Globus Connect Server Administration Guides
  • Quickstart Guide
  • Installation Guide
  • Data Access Admin Guide
  • Domain Guide
  • Domain Migration to gaccess.io
  • HTTPS Access to Collections
  • Identity Mapping Admin Guide
  • Globus OIDC Installation Guide
  • Troubleshooting Guide
  • Command-Line Reference
    • Command summary
    • Audit
      • Load
      • Query
      • Dump
    • Endpoint
      • Setup
      • Show
      • Update
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription ID
      • Cleanup
      • Key Convert
      • Domain
      • Role
      • Upgrade
    • OIDC
      • Create
      • Delete
      • Register
      • Show
      • Update
    • Node
      • Create
      • Disable
      • Enable
      • New Secret
      • Setup
      • List
      • Show
      • Update
      • Cleanup
      • Delete
    • Login
    • Session
      • Consent
      • Show
      • Update
    • Whoami
    • Logout
    • Storage Gateway
      • Create
      • List
      • Show
      • Update
      • Delete
    • Collection
      • Create
      • List
      • Show
      • Batch Delete
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription Admin Verified Collection Property
      • Update
      • Delete
      • Domain
      • Check
      • Role
    • Auth Policy
      • Create
      • List
      • Show
      • Update
      • Delete
    • Sharing Policy
      • Create
      • List
      • Show
      • Delete
    • User Credentials
      • Activescale Create
      • OAuth Create
      • Delete
      • List
      • S3 Create
      • S3 Keys Add
      • S3 Keys Delete
      • S3 Keys Update
    • Self Diagnostic
  • Globus Connect Server Manager API
    • Authorization
    • Versioning
    • Endpoint
    • Roles
    • Nodes
    • Storage Gateways
    • Collections
    • User Credentials
    • Domains
    • Sharing Policies
  • API Access for Portals
  • Automated Endpoint Deployment
  • Data Access Application Guide
  • Application Migration Guide
  • Change Log
Skip to main content
Globus Docs
  • Getting Started
    Getting Started

    Getting Started and Tutorial docs cover how to perform some activity or provide an introduction to a feature. They are not comprehensive, but help you get started with Globus or with new Globus features.

    • Users
    • Admins
    • Developers
  • Reference
    Reference
    • Service
      • Auth
      • Groups
      • Transfer
      • Timers
      • Flows
      • Compute
      • Search
    • Agents
      • Globus Connect Server
      • GCS CLI
      • Globus Connect Personal
      • Globus Compute
    • SDK
      • Python
      • JS
    • Clients
      • CLI
    • Security and Compliance
      • Product Security
      • Privacy
      • Solutions for Sensitive Data
      • FAQs
  • Solutions & Guides
    Solutions & Guides

    Find practical approaches for leveraging Globus in research environments, integrating with platforms, and building science gateways. Access hands-on guides, integration instructions, and real-world scenarios for advanced usage.

    • Portals/Science Gateways
    • Guides
  • Support
    Support

    Find answers to frequently asked questions, connect with the community by joining our mailing lists, or reach out directly to Globus support.

    • FAQs
    • Mailing Lists
    • Contact Us
    • Check Support Tickets
  • Site Search
  1. Home
  2. Globus Connect Server
  3. v5.4
  4. Command-Line Reference
  5. Sharing Policy
  6. Create

Globus Connect Server Sharing Policy Create

Name

globus-connect-server sharing-policy create - Create a sharing policy

Synopsis

globus-connect-server sharing-policy create COLLECTION_ID --user USERNAME …​ [OPTIONS]…​

Description

The globus-connect-server sharing-policy create command creates a sharing policy for a mapped collection. This allows you to allow or deny specific users the ability to share specific paths as part of a guest collection.

There is one required argument to this command:

COLLECTION_ID

The ID of the mapped collection that the sharing policy affects. This will need to be created before creating the collection by using the collection create command.

Additionally, at least one instance of the --user USERNAME option must be present.

Other command line options allow you to specify which sharing access rights are being granted.

The caller must have either an endpoint owner or administrator role, or a collection administrator role on the collection that the policy is associated with, in order to view the policy.

Users

Each sharing policy affects one or more users. The policy is associated with users by including the --user USERNAME command-line option one or more times on the command-line. Each user name is the "local" username as interpreted by the connector (after the Globus account has been mapped). For some connectors, this is a simple user name string, for others a cloud service account name.

Path Restrictions

Sharing path restrictions control which paths a user may access in guest collections. The policies may provide read, read_write, or deny access to subsets of the virtual filesystem available on a mapped collection. The restrictions are controlled by the --read PATH, --read-write PATH, and --none PATH command-line options.

If using sharing policies, it is important to understand that the policies used by Globus are a union of all rights granted to that user, either explicitly (by including their name in a sharing policy), or implicitly as part of the default sharing policy. When there is an overlap in those paths, the rights are determined as described in the Path Restrictions documentation.

Options

-h, --help

Show help message and exit.

--version

Show the version and exit.

-F, --format "text"|"json"

Output format for this command. If the format is json, then the resulting role document is displayed.

--use-explicit-host IP_ADDRESS (new in 5.4.23)

IP address of the GCS node to use for this request. If not specified, any available GCS node in the endpoint will be used.

--user USERNAME

Create a sharing policy for the given username. This option may be passed multiple times to allow a policy to apply to multiple users.

--read PATH

Allow the given PATH to be accessed for reading from guest collections. This path must be relative to the mapped collection base path.

--read-write PATH

Allow the given PATH to be accessed for reading and writing from guest collections. This path must be relative to the mapped collection base path.

--none PATH

Don’t allow the given PATH to be accessed from guest collections.

HISTORY

This command was added in Globus Connect Server v5.4.18.

  • Quickstart Guide
  • Installation Guide
  • Data Access Admin Guide
  • Domain Guide
  • Domain Migration to gaccess.io
  • HTTPS Access to Collections
  • Identity Mapping Admin Guide
  • Globus OIDC Installation Guide
  • Troubleshooting Guide
  • Command-Line Reference
    • Command summary
    • Audit
      • Load
      • Query
      • Dump
    • Endpoint
      • Setup
      • Show
      • Update
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription ID
      • Cleanup
      • Key Convert
      • Domain
      • Role
      • Upgrade
    • OIDC
      • Create
      • Delete
      • Register
      • Show
      • Update
    • Node
      • Create
      • Disable
      • Enable
      • New Secret
      • Setup
      • List
      • Show
      • Update
      • Cleanup
      • Delete
    • Login
    • Session
      • Consent
      • Show
      • Update
    • Whoami
    • Logout
    • Storage Gateway
      • Create
      • List
      • Show
      • Update
      • Delete
    • Collection
      • Create
      • List
      • Show
      • Batch Delete
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription Admin Verified Collection Property
      • Update
      • Delete
      • Domain
      • Check
      • Role
    • Auth Policy
      • Create
      • List
      • Show
      • Update
      • Delete
    • Sharing Policy
      • Create
      • List
      • Show
      • Delete
    • User Credentials
      • Activescale Create
      • OAuth Create
      • Delete
      • List
      • S3 Create
      • S3 Keys Add
      • S3 Keys Delete
      • S3 Keys Update
    • Self Diagnostic
  • Globus Connect Server Manager API
    • Authorization
    • Versioning
    • Endpoint
    • Roles
    • Nodes
    • Storage Gateways
    • Collections
    • User Credentials
    • Domains
    • Sharing Policies
  • API Access for Portals
  • Automated Endpoint Deployment
  • Data Access Application Guide
  • Application Migration Guide
  • Change Log
© 2010- The University of Chicago Legal Privacy Accessibility