Globus Connect Server Endpoint Role

Overview

The Globus Connect Server CLI and API support role based authorization so that administrators can delegate ability to perform administration tasks on an endpoint or a collection to others. These roles may be associated with either a Globus Auth user identity or with a globus group, which grants that role to all members of that group.

Endpoint Roles

owner

The owner of the endpoint has the following capabilities:

  • View or modify the endpoint, even if it is not public

  • View, add, delete or modify GCS Manager nodes which provide access to the endpoint

  • View, add, or delete the custom DNS name for mapped collections.

  • View, add, modify, or delete the storage gateways provided by the endpoint.

  • View (public information only) or delete the user credentials registered with the endpoint.

  • View, delete or modify collections hosted by the endpoint

administrator

A principal with this role on the endpoint has all of the capabilities of the endpoint owner plus the following capabilities:

  • View, add, delete or modify other role assignments on the endpoint or any of its collections.

Additionally, the endpoint administrator has the administrator role on the Transfer API for the endpoint’s guest and mapped collections, so it may interact with parts of the Transfer Management API.

activity_manager

A principal with this role on the endpoint has the following capabilities:

  • View the endpoint configuration, including storage gateways and their public policies.

Additionally, the endpoint activity_manager has the activity_manager role on the Transfer API for the endpoint’s guest and mapped collections, so it may interact with parts of the Transfer Management API.

activity_monitor

A principal with this role on the endpoint has the following capabilities:

  • View the endpoint configuration, including storage gateways and their public policies.

Additionally, the endpoint activity_manager has the "activity_monitor" role on the Transfer API for the endpoint’s guest and mapped collections, so it may interact with parts of the Transfer Management API.

Commands

globus-connect-server endpoint role create

Create a new role assignment for an endpoint.

globus-connect-server endpoint role delete

Delete a role assignment from an endpoint.

globus-connect-server endpoint role list

List roles associated with an endpoint.

globus-connect-server endpoint role show

Show a role associated with an endpoint.