globus endpoint role create - Add a role to an endpoint


globus endpoint role create [OPTIONS] ENDPOINT_ID


The globus endpoint role create command adds a role to an endpoint. You must have sufficient privileges to modify the roles on the endpoint.

Either --group or --identity is required. You may not pass both. Which one of these options you use will determine the Principal Type on the role, and the value given will be the Principal of the resulting role. The term "Principal" is used in the sense of "a security principal", an entity which has some privileges associated with it.


--group GROUP_ID

Group to use as a security principal.


Identity (either the ID or identity username) to use as a security principal

--role [administrator|access_manager|activity_manager|activity_monitor]

Which role to assign. This argument is required.

--map-http-status TEXT

Map non success HTTP response codes to exit codes other than 1. e.g. "--map-http-satus 403=0,404=0" would exit with 0 even if a 403 or 404 http error code was received. Valid exit codes are 0,1,50-99.

-F, --format [json|text]

Set the output format for stdout. Defaults to "text".

--jq, --jmespath EXPR

Supply a JMESPath expression to apply to json output. Takes precedence over any specified --format and forces the format to be json processed by this expression.

A full specification of the JMESPath language for querying JSON structures may be found at

-h, --help

Show help text for this command.

-v, --verbose

Control the level of output.

Use -v or --verbose to show warnings and any additional text output.

Use -vv to add informative logging.

Use -vvv to add debug logging and full stack on any errors. (equivalent to -v --debug)


Textual output is a simple success message in the absence of errors, containing the ID of the created role.


Grant the activity_monitor role on ddb59aef-6d04-11e5-ba46-22000b92c6ec:

$ globus endpoint role create 'ddb59aef-6d04-11e5-ba46-22000b92c6ec' \
    --identity '' --role activity_monitor


0 on success.

1 if a network or server error occurred, unless --map-http-status has been used to change exit behavior on http error codes.

2 if the command was used improperly.

© 2010- The University of Chicago Legal