Globus Connect Server Administration Guides
  • Quickstart Guide
  • Installation Guide
  • Data Access Admin Guide
  • Domain Guide
  • HTTPS Access to Collections
  • Identity Mapping Admin Guide
  • Globus OIDC Installation Guide
  • Troubleshooting Guide
  • Command-Line Reference
    • Audit
      • Load
      • Query
      • Dump
    • Endpoint
      • Setup
      • Show
      • Update
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription ID
      • Migrate53
      • Cleanup
      • Domain
      • Role
      • Upgrade
    • OIDC
      • Create
      • Delete
      • Register
      • Show
      • Update
    • Node
      • Create
      • Setup
      • List
      • Show
      • Update
      • Cleanup
      • Delete
    • Login
    • Session
      • Consent
      • Show
      • Update
    • Whoami
    • Logout
    • Storage Gateway
      • Create
      • List
      • Show
      • Update
      • Delete
    • Collection
      • Create
      • List
      • Show
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Update
      • Delete
      • Domain
      • Role
    • Auth Policy
      • Create
      • List
      • Show
      • Update
      • Delete
    • Sharing Policy
      • Create
      • List
      • Show
      • Delete
    • User Credentials
      • Activescale Create
      • Box Create
      • Delete
      • List
      • S3 Create
    • Self Diagnostic
  • Globus Connect Server Manager API
    • Authorization
    • Versioning
    • Endpoint
    • Roles
    • Nodes
    • Storage Gateways
    • Collections
    • User Credentials
    • Domains
    • Sharing Policies
  • API Access for Portals
  • Data Access Application Guide
  • Application Migration Guide
  • Change Log
Skip to main content
Globus Docs
  • APIs
    Auth Flows Groups Search Transfer Python SDK Helper Pages
  • How To
  • Guides
    Globus Connect Server High Assurance Collections for Protected Data Command Line Interface Premium Storage Connectors Security Modern Research Data Portal
  • Support
    FAQs Mailing Lists Contact Us Check Support Tickets
  1. Home
  2. Globus Connect Server
  3. Installation Guide
  4. Command-Line Reference
  5. Endpoint
  6. Role

Globus Connect Server Endpoint Role

Overview

The Globus Connect Server CLI and API support role based authorization so that administrators can delegate ability to perform administration tasks on an endpoint or a collection to others. These roles may be associated with either a Globus Auth user identity or with a globus group, which grants that role to all members of that group.

Endpoint Roles

owner

The owner of the endpoint has the following capabilities:

  • View or modify the endpoint, even if it is not public

  • View, add, delete or modify GCS Manager nodes which provide access to the endpoint

  • View, add, or delete the custom DNS name for mapped collections.

  • View, add, modify, or delete the storage gateways provided by the endpoint.

  • View (public information only) or delete the user credentials registered with the endpoint.

  • View, delete or modify collections hosted by the endpoint

administrator

A principal with this role on the endpoint has all of the capabilities of the endpoint owner plus the following capabilities:

  • View, add, delete or modify other role assignments on the endpoint or any of its collections.

Additionally, the endpoint administrator has the administrator role on the Transfer API for the endpoint’s guest and mapped collections, so it may interact with parts of the Transfer Management API.

activity_manager

A principal with this role on the endpoint has the following capabilities:

  • View the endpoint configuration, including storage gateways and their public policies.

Additionally, the endpoint activity_manager has the activity_manager role on the Transfer API for the endpoint’s guest and mapped collections, so it may interact with parts of the Transfer Management API.

activity_monitor

A principal with this role on the endpoint has the following capabilities:

  • View the endpoint configuration, including storage gateways and their public policies.

Additionally, the endpoint activity_manager has the "activity_monitor" role on the Transfer API for the endpoint’s guest and mapped collections, so it may interact with parts of the Transfer Management API.

Commands

globus-connect-server endpoint role create

Create a new role assignment for an endpoint.

globus-connect-server endpoint role delete

Delete a role assignment from an endpoint.

globus-connect-server endpoint role list

List roles associated with an endpoint.

globus-connect-server endpoint role show

Show a role associated with an endpoint.

  • Quickstart Guide
  • Installation Guide
  • Data Access Admin Guide
  • Domain Guide
  • HTTPS Access to Collections
  • Identity Mapping Admin Guide
  • Globus OIDC Installation Guide
  • Troubleshooting Guide
  • Command-Line Reference
    • Audit
      • Load
      • Query
      • Dump
    • Endpoint
      • Setup
      • Show
      • Update
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription ID
      • Migrate53
      • Cleanup
      • Domain
      • Role
      • Upgrade
    • OIDC
      • Create
      • Delete
      • Register
      • Show
      • Update
    • Node
      • Create
      • Setup
      • List
      • Show
      • Update
      • Cleanup
      • Delete
    • Login
    • Session
      • Consent
      • Show
      • Update
    • Whoami
    • Logout
    • Storage Gateway
      • Create
      • List
      • Show
      • Update
      • Delete
    • Collection
      • Create
      • List
      • Show
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Update
      • Delete
      • Domain
      • Role
    • Auth Policy
      • Create
      • List
      • Show
      • Update
      • Delete
    • Sharing Policy
      • Create
      • List
      • Show
      • Delete
    • User Credentials
      • Activescale Create
      • Box Create
      • Delete
      • List
      • S3 Create
    • Self Diagnostic
  • Globus Connect Server Manager API
    • Authorization
    • Versioning
    • Endpoint
    • Roles
    • Nodes
    • Storage Gateways
    • Collections
    • User Credentials
    • Domains
    • Sharing Policies
  • API Access for Portals
  • Data Access Application Guide
  • Application Migration Guide
  • Change Log
© 2010- The University of Chicago Legal Privacy Accessibility