Globus Connect Server Administration Guides
  • Quickstart Guide
  • Installation Guide
  • Data Access Admin Guide
  • Domain Guide
  • HTTPS Access to Collections
  • Identity Mapping Admin Guide
  • Globus OIDC Installation Guide
  • Troubleshooting Guide
  • Command-Line Reference
    • Command summary
    • Audit
      • Load
      • Query
      • Dump
    • Endpoint
      • Setup
      • Show
      • Update
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription ID
      • Cleanup
      • Key Convert
      • Domain
      • Role
      • Upgrade
    • OIDC
      • Create
      • Delete
      • Register
      • Show
      • Update
    • Node
      • Create
      • Disable
      • Enable
      • New Secret
      • Setup
      • List
      • Show
      • Update
      • Cleanup
      • Delete
    • Login
    • Session
      • Consent
      • Show
      • Update
    • Whoami
    • Logout
    • Storage Gateway
      • Create
      • List
      • Show
      • Update
      • Delete
    • Collection
      • Create
      • List
      • Show
      • Batch Delete
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription Admin Verified Collection Property
      • Update
      • Delete
      • Domain
      • Check
      • Role
    • Auth Policy
      • Create
      • List
      • Show
      • Update
      • Delete
    • Sharing Policy
      • Create
      • List
      • Show
      • Delete
    • User Credentials
      • Activescale Create
      • OAuth Create
      • Delete
      • List
      • S3 Create
      • S3 Keys Add
      • S3 Keys Delete
      • S3 Keys Update
    • Self Diagnostic
  • Globus Connect Server Manager API
    • Authorization
    • Versioning
    • Endpoint
    • Roles
    • Nodes
    • Storage Gateways
    • Collections
    • User Credentials
    • Domains
    • Sharing Policies
  • API Access for Portals
  • Automated Endpoint Deployment
  • Data Access Application Guide
  • Application Migration Guide
  • Change Log
Skip to main content
Globus Docs
  • APIs
    Auth Flows Groups Search Timers Transfer Globus Connect Server Compute Helper Pages
  • Applications
    Globus Connect Personal Globus Connect Server Premium Storage Connectors Compute Command Line Interface Python SDK JavaScript SDK
  • Guides
  • Support
    FAQs Mailing Lists Contact Us Check Support Tickets
  1. Home
  2. Globus Connect Server
  3. v5.4
  4. Globus Connect Server Manager API
  5. Authorization

Authorization

Authorization

API Authorization

The operations provided by this API may be authorized with the following authorization methods:

PublicAuthorizer

The PublicAuthorizer allows the operation if the endpoint document’s public property is true.

RoleAuthorizer

A Role authorizer parses the request and the roles assigned to the current user. If one of the roles is in the listed set, then the operation is authorized. Understood roles are:

endpoint:owner
Endpoint owner
endpoint:administrator
Endpoint administrator
endpoint:activity_manager
Endpoint activity_manager
endpoint:activity_monitor
Endpoint activity_monitor
collection:administrator:*
Collection administrator for any collection on this endpoint
collection:activity_manager:*
Collection activity_manager for any collection on this endpoint
collection:activity_monitor:*
Collection activity_monitor for any collection on this endpoint
collection:access_manager:*
Collection access_manager for any collection on this endpoint
collection:administrator:{collection_id}
Collection administrator for the collection being operated on
collection:activity_manager:{collection_id}
Collection activity_manager for the collection being operated on
collection:activity_monitor:{collection_id}
Collection activity_monitor for the collection being operated on
collection:access_manager:{collection_id}
Collection access_manager for the collection being operated on
collection:administrator:{mapped_collection_id}
Collection administrator for the mapped collection associated with the guest collection that is being being operated on
collection:activity_manager:{mapped_collection_id}
activity_manager for the mapped collection associated the guest collection that is being being operated on
collection:activity_monitor:{mapped_collection_id}
activity_monitor for the mapped collection associated the guest collection that is being being operated on
collection:access_manager:{mapped_collection_id}
access_manager for the mapped collection associated the guest collection that is being being operated on

StorageGatewayAuthorizer

The StorageGatewayAuthorizer allows the operation if the caller’s identity set is allowed by the policies of a storage gateway. The parameter to this authorizer is one of the following:

*
Any storage gateway
{storage_gateway_id}
Either the storage gateway that was passed in to this operation, or the storage gateway that the resource (either a user credential or collection) is associated with.

SubscriptionManagerAuthorizer

The SubscriptionManagerAuthorizer allows the operation if the caller’s identity set is a Globus subscription manager. This allows an endpoint to be set as managed without the subscription manager being the endpoint administrator.

UserCredentialOwnerAuthorizer

The UserCredentialOwnerAuthorizer allows the operation if the caller’s identity set owns a credential. The parameter to this authorizer is one of the following:

*
Any User Credential
{user_credential_id}
The user credential passed in to the operation
  • Quickstart Guide
  • Installation Guide
  • Data Access Admin Guide
  • Domain Guide
  • HTTPS Access to Collections
  • Identity Mapping Admin Guide
  • Globus OIDC Installation Guide
  • Troubleshooting Guide
  • Command-Line Reference
    • Command summary
    • Audit
      • Load
      • Query
      • Dump
    • Endpoint
      • Setup
      • Show
      • Update
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription ID
      • Cleanup
      • Key Convert
      • Domain
      • Role
      • Upgrade
    • OIDC
      • Create
      • Delete
      • Register
      • Show
      • Update
    • Node
      • Create
      • Disable
      • Enable
      • New Secret
      • Setup
      • List
      • Show
      • Update
      • Cleanup
      • Delete
    • Login
    • Session
      • Consent
      • Show
      • Update
    • Whoami
    • Logout
    • Storage Gateway
      • Create
      • List
      • Show
      • Update
      • Delete
    • Collection
      • Create
      • List
      • Show
      • Batch Delete
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription Admin Verified Collection Property
      • Update
      • Delete
      • Domain
      • Check
      • Role
    • Auth Policy
      • Create
      • List
      • Show
      • Update
      • Delete
    • Sharing Policy
      • Create
      • List
      • Show
      • Delete
    • User Credentials
      • Activescale Create
      • OAuth Create
      • Delete
      • List
      • S3 Create
      • S3 Keys Add
      • S3 Keys Delete
      • S3 Keys Update
    • Self Diagnostic
  • Globus Connect Server Manager API
    • Authorization
    • Versioning
    • Endpoint
    • Roles
    • Nodes
    • Storage Gateways
    • Collections
    • User Credentials
    • Domains
    • Sharing Policies
  • API Access for Portals
  • Automated Endpoint Deployment
  • Data Access Application Guide
  • Application Migration Guide
  • Change Log
© 2010- The University of Chicago Legal Privacy Accessibility