Globus Connect Server Sharing Policy Create
Description
The globus-connect-server sharing-policy create command creates a sharing policy for a mapped collection. This allows you to allow or deny specific users the ability to share specific paths as part of a guest collection.
There is one required argument to this command:
- COLLECTION_ID
-
The ID of the mapped collection that the sharing policy affects. This will need to be created before creating the collection by using the collection create command.
Additionally, at least one instance of the --user USERNAME option must be present.
Other command line options allow you to specify which sharing access rights are being granted.
The caller must have either an endpoint owner or administrator role, or a collection administrator role on the collection that the policy is associated with, in order to view the policy.
Users
Each sharing policy affects one or more users. The policy is associated with users by including the --user USERNAME command-line option one or more times on the command-line. Each user name is the "local" username as interpreted by the connector (after the Globus account has been mapped). For some connectors, this is a simple user name string, for others a cloud service account name.
Path Restrictions
Sharing path restrictions control which paths a user may access in guest collections. The policies may provide read, read_write, or deny access to subsets of the virtual filesystem available on a mapped collection. The restrictions are controlled by the --read PATH, --read-write PATH, and --none PATH command-line options.
If using sharing policies, it is important to understand that the policies used by Globus are a union of all rights granted to that user, either explicitly (by including their name in a sharing policy), or implicitly as part of the default sharing policy. When there is an overlap in those paths, the rights are determined as described in the Path Restrictions documentation.
Options
- -h, --help
-
Show help message and exit.
- --version
-
Show the version and exit.
- -F, --format "text"|"json"
-
Output format for this command. If the format is json, then the resulting role document is displayed.
- --use-explicit-host IP_ADDRESS (new in 5.4.23)
-
IP address of the GCS node to use for this request. If not specified, any available GCS node in the endpoint will be used.
- --user USERNAME
-
Create a sharing policy for the given username. This option may be passed multiple times to allow a policy to apply to multiple users.
- --read PATH
-
Allow the given PATH to be accessed for reading from guest collections. This path must be relative to the mapped collection base path.
- --read-write PATH
-
Allow the given PATH to be accessed for reading and writing from guest collections. This path must be relative to the mapped collection base path.
- --none PATH
-
Don’t allow the given PATH to be accessed from guest collections.