Globus Connect Server Collection

A mapped collection allows access to data for users who have accounts in the storage gateway’s user space (or local account). The collection uses the identity mapping method configured on the storage gateway to map the Globus account of the user accessing the collection to an account in the Storage Gateway’s user space. All accesses to the data on the collection are performed using the local account and (if needed for the storage gateway) the account’s credentials.

Mapped collections can only be created by those with an administrator or owner role on the Endpoint, and can be created against any storage gateway that exists on the endpoint.

In addition, a mapped collection has optional properties to allow users to share data. The properties allow_guest_collections and sharing_restrict_paths configure the sharing option. These options are only allowed on endpoints covered under a subscription.

Globus Connect Server v5.4.18 introduces APIs to manage user-specific sharing path restrictions.

Currently, mapped collections can be created using the globus-connect-server collection create command line tool.

A guest collection is a collection that uses an existing mapped collection and adds the ability of a user to share access to their data on that collection. All access to the data is performed using the account of the user who created the guest collection. That user can also add entries to an access control list to allow others to access some parts of the guest collection owner’s data.

A guest collection document has additional properties mapped_collection_id and user_credential_id to describe the relationship between the collection and a mapped collection where it was created and the credential used for data access.

Currently, guest collections can be created using the Shares tab of the collection’s endpoint on the Globus web application.

Both mapped and guest collections can be accessed using the Globus transfer service or (if the endpoint is managed), via HTTPS on the Data Transfer nodes. In either case, access to a collection is authenticated with Globus Auth-issued access tokens, with data access policies defined in the storage gateway and collection.