PathRestrictions
PathRestrictions Document
This object represents the path restrictions for a storage gateway or a sharing path restrictions for a mapped collection.
The values of each of the path lists in this object are interpreted using
the POSIX pattern matching notation as described in
fnmatch(3)
with flags set to 0 with additional support for some special
user-specific value interpolation:
-
~,$HOME -
The user’s home directory if the storage gateway supports such a concept,
/otherwise $USER-
The effective Storage Gateway-specific username that is being used for data access. For a Guest Collection, this is the username of the identity that created the Guest Collection.
These restrictions are evaluated at every data access. When evaluating restrictions, the user-specific interpolation is applied before the file name matching is evaluated.
Globus Connect Server evaluates its path restrictions from
longest leading expression match to shortest. When pattern
matching characters are present, they are considered as a lower
priority match than a literal character, with more specific
pattern characters given precedence. The precedence is thus
literal character, bracket expression, ? (single-character
wildcard), * (wildcard).
If multiple path restrictions apply, all matches are applied from longest to shortest, with the following rules for overriding values:
Path Restriction Override Precedence
| longer restriction | shorter restriction | result |
|---|---|---|
read_write |
read |
read_write |
read_write |
none |
read_write |
read |
read_write |
read_write |
read |
none |
read |
none |
read_write |
none |
none |
read |
none |
Name |
Type |
Description |
DATA_TYPE |
string |
Type of this document |
none |
array of string |
List of paths which are denied any access |
read |
array of string |
List of paths which are allowed read-only access |
read_write |
array of string |
List of paths which are allowed read-write access |
{
"DATA_TYPE": "path_restrictions#1.0.0",
"none": [
"string"
],
"read": [
"string"
],
"read_write": [
"string"
]
}