Globus User Docs #1024
Globus User Docs #1024
Conversation
_scicomputing/hutchgo_overview.md
Outdated
|
|
||
| ### Important Roles | ||
|
|
||
| Because Globus allows easy sharing of data and because we want to have the individual labs to have as much control as possible over how data is shared, we are creating roles that control access to the various Globus capabilities. Taking on a role means having a basic level of knowledge about how Globus works, constraints and controls necessary for the data being shared, and accepting responsibility for ongoing maintenance of data sharing within Globus. |
There was a problem hiding this comment.
Specialized roles instead of Important ?
Then "we are creating specialized roles that grant access to additional Globas capabilities."
There was a problem hiding this comment.
Yes- since these are roles that are specific to our implementation I like the "specialized" term. I've updated the title: "Roles for HutchGO Users" and used the "specialized" in the description.
Updated in efa72bf.
|
|
||
| ## Sharing Data | ||
|
|
||
| Once the base mapped collection has been created, data managers will be able to create guest collections to share data internally and externally. Once a path within a collection has been shared, those with access will be able to access the data _as you_. Thus you must be sure that _you_ have access to the data being shared. When sharing data there are options to configure read-write or read-only access. The former is required for data upload, the latter will only allow download. See [this documentation](/scicomputing/hutchgo_guest_collection) for details on creating the guest collection. |
There was a problem hiding this comment.
This part is confusing. Maybe there should be a section clarifying on permissions on the filesystem vs globus permissions. Like what happens if I have access to a Globus collection that includes folders I don't have access to on the filesystem?
Also, i'm envisioning someone interpreting this sentence wrong:
Once a path within a collection has been shared, those with access will be able to access the data as you.
So someone else (data manager) does something (create guest collections to share data) then it is shared and that person can "view all my files"?
There was a problem hiding this comment.
Also, i'm envisioning someone interpreting this sentence wrong:
Once a path within a collection has been shared, those with access will be able to access the data as you.
So someone else (data manager) does something (create guest collections to share data) then it is shared and that person can "view all my files"?
Hm. Yeah, I can sort of see a misinterpretation. However, it's one that leads to more caution. Basically I do want people to understand that guests are using the host's UID to access data- that's why the upstream restrictions are so important to maintain (e.g. path restrictions, read vs. read-write access, etc.)
There was a problem hiding this comment.
Maybe some embedded images for this page?
There was a problem hiding this comment.
I'm more thinking when we get around to training we'll record a session and post that. Images in sciwiki are a PITA to maintain.
- add larger discussion about permissions and accedd - rename section "access" to "availability" to differentiate from permissions and access section earlier in the doc - remove earlier discussions of permissions
No description provided.