--role '[administrator|access_manager|activity_manager|activity_monitor]'

Which role to assign. This argument is required.

--map-http-status 'TEXT'

Map non success HTTP response codes to exit codes other than 1. e.g. "--map-http-satus 403=0,404=0" would exit with 0 even if a 403 or 404 http error code was received. Valid exit codes are 0,1,50-99.

-F, --format '[json|text]'

Set the output format for stdout. Defaults to "text".

--jq, --jmespath 'EXPR'

Supply a JMESPath expression to apply to json output. Takes precedence over any specified '--format' and forces the format to be json processed by this expression.

A full specification of the JMESPath language for querying JSON structures may be found at

-h, --help

Show help text for this command.

-v, --verbose

Control the level of output.

Use -v or --verbose to show warnings and any additional text output.

Use -vv to add informative logging.

Use -vvv to add debug logging and full stack on any errors. (equivalent to -v --debug)


Textual output is a simple success message in the absence of errors, containing the ID of the created role.


Grant '' the 'activity_monitor' role on 'ddb59aef-6d04-11e5-ba46-22000b92c6ec':

$ globus endpoint role create 'ddb59aef-6d04-11e5-ba46-22000b92c6ec' \
    --identity '' --role activity_monitor


0 on success.

1 if a network or server error occurred, unless --map-http-status has been used to change exit behavior on http error codes.

2 if the command was used improperly.

© 2010- The University of Chicago Legal