Schemas

OAuthUserCredentialForm Document

Name	Type	Description
access_token	string	Unused
identity_id	string <uuid>	Globus Auth identity id that this credential is associated with
login_hint	string	Mapped account username on the storage gateway
redirect_uri	string	URL to redirect to once the credential registration flow is complete
storage_gateway	string <uuid>	Storage gateway to associate the credential with

{
  "access_token": "string",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "login_hint": "string",
  "redirect_uri": "string",
  "storage_gateway": "84f68622-c2e1-4c80-acc9-d3be0dea5d29"
}

Account Document

User account information for a particular Storage Gateway.

Name	Type	Description
DATA_TYPE	string `account#1.0.0`	Type of this document
identity_id	string <uuid>	Globus Auth identity which maps to this account
storage_gateway_id	string <uuid>	Storage Gateway for which this account is valid.
username	string	Connector-specific local username

{
  "DATA_TYPE": "account#1.0.0",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "username": "string"
}

AuthenticationTimeout Document

Error details when a user must reauthenticate an identity in order to perform this operation.

Name	Type	Description
DATA_TYPE	string `authentication_timeout#1.1.0`	Type of this document
high_assurance	boolean	Boolean flag indicating whether the new authentication must be done within the same auth session as the application making the request.
identities	array of string <uuid>	List of identities that would have otherwise been authorized except that the authentication has timed out.
require_mfa	boolean	Flag indicating that multi-factor authentication is required. Only occurs on high assurance storage gateways.

{
  "DATA_TYPE": "authentication_timeout#1.1.0",
  "high_assurance": true,
  "identities": [
    "497f6eca-6276-4993-bfeb-53cbbbba6f08"
  ],
  "require_mfa": true
}

Domain Document

Custom domain description

Name	Type	Description
DATA_TYPE	string `domain#1.0.0`	Type of this document
certificate	string `^(.* )?-----BEGIN CERTIFICATE-----.*`	PEM-Encoded X.509 certificate for this domain
certificate_chain	string `^(.* )?-----BEGIN CERTIFICATE-----.*`	PEM-Encoded X.509 certificate chain for this domain. Only needed if there are intermediate certificates that must also be sent to clients to allow them to verify the certificate. [Private]
certificate_chain_path	string `^/.*`	Path to a file containing the X.509 certificate chain for this domain. This file path must contain a sequence of valid certificate and be present on each data transfer node. [Private]
certificate_path	string `^/.*`	Path to a file containing the X.509 certificate for this domain. This file path must contain a valid certificate and be present on each data transfer node. [Private]
domain_name	string `^((?!-)[A-Za-z0-9-]{1,63}(?`	Domain name
private_key	string `^(.* )?-----BEGIN PRIVATE KEY-----.*`	PEM-Encoded private key for the certificate[Private]
private_key_path	string `^/.*`	Path to a file containing the private key for this domain. This file path must contain a valid key and be present on each data transfer node. [Private]
wildcard	boolean	Flag indicating whether this is a wildcard domain or not. When setting a custom domain for a mapped collection, the domain may optionally be a wildcard domain. If it is a wildcard domain, the guest collections will be created as subdomains of the mapped collection domain; if not, guest collections will be created as subdomains of the endpoint domain.

{
  "DATA_TYPE": "domain#1.0.0",
  "certificate": "string",
  "certificate_chain": "string",
  "certificate_chain_path": "string",
  "certificate_path": "string",
  "domain_name": "string",
  "private_key": "string",
  "private_key_path": "string",
  "wildcard": true
}

PathRestrictions Document

This object represents the path restrictions for a storage gateway or a sharing path restrictions for a mapped collection.

The values of each of the path lists in this object are interpreted using the POSIX pattern matching notation as described in fnmatch(3) with flags set to 0 with additional support for some special user-specific value interpolation:

~, $HOME: The user’s home directory if the storage gateway supports such a concept, / otherwise
$USER: The effective Storage Gateway-specific username that is being used for data access. For a Guest Collection, this is the username of the identity that created the Guest Collection.

These restrictions are evaluated at every data access. When evaluating restrictions, the user-specific interpolation is applied before the file name matching is evaluated.

Globus Connect Server evaluates its path restrictions from longest leading expression match to shortest. When pattern matching characters are present, they are considered as a lower priority match than a literal character, with more specific pattern characters given precedence. The precedence is thus literal character, bracket expression, ? (single-character wildcard), * (wildcard).

If multiple path restrictions apply, all matches are applied from longest to shortest, with the following rules for overriding values:

Path Restriction Override Precedence

longer restriction	shorter restriction	result
read_write	read	read_write
read_write	none	read_write
read	read_write	read_write
read	none	read
none	read_write	none
none	read	none

Name	Type	Description
DATA_TYPE	string `path_restrictions#1.0.0`	Type of this document
none	array of string `^[/~\\$\\\\?\\[].$`	List of paths which are denied any access
read	array of string `^[/~\\$\\\\?\\[].$`	List of paths which are allowed read-only access
read_write	array of string `^[/~\\$\\\\?\\[].$`	List of paths which are allowed read-write access

{
  "DATA_TYPE": "path_restrictions#1.0.0",
  "none": [
    "string"
  ],
  "read": [
    "string"
  ],
  "read_write": [
    "string"
  ]
}

SharingPolicy Document

Sharing policies for a mapped collection.

This document type allows endpoint and collection administrators to optionally constrain sharing path policies for particular users. The sharing_restrict_paths property has a similar meaning to that of the sharing_restrict_paths in the collection document; however, it is in effect only for specific users.

If the users property is null, then the restriction applies to all users. If it is non-null, then this restriction applies only to accounts which have been mapped to the enumerated storage gateway user accounts.

Multiple sharing policies can be defined for a mapped collection. When a guest collection is created or accessed, only the policies relevant to the user which created the account are enforced.

Name	Type	Description
DATA_TYPE	string `sharing_policy#1.0.0`	Type of this document
collection_id	string <uuid>	Id of the mapped collection which this policy is associated with
id	string <uuid>	Unique id for this sharing policy
sharing_restrict_paths	PathRestrictions	Restrictions on which paths may be shared in guest collections related to this mapped collection. These paths are relative to the root_path property of the mapped collection.
users	array of string	List of local user accounts that this policy applies to. If omitted or null, this restriction applies to all local user accounts.

{
  "DATA_TYPE": "sharing_policy#1.0.0",
  "collection_id": "4bdef85c-3f50-4006-a713-2350da665f80",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "sharing_restrict_paths": {
    "DATA_TYPE": "path_restrictions#1.0.0",
    "none": [
      "string"
    ],
    "read": [
      "string"
    ],
    "read_write": [
      "string"
    ]
  },
  "users": [
    "string"
  ]
}

CollectionSchema_1_0_0 Document

A collection consists of metadata about the collection, a DNS domain for accessing data on the collection, and configuration on the Data Transfer Nodes to access the collection data. Globus Connect Server version 5 supports two types of collections: mapped and guest.

Name	Type	Description
DATA_TYPE	string `collection#1.0.0`	Type of this document
allow_guest_collections	boolean	Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.
authentication_timeout_mins	integer	Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.
collection_base_path	string `^(/\|\\$HOME)`	Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the `root_path` attribute on the mapped collection with the same Id as the `mapped_collection_id` property. This may not be changed once the collection is created. [Private]
collection_type	string `mapped`, `guest`	Type of collection. A `mapped` collection requires an account on the system to access the administrator-defined collection. A `guest` collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.
connector_id	string <uuid>	Id of the connector type that is used by this collection.
contact_email	string	Email address of the support contact for the collection.
contact_info	string	Other non-email contact information for the collection, e.g. phone and mailing address.
default_directory	string `^(/\|\\$HOME\|~)`	Default directory when accessing the collection. This may include the special string `$USER` which is evaluated at access time to be the connector-specific username accessing the data. If the collection is mapped collection with a collection_base_path value of `/`, this value can also begin with the values `/~/` and `$HOME`, which are replaced by the user’s home directory, or `/` if the connector does not support the concept of a home directory. [Private]
deleted	boolean	Flag indicating that this collection has been deleted[Private]
department	string	Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.
description	string	A description of the collection.
disable_verify	boolean	Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.
display_name	string `\\S`	Friendly name for the collection. Unicode string, max 128 characters, no new lines (`\r` or `\n`).
domain_name	string	DNS name of the virtual host serving this collection. For mapped collections with do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with `m-` or `g-`.
force_encryption	boolean	Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.
high_assurance	boolean	Flag indicating if this collection is created on a high assurance Storage Gateway.
https_url	string	HTTPS URL for the data on this collection.
id	string <uuid>	Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.
identity_id	string <uuid>	Globus Auth identity to who acts as the owner of this collection. This identity is an `administrator` on the collection.
info_link	string	Link to a web page with more information about the collection
keywords	array of string	List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.
manager_url	string	URL of the GCS Manager API service for the endpoint hosting this collection.
mapped_collection_id	string <uuid>	Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (`allow_guest_collections`, `sharing_restrict_paths`) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.
organization	string	Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.
policies	AzureBlobCollectionPolicies or BlackPearlCollectionPolicies or BoxCollectionPolicies or CephCollectionPolicies or GoogleCloudStorageCollectionPolicies or GoogleDriveCollectionPolicies or HPSSCollectionPolicies or IrodsCollectionPolicies or OneDriveCollectionPolicies or PosixCollectionPolicies or PosixStagingCollectionPolicies or S3CollectionPolicies	Connector-specific collection policies
public	boolean	Flag indicating whether this collection is visible to other Globus users.
root_path	string	Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]
sharing_restrict_paths	null or PathRestrictions	Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]
storage_gateway_id	string <uuid>	Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.
tlsftp_url	string	TLSFTP URL for the data on this collection.
user_credential_id	string <uuid>	The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.

{
  "DATA_TYPE": "collection#1.0.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_verify": true,
  "display_name": "string",
  "domain_name": "string",
  "force_encryption": true,
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "azure_blob_collection_policies#1.0.0"
  },
  "public": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3"
}

CollectionSchema_1_1_0 Document

Version 1.1.0 adds support for enabling or disabling https access for individual collections, as well as the ability for collection administrators to add an optional message and web link to be shown on the Globus web app when users visit the collection.

Name	Type	Description
DATA_TYPE	string `collection#1.1.0`	Type of this document
allow_guest_collections	boolean	Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.
authentication_timeout_mins	integer	Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.
collection_base_path	string `^(/\|\\$HOME)`	Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the `root_path` attribute on the mapped collection with the same Id as the `mapped_collection_id` property. This may not be changed once the collection is created. [Private]
collection_type	string `mapped`, `guest`	Type of collection. A `mapped` collection requires an account on the system to access the administrator-defined collection. A `guest` collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.
connector_id	string <uuid>	Id of the connector type that is used by this collection.
contact_email	string	Email address of the support contact for the collection.
contact_info	string	Other non-email contact information for the collection, e.g. phone and mailing address.
default_directory	string `^(/\|\\$HOME\|~)`	Default directory when accessing the collection. This may include the special string `$USER` which is evaluated at access time to be the connector-specific username accessing the data. If the collection is mapped collection with a collection_base_path value of `/`, this value can also begin with the values `/~/` and `$HOME`, which are replaced by the user’s home directory, or `/` if the connector does not support the concept of a home directory. [Private]
deleted	boolean	Flag indicating that this collection has been deleted[Private]
department	string	Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.
description	string	A description of the collection.
disable_verify	boolean	Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.
display_name	string `\\S`	Friendly name for the collection. Unicode string, max 128 characters, no new lines (`\r` or `\n`).
domain_name	string	DNS name of the virtual host serving this collection. For mapped collections with do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with `m-` or `g-`.
enable_https	boolean	Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False.
force_encryption	boolean	Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.
high_assurance	boolean	Flag indicating if this collection is created on a high assurance Storage Gateway.
https_url	string	HTTPS URL for the data on this collection.
id	string <uuid>	Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.
identity_id	string <uuid>	Globus Auth identity to who acts as the owner of this collection. This identity is an `administrator` on the collection.
info_link	string	Link to a web page with more information about the collection
keywords	array of string	List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.
manager_url	string	URL of the GCS Manager API service for the endpoint hosting this collection.
mapped_collection_id	string <uuid>	Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (`allow_guest_collections`, `sharing_restrict_paths`) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.
organization	string	Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.
policies	AzureBlobCollectionPolicies or BlackPearlCollectionPolicies or BoxCollectionPolicies or CephCollectionPolicies or GoogleCloudStorageCollectionPolicies or GoogleDriveCollectionPolicies or HPSSCollectionPolicies or IrodsCollectionPolicies or OneDriveCollectionPolicies or PosixCollectionPolicies or PosixStagingCollectionPolicies or S3CollectionPolicies	Connector-specific collection policies
public	boolean	Flag indicating whether this collection is visible to other Globus users.
root_path	string	Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]
sharing_restrict_paths	null or PathRestrictions	Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]
storage_gateway_id	string <uuid>	Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.
tlsftp_url	string	TLSFTP URL for the data on this collection.
user_credential_id	string <uuid>	The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.
user_message	string	A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.
user_message_link	string	Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.1.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_verify": true,
  "display_name": "string",
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "azure_blob_collection_policies#1.0.0"
  },
  "public": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

CollectionSchema_1_2_0 Document

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Name	Type	Description
DATA_TYPE	string `collection#1.2.0`	Type of this document
allow_guest_collections	boolean	Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.
authentication_timeout_mins	integer	Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.
collection_base_path	string `^(/\|\\$HOME)`	Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the `root_path` attribute on the mapped collection with the same Id as the `mapped_collection_id` property. This may not be changed once the collection is created. [Private]
collection_type	string `mapped`, `guest`	Type of collection. A `mapped` collection requires an account on the system to access the administrator-defined collection. A `guest` collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.
connector_id	string <uuid>	Id of the connector type that is used by this collection.
contact_email	string	Email address of the support contact for the collection.
contact_info	string	Other non-email contact information for the collection, e.g. phone and mailing address.
default_directory	string `^(/\|\\$HOME\|~)`	Default directory when accessing the collection. This may include the special string `$USER` which is evaluated at access time to be the connector-specific username accessing the data. If the collection is mapped collection with a collection_base_path value of `/`, this value can also begin with the values `/~/` and `$HOME`, which are replaced by the user’s home directory, or `/` if the connector does not support the concept of a home directory. [Private]
deleted	boolean	Flag indicating that this collection has been deleted[Private]
department	string	Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.
description	string	A description of the collection.
disable_verify	boolean	Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.
display_name	string `\\S`	Friendly name for the collection. Unicode string, max 128 characters, no new lines (`\r` or `\n`).
domain_name	string	DNS name of the virtual host serving this collection. For mapped collections with do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with `m-` or `g-`.
enable_https	boolean	Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False.
force_encryption	boolean	Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.
high_assurance	boolean	Flag indicating if this collection is created on a high assurance Storage Gateway.
https_url	string	HTTPS URL for the data on this collection.
id	string <uuid>	Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.
identity_id	string <uuid>	Globus Auth identity to who acts as the owner of this collection. This identity is an `administrator` on the collection.
info_link	string	Link to a web page with more information about the collection
keywords	array of string	List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.
manager_url	string	URL of the GCS Manager API service for the endpoint hosting this collection.
mapped_collection_id	string <uuid>	Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (`allow_guest_collections`, `sharing_restrict_paths`) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.
organization	string	Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.
policies	AzureBlobCollectionPolicies or BlackPearlCollectionPolicies or BoxCollectionPolicies or CephCollectionPolicies or GoogleCloudStorageCollectionPolicies or GoogleDriveCollectionPolicies or HPSSCollectionPolicies or IrodsCollectionPolicies or OneDriveCollectionPolicies or PosixCollectionPolicies or PosixStagingCollectionPolicies or S3CollectionPolicies	Connector-specific collection policies
public	boolean	Flag indicating whether this collection is visible to other Globus users.
root_path	string	Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]
sharing_restrict_paths	null or PathRestrictions	Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]
sharing_users_allow	array of string	List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]
sharing_users_deny	array of string	List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]
storage_gateway_id	string <uuid>	Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.
tlsftp_url	string	TLSFTP URL for the data on this collection.
user_credential_id	string <uuid>	The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.
user_message	string	A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.
user_message_link	string	Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.2.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_verify": true,
  "display_name": "string",
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "azure_blob_collection_policies#1.0.0"
  },
  "public": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "sharing_users_allow": [
    "string"
  ],
  "sharing_users_deny": [
    "string"
  ],
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

CollectionSchema_1_3_0 Document

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Name	Type	Description
DATA_TYPE	string `collection#1.3.0`	Type of this document
allow_guest_collections	boolean	Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.
authentication_timeout_mins	integer	Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.
collection_base_path	string `^(/\|\\$HOME)`	Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the `root_path` attribute on the mapped collection with the same Id as the `mapped_collection_id` property. This may not be changed once the collection is created. [Private]
collection_type	string `mapped`, `guest`	Type of collection. A `mapped` collection requires an account on the system to access the administrator-defined collection. A `guest` collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.
connector_id	string <uuid>	Id of the connector type that is used by this collection.
contact_email	string	Email address of the support contact for the collection.
contact_info	string	Other non-email contact information for the collection, e.g. phone and mailing address.
default_directory	string `^(/\|\\$HOME\|~)`	Default directory when accessing the collection. This may include the special string `$USER` which is evaluated at access time to be the connector-specific username accessing the data. If the collection is mapped collection with a collection_base_path value of `/`, this value can also begin with the values `/~/` and `$HOME`, which are replaced by the user’s home directory, or `/` if the connector does not support the concept of a home directory. [Private]
deleted	boolean	Flag indicating that this collection has been deleted[Private]
department	string	Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.
description	string	A description of the collection.
disable_verify	boolean	Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.
display_name	string `\\S`	Friendly name for the collection. Unicode string, max 128 characters, no new lines (`\r` or `\n`).
domain	Domain	Custom domain description
domain_name	string	DNS name of the virtual host serving this collection. For mapped collections with do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with `m-` or `g-`.
enable_https	boolean	Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False.
force_encryption	boolean	Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.
high_assurance	boolean	Flag indicating if this collection is created on a high assurance Storage Gateway.
https_url	string	HTTPS URL for the data on this collection.
id	string <uuid>	Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.
identity_id	string <uuid>	Globus Auth identity to who acts as the owner of this collection. This identity is an `administrator` on the collection.
info_link	string	Link to a web page with more information about the collection
keywords	array of string	List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.
manager_url	string	URL of the GCS Manager API service for the endpoint hosting this collection.
mapped_collection_id	string <uuid>	Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (`allow_guest_collections`, `sharing_restrict_paths`) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.
organization	string	Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.
policies	AzureBlobCollectionPolicies or BlackPearlCollectionPolicies or BoxCollectionPolicies or CephCollectionPolicies or GoogleCloudStorageCollectionPolicies or GoogleDriveCollectionPolicies or HPSSCollectionPolicies or IrodsCollectionPolicies or OneDriveCollectionPolicies or PosixCollectionPolicies or PosixStagingCollectionPolicies or S3CollectionPolicies	Connector-specific collection policies
public	boolean	Flag indicating whether this collection is visible to other Globus users.
root_path	string	Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]
sharing_restrict_paths	null or PathRestrictions	Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]
sharing_users_allow	array of string	List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]
sharing_users_deny	array of string	List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]
storage_gateway_id	string <uuid>	Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.
tlsftp_url	string	TLSFTP URL for the data on this collection.
user_credential_id	string <uuid>	The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.
user_message	string	A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.
user_message_link	string	Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.3.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_verify": true,
  "display_name": "string",
  "domain": {
    "DATA_TYPE": "domain#1.0.0",
    "certificate": "string",
    "certificate_chain": "string",
    "certificate_chain_path": "string",
    "certificate_path": "string",
    "domain_name": "string",
    "private_key": "string",
    "private_key_path": "string",
    "wildcard": true
  },
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "azure_blob_collection_policies#1.0.0"
  },
  "public": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "sharing_users_allow": [
    "string"
  ],
  "sharing_users_deny": [
    "string"
  ],
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

CollectionSchema_1_4_0 Document

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Name	Type	Description
DATA_TYPE	string `collection#1.4.0`	Type of this document
allow_guest_collections	boolean	Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.
authentication_timeout_mins	integer	Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.
collection_base_path	string `^(/\|\\$HOME)`	Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the `root_path` attribute on the mapped collection with the same Id as the `mapped_collection_id` property. This may not be changed once the collection is created. [Private]
collection_type	string `mapped`, `guest`	Type of collection. A `mapped` collection requires an account on the system to access the administrator-defined collection. A `guest` collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.
connector_id	string <uuid>	Id of the connector type that is used by this collection.
contact_email	string	Email address of the support contact for the collection.
contact_info	string	Other non-email contact information for the collection, e.g. phone and mailing address.
default_directory	string `^(/\|\\$HOME\|~)`	Default directory when accessing the collection. This may include the special string `$USER` which is evaluated at access time to be the connector-specific username accessing the data. If the collection is mapped collection with a collection_base_path value of `/`, this value can also begin with the values `/~/` and `$HOME`, which are replaced by the user’s home directory, or `/` if the connector does not support the concept of a home directory. [Private]
deleted	boolean	Flag indicating that this collection has been deleted[Private]
department	string	Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.
description	string	A description of the collection.
disable_verify	boolean	Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.
display_name	string `\\S`	Friendly name for the collection. Unicode string, max 128 characters, no new lines (`\r` or `\n`).
domain	Domain	Custom domain description
domain_name	string	DNS name of the virtual host serving this collection. For mapped collections with do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with `m-` or `g-`.
enable_https	boolean	Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False.
force_encryption	boolean	Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.
force_verify	boolean	Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.
high_assurance	boolean	Flag indicating if this collection is created on a high assurance Storage Gateway.
https_url	string	HTTPS URL for the data on this collection.
id	string <uuid>	Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.
identity_id	string <uuid>	Globus Auth identity to who acts as the owner of this collection. This identity is an `administrator` on the collection.
info_link	string	Link to a web page with more information about the collection
keywords	array of string	List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.
manager_url	string	URL of the GCS Manager API service for the endpoint hosting this collection.
mapped_collection_id	string <uuid>	Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (`allow_guest_collections`, `sharing_restrict_paths`) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.
organization	string	Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.
policies	AzureBlobCollectionPolicies or BlackPearlCollectionPolicies or BoxCollectionPolicies or CephCollectionPolicies or GoogleCloudStorageCollectionPolicies or GoogleDriveCollectionPolicies or HPSSCollectionPolicies or IrodsCollectionPolicies or OneDriveCollectionPolicies or PosixCollectionPolicies or PosixStagingCollectionPolicies or S3CollectionPolicies	Connector-specific collection policies
public	boolean	Flag indicating whether this collection is visible to other Globus users.
require_mfa	boolean	Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.
root_path	string	Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]
sharing_restrict_paths	null or PathRestrictions	Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]
sharing_users_allow	array of string	List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]
sharing_users_deny	array of string	List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]
storage_gateway_id	string <uuid>	Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.
tlsftp_url	string	TLSFTP URL for the data on this collection.
user_credential_id	string <uuid>	The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.
user_message	string	A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.
user_message_link	string	Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.4.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_verify": true,
  "display_name": "string",
  "domain": {
    "DATA_TYPE": "domain#1.0.0",
    "certificate": "string",
    "certificate_chain": "string",
    "certificate_chain_path": "string",
    "certificate_path": "string",
    "domain_name": "string",
    "private_key": "string",
    "private_key_path": "string",
    "wildcard": true
  },
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "force_verify": true,
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "azure_blob_collection_policies#1.0.0"
  },
  "public": true,
  "require_mfa": false,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "sharing_users_allow": [
    "string"
  ],
  "sharing_users_deny": [
    "string"
  ],
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

CollectionSchema_1_5_0 Document

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Version 1.5.0 allows administrators to disable ACLs that would allow anonymous users to have write access to an endpoint.

Name	Type	Description
DATA_TYPE	string `collection#1.5.0`	Type of this document
allow_guest_collections	boolean	Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.
authentication_timeout_mins	integer	Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.
collection_base_path	string `^(/\|\\$HOME)`	Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the `root_path` attribute on the mapped collection with the same Id as the `mapped_collection_id` property. This may not be changed once the collection is created. [Private]
collection_type	string `mapped`, `guest`	Type of collection. A `mapped` collection requires an account on the system to access the administrator-defined collection. A `guest` collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.
connector_id	string <uuid>	Id of the connector type that is used by this collection.
contact_email	string	Email address of the support contact for the collection.
contact_info	string	Other non-email contact information for the collection, e.g. phone and mailing address.
default_directory	string `^(/\|\\$HOME\|~)`	Default directory when accessing the collection. This may include the special string `$USER` which is evaluated at access time to be the connector-specific username accessing the data. If the collection is mapped collection with a collection_base_path value of `/`, this value can also begin with the values `/~/` and `$HOME`, which are replaced by the user’s home directory, or `/` if the connector does not support the concept of a home directory. [Private]
deleted	boolean	Flag indicating that this collection has been deleted[Private]
department	string	Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.
description	string	A description of the collection.
disable_anonymous_writes	boolean	Flag indicating if guest collections on this mapped collection an allow anonymous write ACLs or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.
disable_verify	boolean	Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.
display_name	string `\\S`	Friendly name for the collection. Unicode string, max 128 characters, no new lines (`\r` or `\n`).
domain	Domain	Custom domain description
domain_name	string	DNS name of the virtual host serving this collection. For mapped collections with do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with `m-` or `g-`.
enable_https	boolean	Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False.
force_encryption	boolean	Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.
force_verify	boolean	Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.
high_assurance	boolean	Flag indicating if this collection is created on a high assurance Storage Gateway.
https_url	string	HTTPS URL for the data on this collection.
id	string <uuid>	Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.
identity_id	string <uuid>	Globus Auth identity to who acts as the owner of this collection. This identity is an `administrator` on the collection.
info_link	string	Link to a web page with more information about the collection
keywords	array of string	List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.
manager_url	string	URL of the GCS Manager API service for the endpoint hosting this collection.
mapped_collection_id	string <uuid>	Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (`allow_guest_collections`, `sharing_restrict_paths`) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.
organization	string	Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.
policies	AzureBlobCollectionPolicies or BlackPearlCollectionPolicies or BoxCollectionPolicies or CephCollectionPolicies or GoogleCloudStorageCollectionPolicies or GoogleDriveCollectionPolicies or HPSSCollectionPolicies or IrodsCollectionPolicies or OneDriveCollectionPolicies or PosixCollectionPolicies or PosixStagingCollectionPolicies or S3CollectionPolicies	Connector-specific collection policies
public	boolean	Flag indicating whether this collection is visible to other Globus users.
require_mfa	boolean	Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.
root_path	string	Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]
sharing_restrict_paths	null or PathRestrictions	Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]
sharing_users_allow	array of string	List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]
sharing_users_deny	array of string	List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]
storage_gateway_id	string <uuid>	Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.
tlsftp_url	string	TLSFTP URL for the data on this collection.
user_credential_id	string <uuid>	The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.
user_message	string	A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.
user_message_link	string	Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.5.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_anonymous_writes": true,
  "disable_verify": true,
  "display_name": "string",
  "domain": {
    "DATA_TYPE": "domain#1.0.0",
    "certificate": "string",
    "certificate_chain": "string",
    "certificate_chain_path": "string",
    "certificate_path": "string",
    "domain_name": "string",
    "private_key": "string",
    "private_key_path": "string",
    "wildcard": true
  },
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "force_verify": true,
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "azure_blob_collection_policies#1.0.0"
  },
  "public": true,
  "require_mfa": false,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "sharing_users_allow": [
    "string"
  ],
  "sharing_users_deny": [
    "string"
  ],
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

CollectionSchema_1_6_0 Document

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Version 1.5.0 allows administrators to disable ACLs that would allow anonymous users to have write access to an endpoint.

Version 1.6.0 allows administrators of mapped collections to associate policies that users accessing guest collections must meet beyond the guest collection ACLs.

Name	Type	Description
DATA_TYPE	string `collection#1.6.0`	Type of this document
allow_guest_collections	boolean	Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.
authentication_timeout_mins	integer	Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.
collection_base_path	string `^(/\|\\$HOME)`	Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the `root_path` attribute on the mapped collection with the same Id as the `mapped_collection_id` property. This may not be changed once the collection is created. [Private]
collection_type	string `mapped`, `guest`	Type of collection. A `mapped` collection requires an account on the system to access the administrator-defined collection. A `guest` collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.
connector_id	string <uuid>	Id of the connector type that is used by this collection.
contact_email	string	Email address of the support contact for the collection.
contact_info	string	Other non-email contact information for the collection, e.g. phone and mailing address.
default_directory	string `^(/\|\\$HOME\|~)`	Default directory when accessing the collection. This may include the special string `$USER` which is evaluated at access time to be the connector-specific username accessing the data. If the collection is mapped collection with a collection_base_path value of `/`, this value can also begin with the values `/~/` and `$HOME`, which are replaced by the user’s home directory, or `/` if the connector does not support the concept of a home directory. [Private]
deleted	boolean	Flag indicating that this collection has been deleted[Private]
department	string	Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.
description	string	A description of the collection.
disable_anonymous_writes	boolean	Flag indicating if guest collections on this mapped collection an allow anonymous write ACLs or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.
disable_verify	boolean	Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.
display_name	string `\\S`	Friendly name for the collection. Unicode string, max 128 characters, no new lines (`\r` or `\n`).
domain	Domain	Custom domain description
domain_name	string	DNS name of the virtual host serving this collection. For mapped collections with do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with `m-` or `g-`.
enable_https	boolean	Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False.
force_encryption	boolean	Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.
force_verify	boolean	Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.
guest_auth_policy_id	string <uuid>	Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before ACLs are considered. Read-only on guest collections. (Added in API 1.15.0)
high_assurance	boolean	Flag indicating if this collection is created on a high assurance Storage Gateway.
https_url	string	HTTPS URL for the data on this collection.
id	string <uuid>	Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.
identity_id	string <uuid>	Globus Auth identity to who acts as the owner of this collection. This identity is an `administrator` on the collection.
info_link	string	Link to a web page with more information about the collection
keywords	array of string	List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.
manager_url	string	URL of the GCS Manager API service for the endpoint hosting this collection.
mapped_collection_id	string <uuid>	Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (`allow_guest_collections`, `sharing_restrict_paths`) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.
organization	string	Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.
policies	AzureBlobCollectionPolicies or BlackPearlCollectionPolicies or BoxCollectionPolicies or CephCollectionPolicies or GoogleCloudStorageCollectionPolicies or GoogleDriveCollectionPolicies or HPSSCollectionPolicies or IrodsCollectionPolicies or OneDriveCollectionPolicies or PosixCollectionPolicies or PosixStagingCollectionPolicies or S3CollectionPolicies	Connector-specific collection policies
public	boolean	Flag indicating whether this collection is visible to other Globus users.
require_mfa	boolean	Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.
root_path	string	Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]
sharing_restrict_paths	null or PathRestrictions	Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]
sharing_users_allow	array of string	List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]
sharing_users_deny	array of string	List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]
storage_gateway_id	string <uuid>	Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.
tlsftp_url	string	TLSFTP URL for the data on this collection.
user_credential_id	string <uuid>	The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.
user_message	string	A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 64 characters long.
user_message_link	string	Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.6.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_anonymous_writes": true,
  "disable_verify": true,
  "display_name": "string",
  "domain": {
    "DATA_TYPE": "domain#1.0.0",
    "certificate": "string",
    "certificate_chain": "string",
    "certificate_chain_path": "string",
    "certificate_path": "string",
    "domain_name": "string",
    "private_key": "string",
    "private_key_path": "string",
    "wildcard": true
  },
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "force_verify": true,
  "guest_auth_policy_id": "e4e3cb66-47d0-4e50-b3fa-551f30b07353",
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "azure_blob_collection_policies#1.0.0"
  },
  "public": true,
  "require_mfa": false,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "sharing_users_allow": [
    "string"
  ],
  "sharing_users_deny": [
    "string"
  ],
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

CollectionSchema_1_7_0 Document

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Version 1.5.0 allows administrators to disable ACLs that would allow anonymous users to have write access to an endpoint.

Version 1.6.0 allows administrators of mapped collections to associate policies that users accessing guest collections must meet beyond the guest collection ACLs.

Version 1.7.0 increases the maximum allowed length of the user_message property.

Name	Type	Description
DATA_TYPE	string `collection#1.7.0`	Type of this document
allow_guest_collections	boolean	Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.
authentication_timeout_mins	integer	Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.
collection_base_path	string `^(/\|\\$HOME)`	Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the `root_path` attribute on the mapped collection with the same Id as the `mapped_collection_id` property. This may not be changed once the collection is created. [Private]
collection_type	string `mapped`, `guest`	Type of collection. A `mapped` collection requires an account on the system to access the administrator-defined collection. A `guest` collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.
connector_id	string <uuid>	Id of the connector type that is used by this collection.
contact_email	string	Email address of the support contact for the collection.
contact_info	string	Other non-email contact information for the collection, e.g. phone and mailing address.
default_directory	string `^(/\|\\$HOME\|~)`	Default directory when accessing the collection. This may include the special string `$USER` which is evaluated at access time to be the connector-specific username accessing the data. If the collection is mapped collection with a collection_base_path value of `/`, this value can also begin with the values `/~/` and `$HOME`, which are replaced by the user’s home directory, or `/` if the connector does not support the concept of a home directory. [Private]
deleted	boolean	Flag indicating that this collection has been deleted[Private]
department	string	Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.
description	string	A description of the collection.
disable_anonymous_writes	boolean	Flag indicating if guest collections on this mapped collection an allow anonymous write ACLs or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.
disable_verify	boolean	Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.
display_name	string `\\S`	Friendly name for the collection. Unicode string, max 128 characters, no new lines (`\r` or `\n`).
domain	Domain	Custom domain description
domain_name	string	DNS name of the virtual host serving this collection. For mapped collections with do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with `m-` or `g-`.
enable_https	boolean	Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False.
force_encryption	boolean	Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.
force_verify	boolean	Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.
guest_auth_policy_id	string <uuid>	Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before ACLs are considered. Read-only on guest collections. (Added in API 1.15.0)
high_assurance	boolean	Flag indicating if this collection is created on a high assurance Storage Gateway.
https_url	string	HTTPS URL for the data on this collection.
id	string <uuid>	Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.
identity_id	string <uuid>	Globus Auth identity to who acts as the owner of this collection. This identity is an `administrator` on the collection.
info_link	string	Link to a web page with more information about the collection
keywords	array of string	List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.
manager_url	string	URL of the GCS Manager API service for the endpoint hosting this collection.
mapped_collection_id	string <uuid>	Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (`allow_guest_collections`, `sharing_restrict_paths`) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.
organization	string	Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.
policies	AzureBlobCollectionPolicies or BlackPearlCollectionPolicies or BoxCollectionPolicies or CephCollectionPolicies or GoogleCloudStorageCollectionPolicies or GoogleDriveCollectionPolicies or HPSSCollectionPolicies or IrodsCollectionPolicies or OneDriveCollectionPolicies or PosixCollectionPolicies or PosixStagingCollectionPolicies or S3CollectionPolicies	Connector-specific collection policies
public	boolean	Flag indicating whether this collection is visible to other Globus users.
require_mfa	boolean	Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.
root_path	string	Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]
sharing_restrict_paths	null or PathRestrictions	Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]
sharing_users_allow	array of string	List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]
sharing_users_deny	array of string	List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]
storage_gateway_id	string <uuid>	Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.
tlsftp_url	string	TLSFTP URL for the data on this collection.
user_credential_id	string <uuid>	The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.
user_message	string	A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.
user_message_link	string	Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.7.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_anonymous_writes": true,
  "disable_verify": true,
  "display_name": "string",
  "domain": {
    "DATA_TYPE": "domain#1.0.0",
    "certificate": "string",
    "certificate_chain": "string",
    "certificate_chain_path": "string",
    "certificate_path": "string",
    "domain_name": "string",
    "private_key": "string",
    "private_key_path": "string",
    "wildcard": true
  },
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "force_verify": true,
  "guest_auth_policy_id": "e4e3cb66-47d0-4e50-b3fa-551f30b07353",
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "azure_blob_collection_policies#1.0.0"
  },
  "public": true,
  "require_mfa": false,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "sharing_users_allow": [
    "string"
  ],
  "sharing_users_deny": [
    "string"
  ],
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

CollectionSchema_1_8_0 Document

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Version 1.5.0 allows administrators to disable ACLs that would allow anonymous users to have write access to an endpoint.

Version 1.6.0 allows administrators of mapped collections to associate policies that users accessing guest collections must meet beyond the guest collection ACLs.

Version 1.7.0 increases the maximum allowed length of the user_message property.

Version 1.8.0 adds the delete_protected property. While it is set to true on a mapped collection, the collection may not be deleted.

Name	Type	Description
DATA_TYPE	string `collection#1.8.0`	Type of this document
allow_guest_collections	boolean	Flag indicating if this Collection allows users to create guest collections on it. This is always false if this is a guest collection. If this is changed to false on a mapped collection with associated guest collections, those collections will no longer be accessible.
authentication_timeout_mins	integer	Timeout (in minutes) during which a user is required to have authenticated in a session to access this storage gateway.
collection_base_path	string `^(/\|\\$HOME)`	Path to be interpreted as the base path when creating a new collection. It is interpreted differently depending on the collection type being created. For a mapped collection, this is an absolute path on the storage system named by the storage_gateway_id. For a guest collection, this is a relative path relative to the value of the `root_path` attribute on the mapped collection with the same Id as the `mapped_collection_id` property. This may not be changed once the collection is created. [Private]
collection_type	string `mapped`, `guest`	Type of collection. A `mapped` collection requires an account on the system to access the administrator-defined collection. A `guest` collection allows users to share access to their data on a Storage Gateway by registering a credential with the GCS Manager.
connector_id	string <uuid>	Id of the connector type that is used by this collection.
contact_email	string	Email address of the support contact for the collection.
contact_info	string	Other non-email contact information for the collection, e.g. phone and mailing address.
default_directory	string `^(/\|\\$HOME\|~)`	Default directory when accessing the collection. This may include the special string `$USER` which is evaluated at access time to be the connector-specific username accessing the data. If the collection is mapped collection with a collection_base_path value of `/`, this value can also begin with the values `/~/` and `$HOME`, which are replaced by the user’s home directory, or `/` if the connector does not support the concept of a home directory. [Private]
delete_protected	boolean	If set to true, this collection can not be deleted. This property is available only on mapped collections.
deleted	boolean	Flag indicating that this collection has been deleted[Private]
department	string	Department within organization that runs the server(s). Searchable. Optional. Unicode string, max 1024 characters, no new lines.
description	string	A description of the collection.
disable_anonymous_writes	boolean	Flag indicating if guest collections on this mapped collection an allow anonymous write ACLs or not. This flag is always true for high assurance collections. For non-high assurance mapped collections, the default value is false.
disable_verify	boolean	Flag indicating that this endpoint does not support computing checksums, needed for the verify_checksum option of transfer.
display_name	string `\\S`	Friendly name for the collection. Unicode string, max 128 characters, no new lines (`\r` or `\n`).
domain	Domain	Custom domain description
domain_name	string	DNS name of the virtual host serving this collection. For mapped collections with do not have a custom domain, this may be specified as part of the input document to create the collection, otherwise this is a read-only property. When included in the input, the name is restricted to be a subdomain of the endpoint, and the input name label may not start with `m-` or `g-`.
enable_https	boolean	Boolean flag indicating whether this collection should support HTTPS. This value can be set on mapped collections or guest collections. However, it may not be set to True on a guest collection if the value on the related mapped collection is False.
force_encryption	boolean	Flag indicating whether all data transfers to and from this collection are always encrypted. New in v5.4.17: If a mapped collection forces encryption, all of its guest collections must as well. If this option is used on a mapped collection, the value is propagated to its guest collections.
force_verify	boolean	Flag indicating that this endpoint requires computing checksums, needed for the verify_checksum option of transfer.
guest_auth_policy_id	string <uuid>	Authentication policy set on mapped collections and inherited by its guest collections. During authorization, the authentication policy must be satisfied before ACLs are considered. Read-only on guest collections. (Added in API 1.15.0)
high_assurance	boolean	Flag indicating if this collection is created on a high assurance Storage Gateway.
https_url	string	HTTPS URL for the data on this collection.
id	string <uuid>	Unique identifier for this collection. This is assigned by the GCS manager when creating a collection.
identity_id	string <uuid>	Globus Auth identity to who acts as the owner of this collection. This identity is an `administrator` on the collection.
info_link	string	Link to a web page with more information about the collection
keywords	array of string	List of search keywords for the endpoint. Optional. Unicode string, max 1024 characters total across all strings.
manager_url	string	URL of the GCS Manager API service for the endpoint hosting this collection.
mapped_collection_id	string <uuid>	Unique ID of the Mapped Collection which this guest collection is associated with. This is set on creation and may not be changed. For a Guest Collection, this must be set, and policies related sharing (`allow_guest_collections`, `sharing_restrict_paths`) will always reflect the values in the Mapped Collection definition and may not be changed on this Guest Collection.
organization	string	Organization that runs the server(s) represented by the endpoint. Optional to preserve backward compatibility, but will eventually be required and all clients are encouraged to require users to specify it. Unicode string, max 1024 characters, no new lines.
policies	AzureBlobCollectionPolicies or BlackPearlCollectionPolicies or BoxCollectionPolicies or CephCollectionPolicies or GoogleCloudStorageCollectionPolicies or GoogleDriveCollectionPolicies or HPSSCollectionPolicies or IrodsCollectionPolicies or OneDriveCollectionPolicies or PosixCollectionPolicies or PosixStagingCollectionPolicies or S3CollectionPolicies	Connector-specific collection policies
public	boolean	Flag indicating whether this collection is visible to other Globus users.
require_mfa	boolean	Flag indicating if the storage_gateway requires multi-factor authentication. Only applies to high assurance storage gateways.
root_path	string	Absolute root path of the collection. All data access is done relative to this path. On a guest collection, this value is only visible if the caller has an administrator role on both the guest collection and the mapped collection it is created on. [Private]
sharing_restrict_paths	null or PathRestrictions	Restrictions on which paths may be shared in guest collections related to this mapped collection. On the mapped collection, these paths are relative to the root_path property of the mapped collection. On a guest collection, they are absolute paths from the storage root. [Private]
sharing_users_allow	array of string	List of connector-specific usernames allowed to create new guest collections on this mapped collection. [Private]
sharing_users_deny	array of string	List of connector-specific usernames denied access to create new guest collections on this mapped collection. [Private]
storage_gateway_id	string <uuid>	Unique ID of the Storage Gateway which this collection provides access to. This value can not change after the collection is created.
tlsftp_url	string	TLSFTP URL for the data on this collection.
user_credential_id	string <uuid>	The ID of the User Credential which is used to access data on this collection. This credential must be owned by the collection’s identity_id.
user_message	string	A message for clients to display to users when interacting with this collection. For guest collections, this property is read-only and is the same as the value of its related mapped collection. The message may be up to 256 characters long.
user_message_link	string	Link to additional messaging for clients to display to users when interacting with this endpoint, linked to an HTTP or HTTPS URL. For guest collections, this property is read-only and is the same as the value of its related mapped collection.

{
  "DATA_TYPE": "collection#1.8.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "delete_protected": true,
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_anonymous_writes": true,
  "disable_verify": true,
  "display_name": "string",
  "domain": {
    "DATA_TYPE": "domain#1.0.0",
    "certificate": "string",
    "certificate_chain": "string",
    "certificate_chain_path": "string",
    "certificate_path": "string",
    "domain_name": "string",
    "private_key": "string",
    "private_key_path": "string",
    "wildcard": true
  },
  "domain_name": "string",
  "enable_https": true,
  "force_encryption": true,
  "force_verify": true,
  "guest_auth_policy_id": "e4e3cb66-47d0-4e50-b3fa-551f30b07353",
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "azure_blob_collection_policies#1.0.0"
  },
  "public": true,
  "require_mfa": false,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "sharing_users_allow": [
    "string"
  ],
  "sharing_users_deny": [
    "string"
  ],
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3",
  "user_message": "string",
  "user_message_link": "string"
}

Connector Document

Connector information document

Name	Type	Description
DATA_TYPE	string `connector#1.0.0`	Type of this document
display_name	string	Friendly name of the connector
id	string	Unique id of this connector type
version	string `^(0\|[1-9]\\d)\\.(0\|[1-9]\\d)\\.(0\|[1-9]\\d)(-(((0\|[1-9]\\d\|\\d[A-Z-a-z-][\\dA-Za-z-]))(\\.(0\|[1-9]\\d\|\\d[A-Za-z-][\\dA-Za-z-]))))?(\\+([\\dA-Za-z-]+(\\.[\\dA-Za-z-])))?$`	Semantic version of this connector implementation

{
  "DATA_TYPE": "connector#1.0.0",
  "display_name": "POSIX",
  "id": "string",
  "version": "string"
}

CredentialNotFound Document

Error details when a user has attempted to use a credential when creating a collection or logging in, but there are multiple mapped identities and none of them have a valid credential.

Name	Type	Description
DATA_TYPE	string `credential_not_found#1.0.0`	Type of this document
accounts	array ( Account )	List of available accounts that do not have credentials registered.

{
  "DATA_TYPE": "credential_not_found#1.0.0",
  "accounts": [
    {
      "DATA_TYPE": "account#1.0.0",
      "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
      "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
      "username": "string"
    }
  ]
}

EndpointSchema_1_0_0 Document

A Globus Connect Server endpoint is a deployment of Globus Connect Server version 5. A single endpoint may optionally include multiple data transfer nodes. The endpoint provides a link between a Globus Connect Server deployment and the Globus Transfer service. The endpoint describes services for accessing data via GridFTP and HTTPS and also for configuring and managing the policies associated with that access.

Name	Type	Description
DATA_TYPE	string `endpoint#1.0.0`	Type of this document
allow_udt	boolean	Allow data transfer on this endpoint using the UDT protocol
contact_email	string	Email address of the support contact for the endpoint
contact_info	string	Other non-email contact information for the endpoint, e.g. phone and mailing address.
department	string	Department within organization that runs the server(s). Searchable. Unicode string, max 1024 characters, no new lines.
description	string	A description of the endpoint
display_name	string	Friendly name for the endpoint, not unique. Unicode string, no new lines (`\r` or `\n`). Searchable.
id	string <uuid>	Unique identifier for this endpoint
gcs_manager_url	string	URL of the GCS Manager API service for this endpoint
info_link	string	Link to a web page with more information about the endpoint. The administrator is responsible for running a website at this URL and verifying that it is accepting public connections.
keywords	array of string	List of search keywords for the endpoint. Unicode string, max 1024 characters total across all strings.
max_concurrency	integer	Admin-specified value when the network_use property’s value is `custom`; otherwise the preset value for the specified network_use.
max_parallelism	integer	Admin-specified value when the network_use property’s value is `custom`; otherwise the preset value for the specified network_use.
network_use	string `normal`, `minimal`, `aggressive`, `custom`	Control how Globus interacts with this endpoint over the network. Allowed values for network_use are: `normal` The default setting. Uses an average level of concurrency and parallelism. The levels depend on the number of physical servers in the endpoint. `minimal` Uses a minimal level of concurrency and parallelism. `aggressive` Uses a high level of concurrency and parallelism. `custom` Uses custom values of concurrency and parallelism set by the endpoint admin. When setting this level, you must also set the max_concurrency, preferred_concurrency, max_parallelism, and preferred_parallelism properties.
organization	string	Organization that runs the server(s) represented by the endpoint. Unicode string, max 1024 characters, no new lines.
preferred_concurrency	integer	Admin-specified value when the network_use property’s value is `custom`; otherwise the preset value for the specified network_use.
preferred_parallelism	integer	Admin-specified value when the network_use property’s value is `custom`; otherwise the preset value for the specified network_use.
public	boolean	Flag indicating whether this endpoint is visible to all other Globus users. If false, only users which have been granted a role on the endpoint or one of its collections, or belong to a domain allowed access to any of its storage gateways may view it.
subscription_id	string	The id of the subscription that is managing this endpoint. This may be the special value `DEFAULT` when using this as input to PATCH or PUT to use the caller’s default subscription id.

{
  "DATA_TYPE": "endpoint#1.0.0",
  "allow_udt": true,
  "contact_email": "string",
  "contact_info": "string",
  "department": "string",
  "description": "string",
  "display_name": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "gcs_manager_url": "string",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "max_concurrency": 1,
  "max_parallelism": 1,
  "network_use": "normal",
  "organization": "string",
  "preferred_concurrency": 1,
  "preferred_parallelism": 1,
  "public": true,
  "subscription_id": "string"
}

EndpointSchema_1_1_0 Document

Version 1.1.0 of the endpoint includes support for customizing the TCP port that the GridFTP listens on.

Name	Type	Description
DATA_TYPE	string `endpoint#1.1.0`	Type of this document
allow_udt	boolean	Allow data transfer on this endpoint using the UDT protocol
contact_email	string	Email address of the support contact for the endpoint
contact_info	string	Other non-email contact information for the endpoint, e.g. phone and mailing address.
department	string	Department within organization that runs the server(s). Searchable. Unicode string, max 1024 characters, no new lines.
description	string	A description of the endpoint
display_name	string	Friendly name for the endpoint, not unique. Unicode string, no new lines (`\r` or `\n`). Searchable.
id	string <uuid>	Unique identifier for this endpoint
gcs_manager_url	string	URL of the GCS Manager API service for this endpoint
gridftp_control_channel_port	integer	TCP port for the Globus control channel to listen on. By default, the control channel is passed through 443 with an ALPN header containing the value "ftp".
info_link	string	Link to a web page with more information about the endpoint. The administrator is responsible for running a website at this URL and verifying that it is accepting public connections.
keywords	array of string	List of search keywords for the endpoint. Unicode string, max 1024 characters total across all strings.
max_concurrency	integer	Admin-specified value when the network_use property’s value is `custom`; otherwise the preset value for the specified network_use.
max_parallelism	integer	Admin-specified value when the network_use property’s value is `custom`; otherwise the preset value for the specified network_use.
network_use	string `normal`, `minimal`, `aggressive`, `custom`	Control how Globus interacts with this endpoint over the network. Allowed values for network_use are: `normal` The default setting. Uses an average level of concurrency and parallelism. The levels depend on the number of physical servers in the endpoint. `minimal` Uses a minimal level of concurrency and parallelism. `aggressive` Uses a high level of concurrency and parallelism. `custom` Uses custom values of concurrency and parallelism set by the endpoint admin. When setting this level, you must also set the max_concurrency, preferred_concurrency, max_parallelism, and preferred_parallelism properties.
organization	string	Organization that runs the server(s) represented by the endpoint. Unicode string, max 1024 characters, no new lines.
preferred_concurrency	integer	Admin-specified value when the network_use property’s value is `custom`; otherwise the preset value for the specified network_use.
preferred_parallelism	integer	Admin-specified value when the network_use property’s value is `custom`; otherwise the preset value for the specified network_use.
public	boolean	Flag indicating whether this endpoint is visible to all other Globus users. If false, only users which have been granted a role on the endpoint or one of its collections, or belong to a domain allowed access to any of its storage gateways may view it.
subscription_id	string	The id of the subscription that is managing this endpoint. This may be the special value `DEFAULT` when using this as input to PATCH or PUT to use the caller’s default subscription id.

{
  "DATA_TYPE": "endpoint#1.1.0",
  "allow_udt": true,
  "contact_email": "string",
  "contact_info": "string",
  "department": "string",
  "description": "string",
  "display_name": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "gcs_manager_url": "string",
  "gridftp_control_channel_port": 1,
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "max_concurrency": 1,
  "max_parallelism": 1,
  "network_use": "normal",
  "organization": "string",
  "preferred_concurrency": 1,
  "preferred_parallelism": 1,
  "public": true,
  "subscription_id": "string"
}

EndpointOwner Document

Schema for processing the endpoint_owner#1.0.0 data type

Name	Type	Description
DATA_TYPE	string `endpoint_owner#1.0.0`	Type of this document
identity_id	string <uuid>	Auth identity ID of the endpoint owner

{
  "DATA_TYPE": "endpoint_owner#1.0.0",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1"
}

EndpointSubscription Document

Name	Type	Description
DATA_TYPE	string `endpoint_subscription#1.0.0`	Type of this document
subscription_id	string	Either the id of a Globus subscription or the special value "DEFAULT" if the caller has only one subscription associated with their identity set.

{
  "DATA_TYPE": "endpoint_subscription#1.0.0",
  "subscription_id": "string"
}

IdNotInIdentitySet Document

Error details when a user has authenticated but has requested to act as an identity not in the current identity set.

Name	Type	Description
DATA_TYPE	string `id_not_in_identity_set#1.0.0`	Type of this document
id	string <uuid>	Requested identity ID

{
  "DATA_TYPE": "id_not_in_identity_set#1.0.0",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08"
}

Info Document

This document contains information about the Globus Connect Server, including its software and supported API version number.

Name	Type	Description
DATA_TYPE	string `info#1.0.0`	Type of this document
api_version	string `^(0\|[1-9]\\d)\\.(0\|[1-9]\\d)\\.(0\|[1-9]\\d)(-(((0\|[1-9]\\d\|\\d[A-Z-a-z-][\\dA-Za-z-]))(\\.(0\|[1-9]\\d\|\\d[A-Za-z-][\\dA-Za-z-]))))?(\\+([\\dA-Za-z-]+(\\.[\\dA-Za-z-])))?$`	Semantic version of the Globus Connect Server API
client_id	string <uuid>	Client id that created the endpoint
domain_name	string	Domain name for the GCS Manager service
endpoint_id	string <uuid>	Transfer endpoint ID managed by this GCS Manager
manager_version	string `^(0\|[1-9]\\d)\\.(0\|[1-9]\\d)\\.(0\|[1-9]\\d)(-(((0\|[1-9]\\d\|\\d[A-Z-a-z-][\\dA-Za-z-]))(\\.(0\|[1-9]\\d\|\\d[A-Za-z-][\\dA-Za-z-]))))?(\\+([\\dA-Za-z-]+(\\.[\\dA-Za-z-])))?$`	Globus Connect Server software version

{
  "DATA_TYPE": "info#1.0.0",
  "api_version": "string",
  "client_id": "5b3fa7ba-57d3-4017-a65b-d57dcd2db643",
  "domain_name": "string",
  "endpoint_id": "e9ce0d4f-d433-423d-9497-4c000544106c",
  "manager_version": "string"
}

InvalidCredential Document

Error details when the caller’s identity maps to an account with a user credential that is in an invalid state.

Name	Type	Description
DATA_TYPE	string `invalid_credential#1.0.0`	Type of this document
user_credential_id	string <uuid>	The ID of the user credential which needs to be fixed before this resource can be accessed.

{
  "DATA_TYPE": "invalid_credential#1.0.0",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3"
}

InvalidInputItem Document

Name	Type	Description
property	string	Name of the property whose value contains the error, if known. May be unset depending on the error.
message	string	Error message describing the invalid input error

{
  "property": "string",
  "message": "string"
}

InvalidInput Document

Error details when the caller has sent an invalid input document.

Name	Type	Description
DATA_TYPE	string `invalid_input#1.0.0`	Type of this document
errors	array ( InvalidInputItem )	Optional list of input schema violations, such as missing or unknown properties, or properties with invalid values.

{
  "DATA_TYPE": "invalid_input#1.0.0",
  "errors": [
    {
      "property": "string",
      "message": "string"
    }
  ]
}

InvalidUser Document

Error details when the caller’s identity does not map to valid local account.

Name	Type	Description
DATA_TYPE	string `invalid_user#1.0.0`	Type of this document
usernames	array of string	List of connector-specific usernames

{
  "DATA_TYPE": "invalid_user#1.0.0",
  "usernames": [
    "string"
  ]
}

ExternalIdentityMapping Document

The ExternalIdentityMapping defines the path and arguments of an external program to map an identity to a storage-gateway specific user account name. The specified command will be called to map Globus Auth identity data to a connector-specific list of account names.

Name	Type	Description
DATA_TYPE	string `external_identity_mapping#1.0.0`	Type of this document
command	array of string	The mapping command and its command-line arguments. In addition to these arguments, the following will also be passed to the program. -c CONNECTOR_ID The ID of the connector that the mapping is being done in the context of. -s STORAGE_GATEWAY_ID The ID of the storage gateway that the mapping is being done in the context of. -a This option is a flag that indicates that the GCS Manager wants to receive output containing all mappings for the given identity set. If not present, the program will receive exactly one object in the identities array and may only return a single mapping for that identity.

{
  "DATA_TYPE": "external_identity_mapping#1.0.0",
  "command": [
    "string"
  ]
}

MappingExpression Document

The MappingExpression document type contains information about a mapping expression, including the input, match, output, and flags used to process this expression.

Name	Type	Description
ignore_case	boolean	Flag indicating the match should be executed as a case insensitive comparison. If not present, this defaults to false.
literal	boolean	Flag indicating the match expression should be done as a literal match, ignoring any special regular characters. If not present, this defaults to false.
match	string	An expression which is applied to the output performing interpolation on source for determining if this mapping applies. This requires a full string match on the source.
output	string	A string representing the result of the mapping if the match succeeded. References to the original identity_set data can be interpolated as in the source property. References to match groups from the match property can be interpolated with numbers (indices starting with 0) surrounded by curly brackets `{}`.
source	string	A string comprised of text plus identity set data field names surrounded by curly brackets `{}` which are interpolated into the text.

{
  "ignore_case": true,
  "literal": true,
  "match": "string",
  "output": "string",
  "source": "string"
}

ExpressionIdentityMapping Document

The ExpressionIdentityMapping defines a set of identity mapping expressions to map Globus Auth identity data to a connector-specific list of account names.

Name	Type	Description
DATA_TYPE	string `expression_identity_mapping#1.0.0`	Type of this document
mappings	array ( MappingExpression )	Array of expression-based identity mapping values

{
  "DATA_TYPE": "expression_identity_mapping#1.0.0",
  "mappings": [
    {
      "ignore_case": true,
      "literal": true,
      "match": "string",
      "output": "string",
      "source": "string"
    }
  ]
}

LimitExceeded Document

Error details when a user would be authorized, but the endpoint has reached a hard resource limit on the type of object being created.

Name	Type	Description
DATA_TYPE	string `limit_exceeded#1.0.0`	Type of this document

{
  "DATA_TYPE": "limit_exceeded#1.0.0"
}

MissingRoleEntrySchema Document

Name	Type	Description
collection	string <uuid>	The collection which the role must apply to. If omitted, the role must apoly to an endpoint.
role	string `owner`, `administrator`, `access_manager`, `activity_manager`, `activity_monitor`, `access_monitor`

{
  "collection": "65986b24-c0b1-41fa-b21f-4a319273f511",
  "role": "owner"
}

MissingRequiredRole Document

Error details when a user has authenticated but lacks a role to be able to perform the requested operation.

Name	Type	Description
DATA_TYPE	string `missing_required_role#1.0.0`	Type of this document
roles	array ( MissingRoleEntrySchema )	List of roles authorized to perform this operation

{
  "DATA_TYPE": "missing_required_role#1.0.0",
  "roles": [
    {
      "collection": "65986b24-c0b1-41fa-b21f-4a319273f511",
      "role": "owner"
    }
  ]
}

MissingRequiredScopes Document

Error details when a user has authenticated but lacks an OAuth scope to be able to perform the requested operation.

Name	Type	Description
DATA_TYPE	string `missing_required_scopes#1.0.0`	Type of this document
required_scopes	array of string	List of OAuth scope names

{
  "DATA_TYPE": "missing_required_scopes#1.0.0",
  "required_scopes": [
    "string"
  ]
}

NodeSchema_1_0_0 Document

Services for Globus Connect Server endpoints may be deployed on multiple different physical resources, referred to as data transfer nodes. Each node may have one or more IP addresses, TCP incoming and outgoing port ranges, and a status value indicating whether it is configured to actively respond to requests or is in maintenance mode.

Name	Type	Description
DATA_TYPE	string `node#1.0.0`	Type of this document
id	string <uuid>	Unique id string this node. This is system generated and may not be included in create requests.
incoming_port_range	array of integer	Allowed port range for incoming TCP data connections
ip_addresses	array of string	List of IP addresses for this node
outgoing_port_range	array of integer	Port range used as the source for outgoing TCP data connections
status	string `active`, `inactive`	Current status of the Node. If a Node is marked inactive, it will be removed from the DNS entries for this endpoint and will return an error on any attempt to use the Manager API or attempt a Transfer using this node.

{
  "DATA_TYPE": "node#1.0.0",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "incoming_port_range": [
    65535,
    65535
  ],
  "ip_addresses": [
    "string"
  ],
  "outgoing_port_range": [
    65535,
    65535
  ],
  "status": "active"
}

NodeSchema_1_1_0 Document

Version 1.1.0 adds support for setting the data interface on a node.

Name	Type	Description
DATA_TYPE	string `node#1.1.0`	Type of this document
data_interface	string	IP address on which this node listens for data transfers
id	string <uuid>	Unique id string this node. This is system generated and may not be included in create requests.
incoming_port_range	array of integer	Allowed port range for incoming TCP data connections
ip_addresses	array of string	List of IP addresses for this node
outgoing_port_range	array of integer	Port range used as the source for outgoing TCP data connections
status	string `active`, `inactive`	Current status of the Node. If a Node is marked inactive, it will be removed from the DNS entries for this endpoint and will return an error on any attempt to use the Manager API or attempt a Transfer using this node.

{
  "DATA_TYPE": "node#1.1.0",
  "data_interface": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "incoming_port_range": [
    65535,
    65535
  ],
  "ip_addresses": [
    "string"
  ],
  "outgoing_port_range": [
    65535,
    65535
  ],
  "status": "active"
}

NotFromAllowedDomain Document

Error details when a user has authenticated but does not have an identity from the required domain to perform the requested action.

Name	Type	Description
DATA_TYPE	string `not_from_allowed_domain#1.0.0`	Type of this document
allowed_domains	array of string	List of domains allowed by this resource

{
  "DATA_TYPE": "not_from_allowed_domain#1.0.0",
  "allowed_domains": [
    "string"
  ]
}

NotResourceOwner Document

Name	Type	Description
DATA_TYPE	string `not_resource_owner#1.0.0`	Type of this document
id	string <uuid>	Identity ID of the owner of the resource

{
  "DATA_TYPE": "not_resource_owner#1.0.0",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08"
}

OwnerString Document

Owner string document

Name	Type	Description
DATA_TYPE	string `owner_string#1.0.0`	Type of this document
identity_id	string <uuid>	Globus Auth Identity id

{
  "DATA_TYPE": "owner_string#1.0.0",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1"
}

Result Document

This is the result envelope returned from all operations in this API. Each operation may add properties to this base document type with additional operation-specific data values.

Name	Type	Description
DATA_TYPE	string `result#1.0.0`	Type of this document
code	string	String response code
data	array of object
detail	any type
has_next_page	boolean	Boolean flag indicating whether or not additional pages of response data may be requested by passing the marker to the same operation.
http_response_code	integer	Numeric HTTP response code
marker	string	Opaque marker that may be passed to this API call to fetch the next page of results if the returned document has `has_next_page` set to true.
message	string	Message describing this result

{
  "DATA_TYPE": "result#1.0.0",
  "code": "string",
  "data": [
    {}
  ],
  "detail": null,
  "has_next_page": false,
  "http_response_code": 100,
  "marker": "string",
  "message": "string"
}

ResourceConflict Document

Error details when the caller has attempted to update an object that results in a conflict with some other object.

Name	Type	Description
DATA_TYPE	string `resource_conflict#1.0.0`	Type of this document
resources	array of string <uuid>	List of other resources which conflict with this proposed change.

{
  "DATA_TYPE": "resource_conflict#1.0.0",
  "resources": [
    "497f6eca-6276-4993-bfeb-53cbbbba6f08"
  ]
}

Role Document

The "Role" document type represents the assignment of a role on an Endpoint or Collection to a Globus identity or group.

Name	Type	Description
DATA_TYPE	string `role#1.0.0`	Type of this document
id	string <uuid>	Unique id string for this role assignment. This is system generated and should not be included in create requests.
principal	string `^(urn:globus:auth:identity\|urn:globus:groups:id):([a-f0-9-]*)$`	Globus Auth identity or group id URN
collection	string <uuid>	Collection Id. This value is omitted when creating an endpoint role or when creating role definitions when creating "collections.
role	string `owner`, `administrator`, `access_manager`, `activity_manager`, `activity_monitor`, `access_monitor`	Role assigned to the principal

{
  "DATA_TYPE": "role#1.0.0",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "principal": "string",
  "collection": "65986b24-c0b1-41fa-b21f-4a319273f511",
  "role": "owner"
}

IdentityMapping Document

Globus Connect Server provides two ways for you to implement a custom Globus identity to account mapping: expression-based and external program

With expression-based mapping you can write rules that extract data from fields in the Globus identity document to form storage gateway-specific usernames. If there is a regular relationship between most of your users' Identity information to their account names, this is probably the most direct way to accomplish the mapping.

With external program mappings you can use any mechanism you like (static mapping, ldap, database, etc) to look up account information and return the mapped account user name. If you have an account system that has usernames without a simple relationship to your users' Globus identities, or that requires interfacing with an accounting system, this may be necessary.

One of the following schemas:

ExternalIdentityMapping
ExpressionIdentityMapping

{
  "DATA_TYPE": "external_identity_mapping#1.0.0",
  "command": [
    "string"
  ]
}

StorageGatewaySchema_1_0_0 Document

A storage gateway provides the access policies for the endpoint’s connected storage systems. It is a named interface by which authorized users can create and manage collections on the connected storage system. A single storage system may be associated with multiple storage gateways, each with its own policies.

Storage gateway policies describe what type connector the storage gateway uses, the paths it allows access to, the login requirements are for the storage gateway, and the algorithm to map Globus identities to the user namespace of the storage gateway (e.g. local accounts).

Name	Type	Description
DATA_TYPE	string `storage_gateway#1.0.0`	Type of this document
allowed_domains	array of string	List of allowed domains. Users creating credentials or collections on this storage gateway must have an identity in one of these domains.
authentication_assurance_timeout (deprecated)	integer	Alias for authentication_timeout_mins[Private]
authentication_timeout_mins	integer	Timeout (in minutes) during which a user is required to have authenticated to access files or create user credentials on this storage gateway. For a high assurance storage gateway, this must be done within the current Globus Auth session, otherwise, the caller can perform the authentication with any application which uses Globus Auth.
connector_id	string <uuid>	Id of the connector type that this storage gateway interacts with.
deleted	boolean	Flag indicating that this storage gateway has been deleted[Private]
display_name	string	Name of the storage gateway
high_assurance	boolean	Flag indicating if the storage_gateway requires high assurance features.
id	string <uuid>	Unique id for this storage gateway
identity_mappings	array ( IdentityMapping )	List of identity mappings to apply to user identities to determine what connector-specific accounts are available for access. [Private]
load_dsi_module	string	Name of the DSI module to load by the GridFTP server when accessing this storage gateway. [Private]
policies	AzureBlobStoragePolicies or BlackPearlStoragePolicies or BoxStoragePolicies or CephStoragePolicies or GoogleCloudStoragePolicies or GoogleDriveStoragePolicies or HPSSStoragePolicies or IrodsStoragePolicies or OneDriveStoragePolicies or PosixStoragePolicies or PosixStagingStoragePolicies or S3StoragePolicies	Connector-specific storage policies
process_user	string	Local POSIX user the GridFTP server should run as when accessing this storage gateway. [Private]
require_high_assurance (deprecated)	boolean	Alias for high_assurance
restrict_paths	null or PathRestrictions	Path restrictions within this storage gateway. Paths are interpreted as absolute paths in the file namespace of the connector. [Private]
users_allow	array of string	List of connector-specific usernames allowed to access this storage gateway. [Private]
users_deny	array of string	List of connector-specific usernames denied access to this storage gateway. [Private]

{
  "DATA_TYPE": "storage_gateway#1.0.0",
  "allowed_domains": [
    "string"
  ],
  "authentication_assurance_timeout": 1,
  "authentication_timeout_mins": 1,
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "deleted": true,
  "display_name": "string",
  "high_assurance": true,
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_mappings": [
    {
      "DATA_TYPE": "external_identity_mapping#1.0.0",
      "command": [
        "string"
      ]
    }
  ],
  "load_dsi_module": "string",
  "policies": {
    "DATA_TYPE": "azure_blob_storage_policies#1.0.0",
    "account": "string",
    "adls": true,
    "auth_callback": "string",
    "auth_type": "string",
    "client_id": "string",
    "secret": "string",
    "tenant": "string",
    "user_credential_required": true
  },
  "process_user": "string",
  "require_high_assurance": true,
  "restrict_paths": {},
  "users_allow": [
    "string"
  ],
  "users_deny": [
    "string"
  ]
}

StorageGatewaySchema_1_1_0 Document

Version 1.1.0 includes support for multi-factor authentication requirements for high assurance storage gateways.

Name	Type	Description
DATA_TYPE	string `storage_gateway#1.1.0`	Type of this document
allowed_domains	array of string	List of allowed domains. Users creating credentials or collections on this storage gateway must have an identity in one of these domains.
authentication_assurance_timeout (deprecated)	integer	Alias for authentication_timeout_mins[Private]
authentication_timeout_mins	integer	Timeout (in minutes) during which a user is required to have authenticated to access files or create user credentials on this storage gateway. For a high assurance storage gateway, this must be done within the current Globus Auth session, otherwise, the caller can perform the authentication with any application which uses Globus Auth.
connector_id	string <uuid>	Id of the connector type that this storage gateway interacts with.
deleted	boolean	Flag indicating that this storage gateway has been deleted[Private]
display_name	string	Name of the storage gateway
high_assurance	boolean	Flag indicating if the storage_gateway requires high assurance features.
id	string <uuid>	Unique id for this storage gateway
identity_mappings	array ( IdentityMapping )	List of identity mappings to apply to user identities to determine what connector-specific accounts are available for access. [Private]
load_dsi_module	string	Name of the DSI module to load by the GridFTP server when accessing this storage gateway. [Private]
policies	AzureBlobStoragePolicies or BlackPearlStoragePolicies or BoxStoragePolicies or CephStoragePolicies or GoogleCloudStoragePolicies or GoogleDriveStoragePolicies or HPSSStoragePolicies or IrodsStoragePolicies or OneDriveStoragePolicies or PosixStoragePolicies or PosixStagingStoragePolicies or S3StoragePolicies	Connector-specific storage policies
process_user	string	Local POSIX user the GridFTP server should run as when accessing this storage gateway. [Private]
require_high_assurance (deprecated)	boolean	Alias for high_assurance
require_mfa	boolean	Flag indicating if the storage_gateway requires multi-factor authentication. Only usable on high assurance storage gateways.
restrict_paths	null or PathRestrictions	Path restrictions within this storage gateway. Paths are interpreted as absolute paths in the file namespace of the connector. [Private]
users_allow	array of string	List of connector-specific usernames allowed to access this storage gateway. [Private]
users_deny	array of string	List of connector-specific usernames denied access to this storage gateway. [Private]

{
  "DATA_TYPE": "storage_gateway#1.1.0",
  "allowed_domains": [
    "string"
  ],
  "authentication_assurance_timeout": 1,
  "authentication_timeout_mins": 1,
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "deleted": true,
  "display_name": "string",
  "high_assurance": true,
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_mappings": [
    {
      "DATA_TYPE": "external_identity_mapping#1.0.0",
      "command": [
        "string"
      ]
    }
  ],
  "load_dsi_module": "string",
  "policies": {
    "DATA_TYPE": "azure_blob_storage_policies#1.0.0",
    "account": "string",
    "adls": true,
    "auth_callback": "string",
    "auth_type": "string",
    "client_id": "string",
    "secret": "string",
    "tenant": "string",
    "user_credential_required": true
  },
  "process_user": "string",
  "require_high_assurance": true,
  "require_mfa": false,
  "restrict_paths": {},
  "users_allow": [
    "string"
  ],
  "users_deny": [
    "string"
  ]
}

StorageGatewaySchema_1_2_0 Document

Version 1.1.0 includes support for multi-factor authentication requirements for high assurance storage gateways.

Version 1.2.0 includes support for admin managed credentials.

Name	Type	Description
DATA_TYPE	string `storage_gateway#1.2.0`	Type of this document
admin_managed_credentials	boolean	Flag indicating if the storage_gateway allows endpoint administrators to manage user credentials on behalf of other users.
allowed_domains	array of string	List of allowed domains. Users creating credentials or collections on this storage gateway must have an identity in one of these domains.
authentication_assurance_timeout (deprecated)	integer	Alias for authentication_timeout_mins[Private]
authentication_timeout_mins	integer	Timeout (in minutes) during which a user is required to have authenticated to access files or create user credentials on this storage gateway. For a high assurance storage gateway, this must be done within the current Globus Auth session, otherwise, the caller can perform the authentication with any application which uses Globus Auth.
connector_id	string <uuid>	Id of the connector type that this storage gateway interacts with.
deleted	boolean	Flag indicating that this storage gateway has been deleted[Private]
display_name	string	Name of the storage gateway
high_assurance	boolean	Flag indicating if the storage_gateway requires high assurance features.
id	string <uuid>	Unique id for this storage gateway
identity_mappings	array ( IdentityMapping )	List of identity mappings to apply to user identities to determine what connector-specific accounts are available for access. [Private]
load_dsi_module	string	Name of the DSI module to load by the GridFTP server when accessing this storage gateway. [Private]
policies	AzureBlobStoragePolicies or BlackPearlStoragePolicies or BoxStoragePolicies or CephStoragePolicies or GoogleCloudStoragePolicies or GoogleDriveStoragePolicies or HPSSStoragePolicies or IrodsStoragePolicies or OneDriveStoragePolicies or PosixStoragePolicies or PosixStagingStoragePolicies or S3StoragePolicies	Connector-specific storage policies
process_user	string	Local POSIX user the GridFTP server should run as when accessing this storage gateway. [Private]
require_high_assurance (deprecated)	boolean	Alias for high_assurance
require_mfa	boolean	Flag indicating if the storage_gateway requires multi-factor authentication. Only usable on high assurance storage gateways.
restrict_paths	null or PathRestrictions	Path restrictions within this storage gateway. Paths are interpreted as absolute paths in the file namespace of the connector. [Private]
users_allow	array of string	List of connector-specific usernames allowed to access this storage gateway. [Private]
users_deny	array of string	List of connector-specific usernames denied access to this storage gateway. [Private]

{
  "DATA_TYPE": "storage_gateway#1.2.0",
  "admin_managed_credentials": false,
  "allowed_domains": [
    "string"
  ],
  "authentication_assurance_timeout": 1,
  "authentication_timeout_mins": 1,
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "deleted": true,
  "display_name": "string",
  "high_assurance": true,
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_mappings": [
    {
      "DATA_TYPE": "external_identity_mapping#1.0.0",
      "command": [
        "string"
      ]
    }
  ],
  "load_dsi_module": "string",
  "policies": {
    "DATA_TYPE": "azure_blob_storage_policies#1.0.0",
    "account": "string",
    "adls": true,
    "auth_callback": "string",
    "auth_type": "string",
    "client_id": "string",
    "secret": "string",
    "tenant": "string",
    "user_credential_required": true
  },
  "process_user": "string",
  "require_high_assurance": true,
  "require_mfa": false,
  "restrict_paths": {},
  "users_allow": [
    "string"
  ],
  "users_deny": [
    "string"
  ]
}

SubscriptionRequired Document

Error details when the caller has attempted to access a feature not supported by the endpoint’s subscription.

Name	Type	Description
DATA_TYPE	string `subscription_required#1.0.0`	Type of this document
add_ons	array of string	List of subscription add-ons required for this feature
subscription_level	string	Level of subscription required for this feature

{
  "DATA_TYPE": "subscription_required#1.0.0",
  "add_ons": [
    "string"
  ],
  "subscription_level": "string"
}

UserCredential Document

Name	Type	Description
DATA_TYPE	string `user_credential#1.0.0`	Type of this document
connector_id	string <uuid>	Id of the connector type used by this credential
deleted	boolean	Flag indicating that this credential has been deleted
display_name	string	Display name of the credential
home_directory	string	The home directory of this account associated with this credential[Private]
id	string <uuid>	Unique id for this user credential
identity_id	string <uuid>	Globus Auth identity id that this credential is associated with
invalid	boolean	Flag indicating that this credential is no longer valid
policies	AzureBlobUserCredentialPolicies or BlackPearlUserCredentialPolicies or BoxUserCredentialPolicies or CephUserCredentialPolicies or GoogleCloudStorageUserCredentialPolicies or GoogleDriveUserCredentialPolicies or HPSSUserCredentialPolicies or IrodsUserCredentialPolicies or OneDriveUserCredentialPolicies or PosixUserCredentialPolicies or PosixStagingUserCredentialPolicies or S3UserCredentialPolicies	Connector-specific user credential policies
provisioned	boolean	Flag indicating that this credential has been fully provisioned. If this is false and the invalid property is true, then the credential was created during login and patching it to add the missing data should be presented to the user as initializing the credential.
storage_gateway_id	string <uuid>	Storage Gateway this credential is associated with
username	string	Connector-specific username that this credential is associated with. If the connector supports identity mapping, this matches the result of the mapping applied to identity_id.

{
  "DATA_TYPE": "user_credential#1.0.0",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "deleted": true,
  "display_name": "string",
  "home_directory": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "invalid": true,
  "policies": {
    "DATA_TYPE": "azure_blob_user_credential_policies#1.0.0",
    "access_token": "string",
    "email": "string",
    "refresh_token": "string",
    "scopes": [
      "string"
    ],
    "sub": "string",
    "tid": "string",
    "token_expiry": "2019-08-24T14:15:22Z"
  },
  "provisioned": true,
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "username": "string"
}

AzureBlobStoragePolicies Document

Connector-specific storage gateway policies for the AzureBlob connector

Name	Type	Description
DATA_TYPE	string `azure_blob_storage_policies#1.0.0`	Type of this document
account	string	Azure Storage account to access with this storage gateway[Private]
adls	boolean	Flag indicating the Azure storage account has enabled Azure Data Lake Gen2 hierarchical namespace support. [Private]
auth_callback	string	URL of the auth callback that must be registered on the Microsoft API console for the application client_id in order to process Microsoft credentials.
auth_type	string	The method of authentication to Azure. "user" prompts the user to log in to their Microsoft account via an oauth2 flow. "service_principal" uses the configured client_id and client_secret values to authenticate as an Azure service principal.
client_id	string	Client ID registered with the Azure console to access Azure Blob. [Private]
secret	string	Secret created in the Azure console to access Azure Blob with the client_id in this policy. [Private]
tenant	string	Tenant id of the Microsoft organization[Private]
user_credential_required	boolean	Flag indicating whether users must register a credential. If true (or if this property is missing), this storage gateway is configured for OAuth2 user authentication. If false, authentication is configured by the admin.

{
  "DATA_TYPE": "azure_blob_storage_policies#1.0.0",
  "account": "string",
  "adls": true,
  "auth_callback": "string",
  "auth_type": "string",
  "client_id": "string",
  "secret": "string",
  "tenant": "string",
  "user_credential_required": true
}

AzureBlobUserCredentialPolicies Document

Connector-specific user credential policies for the AzureBlob connector

Name	Type	Description
DATA_TYPE	string `azure_blob_user_credential_policies#1.0.0`	Type of this document
access_token	string	OAuth access token[Private]
email	string	OAuth email claim
refresh_token	string	OAuth refresh_token token[Private]
scopes	array of string	OAuth scopes associated with this access token
sub	string	OAuth subject identifier claim
tid	string	Tenant id
token_expiry	string <date-time>	OAuth access token expiration time

{
  "DATA_TYPE": "azure_blob_user_credential_policies#1.0.0",
  "access_token": "string",
  "email": "string",
  "refresh_token": "string",
  "scopes": [
    "string"
  ],
  "sub": "string",
  "tid": "string",
  "token_expiry": "2019-08-24T14:15:22Z"
}

AzureBlobCollectionPolicies Document

Connector-specific collection policies for the AzureBlob connector

Name	Type	Description
DATA_TYPE	string `azure_blob_collection_policies#1.0.0`	Type of this document

{
  "DATA_TYPE": "azure_blob_collection_policies#1.0.0"
}

BlackPearlStoragePolicies Document

Connector-specific storage gateway policies for the Blackpearl connector

Name	Type	Description
DATA_TYPE	string `blackpearl_storage_policies#1.0.0`	Type of this document
bp_access_id_file	string	Path to the file which provides mappings from usernames within the configured identity domain to the ID and secret associated with the user’s BlackPearl account [Private]
s3_endpoint	string	The URL of the S3 endpoint of the BlackPearl appliance to use to access collections on this Storage Gateway.

{
  "DATA_TYPE": "blackpearl_storage_policies#1.0.0",
  "bp_access_id_file": "string",
  "s3_endpoint": "string"
}

BlackPearlUserCredentialPolicies Document

Connector-specific user credential policies for the Blackpearl connector

Name	Type	Description
DATA_TYPE	string `blackpearl_user_credential_policies#1.0.0`	Type of this document
access_id	string	BlackPearl access id
secret_key	string	BlackPearl secret key[Private]

{
  "DATA_TYPE": "blackpearl_user_credential_policies#1.0.0",
  "access_id": "string",
  "secret_key": "string"
}

BlackPearlCollectionPolicies Document

Connector-specific collection policies for the BlackPearl connector

Name	Type	Description
DATA_TYPE	string `blackpearl_collection_policies#1.0.0`	Type of this document

{
  "DATA_TYPE": "blackpearl_collection_policies#1.0.0"
}

BoxAppSettings Document

Values from the Box JWT client configuration that the storage gateway uses to identify and authenticate with the Box API. This is only set when configuring the storage gateway for Box enterprise authentication.

Name	Type	Description
appAuth	BoxAppAuth	Box application keys
clientID	string	Application client ID
clientSecret	string	Application client secret

{
  "appAuth": {
    "passphrase": "string",
    "privateKey": "string",
    "publicKeyID": "string"
  },
  "clientID": "string",
  "clientSecret": "string"
}

BoxAppAuth Document

Key information used to perform JWT grants for using the Box API

Name	Type	Description
passphrase	string	Passphrase to decrypt the private key
privateKey	string	Private key
publicKeyID	string	ID of the public key

{
  "passphrase": "string",
  "privateKey": "string",
  "publicKeyID": "string"
}

BoxStorage_1_0_0 Document

Connector-specific storage gateway policies for the Box connector.

Name	Type	Description
DATA_TYPE	string `box_storage_policies#1.0.0`	Type of this document
boxAppSettings	BoxAppSettings	Box Application settings[Private]
enterpriseID	string	Identifies which Box Enterprise this storage gateway is authorized access to. This is only set when configuring the storage gateway for Box enterprise authentication. [Private]

{
  "DATA_TYPE": "box_storage_policies#1.0.0",
  "boxAppSettings": {
    "appAuth": {
      "passphrase": "string",
      "privateKey": "string",
      "publicKeyID": "string"
    },
    "clientID": "string",
    "clientSecret": "string"
  },
  "enterpriseID": "string"
}

BoxStorage_1_1_0 Document

Connector-specific storage gateway policies for the Box connector.

Name	Type	Description
DATA_TYPE	string `box_storage_policies#1.1.0`	Type of this document
auth_callback	string	URL of the auth callback that must be set on the Box developer console for the Box application of client_id.
boxAppSettings	BoxAppSettings	Values from the Box JWT client configuration that the storage gateway uses to identify and authenticate with the Box API. This is only set when configuring the storage gateway for Box enterprise authentication.
client_id	string	Client ID of the Box OAuth2 application registered on the Box developer console. This is only set when configuring the storage gateway for OAuth2 user authentication. [Private]
enterpriseID	string	Identifies which Box Enterprise this storage gateway is authorized access to. This is only set when configuring the storage gateway for Box enterprise authentication. [Private]
secret	string	Secret associated with the client_id set in this policy. This is only set when configuring the storage gateway for OAuth2 user authentication. [Private]
user_api_rate_limit	integer	User API Rate Limit associated with this client ID in operations per second per user. [Private]
user_credential_required	boolean	Flag indicating whether users must register a credential. If true, this storage gateway is configured for OAuth2 user authentication. If false (and for older DATA_TYPE where this property is missing), this storage gateway is configured for enterprise authentication.

{
  "DATA_TYPE": "box_storage_policies#1.1.0",
  "auth_callback": "string",
  "boxAppSettings": {
    "appAuth": {
      "passphrase": "string",
      "privateKey": "string",
      "publicKeyID": "string"
    },
    "clientID": "string",
    "clientSecret": "string"
  },
  "client_id": "string",
  "enterpriseID": "string",
  "secret": "string",
  "user_api_rate_limit": 0,
  "user_credential_required": true
}

BoxUserCredential_1_0_0 Document

Connector-specific user credential policies for the Box connector

Name	Type	Description
DATA_TYPE	string `box_user_credential_policies#1.0.0`	Type of this document

{
  "DATA_TYPE": "box_user_credential_policies#1.0.0"
}

BoxUserCredential_1_1_0 Document

Connector-specific user credential policies for the Box connector

Name	Type	Description
DATA_TYPE	string `box_user_credential_policies#1.1.0`	Type of this document
access_token	string	OAuth access token[Private]
email	string	OAuth email identifier claim
max_upload	integer	[Private]
refresh_token	string	OAuth refresh token[Private]
scopes	array of string	OAuth scopes associated with this access token
sub	string	OAuth subject identifier claim
token_expiry	string <date-time>	OAuth access token expiration time

{
  "DATA_TYPE": "box_user_credential_policies#1.1.0",
  "access_token": "string",
  "email": "string",
  "max_upload": 0,
  "refresh_token": "string",
  "scopes": [
    "box_readwrite"
  ],
  "sub": "string",
  "token_expiry": "2019-08-24T14:15:22Z"
}

BoxCollectionPolicies Document

Connector-specific collection policies for the Box connector

Name	Type	Description
DATA_TYPE	string `box_collection_policies#1.0.0`	Type of this document

{
  "DATA_TYPE": "box_collection_policies#1.0.0"
}

CephStoragePolicies Document

Connector-specific storage gateway policies for the Ceph connector

Name	Type	Description
DATA_TYPE	string `ceph_storage_policies#1.0.0`	Type of this document
ceph_admin_key_id	string	Administrator key id used to authenticate with the ceph admin service to obtain user credentials. [Private]
ceph_admin_secret_key	string	Administrator secret key used to authenticate with the ceph admin service to obtain user credentials. [Private]
s3_buckets	array of string	List of buckets not owned by the collection owner that will be shown in the root of collections created at the base of this Storage Gateway.
s3_endpoint	string	URL of the Ceph RADOS Gateway S3 API

{
  "DATA_TYPE": "ceph_storage_policies#1.0.0",
  "ceph_admin_key_id": "string",
  "ceph_admin_secret_key": "string",
  "s3_buckets": [
    "string"
  ],
  "s3_endpoint": "string"
}

CephUserCredentialPolicies Document

Connector-specific user credential policies for the Ceph connector

Name	Type	Description
DATA_TYPE	string `ceph_user_credential_policies#1.0.0`	Type of this document

{
  "DATA_TYPE": "ceph_user_credential_policies#1.0.0"
}

CephCollectionPolicies Document

Connector-specific collection policies for the Ceph connector

Name	Type	Description
DATA_TYPE	string `ceph_collection_policies#1.0.0`	Type of this document

{
  "DATA_TYPE": "ceph_collection_policies#1.0.0"
}

GoogleCloudStoragePolicies Document

Connector-specific storage gateway policies for the Google Cloud Storage connector

Name	Type	Description
DATA_TYPE	string `google_cloud_storage_policies#1.0.0`	Type of this document
auth_callback	string	URL of the auth callback that must be registered on the Google API console for the application client_id in order to process " Google credentials.
buckets	array of string	The list of Google Cloud Storage buckets which the Storage Gateway is allowed to access, as well as the list of buckets that will be shown in root level directory listings. If this list is unset, bucket access is unrestricted and all non public credential accessible buckets will be shown in root level directory listings. The value is a list of bucket names.
client_id	string	Client ID registered with the Google Application console to access Google Cloud Storage. [Private]
projects	array of string	The list of Google Cloud Storage project ids which the Storage Gateway is allowed to access. If this list is unset, project access is unrestricted. The value is a list of project id strings.
secret	string	Secret created to access access Google Cloud Storage with the client_id in this policy. [Private]
service_account_key	object	Service account key to use when authenticating all storage access[Private]
user_credential_required	boolean	Flag indicating whether users must register a credential. If true (or if this property is missing), this storage gateway is configured for OAuth2 user authentication. If false, authentication is configured by the admin.

{
  "DATA_TYPE": "google_cloud_storage_policies#1.0.0",
  "auth_callback": "string",
  "buckets": [
    "string"
  ],
  "client_id": "string",
  "projects": [
    "string"
  ],
  "secret": "string",
  "service_account_key": {},
  "user_credential_required": true
}

GoogleCloudStorageProject Document

A Google Cloud Platform project resource

Name	Type	Description
name	string	The name of the project
projectId	string	Google-issued id of a Google Cloud Platform project

{
  "name": "string",
  "projectId": "string"
}

GoogleCloudStorageUserCredentialPolicies Document

Connector-specific user credential policies for the Google Cloud Storage connector

Name	Type	Description
DATA_TYPE	string `google_cloud_storage_user_credential_policies#1.0.0`	Type of this document
access_token	string	Access token to interact with the Google Cloud Storage API[Private]
email	string	OpenID Connect email property of this credential
projects	array ( GoogleCloudStorageProject )	List of Google Cloud Platform projects available for use with this credential.
refresh_token	string	Refresh token to generate new access tokens to use with the Google Cloud Storage API [Private]
scopes	array of string	List of OAuth2 scopes associated with the tokens in this credential
sub	string	OpenID Connect subject property of this credential
token_expiry	string <date-time>	Time when he access token expires

{
  "DATA_TYPE": "google_cloud_storage_user_credential_policies#1.0.0",
  "access_token": "string",
  "email": "string",
  "projects": [
    {
      "name": "string",
      "projectId": "string"
    }
  ],
  "refresh_token": "string",
  "scopes": [
    "string"
  ],
  "sub": "string",
  "token_expiry": "2019-08-24T14:15:22Z"
}

GoogleCloudStorageCollectionPolicies Document

Connector-specific collection policies for the Google Cloud Storage connector

Name	Type	Description
DATA_TYPE	string `google_cloud_storage_collection_policies#1.0.0`	Type of this document
project	string	Google Cloud Platform project ID value that is associated with this collection.

{
  "DATA_TYPE": "google_cloud_storage_collection_policies#1.0.0",
  "project": "string"
}

GoogleDriveStoragePolicies Document

Connector-specific storage gateway policies for the Google Drive connector

Name	Type	Description
DATA_TYPE	string `google_drive_storage_policies#1.0.0`	Type of this document
auth_callback	string	URL of the auth callback that must be registered on the Google API console for the application client_id in order to process Google credentials.
client_id	string	Client ID registered with the Google Application console to access Google Drive. [Private]
secret	string	Secret created to access access Google Drive with the client_id in this policy. [Private]
user_api_rate_quota	integer	User API Rate quota associated with this client ID[Private]

{
  "DATA_TYPE": "google_drive_storage_policies#1.0.0",
  "auth_callback": "string",
  "client_id": "string",
  "secret": "string",
  "user_api_rate_quota": 0
}

GoogleDriveUserCredentialPolicies Document

Connector-specific user credential policies for the Google Drive connector

Name	Type	Description
DATA_TYPE	string `google_drive_user_credential_policies#1.0.0`	Type of this document
access_token	string	OAuth access token[Private]
email	string	OAuth email claim
refresh_token	string	OAuth refresh token[Private]
scopes	array of string	OAuth scopes associated with this access token
sub	string	OAuth subject identifier claim
token_expiry	string <date-time>	OAuth access token expiration time

{
  "DATA_TYPE": "google_drive_user_credential_policies#1.0.0",
  "access_token": "string",
  "email": "string",
  "refresh_token": "string",
  "scopes": [
    "email",
    "profile",
    "https://www.googleapis.com/auth/drive",
    "https://www.googleapis.com/auth/drive.appfolder"
  ],
  "sub": "string",
  "token_expiry": "2019-08-24T14:15:22Z"
}

GoogleDriveCollectionPolicies Document

Connector-specific collection policies for the Google Drive connector

Name	Type	Description
DATA_TYPE	string `google_drive_collection_policies#1.0.0`	Type of this document

{
  "DATA_TYPE": "google_drive_collection_policies#1.0.0"
}

HPSSStoragePolicies Document

Connector-specific storage gateway policies for the HPSS connector

Name	Type	Description
DATA_TYPE	string `hpss_storage_policies#1.0.0`	Type of this document
authentication_mech	string `krb5`, `unix`	The type of authentication the connector will perform when logging into HPSS [Private]
authenticator	string `^(auth_keyfile\|auth_keytab):/`	Authenticator used with authentication mech to perform authentication to HPSS. Format is: "<auth_type>:<auth_file>" where <auth_type> is one of "auth_keytab" or "auth_keyfile". [Private]
uda_checksum	boolean	Flag that indicates if checksums should be stored within UDAs so that sync-by-checksum transfers can verify the file without staging the file from tape.

{
  "DATA_TYPE": "hpss_storage_policies#1.0.0",
  "authentication_mech": "krb5",
  "authenticator": "auth_keytab:/var/hpss/etc/gridftp.keytab",
  "uda_checksum": true
}

HPSSCollectionPolicies Document

Connector-specific collection policies for the HPSS connector

Name	Type	Description
DATA_TYPE	string `hpss_collection_policies#1.0.0`	Type of this document

{
  "DATA_TYPE": "hpss_collection_policies#1.0.0"
}

HPSSUserCredentialPolicies Document

Connector-specific user credential policies for the HPSS connector

Name	Type	Description
DATA_TYPE	string `hpss_user_credential_policies#1.0.0`	Type of this document

{
  "DATA_TYPE": "hpss_user_credential_policies#1.0.0"
}

IrodsEnvironment Document

Variables to set in the iRODS client environment.

Name	Type	Description
name	string	Environment variable name
value	string	Environment variable value

{
  "name": "string",
  "value": "string"
}

IrodsStoragePolicies Document

Connector-specific storage gateway policies for the Irods connector

Name	Type	Description
DATA_TYPE	string `irods_storage_policies#1.0.0`	Type of this document
environment	array ( IrodsEnvironment )	Variables to set in the iRODS client environment[Private]
irods_authentication_file	string	Path to the irods authentication file[Private]
irods_environment_file	string	Path to the irods environment file[Private]

{
  "DATA_TYPE": "irods_storage_policies#1.0.0",
  "environment": [
    {
      "name": "string",
      "value": "string"
    }
  ],
  "irods_authentication_file": "/var/irods/.irodsA",
  "irods_environment_file": "/var/irods/irods_environment.json"
}

IrodsUserCredentialPolicies Document

Connector-specific user credential policies for the Irods connector

Name	Type	Description
DATA_TYPE	string `irods_user_credential_policies#1.0.0`	Type of this document

{
  "DATA_TYPE": "irods_user_credential_policies#1.0.0"
}

IrodsCollectionPolicies Document

Connector-specific collection policies for the Irods connector

Name	Type	Description
DATA_TYPE	string `irods_collection_policies#1.0.0`	Type of this document

{
  "DATA_TYPE": "irods_collection_policies#1.0.0"
}

OneDriveStoragePolicies Document

Connector-specific storage gateway policies for the OneDrive connector

Name	Type	Description
DATA_TYPE	string `onedrive_storage_policies#1.0.0`	Type of this document
auth_callback	string	URL of the auth callback that must be registered on the Microsoft API console for the application client_id in order to process Microsoft credentials.
client_id	string	Client ID registered with the Azure console to access OneDrive[Private]
secret	string	Secret created in the Azure console to access OneDrive with the client_id in this policy. [Private]
tenant	string	Tenant ID of the Microsoft organization. Required when Supported Account Types of the Azure application is set to Single tenant. [Private]
user_api_rate_limit	integer	User API Rate Limit associated with this client ID in operations per second per user. [Private]

{
  "DATA_TYPE": "onedrive_storage_policies#1.0.0",
  "auth_callback": "string",
  "client_id": "string",
  "secret": "string",
  "tenant": "string",
  "user_api_rate_limit": 0
}

OneDriveUserCredentialPolicies Document

Connector-specific user credential policies for the OneDrive connector

Name	Type	Description
DATA_TYPE	string `onedrive_user_credential_policies#1.0.0`	Type of this document
access_token	string	OAuth access token[Private]
email	string	OAuth email claim
refresh_token	string	OAuth refresh token[Private]
scopes	array of string	OAuth scopes associated with the access token
sub	string	OAuth subject identifier claim
tid	string
token_expiry	string <date-time>	OAuth access token expiration time

{
  "DATA_TYPE": "onedrive_user_credential_policies#1.0.0",
  "access_token": "string",
  "email": "string",
  "refresh_token": "string",
  "scopes": [
    "openid",
    "email",
    "profile",
    "offline_access",
    "files.readwrite.all"
  ],
  "sub": "string",
  "tid": "string",
  "token_expiry": "2019-08-24T14:15:22Z"
}

OneDriveCollectionPolicies Document

Connector-specific collection policies for the OneDrive connector

Name	Type	Description
DATA_TYPE	string `onedrive_collection_policies#1.0.0`	Type of this document

{
  "DATA_TYPE": "onedrive_collection_policies#1.0.0"
}

PosixStoragePolicies Document

Connector-specific storage gateway policies for the POSIX connector.

Name	Type	Description
DATA_TYPE	string `posix_storage_policies#1.0.0`	Type of this document
groups_allow	array of string	List of POSIX group names allowed to access this storage gateway [Private]
groups_deny	array of string	List of POSIX group names denied access this storage gateway [Private]

{
  "DATA_TYPE": "posix_storage_policies#1.0.0",
  "groups_allow": [
    "string"
  ],
  "groups_deny": [
    "string"
  ]
}

PosixUserCredentialPolicies Document

Connector-specific user credential policies for the POSIX connector

Name	Type	Description
DATA_TYPE	string `posix_user_credential_policies#1.0.0`	Type of this document

{
  "DATA_TYPE": "posix_user_credential_policies#1.0.0"
}

PosixCollectionPolicies_1_0_0 Document

Connector-specific collection policies for the POSIX connector

Name	Type	Description
DATA_TYPE	string `posix_collection_policies#1.0.0`	Type of this document

{
  "DATA_TYPE": "posix_collection_policies#1.0.0"
}

PosixCollectionPolicies_1_1_0 Document

Connector-specific collection policies for the POSIX connector

Name	Type	Description
DATA_TYPE	string `posix_collection_policies#1.1.0`	Type of this document
sharing_groups_allow	array of string	List of POSIX group names allowed to create shares on this collection [Private]
sharing_groups_deny	array of string	List of POSIX group names denied access to create shares on this collection. [Private]

{
  "DATA_TYPE": "posix_collection_policies#1.1.0",
  "sharing_groups_allow": [
    "string"
  ],
  "sharing_groups_deny": [
    "string"
  ]
}

PosixStagingEnvironment Document

Variables to set in the environment when executing the stage_app.

Name	Type	Description
name	string	Environment variable name
value	string	Environment variable value

{
  "name": "string",
  "value": "string"
}

PosixStagingStoragePolicies Document

Connector-specific storage gateway policies for the POSIX Staging connector

Name	Type	Description
DATA_TYPE	string `posix_staging_storage_policies#1.0.0`	Type of this document
environment	array ( PosixStagingEnvironment )	Variables to set in the environment when executing the stage_app[Private]
groups_allow	array of string	List of POSIX group names allowed to access this storage gateway [Private]
groups_deny	array of string	List of POSIX group names denied access this storage gateway [Private]
stage_app	string	Path to the stage app[Private]

{
  "DATA_TYPE": "posix_staging_storage_policies#1.0.0",
  "environment": [
    {
      "name": "string",
      "value": "string"
    }
  ],
  "groups_allow": [
    "string"
  ],
  "groups_deny": [
    "string"
  ],
  "stage_app": "string"
}

PosixStagingUserCredentialPolicies Document

Connector-specific user credential policies for the POSIX Staging connector

Name	Type	Description
DATA_TYPE	string `posix_staging_user_credential_policies#1.0.0`	Type of this document

{
  "DATA_TYPE": "posix_staging_user_credential_policies#1.0.0"
}

PosixStagingCollectionPolicies Document

Connector-specific collection policies for the POSIX Staging connector

Name	Type	Description
DATA_TYPE	string `posix_staging_collection_policies#1.0.0`	Type of this document
sharing_groups_allow	array of string	List of POSIX group names allowed to create shares on this collection [Private]
sharing_groups_deny	array of string	List of POSIX group names denied access to create shares on this collection. [Private]

{
  "DATA_TYPE": "posix_staging_collection_policies#1.0.0",
  "sharing_groups_allow": [
    "string"
  ],
  "sharing_groups_deny": [
    "string"
  ]
}

S3StoragePolicies_1_0_0 Document

Connector-specific storage gateway policies for the S3 connector

Name	Type	Description
DATA_TYPE	string `s3_storage_policies#1.0.0`	Type of this document
s3_buckets	array of string	List of buckets not owned by the collection owner that will be shown in the root of collections created at the base of this storage gateway.
s3_endpoint	string	URL of the S3 API endpoint
s3_user_credential_required	boolean	Flag indicating if a Globus User must register a user credential in order to create a guest collection on this storage gateway.

{
  "DATA_TYPE": "s3_storage_policies#1.0.0",
  "s3_buckets": [
    "string"
  ],
  "s3_endpoint": "https://s3.amazonaws.com",
  "s3_user_credential_required": true
}

S3StoragePolicies_1_1_0 Document

Connector-specific storage gateway policies for the S3 connector

Version 1.1.0 adds support for the s3_requester_pays property

Name	Type	Description
DATA_TYPE	string `s3_storage_policies#1.1.0`	Type of this document
s3_buckets	array of string	List of buckets not owned by the collection owner that will be shown in the root of collections created at the base of this storage gateway.
s3_endpoint	string	URL of the S3 API endpoint
s3_requester_pays	boolean	Flag indicating that S3 operations will be charged to the account of the registered credentials. Credentials used with a storage gateway that has the s3_requester_pays property set to true are invalid unless they also have this property set to true as an acknowledgement.
s3_user_credential_required	boolean	Flag indicating if a Globus User must register a user credential in order to create a guest collection on this storage gateway.

{
  "DATA_TYPE": "s3_storage_policies#1.1.0",
  "s3_buckets": [
    "string"
  ],
  "s3_endpoint": "https://s3.amazonaws.com",
  "s3_requester_pays": true,
  "s3_user_credential_required": true
}

S3UserCredentialPolicies_1_0_0 Document

Connector-specific user credential policies for the S3 connector

Name	Type	Description
DATA_TYPE	string `s3_user_credential_policies#1.0.0`	Type of this document
s3_key_id	string	Access Key ID to use with the S3 API to access your buckets and objects.
s3_secret_key	string	Secret key to use with the S3 API to access your buckets and objects. [Private]

{
  "DATA_TYPE": "s3_user_credential_policies#1.0.0",
  "s3_key_id": "string",
  "s3_secret_key": "string"
}

S3UserCredentialPolicies_1_1_0 Document

Connector-specific user credential policies for the S3 connector

Version 1.1.0 adds support for the s3_requester_pays property.

Name	Type	Description
DATA_TYPE	string `s3_user_credential_policies#1.1.0`	Type of this document
s3_key_id	string	Access Key ID to use with the S3 API to access your buckets and objects.
s3_requester_pays	boolean	Flag indicating the user acknowledges S3 operations will be charged to the account of this credential. If this flag is true in the storage gateway policy, this must also be true or the credential will be invalid.
s3_secret_key	string	Secret key to use with the S3 API to access your buckets and objects. [Private]

{
  "DATA_TYPE": "s3_user_credential_policies#1.1.0",
  "s3_key_id": "string",
  "s3_requester_pays": true,
  "s3_secret_key": "string"
}

S3CollectionPolicies Document

Connector-specific storage gateway policies for the S3 connector

Version 1.1.0 adds support for the s3_requester_pays property

Name	Type	Description
DATA_TYPE	string `s3_collection_policies#1.0.0`	Type of this document

{
  "DATA_TYPE": "s3_collection_policies#1.0.0"
}

Collection Document

Version 1.2.0 adds the ability to enable or disable sharing by specific users.

Version 1.3.0 add support for custom DNS domains on collections.

Version 1.4.0 allows optional multi-factor authentication requirements to high assurance collections and the ability to require checksums when transferring data on this collection.

Version 1.5.0 allows administrators to disable ACLs that would allow anonymous users to have write access to an endpoint.

Version 1.6.0 allows administrators of mapped collections to associate policies that users accessing guest collections must meet beyond the guest collection ACLs.

Version 1.7.0 increases the maximum allowed length of the user_message property.

Version 1.8.0 adds the delete_protected property. While it is set to true on a mapped collection, the collection may not be deleted.

One of the following schemas:

CollectionSchema_1_0_0
CollectionSchema_1_1_0
CollectionSchema_1_2_0
CollectionSchema_1_3_0
CollectionSchema_1_4_0
CollectionSchema_1_5_0
CollectionSchema_1_6_0
CollectionSchema_1_7_0
CollectionSchema_1_8_0

{
  "DATA_TYPE": "collection#1.0.0",
  "allow_guest_collections": true,
  "authentication_timeout_mins": 0,
  "collection_base_path": "string",
  "collection_type": "mapped",
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "contact_email": "string",
  "contact_info": "string",
  "default_directory": "string",
  "deleted": true,
  "department": "string",
  "description": "string",
  "disable_verify": true,
  "display_name": "string",
  "domain_name": "string",
  "force_encryption": true,
  "high_assurance": true,
  "https_url": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_id": "011a42b9-62d7-49eb-8328-c2e454af88a1",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "manager_url": "string",
  "mapped_collection_id": "b9348e97-77e7-49f6-a137-47587469ff1d",
  "organization": "string",
  "policies": {
    "DATA_TYPE": "azure_blob_collection_policies#1.0.0"
  },
  "public": true,
  "root_path": "string",
  "sharing_restrict_paths": {},
  "storage_gateway_id": "62c250f4-af41-4074-89a9-b6aff8c56fcb",
  "tlsftp_url": "string",
  "user_credential_id": "321d94b1-e78a-4532-9d25-ac03c49fdaf3"
}

Endpoint Document

Version 1.1.0 of the endpoint includes support for customizing the TCP port that the GridFTP listens on.

One of the following schemas:

EndpointSchema_1_0_0
EndpointSchema_1_1_0

{
  "DATA_TYPE": "endpoint#1.0.0",
  "allow_udt": true,
  "contact_email": "string",
  "contact_info": "string",
  "department": "string",
  "description": "string",
  "display_name": "string",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "gcs_manager_url": "string",
  "info_link": "string",
  "keywords": [
    "string"
  ],
  "max_concurrency": 1,
  "max_parallelism": 1,
  "network_use": "normal",
  "organization": "string",
  "preferred_concurrency": 1,
  "preferred_parallelism": 1,
  "public": true,
  "subscription_id": "string"
}

Node Document

Version 1.1.0 adds support for setting the data interface on a node.

One of the following schemas:

NodeSchema_1_0_0
NodeSchema_1_1_0

{
  "DATA_TYPE": "node#1.0.0",
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "incoming_port_range": [
    65535,
    65535
  ],
  "ip_addresses": [
    "string"
  ],
  "outgoing_port_range": [
    65535,
    65535
  ],
  "status": "active"
}

StorageGateway Document

Version 1.1.0 includes support for multi-factor authentication requirements for high assurance storage gateways.

Version 1.2.0 includes support for admin managed credentials.

One of the following schemas:

StorageGatewaySchema_1_0_0
StorageGatewaySchema_1_1_0
StorageGatewaySchema_1_2_0

{
  "DATA_TYPE": "storage_gateway#1.0.0",
  "allowed_domains": [
    "string"
  ],
  "authentication_assurance_timeout": 1,
  "authentication_timeout_mins": 1,
  "connector_id": "9389ba6f-3696-4571-84d4-34d588c4b109",
  "deleted": true,
  "display_name": "string",
  "high_assurance": true,
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "identity_mappings": [
    {
      "DATA_TYPE": "external_identity_mapping#1.0.0",
      "command": [
        "string"
      ]
    }
  ],
  "load_dsi_module": "string",
  "policies": {
    "DATA_TYPE": "azure_blob_storage_policies#1.0.0",
    "account": "string",
    "adls": true,
    "auth_callback": "string",
    "auth_type": "string",
    "client_id": "string",
    "secret": "string",
    "tenant": "string",
    "user_credential_required": true
  },
  "process_user": "string",
  "require_high_assurance": true,
  "restrict_paths": {},
  "users_allow": [
    "string"
  ],
  "users_deny": [
    "string"
  ]
}

BoxStoragePolicies Document

Connector-specific storage gateway policies for the Box connector

One of the following schemas:

BoxStorage_1_0_0
BoxStorage_1_1_0

{
  "DATA_TYPE": "box_storage_policies#1.0.0",
  "boxAppSettings": {
    "appAuth": {
      "passphrase": "string",
      "privateKey": "string",
      "publicKeyID": "string"
    },
    "clientID": "string",
    "clientSecret": "string"
  },
  "enterpriseID": "string"
}

BoxUserCredentialPolicies Document

One of the following schemas:

BoxUserCredential_1_0_0
BoxUserCredential_1_1_0

{
  "DATA_TYPE": "box_user_credential_policies#1.0.0"
}

PosixCollectionPolicies Document

Connector-specific collection policies for the POSIX connector

One of the following schemas:

PosixCollectionPolicies_1_0_0
PosixCollectionPolicies_1_1_0

{
  "DATA_TYPE": "posix_collection_policies#1.0.0"
}

S3StoragePolicies Document

Connector-specific storage gateway policies for the S3 connector

Version 1.1.0 adds support for the s3_requester_pays property

One of the following schemas:

S3StoragePolicies_1_0_0
S3StoragePolicies_1_1_0

{
  "DATA_TYPE": "s3_storage_policies#1.0.0",
  "s3_buckets": [
    "string"
  ],
  "s3_endpoint": "https://s3.amazonaws.com",
  "s3_user_credential_required": true
}

S3UserCredentialPolicies Document

Connector-specific user credential policies for the S3 connector

Version 1.1.0 adds support for the s3_requester_pays property.

One of the following schemas:

S3UserCredentialPolicies_1_0_0
S3UserCredentialPolicies_1_1_0

{
  "DATA_TYPE": "s3_user_credential_policies#1.0.0",
  "s3_key_id": "string",
  "s3_secret_key": "string"
}

ActiveScaleCollectionPolicies Document

Connector-specific storage gateway policies for the S3 connector

Version 1.1.0 adds support for the s3_requester_pays property

Name	Type	Description
DATA_TYPE	string `s3_collection_policies#1.0.0`	Type of this document

{
  "DATA_TYPE": "s3_collection_policies#1.0.0"
}

ActiveScaleStoragePolicies Document

Connector-specific storage gateway policies for the S3 connector

Name	Type	Description
DATA_TYPE	string `s3_storage_policies#1.0.0`	Type of this document
s3_buckets	array of string	List of buckets not owned by the collection owner that will be shown in the root of collections created at the base of this storage gateway.
s3_endpoint	string	URL of the S3 API endpoint
s3_user_credential_required	boolean	Flag indicating if a Globus User must register a user credential in order to create a guest collection on this storage gateway.

{
  "DATA_TYPE": "s3_storage_policies#1.0.0",
  "s3_buckets": [
    "string"
  ],
  "s3_endpoint": "https://s3.amazonaws.com",
  "s3_user_credential_required": true
}

ActiveScaleUserCredentialPolicies Document

Connector-specific user credential policies for the S3 connector

Name	Type	Description
DATA_TYPE	string `s3_user_credential_policies#1.0.0`	Type of this document
s3_key_id	string	Access Key ID to use with the S3 API to access your buckets and objects.
s3_secret_key	string	Secret key to use with the S3 API to access your buckets and objects. [Private]

{
  "DATA_TYPE": "s3_user_credential_policies#1.0.0",
  "s3_key_id": "string",
  "s3_secret_key": "string"
}