globus endpoint permission create - Create an access control rule


globus endpoint permission create [OPTIONS] --permissions* [r|rw] ENDPOINT_ID:PATH


The globus endpoint permission create creates a new access control on the the target endpoint granting users new permissions on the given path.

The target endpoint must be a shared endpoint or an s3 endpoint, as only these use access control lists to manage permissions.

The permissions option is required, and exactly one of --all-authenticated --anonymous --group or identity is required to know who to give what permissions to.


--permissions [r|rw]

Permissions to add. Read-Only or Read/Write. Required.


Give this permission to anyone who has logged in.


Give this permission to anyone even if they aren’t logged in.

--group GROUP_ID

Give this permission to anyone in the given group.


Give this permission to a specific identity in Globus Auth.

--map-http-status TEXT

Map non success HTTP response codes to exit codes other than 1. e.g. "--map-http-satus 403=0,404=0" would exit with 0 even if a 403 or 404 http error code was received. Valid exit codes are 0,1,50-99.

-F, --format [json|text]

Set the output format for stdout. Defaults to "text".

--jq, --jmespath EXPR

Supply a JMESPath expression to apply to json output. Takes precedence over any specified --format and forces the format to be json processed by this expression.

A full specification of the JMESPath language for querying JSON structures may be found at

-h, --help

Show help text for this command.

-v, --verbose

Control the level of output.

Use -v or --verbose to show warnings and any additional text output.

Use -vv to add informative logging.

Use -vvv to add debug logging and full stack on any errors. (equivalent to -v --debug)


Give anyone read access to a directory.

$ ep_id=ddb59aef-6d04-11e5-ba46-22000b92c6ec
$ globus endpoint permission create $ep_id:/dir --permissions r --anonymous

Give read and write access to a specific user.

$ ep_id=ddb59aef-6d04-11e5-ba46-22000b92c6ec
$ globus endpoint permission create $ep_id:/ --permissions rw --identity


0 on success.

1 if a network or server error occurred, unless --map-http-status has been used to change exit behavior on http error codes.

2 if the command was used improperly.

© 2010- The University of Chicago Legal