Globus Connect Server Administration Guides
  • Quickstart Guide
  • Installation Guide
  • Data Access Admin Guide
  • Domain Guide
  • HTTPS Access to Collections
  • Identity Mapping Admin Guide
  • Globus OIDC Installation Guide
  • v5.3 Migration Guide
  • Troubleshooting Guide
  • Command-Line Reference
    • Audit
      • Load
      • Query
      • Dump
    • Endpoint
      • Setup
      • Show
      • Update
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription ID
      • Migrate53
      • Cleanup
      • Domain
      • Role
      • Upgrade
    • OIDC
      • Create
      • Delete
      • Register
      • Show
      • Update
    • Node
      • Create
      • Setup
      • List
      • Show
      • Update
      • Cleanup
      • Update Vhost
      • Delete
    • Login
    • Session
      • Consent
      • Show
      • Update
    • Whoami
    • Logout
    • Storage Gateway
      • Create
      • List
      • Show
      • Update
      • Delete
    • Collection
      • Create
      • List
      • Show
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Update
      • Delete
      • Domain
      • Role
    • Sharing Policy
      • Create
      • List
      • Show
      • Delete
    • Self Diagnostic
  • Globus Connect Server Manager API
    • Responses
    • Schemas
    • Authorization
    • Versioning
    • Endpoint
    • Roles
    • Nodes
    • Storage Gateways
    • Collections
    • User Credentials
    • Domains
    • Sharing Policies
    • ActiveScale
    • Azure Blob
      • Azure Blob
    • BlackPearl
    • Box
    • Ceph
    • Google Cloud Storage
    • Google Drive
    • HPSS
    • iRODS Connector
    • OAuth Credential API
    • OneDrive
    • POSIX Connector
    • POSIX Staging Connector
    • S3
  • API Access for Portals
  • Application Migration Guide
  • Change Log
Skip to main content
Globus Docs
  • APIs
    Auth Transfer Groups Search Python SDK Helper Pages
  • How To
  • Guides
    Globus Connect Server High Assurance Collections for Protected Data Command Line Interface Premium Storage Connectors Globus Automation Services Security Modern Research Data Portal
  • Support
    FAQs Mailing Lists Contact Us Check Support Tickets
  1. Home
  2. Globus Connect Server
  3. Installation Guide
  4. Globus Connect Server Manager API

Authorization

Authorization

API Authorization

The operations provided by this API may be authorized with the following authorization methods:

PublicAuthorizer

The PublicAuthorizer allows the operation if the endpoint document’s public property is true.

RoleAuthorizer

A Role authorizer parses the request and the roles assigned to the current user. If one of the roles is in the listed set, then the operation is authorized. Understood roles are:

endpoint:owner

Endpoint owner

endpoint:administrator

Endpoint administrator

endpoint:activity_manager

Endpoint activity_manager

endpoint:activity_monitor

Endpoint activity_monitor

collection:administrator:*

Collection administrator for any collection on this endpoint

collection:activity_manager:*

Collection activity_manager for any collection on this endpoint

collection:activity_monitor:*

Collection activity_monitor for any collection on this endpoint

collection:access_manager:*

Collection access_manager for any collection on this endpoint

collection:administrator:{collection_id}

Collection administrator for the collection being operated on

collection:activity_manager:{collection_id}

Collection activity_manager for the collection being operated on

collection:activity_monitor:{collection_id}

Collection activity_monitor for the collection being operated on

collection:access_manager:{collection_id}

Collection access_manager for the collection being operated on

CollectionAclAuthorizer

The CollectionAclAuthorizer allows access to the operation if the caller’s identity is any ACL for the guest collection. The parameter to this authorizer is one of the following:

*

Any collection

{collection_id}

The collection specified by this collection id

StorageGatewayAuthorizer

The StorageGatewayAuthorizer allows the operation if the caller’s identity set is allowed by the policies of a Storage Gateway. The parameter to this authorizer is one of the following:

*

Any Storage Gateway

{storage_gateway_id}

Either the Storage Gateway that was passed in to this operation, or the Storage Gateway that the resource (either a User Credential or Collection) is associated with.

SubscriptionManagerAuthorizer

The SubscriptionManagerAuthorizer allows the operation if the caller’s identity set is a Globus subscription manager. This allows an endpoint to be set as managed without the subscription manager being the endpoint administrator.

UserCredentialOwnerAuthorizer

The UserCredentialOwnerAuthorizer allows the operation if the caller’s identity set owns a credential. The parameter to this authorizer is one of the following:

*

Any User Credential

{user_credential_id}

The user credential passed in to the operation

  • Quickstart Guide
  • Installation Guide
  • Data Access Admin Guide
  • Domain Guide
  • HTTPS Access to Collections
  • Identity Mapping Admin Guide
  • Globus OIDC Installation Guide
  • v5.3 Migration Guide
  • Troubleshooting Guide
  • Command-Line Reference
    • Audit
      • Load
      • Query
      • Dump
    • Endpoint
      • Setup
      • Show
      • Update
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription ID
      • Migrate53
      • Cleanup
      • Domain
      • Role
      • Upgrade
    • OIDC
      • Create
      • Delete
      • Register
      • Show
      • Update
    • Node
      • Create
      • Setup
      • List
      • Show
      • Update
      • Cleanup
      • Update Vhost
      • Delete
    • Login
    • Session
      • Consent
      • Show
      • Update
    • Whoami
    • Logout
    • Storage Gateway
      • Create
      • List
      • Show
      • Update
      • Delete
    • Collection
      • Create
      • List
      • Show
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Update
      • Delete
      • Domain
      • Role
    • Sharing Policy
      • Create
      • List
      • Show
      • Delete
    • Self Diagnostic
  • Globus Connect Server Manager API
    • Responses
    • Schemas
    • Authorization
    • Versioning
    • Endpoint
    • Roles
    • Nodes
    • Storage Gateways
    • Collections
    • User Credentials
    • Domains
    • Sharing Policies
    • ActiveScale
    • Azure Blob
      • Azure Blob
    • BlackPearl
    • Box
    • Ceph
    • Google Cloud Storage
    • Google Drive
    • HPSS
    • iRODS Connector
    • OAuth Credential API
    • OneDrive
    • POSIX Connector
    • POSIX Staging Connector
    • S3
  • API Access for Portals
  • Application Migration Guide
  • Change Log
© 2010- The University of Chicago Legal Privacy Accessibility