Globus Connect Server Administration Guides
  • Quickstart Guide
  • Installation Guide
  • Data Access Admin Guide
  • Domain Guide
  • HTTPS Access to Collections
  • Identity Mapping Admin Guide
  • Globus OIDC Installation Guide
  • v5.3 Migration Guide
  • Troubleshooting Guide
  • Command-Line Reference
    • Audit
      • Load
      • Query
      • Dump
    • Endpoint
      • Setup
      • Show
      • Update
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription ID
      • Migrate53
      • Cleanup
      • Domain
      • Role
      • Upgrade
    • OIDC
      • Create
      • Delete
      • Register
      • Show
      • Update
    • Node
      • Create
      • Setup
      • List
      • Show
      • Update
      • Cleanup
      • Delete
    • Login
    • Session
      • Consent
      • Show
      • Update
    • Whoami
    • Logout
    • Storage Gateway
      • Create
      • List
      • Show
      • Update
      • Delete
    • Collection
      • Create
      • List
      • Show
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Update
      • Delete
      • Domain
      • Role
    • Auth Policy
      • Create
      • List
      • Show
      • Update
      • Delete
    • Sharing Policy
      • Create
      • List
      • Show
      • Delete
    • User Credentials
      • Activescale Create
      • Box Create
      • Delete
      • List
      • S3 Create
    • Self Diagnostic
  • API Access for Portals
  • Application Migration Guide
  • Data Access Application Guide
  • Change Log
Skip to main content
Globus Docs
  • APIs
    Auth Flows Groups Search Transfer Python SDK Helper Pages
  • How To
  • Guides
    Globus Connect Server High Assurance Collections for Protected Data Command Line Interface Premium Storage Connectors Security Modern Research Data Portal
  • Support
    FAQs Mailing Lists Contact Us Check Support Tickets
  1. Home
  2. Globus Connect Server
  3. Installation Guide
  4. Command-Line Reference
  5. Collection
  6. Role

Globus Connect Server Collection Role

Overview

The Globus Connect Server CLI and API support role based authorization so that administrators can delegate ability to perform administration tasks on an endpoint or a collection to others. These roles may be associated with either a Globus Auth user identity or with a globus group, which grants that role to all members of that group.

Collection Roles

administrator

A principal with this role on a collection has the following capabilities

  • view, modify, or delete the collection even if it is not public

  • view, add, update, and delete role assignments on the collection

  • all capabilities of the access_manager for this collection on the endpoint

  • all capabilities of the activity_manager for all collection on the endpoint

  • all capabilities of the activity monitor for the collection

Additionally, the collection administrator has the administrator role on the Transfer API for the collection, so it may interact with parts of the Transfer Management API.

access_manager

A principal with this role on a guest collection has the following capabilities

  • View, add, and delete access rules on a guest collection.

Additionally, the collection administrator has the access_manager role on the Transfer API for the collection, so it may interact with parts of the Transfer Management API.

activity_manager

A principal with this role on a collection has the following capabilities.

  • View the collection document even if it is not public

  • View and control tasks and other endpoint activity to or from the collection. This includes all operations in the Advanced Endpoint Management API (view, pause/resume, cancel).

  • View events, task pause info, pause rules, and ACLs for storage gateways and collections on this endpoint.

Additionally, the collection administrator has the activity_manager role on the Transfer API for the collection, so it may interact with parts of the Transfer Management API.

activity_monitor

A principal with this role on a collection has the following capabilities for that collection

  • View the collection document even if it is not public

Additionally, the collection administrator has the activity_monitor role on the Transfer API for the collections, so it may interact with parts of the Transfer Management API.

Commands

globus-connect-server collection role create

Create a new role assignment for a collection.

globus-connect-server collection role delete

Delete a role assignment from a collection.

globus-connect-server collection role list

List roles associated with a collection.

globus-connect-server collection role show

Show a role associated with a collection.

  • Quickstart Guide
  • Installation Guide
  • Data Access Admin Guide
  • Domain Guide
  • HTTPS Access to Collections
  • Identity Mapping Admin Guide
  • Globus OIDC Installation Guide
  • v5.3 Migration Guide
  • Troubleshooting Guide
  • Command-Line Reference
    • Audit
      • Load
      • Query
      • Dump
    • Endpoint
      • Setup
      • Show
      • Update
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription ID
      • Migrate53
      • Cleanup
      • Domain
      • Role
      • Upgrade
    • OIDC
      • Create
      • Delete
      • Register
      • Show
      • Update
    • Node
      • Create
      • Setup
      • List
      • Show
      • Update
      • Cleanup
      • Delete
    • Login
    • Session
      • Consent
      • Show
      • Update
    • Whoami
    • Logout
    • Storage Gateway
      • Create
      • List
      • Show
      • Update
      • Delete
    • Collection
      • Create
      • List
      • Show
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Update
      • Delete
      • Domain
      • Role
    • Auth Policy
      • Create
      • List
      • Show
      • Update
      • Delete
    • Sharing Policy
      • Create
      • List
      • Show
      • Delete
    • User Credentials
      • Activescale Create
      • Box Create
      • Delete
      • List
      • S3 Create
    • Self Diagnostic
  • API Access for Portals
  • Application Migration Guide
  • Data Access Application Guide
  • Change Log
© 2010- The University of Chicago Legal Privacy Accessibility