Mapped & Guest Collections
446 views
Skip to first unread message
Wong-Barnum, Mona
Sep 23, 2022, 10:37:40 PM9/23/22
to Discuss
Hi:
I am trying to figure out how best to setup the Mapped/Guest collections for our project. I have read the info @ https://docs.globus.org/globus-connect-server/v5.4/data-access-guide/#collections
and have some questions:
- Does Guest collection have to be under (sub-directory) a Mapped collection?
- Is it possible to convert a Mapped collection to a Guest collection later?
- Is it possible to convert a Guest collection to a Mapped collection later?
- A single Mapped collection can have multiple Guest collections?
- Can Mapped collections be nested?
- Can Guest collections be nested?
- In the documentation @ https://docs.globus.org/globus-connect-server/v5.4/data-access-guide/#sharing_configuration, Example 14 says GCSv5.4.8 and then under the example box, it says GCSv5.4.18…is one of them a typo?
All help is appreciated (:
Mona
Vas Vasiliadis
Sep 23, 2022, 11:54:23 PM9/23/22
to Wong-Barnum, Mona, Discuss
Hi Mona,
Please see answers inline. Happy to get on a call and talk through the use case(s) behind the questions.
Thanks,
Vas
> On Sep 23, 2022, at 9:37 PM, Wong-Barnum, Mona <mo...@sdsc.edu> wrote:
>
> Hi:
>
> I am trying to figure out how best to setup the Mapped/Guest collections for our project. I have read the info @ https://docs.globus.org/globus-connect-server/v5.4/data-access-guide/#collections and have some questions:
>
> • Does Guest collection have to be under (sub-directory) a Mapped collection?
No. You can create a guest collection at the root of the mapped collection. (And note that a guest collection can only exist “on top of” a mapped collection”.)
> • Is it possible to convert a Mapped collection to a Guest collection later?
No. Mapped and guest collections very different resource types. A mapped collection requires mapping of a Globus identity to a local account for data access, whereas a guest collection has no notion of account mapping -- it’s just a set of permissions. Can you share the specific use case that’s driving your question?
> • Is it possible to convert a Guest collection to a Mapped collection later?
No. See above. But you can create another mapped collection rooted at the same point in the filesystem as the guest collection. Again, it would be useful to hear what you’re trying to achieve.
> • A single Mapped collection can have multiple Guest collections?
Yes.
> • Can Mapped collections be nested?
Yes, if by “nested” you mean mapped collections rooted at successive levels of the same directory tree for a given storage gateway. For example, given a storage gateway for accessing “/sciences", you can create distinct mapped collections rooted at “/sciences", "/sciences/biology", "/sciences/biology/genetics", etc.
> • Can Guest collections be nested?
Yes, but I’d be interest to hear about your intended use case. If the intent is to grant difference permissions to the various subdirectories you can do that using a single guest collection. Indeed, this separation of permissions is a defining feature of guest collections. That said, a potential use case for multiple guest collections is when you want to grant different users the Access Manager role on different parts of the filesystem, e.g., if you’re sharing data with different institutions and you want to delegate management of permissions to a user (or group of users) at each institution for just their shared data.
> • In the documentation @ https://docs.globus.org/globus-connect-server/v5.4/data-access-guide/#sharing_configuration, Example 14 says GCSv5.4.8 and then under the example box, it says GCSv5.4.18…is one of them a typo?
Yes. It should be 5.4.18 (https://docs.globus.org/globus-connect-server/v5.4/changes/#v5_4_18_mar_10_2021).
> All help is appreciated (:
>
> Mona
>
> --
> You received this message because you are subscribed to the Google Groups "Discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to discuss+u...@globus.org.
Please see answers inline. Happy to get on a call and talk through the use case(s) behind the questions.
Thanks,
Vas
> On Sep 23, 2022, at 9:37 PM, Wong-Barnum, Mona <mo...@sdsc.edu> wrote:
>
> Hi:
>
> I am trying to figure out how best to setup the Mapped/Guest collections for our project. I have read the info @ https://docs.globus.org/globus-connect-server/v5.4/data-access-guide/#collections and have some questions:
>
> • Does Guest collection have to be under (sub-directory) a Mapped collection?
> • Is it possible to convert a Mapped collection to a Guest collection later?
No. Mapped and guest collections very different resource types. A mapped collection requires mapping of a Globus identity to a local account for data access, whereas a guest collection has no notion of account mapping -- it’s just a set of permissions. Can you share the specific use case that’s driving your question?
> • Is it possible to convert a Guest collection to a Mapped collection later?
No. See above. But you can create another mapped collection rooted at the same point in the filesystem as the guest collection. Again, it would be useful to hear what you’re trying to achieve.
> • A single Mapped collection can have multiple Guest collections?
Yes.
> • Can Mapped collections be nested?
Yes, if by “nested” you mean mapped collections rooted at successive levels of the same directory tree for a given storage gateway. For example, given a storage gateway for accessing “/sciences", you can create distinct mapped collections rooted at “/sciences", "/sciences/biology", "/sciences/biology/genetics", etc.
> • Can Guest collections be nested?
Yes, but I’d be interest to hear about your intended use case. If the intent is to grant difference permissions to the various subdirectories you can do that using a single guest collection. Indeed, this separation of permissions is a defining feature of guest collections. That said, a potential use case for multiple guest collections is when you want to grant different users the Access Manager role on different parts of the filesystem, e.g., if you’re sharing data with different institutions and you want to delegate management of permissions to a user (or group of users) at each institution for just their shared data.
> • In the documentation @ https://docs.globus.org/globus-connect-server/v5.4/data-access-guide/#sharing_configuration, Example 14 says GCSv5.4.8 and then under the example box, it says GCSv5.4.18…is one of them a typo?
Yes. It should be 5.4.18 (https://docs.globus.org/globus-connect-server/v5.4/changes/#v5_4_18_mar_10_2021).
> All help is appreciated (:
>
> Mona
>
> You received this message because you are subscribed to the Google Groups "Discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to discuss+u...@globus.org.
Wong-Barnum, Mona
Sep 26, 2022, 8:54:02 PM9/26/22
to Vas Vasiliadis, Discuss
I think our gateway client is looking for a staged approach to using Globus…initially just transfer between 2 endpoints and I’m still working with the client to clarify the access control
they would like to have now and into the future and minimize unintentionally making a choice now that may reduce flexibility as their use of Globus matures. I’ve used Globus v 4.x and shared endpoints but haven’t had a chance to play with 5.x to understand
access control for the mapped & guest collections so I just want to understand that a bit better before I talk with the client.
Brief description of our client’s current use case:
- One gateway housing multiple projects
- Each project has its own list of members & managers
- Each project has its own designated storage space
- Each project can decide to share or not share the project storage space with external users
I’ve also added responses inline below...
On Sep 23, 2022, at 8:54 PM, Vas Vasiliadis <v...@uchicago.edu> wrote:
Hi Mona,
Please see answers inline. Happy to get on a call and talk through the use case(s) behind the questions.
Thanks,
Vas
On Sep 23, 2022, at 9:37 PM, Wong-Barnum, Mona <mo...@sdsc.edu> wrote:
Hi:
I am trying to figure out how best to setup the Mapped/Guest collections for our project. I have read the info @ https://urldefense.com/v3/__https://docs.globus.org/globus-connect-server/v5.4/data-access-guide/*collections__;Iw!!Mih3wA!HDBShUUlebkZqraUDt14YMIfdhbzwUKdSh-lOJox-nCOeSa9YEVTutcTUMo1jzdSDc-Td216DR4f$ and have some questions:
• Does Guest collection have to be under (sub-directory) a Mapped collection?
No. You can create a guest collection at the root of the mapped collection. (And note that a guest collection can only exist “on top of” a mapped collection”.)
- We can also make "/files/projectA/" a guest collection as well so that directory can serve both collection types?
- We can make “/files/projectA/share/“ a guest collection (only)?
• Is it possible to convert a Mapped collection to a Guest collection later?No. Mapped and guest collections very different resource types. A mapped collection requires mapping of a Globus identity to a local account for data access, whereas a guest collection has no notion of account mapping -- it’s just a set of permissions. Can you share the specific use case that’s driving your question?
I’m thinking in case the client wants to open things up in the future…not a use case currently…
• Is it possible to convert a Guest collection to a Mapped collection later?No. See above. But you can create another mapped collection rooted at the same point in the filesystem as the guest collection. Again, it would be useful to hear what you’re trying to achieve.
Also thinking down the line, in case the client wants to put more restrictions on how to share data...
• Can Guest collections be nested?Yes, but I’d be interest to hear about your intended use case. If the intent is to grant difference permissions to the various subdirectories you can do that using a single guest collection. Indeed, this separation of permissions is a defining feature of guest collections. That said, a potential use case for multiple guest collections is when you want to grant different users the Access Manager role on different parts of the filesystem, e.g., if you’re sharing data with different institutions and you want to delegate management of permissions to a user (or group of users) at each institution for just their shared data.
This is very interesting…we do need to have different monitor/manager per project and thought originally we must have different mapped collection per project but sounds like you are saying we can use
separate guest collections to accomplish this…i think it would be helpful to have a call to understand this a bit better. I’ll email you directly to setup a time, thanks!
cheers,
Mona
Reply all
Reply to author
Forward
0 new messages