Authorization
API Authorization
The operations provided by this API may be authorized with the following authorization methods:
- PublicAuthorizer
-
The PublicAuthorizer allows the operation if the endpoint document’s
public
property istrue
. - RoleAuthorizer
-
A Role authorizer parses the request and the roles assigned to the current user. If one of the roles is in the listed set, then the operation is authorized. Understood roles are:
endpoint:owner
-
Endpoint owner
endpoint:administrator
-
Endpoint administrator
endpoint:activity_manager
-
Endpoint activity_manager
endpoint:activity_monitor
-
Endpoint activity_monitor
collection:administrator:*
-
Collection administrator for any collection on this endpoint
collection:activity_manager:*
-
Collection activity_manager for any collection on this endpoint
collection:activity_monitor:*
-
Collection activity_monitor for any collection on this endpoint
collection:access_manager:*
-
Collection access_manager for any collection on this endpoint
collection:administrator:{collection_id}
-
Collection administrator for the collection being operated on
collection:activity_manager:{collection_id}
-
Collection activity_manager for the collection being operated on
collection:activity_monitor:{collection_id}
-
Collection activity_monitor for the collection being operated on
collection:access_manager:{collection_id}
-
Collection access_manager for the collection being operated on
- CollectionAclAuthorizer
-
The CollectionAclAuthorizer allows access to the operation if the caller’s identity is any ACL for the guest collection. The parameter to this authorizer is one of the following:
*
-
Any collection
{collection_id}
-
The collection specified by this collection id
- StorageGatewayAuthorizer
-
The StorageGatewayAuthorizer allows the operation if the caller’s identity set is allowed by the policies of a Storage Gateway. The parameter to this authorizer is one of the following:
*
-
Any Storage Gateway
{storage_gateway_id}
-
Either the Storage Gateway that was passed in to this operation, or the Storage Gateway that the resource (either a User Credential or Collection) is associated with.
- SubscriptionManagerAuthorizer
-
The SubscriptionManagerAuthorizer allows the operation if the caller’s identity set is a Globus subscription manager. This allows an endpoint to be set as managed without the subscription manager being the endpoint administrator.
- UserCredentialOwnerAuthorizer
-
The UserCredentialOwnerAuthorizer allows the operation if the caller’s identity set owns a credential. The parameter to this authorizer is one of the following:
*
-
Any User Credential
{user_credential_id}
-
The user credential passed in to the operation