Globus Connect Server Administration Guides
  • Quickstart Guide
  • Installation Guide
  • Data Access Admin Guide
  • Domain Guide
  • Domain Migration to gaccess.io
  • HTTPS Access to Collections
  • Identity Mapping Admin Guide
  • Globus OIDC Installation Guide
  • Troubleshooting Guide
  • Command-Line Reference
    • Command summary
    • Audit
      • Load
      • Query
      • Dump
    • Endpoint
      • Setup
      • Show
      • Update
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription ID
      • Cleanup
      • Key Convert
      • Domain
      • Role
      • Upgrade
    • OIDC
      • Create
      • Delete
      • Register
      • Show
      • Update
    • Node
      • Create
      • Disable
      • Enable
      • New Secret
      • Setup
      • List
      • Show
      • Update
      • Cleanup
      • Delete
    • Login
    • Session
      • Consent
      • Show
      • Update
    • Whoami
    • Logout
    • Storage Gateway
      • Create
      • List
      • Show
      • Update
      • Delete
    • Collection
      • Create
      • List
      • Show
      • Batch Delete
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription Admin Verified Collection Property
      • Update
      • Delete
      • Domain
      • Check
      • Role
    • Auth Policy
      • Create
      • List
      • Show
      • Update
      • Delete
    • Sharing Policy
      • Create
      • List
      • Show
      • Delete
    • User Credentials
      • Activescale Create
      • OAuth Create
      • Delete
      • List
      • S3 Create
      • S3 Keys Add
      • S3 Keys Delete
      • S3 Keys Update
    • Self Diagnostic
  • Globus Connect Server Manager API
    • Authorization
    • Versioning
    • Endpoint
    • Roles
    • Nodes
    • Storage Gateways
    • Collections
    • User Credentials
    • Domains
    • Sharing Policies
  • API Access for Portals
  • Automated Endpoint Deployment
  • Data Access Application Guide
  • Application Migration Guide
  • Change Log
Skip to main content
Globus Docs
  • Getting Started
    Getting Started

    Getting Started and Tutorial docs cover how to perform some activity or provide an introduction to a feature. They are not comprehensive, but help you get started with Globus or with new Globus features.

    • Users
    • Admins
    • Developers
  • Reference
    Reference
    • Service
      • Auth
      • Groups
      • Transfer
      • Timers
      • Flows
      • Compute
      • Search
    • Agents
      • Globus Connect Server
      • GCS CLI
      • Globus Connect Personal
      • Globus Compute
    • SDK
      • Python
      • JS
    • Clients
      • CLI
    • Security and Compliance
      • Product Security
      • Privacy
      • Solutions for Sensitive Data
      • FAQs
  • Solutions & Guides
    Solutions & Guides

    Find practical approaches for leveraging Globus in research environments, integrating with platforms, and building science gateways. Access hands-on guides, integration instructions, and real-world scenarios for advanced usage.

    • Portals/Science Gateways
    • Guides
  • Support
    Support

    Find answers to frequently asked questions, connect with the community by joining our mailing lists, or reach out directly to Globus support.

    • FAQs
    • Mailing Lists
    • Contact Us
    • Check Support Tickets
  • Site Search
  1. Home
  2. Globus Connect Server
  3. v5.4
  4. Globus Connect Server Manager API
  5. Schemas
  6. StorageGateway_1_2_0

StorageGateway_1_2_0

StorageGateway_1_2_0 Document

A storage gateway provides the access policies for the endpoint’s connected storage systems. It is a named interface by which authorized users can create and manage collections on the connected storage system. A single storage system may be associated with multiple storage gateways, each with its own policies.

Storage gateway policies describe what type connector the storage gateway uses, the paths it allows access to, the login requirements are for the storage gateway, and the algorithm to map Globus identities to the user namespace of the storage gateway (e.g. local accounts).

Version 1.1.0 includes support for multi-factor authentication requirements for high assurance storage gateways.

Version 1.2.0 includes support for admin managed credentials.

Name

Type

Description

DATA_TYPE

string storage_gateway#1.2.0

Type of this document

admin_managed_credentials

boolean

Flag indicating if the storage_gateway allows endpoint administrators to manage user credentials on behalf of other users.

allowed_domains

array of string

List of allowed domains. Users creating credentials or collections on this storage gateway must have an identity in one of these domains.

authentication_assurance_timeout (deprecated)

integer

Alias for authentication_timeout_mins[Private]

authentication_timeout_mins

integer

Timeout (in minutes) during which a user is required to have authenticated to access files or create user credentials on this storage gateway.

For a high assurance storage gateway, this must be done within the current Globus Auth session, otherwise, the caller can perform the authentication with any application which uses Globus Auth.

connector_id

string <uuid>

Id of the connector type that this storage gateway interacts with.

deleted

boolean

Flag indicating that this storage gateway has been deleted[Private]

display_name

string

Name of the storage gateway

high_assurance

boolean

Flag indicating if the storage_gateway requires high assurance features.

id

string <uuid>

Unique id for this storage gateway

identity_mappings

array ( IdentityMapping )

List of identity mappings to apply to user identities to determine what connector-specific accounts are available for access. [Private]

load_dsi_module

string

Name of the DSI module to load by the GridFTP server when accessing this storage gateway. [Private]

policies

S3StoragePolicies_1_0_0 or S3StoragePolicies_1_1_0 or S3StoragePolicies_1_2_0 or AzureBlobStoragePolicies_1_0_0 or AzureBlobStoragePolicies_1_1_0 or BlackPearlStoragePolicies_1_0_0 or BoxStorage_1_0_0 or BoxStorage_1_1_0 or BoxStorage_1_2_0 or CephStoragePolicies_1_0_0 or DropboxStoragePolicies_1_0_0 or GoogleCloudStoragePolicies_1_0_0 or GoogleCloudStoragePolicies_1_1_0 or GoogleDriveStoragePolicies_1_0_0 or GoogleDriveStoragePolicies_1_1_0 or HPSSStoragePolicies_1_0_0 or HPSSStoragePolicies_1_1_0 or IrodsStoragePolicies_1_0_0 or OneDriveStoragePolicies_1_0_0 or OneDriveStoragePolicies_1_1_0 or PosixStoragePolicies_1_0_0 or PosixStagingStoragePolicies_1_0_0

Connector-specific storage policies

process_user

string

Local POSIX user the GridFTP server should run as when accessing this storage gateway. [Private]

require_high_assurance (deprecated)

boolean

Alias for high_assurance

require_mfa

boolean

Flag indicating if the storage_gateway requires multi-factor authentication. Only usable on high assurance storage gateways.

restrict_paths

null or PathRestrictions

Path restrictions within this storage gateway. Paths are interpreted as absolute paths in the file namespace of the connector. [Private]

users_allow

array of string

List of connector-specific usernames allowed to access this storage gateway. [Private]

users_deny

array of string

List of connector-specific usernames denied access to this storage gateway. [Private]

{
  "DATA_TYPE": "storage_gateway#1.2.0",
  "admin_managed_credentials": false,
  "allowed_domains": [
    "string"
  ],
  "authentication_assurance_timeout": 1,
  "authentication_timeout_mins": 1,
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "deleted": true,
  "display_name": "string",
  "high_assurance": true,
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_mappings": [
    {
      "DATA_TYPE": "external_identity_mapping#1.0.0",
      "command": [
        "string"
      ]
    }
  ],
  "load_dsi_module": "string",
  "policies": {
    "DATA_TYPE": "s3_storage_policies#1.0.0",
    "s3_buckets": [
      "string"
    ],
    "s3_endpoint": "https://s3.amazonaws.com",
    "s3_user_credential_required": true
  },
  "process_user": "string",
  "require_high_assurance": true,
  "require_mfa": false,
  "restrict_paths": {},
  "users_allow": [
    "string"
  ],
  "users_deny": [
    "string"
  ]
}
  • Quickstart Guide
  • Installation Guide
  • Data Access Admin Guide
  • Domain Guide
  • Domain Migration to gaccess.io
  • HTTPS Access to Collections
  • Identity Mapping Admin Guide
  • Globus OIDC Installation Guide
  • Troubleshooting Guide
  • Command-Line Reference
    • Command summary
    • Audit
      • Load
      • Query
      • Dump
    • Endpoint
      • Setup
      • Show
      • Update
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription ID
      • Cleanup
      • Key Convert
      • Domain
      • Role
      • Upgrade
    • OIDC
      • Create
      • Delete
      • Register
      • Show
      • Update
    • Node
      • Create
      • Disable
      • Enable
      • New Secret
      • Setup
      • List
      • Show
      • Update
      • Cleanup
      • Delete
    • Login
    • Session
      • Consent
      • Show
      • Update
    • Whoami
    • Logout
    • Storage Gateway
      • Create
      • List
      • Show
      • Update
      • Delete
    • Collection
      • Create
      • List
      • Show
      • Batch Delete
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription Admin Verified Collection Property
      • Update
      • Delete
      • Domain
      • Check
      • Role
    • Auth Policy
      • Create
      • List
      • Show
      • Update
      • Delete
    • Sharing Policy
      • Create
      • List
      • Show
      • Delete
    • User Credentials
      • Activescale Create
      • OAuth Create
      • Delete
      • List
      • S3 Create
      • S3 Keys Add
      • S3 Keys Delete
      • S3 Keys Update
    • Self Diagnostic
  • Globus Connect Server Manager API
    • Authorization
    • Versioning
    • Endpoint
    • Roles
    • Nodes
    • Storage Gateways
    • Collections
    • User Credentials
    • Domains
    • Sharing Policies
  • API Access for Portals
  • Automated Endpoint Deployment
  • Data Access Application Guide
  • Application Migration Guide
  • Change Log
© 2010- The University of Chicago Legal Privacy Accessibility