From 43b4fce7118d5f22f7e315426eff927ef69b1b01 Mon Sep 17 00:00:00 2001 From: Haritha Siddabathuni Som Date: Thu, 7 Mar 2024 22:28:59 -0600 Subject: [PATCH] upated docs --- .../acdc/eagle-data-sharing.md | 167 +++++++++--------- 1 file changed, 86 insertions(+), 81 deletions(-) diff --git a/docs/data-management/acdc/eagle-data-sharing.md b/docs/data-management/acdc/eagle-data-sharing.md index f9064c4b2..e02930d05 100644 --- a/docs/data-management/acdc/eagle-data-sharing.md +++ b/docs/data-management/acdc/eagle-data-sharing.md @@ -1,20 +1,22 @@ -# Sharing on Eagle Using Globus +# Sharing Data on Grand/Eagle Using Globus Guest Collections ## Overview Collaborators throughout the scientific community have the ability to write data to and read scientific data from the Eagle filesystem using Globus sharing capability. This capability provides PIs with a natural and convenient storage space for collaborative work. -**Note:** The project PI needs to have an active ALCF account to set up Globus guest collections on Eagle, and set permissions for collaborators to access data. +**Note:** The project PI needs to have an **active** ALCF account to set up Globus guest collections on Eagle, and set permissions for collaborators to access data. If the PI does not have an account or has an inactive account, they will not be able to create a Globus guest collectively. If a PI's account goes inactive after the Globus guest collection was created and shared, the collection will become inaccessible until the PI's account is reactivated. Only the project PI has the ability to create a collection; project proxies cannot create a collection. Globus is a service that provides research data management, including managed transfer and sharing. It makes it easy to move, sync, and share large amounts of data. Globus will manage file transfers, monitor performance, retry failures, recover from faults automatically when possible, and report the status of your data transfer. Globus supports GridFTP for bulk and high-performance file transfer, and direct HTTPS for download. The service allows the user to submit a data transfer request, and performs the transfer asynchronously in the background. For more information, see Globus data transfer and Globus data sharing. + + +## Logging into Globus with your ALCF Login ## +ALCF researchers can use their ALCF Login username and password to access Globus. Go to the [Globus website](https://www.globus.org/) and click on Log In in the upper right corner of the page. +
![Logging into Globus](files/login-screen.png){ width="700" }
Logging into Globus
-## Logging into Globus with your ALCF Login -ALCF researchers can use their ALCF Login username and password to access Globus. Go to the [Globus website](https://www.globus.org/) and click on Log In in the upper right corner of the page. - Type or scroll down to "Argonne LCF" in the "Use your existing organizational login" box, and then click "Continue".
@@ -24,51 +26,55 @@ Type or scroll down to "Argonne LCF" in the "Use your existing organizational lo You will be taken to a familiar-looking page for ALCF login. Enter your ALCF login username and password. -## Accessing your Eagle Project Directory -There are two ways for a PI to access their project directory on Eagle. +## Accessing your Grand/Eagle Project Directory ## + -**Note:** Specifically for PIs with Eagle 'Data-only' projects and no other compute allocations, logging in from the Globus-side to get to Eagle is the only way for them to access their Eagle project directory. +**Note:** Specifically for PIs with Eagle 'Data-Only' projects (no compute allocations), logging in through Globus is the only way to access the project directory. +PIs with data and compute allocations will have access to the required compute-system login nodes (along with the Globus Web Interface) to access their project directory. + ## Creating a Guest Collection A project PI needs to have an 'active' ALCF account in place to create and share guest collections with collaborators. Please note that ONLY a PI has the ability to create guest collections. -* If you have an "Inactive/Deleted" ALCF account, please click on the account re-activation link to begin the re-activation process: [Re-activation Link](https://accounts.alcf.anl.gov/accountReactivate) +> PIs with an "Inactive/Deleted" ALCF account, should submit a reactivation request by filling out this form: [Re-activation Form](https://accounts.alcf.anl.gov/#/accountReactivate) -* If you DO NOT have an ALCF account, click on the account request link to begin the application process: [Account Request Link](https://accounts.alcf.anl.gov/#!/accountRequest) +> PIs without an ALCF account should submit an ALCF account request by filling out this form: [Account Request Form](https://accounts.alcf.anl.gov/#/accountRequest) -In the Globus application in your browser: +### Navigate to the Collections tab ### -1. There are multiple ways to Navigate to the Collections tab in "Endpoints": - 1. [Click the link to get started](https://app.globus.org/file-manager/collections/05d2c76a-e867-4f67-aa57-76edeb0beda0/shares). It will take you to the Collections tab for Eagle. **OR** - 2. Click on 'Endpoints' located in the left panel of the [Globus web app](https://app.globus.org/endpoints). **Type "alcf#dtn_eagle" in the search box** located at the top of the page and click the magnifying glass to search. Click on the Managed Public Endpoint "alcf#dtn_eagle" from the search results. Click on the Collections tab. **OR** - 3. Click on 'File Manager' located in the left panel of the Globus web app. Search for 'alcf#dtn_Eagle' and select it in the Collection field. Select your project directory or a sub directory that you would like to share with collaborators as a Globus guest collection. Click on 'Share' on the right side of the panel, which will take you to the Collections tab. +There are multiple ways to Navigate to the Collections tab in "Endpoints": +1. [Click the link to get started](https://app.globus.org/file-manager/collections/05d2c76a-e867-4f67-aa57-76edeb0beda0/shares). It will take you to the Collections tab for Eagle. **OR** +2. Click on 'Endpoints' located in the left panel of the [Globus web app](https://app.globus.org/endpoints). Type "alcf#dtn_eagle" (for Eagle) or "alcf#dtn_grand" (for Grand) in the search box located at the top of the page and click the magnifying glass to search. Click on the Managed Public Endpoint "alcf#dtn_eagle" or "alcf#dtn_grand" from the search results. Click on the Collections tab. **OR** +3. Click on 'File Manager' located in the left panel of the Globus web app. Search for 'alcf#dtn_Eagle' (or "alcf#dtn_grand") and select it in the Collection field. Select your project directory or a sub directory that you would like to share with collaborators as a Globus guest collection. Click on 'Share' on the right side of the panel, which will take you to the Collections tab. -**Note:** Shared endpoints always remain active. When you select an endpoint to transfer data to/from, you may be asked to authenticate with that endpoint. Follow the instructions on screen to activate the endpoint and to authenticate. You may also have to provide Authentication/Consent for the Globus web app to manage collections on this endpoint +**Note:** When you select an endpoint to transfer data to/from, you may be asked to authenticate with that endpoint. Follow the instructions on screen to activate the endpoint and to authenticate. You may also have to provide Authentication/Consent for the Globus web app to manage collections on this endpoint -2. In the Collections tab, click 'Add a Guest Collection' located at the top right hand corner +### Adding a Guest Collection ### +In the Collections tab, click 'Add a Guest Collection' located at the top right hand corner. -3. Fill out the form: +1. Fill out the form: 1. If the path to the directory is not pre-populated, click the browse button, navigate and select the directory. Note that you can create a single guest collection and set permissions for folders within a guest collection. There is no reason to create multiple guest collections to share for a single project. 2. Give the collection a Display Name (choose a descriptive name) -4. Click "Create Collection" +2. Click "Create Collection"
![Create New Guest Collection](files/create-guest-collection-entire.png){ width="700" } @@ -76,9 +82,9 @@ In the Globus application in your browser:
## Sharing Data with Collaborators Using Guest Collections -If your data is on the ALCF systems, you can easily share it with collaborators who are at ALCF or elsewhere. You have full control over which files your collaborator can access, and whether they have read-only or read-write permissions. +Your data in the Guest Collections can be easily shared with collaborators at ALCF or elsewhere. You have full control over which files your collaborators can access, and whether they have read-only or read-write permissions. -You can share with their institutional email. The collaborator can use the Globus web interface to download the data, or use Globus transfer to move the data to their machine. + To share data with collaborators (that either have a Globus account or an ALCF account), click on 'Endpoints', select your newly created Guest Collection (as described in the section above), and go to the 'Permissions' tab. Click on 'Add Permissions - Share With': @@ -87,7 +93,7 @@ To share data with collaborators (that either have a Globus account or an ALCF a
Add Permissions
-You can share with other Globus users or Globus Groups (==for more information on Groups, scroll down to Groups==). You can give the collaborators read, write or read+write permissions. Once the options have been selected, click 'Add Permission'. +You can share with other Globus users or Globus Groups (for more information on Groups, scroll down to Groups). You can give the collaborators read, write or read+write permissions. Once the options have been selected, click 'Add Permission'.
![Add Permissions - Share With](files/permissions-share-with.png){ width="700" } @@ -109,20 +115,20 @@ You should then see the share and the people you have shared it with. You can re
## Additional information on Globus Guest Collections -* ONLY you (a project PI) can create guest collections and make them accessible to collaborators. Project Proxy (on the POSIX side) cannot create guest collections. +1. ONLY a project PI can create guest collections and make them accessible to collaborators. Project proxies cannot create guest collections. -* You can only share directories, not individual files. +2. You can only share directories, not individual files. -* Globus allows directory trees to be shared as either read or read/write. This means that any subdirectories within that tree also have the same permissions. +3. Globus allows directory trees to be shared as either read or read/write. This means that any subdirectories within that tree also have the same permissions. Globus supports setting permissions at a folder level, so there is no need to create multiple guest collections for a project. You can create a guest collection at the top level and share sub-directories with the collaborators by assigning the appropriate permissions. -* When you create a guest collection endpoint and give access to one or more Globus users, you can select whether each person has read or read/write access. If they have write access, they can also delete files within that directory tree, so you should be careful about providing write access. +4. When you create a guest collection endpoint and give access to one or more Globus users, you can select whether each person has read or read/write access. If they have write access, they can also delete files within that directory tree, so you should be careful about providing write access. -* Globus guest collections are created and managed by project PIs. If the PI of a project changes, the new PI will have to create a new guest collection and share them with the users. Globus guest collections' ownership cannot be transferred. +5. Globus guest collections are created and managed by project PIs. If the PI of a project changes, the new PI will have to create a new guest collection and share them with the users. Contact ALCF Support (support@alcf.anl.gov) in such cases. Globus guest collections' ownership cannot be transferred. -* Guest collections are active as long as the project directory is available and the PI's ALCF account is active. If the account goes inactive, the collections become inaccessible to all the users. Access is restored once the PI's account is reactivated. +6. Guest collections are active as long as the project directory is available **and** the PI's ALCF account is active. If the PI's ALCF account goes inactive, the collections become inaccessible to all its collaborators. Access is restored once the PI's account is reactivated. -* All RW actions are performed as the PI, when using Guest Collections. If a PI does not have permissions to read or write a file or a directory, then the Globus guest collection users won't either. +7. All RW actions are performed as the PI, when using Guest Collections. If a PI does not have permissions to read or write a file or a directory, then the Globus guest collection users won't either. ## Creating a group 1. Go to Groups on the left panel @@ -136,8 +142,8 @@ Globus supports setting permissions at a folder level, so there is no need to cr
Create new group
-## Transferring data from Eagle -Log in to [Globus](https://app.globus.org) using your ALCF credentials. After authenticating, you will be taken to the Globus File Manager tab. In the 'Collection' box, type the name of Eagle managed endpoint (alcf#dtn_eagle). Navigate to the folder/file you want to transfer. HTTPS access (read-only) is enabled so you can download files by clicking the "Download" button. +## Transferring data from Grand/Eagle +Log in to [Globus](https://app.globus.org) using your ALCF credentials. After authenticating, you will be taken to the Globus File Manager tab. In the 'Collection' box, type the name of Eagle/Grand managed endpoint (```alcf#dtn_eagle``` or ```alcf#dtn_grand```). Navigate to the folder/file you want to transfer. HTTPS access (read-only) is enabled so you can download files by clicking the "Download" button. Click on 'Download' to download the required file. @@ -220,7 +226,7 @@ They should click on the files they want to transfer, then 'Transfer or Sync to' ## Encryption and Security Data can be encrypted during Globus file transfers. In some cases encryption cannot be supported by an endpoint, and Globus Online will signal an error. -For more information, see ==How does Globus Online ensure my data is secure?== +For more information, see [How does Globus ensure my data is secure?](https://docs.globus.org/faq/security/#how_does_globus_ensure_my_data_is_secure) In the Transfer Files window, click on 'More options' at the bottom of the 2 panes. Check the 'encrypt transfer' checkbox in the options. @@ -235,15 +241,15 @@ Alternatively, you can encrypt the files before transfer using any method on you ## FAQs ### General FAQs: -**1. What is the Eagle File system?** +**1. What are Eagle and Grand file systems?** -It is a Lustre file system residing on an HPE ClusterStor E1000 platform equipped with 100 Petabytes of usable capacity across 8480 disk drives. This ClusterStor platform also provides 160 Object Storage Targets and 40 Metadata Targets with an aggregate data transfer rate of 650GB/s. Primary use of Eagle is data sharing with the research community using [Globus](https://www.alcf.anl.gov/support-center/theta/using-globus-theta).The file system is available on all ALCF compute systems. It allows sharing of data between users (ALCF and external collaborators). +They are Lustre file systems residing on an HPE ClusterStor E1000 platform equipped with 100 Petabytes of usable capacity across 8480 disk drives. Each ClusterStor platform also provides 160 Object Storage Targets and 40 Metadata Targets with an aggregate data transfer rate of 650GB/s. -**2. What is the difference between Guest, Shared and a Mapped collection?** +**2. What is the difference between a Guest, Shared, and Mapped collection?** - Guest collections: A Guest collection is a logical construct that a PI sets up on their project directory in Globus that makes it accessible to collaborators. The PI creates a guest collection at or below their project and shares it with the Globus account holders. - Shared collection: A guest collection becomes a shared collection when it is shared with a user/group. -- Mapped Collections: Mapped Collections are created by the endpoint administrators. In the case of Eagle, these are created by ALCF. +- Mapped Collections: Mapped Collections are created by the endpoint administrators. In the case of Eagle/Grand, these are created by ALCF. **3. Who can create Guest collections?** @@ -259,42 +265,42 @@ Access Manager is someone who can act as a Proxy on behalf of the PI to manage t Groups are constructs that enable multi-user data collaboration. A PI (and an Access Manager) can create new groups, add members to them and share a guest collection with a group of collaborators. -**Note** Members of groups do not need to have an ALCF account. +**Note** Members of groups do not need to have ALCF accounts. **6. What are some of the Common Errors you see and what do they mean?** ``` - EndpointNotFound - Wrong endpoint name -- PermissionDenied - If you do not have permissions to view or modify the collection on (refer to the appropriate section for what this error could mean) +- PermissionDenied - If you do not have permissions to view or modify the collection on - ServiceUnavailable - If the service is down for maintenance ``` ### PI FAQs: **1. How can a PI request for a data-only, Eagle storage allocation?** -A project PI can request an allocation by filling out the Director’s Discretionary Allocation Request form: [Request an allocation](https://accounts.alcf.anl.gov/allocationRequests). The allocations committee reviews the proposals and provides its decision in 1-2 weeks. To request a storage allocation on Eagle for an existing project, please email [support@alcf.anl.gov](mailto:support@alcf.anl.gov) with your proposal. +A project PI can request an allocation by filling out the Director’s Discretionary Allocation Request form: [Request an allocation](https://accounts.alcf.anl.gov/allocationRequests). The allocations committee reviews the proposals and provides its decision in 1-2 weeks. **2. Does a PI need to have an ALCF account to create a Globus guest collection?** Yes. The PI needs to have an 'active' ALCF account in place to create and share guest collections with collaborators. -- If the PI has an 'Inactive/Deleted' ALCF account, they should click on the link here to start the account re-activation process: [Account re-activation link](https://accounts.alcf.anl.gov/accountReactivate) -- If they don't have an ALCF account, they request for one: [Account request link](https://accounts.alcf.anl.gov/#!/accountRequest) +- PIs with an "Inactive/Deleted" ALCF account, should submit a reactivation request by filling out this form: [Re-activation Form](https://accounts.alcf.anl.gov/#/accountReactivate) +- PIs without an ALCF account should submit an ALCF account request by filling out this form: [Account Request Form](https://accounts.alcf.anl.gov/#/accountRequest) **3. What endpoint should the PI use?** -```alcf#dtn_eagle``` +```alcf#dtn_eagle``` (project on Eagle) or ```alcf#dtn_eagle``` (project on Grand) -**4. What are the actions an Eagle PI can perform?** +**4. What are the actions a PI can perform?** - Create and delete guest collections, groups - Create, delete and share the data with ALCF users and external collaborators - Specify someone as a Proxy (Access Manager) for the guest collections -- Transfer data between the guest collection on Eagle and other Globus endpoints/collections +- Transfer data between the guest collection on Eagle/Grand and other Globus endpoints/collections **5. How can a PI specify someone as a Proxy on the Globus side?** -Go to alcf#dtn_eagle -> collections -> shared collection -> roles -> select 'Access Manager' +Go to alcf#dtn_eagle (or alcf#dtn_grand) -> collections -> shared collection -> roles -> select 'Access Manager'
![Roles](files/roles.png){ width="700" } @@ -308,72 +314,69 @@ Go to alcf#dtn_eagle -> collections -> shared collection -> roles -> select 'Acc **6. What is the high-level workflow for setting up a guest collection?** -- PI requests an Eagle allocation project -- The ALCF Allocations Committee reviews and approves requests -- ALCF staff sets up a project, unixgroup, and project directory (on Eagle) -- A Globus sharing policy is created for the project with appropriate access controls -- PI creates a guest collection for the project, using the Globus mapped collection for Eagle. +1. PI requests a compute or data-only allocation project. +2. Once the request is approved, ALCF staff sets up a project, unixgroup, and project directory. +3. A Globus sharing policy is created for the project with appropriate access controls, provided the PI has an active ALCF account. +4. PI creates a guest collection for the project, using the Globus mapped collection for the file system (alcf#dtn_eagle or alcf#dtn_grand). - **Note:** PI needs to have an active ALCF Account and will need to log in to Globus using their ALCF credentials. - - If PI has a Globus account, it needs to be linked to their ALCF account + - If PI has an existing Globus account, it needs to be linked to their ALCF account. -- PI adds collaborators to the guest collection. Collaborators can be ALCF users and external collaborators -- Added with Read only or Read-Write permissions +5. PI adds collaborators to the guest collection. Collaborators can be ALCF users and external collaborators and can be added with Read only or Read-Write permissions -**7. Should PI add their ALCF project members to Eagle separately to access guest collections?** +**7. How can project members with ALCF accounts access the project directory via Globus?** -ALCF project members already have access to the project directory that they can access by browsing the endpoint ```alcf#dtn_eagle```. Globus guest collections allows sharing of data with collaborators that don't have ALCF accounts. + Users that have active ALCF accounts and are part of the project in the ALCF Account and Project Management system will automatically have access to the project directory which they can access by browsing the Globus endpoint ```alcf#dtn_eagle or alcf#dtn_grand```. If they want to access the files using the Globus guest collection set up by the PI, the PI will need to explicitly give them permissions to that guest collection. The purpose of Globus guest collections is to share the data with collaborators that don't have ALCF accounts or are not part of the project in the ALCF Account and Project Management system. **8. Who has the permissions to create a guest collection?** Only the PI has the ability to create a guest collection. The Access Manager, along with the PI, has permissions to share it with collaborators (R-only or R-W permissions as needed). -**9. I am the project PI. Why do I see a "Permission Denied" error when I try to CREATE a shared collection?** +**9. I am the project PI. Why do I see a "Permission Denied" error when I try to CREATE a guest collection?** -If you are a PI and you see this error, it could mean that a sharing policy might not have been created by ALCF. Please contact [support@alcf.anl.gov](mailto:support@alcf.anl.gov) for assistance. +If you are a PI and you see this error, it could mean that a sharing policy for the project is missing. Please contact [support@alcf.anl.gov](mailto:support@alcf.anl.gov) so they can set one up. -**10. If a PI added someone as a project proxy on the POSIX-side, is it safe to assume that the Proxy can create guest collections?** +**10. If a PI added a member as a project proxy on the POSIX-side, is it safe to assume that the Proxy can create guest collections?** No, project proxies cannot create guest collections, only the PI can. **11. Who can create groups?** A PI (and an Access Manager) can create new groups, add members to them and share a guest collection with a group of collaborators. For more information, refer to: [Creating a Group](#Creating a Group) -**12. What happens when the PI of a project changes? What happens to the shared collection endpoint?** +**12. What happens when the PI of a project changes? What happens to the guest collection endpoint?** -The new PI will need to create new shared collections and share it with collaborators again. +The new PI will need to create new guest collections and share it with collaborators again. Guest collections are tied to a PI's account and cannot be transferred. -**13. I notice that I am the owner of all the files that were transferred by external collaborators using the guest collection. Why is that?** +**13. I noticed that I am the owner of all the files that were transferred by external collaborators using the guest collection. Why is that?** -When collaborators read files from or write files to the guest collection, they do so on behalf of the PI. All writes show up as having been carried by the PI. Also, if the PI does not have permission to read or write to a file or folder in the directory, then the collaborators will not have those permissions either. +When collaborators read files from or write files to the guest collection, they do so on behalf of the PI. All writes show up as having been carried by the PI. Additionally, if the PI does not have permission to read or write to a file or folder in the directory, then the collaborators will not have those permissions either. **14. What happens to the guest collections when the PI's account goes inactive?** -The collections will also become inactive until the PI's account is re-activated. +The collections goes inactive and will remain in that state until the PI's account is re-activated. -**15. How long does it take for the endpoint to become accessible to collaborators after PI's account is activated?** +**15. How long does it take for the endpoint to become accessible to collaborators after a PI's account is re-activated?** Right away. The page needs to be refreshed and sometimes you may have to log out and log back in. ### Access Manager FAQs: **1. What are the actions an Access Manager can perform?** - 1. Access Manager should be able to see the collection under "Shared with you" and "Shareable by you" tabs. - 2. Has permissions to add and/or delete collaborators on the shared collection and restrict their R-W access as needed. + Access Manager should be able to see the collection under "Shared with you" and "Shareable by you" tabs. They have permissions to add and/or delete collaborators on the shared collection and restrict their R-W access as needed. **2. Does an Access Manager need to have an ALCF account?** -Not necessary. However, if they need to manage the membership on the POSIX side, they will need an ALCF account and be a Proxy on the project. +Not necessary. However, if they need to manage the membership on the POSIX side (or in the ALCF Account and Project Management system), they will need an ALCF account and be a Proxy on the project. **3. What is the difference between an ALCF project Proxy and a guest collection Access Manager?** -ALCF Project Proxy has permissions to manage project membership on the POSIX side whereas guest collection Access Manager has permissions to manage the project membership specific to that guest collection shared by the PI on the Globus side. +An ALCF Project Proxy has permissions to manage project membership on the POSIX side whereas a guest collection Access Manager has permissions to manage the project membership specific to that guest collection, created by the PI, on the Globus side. **4. I am an 'Access Manager' on the collection. Why do I see a 'Permission Denied' error when I try to SHARE a guest collection created by the PI?** -If you are a non-PI who is able to access the guest collection but unable to share it, it means that your role on this guest collection is limited to a "Member". If you want the ability to share folders and sub-folders from the collections that are shared with you, please talk to the PI. They will need to set your role to an "Access Manager" for the collection within Globus +If you are a non-PI who is able to access the guest collection but unable to share it, it means that your role on this guest collection is limited to a "Member". If you want the ability to share folders and sub-folders from the collections that are shared with you, please talk to the PI. They will need to set your role to an "Access Manager" for the collection within Globus. -**5. Can an Access Manager give external collaborators access to the collections that are shared with them on Eagle?** +**5. Can an Access Manager give external collaborators access to the collections that are shared with them?** Yes, an Access Manager will see "Permissions" tab at the top of the shared collection page and can share it with collaborators and/or a group. @@ -383,7 +386,7 @@ No. An access manager cannot create a collection, only a PI can do that. The acc **7. Can an Access Manager leave a globus group or withdraw membership request for collaborators?** -Yes.[Go to alcf#dtn_eagle-> Groups > group_name -> Members -> click on specific user -> Role & Status -> Set the appropriate status] +Yes.[Go to alcf#dtn_eagle (or alcf#dtn_grand)-> Groups > group_name -> Members -> click on specific user -> Role & Status -> Set the appropriate status]
![Permission denied](files/roles.png){ width="700" } @@ -393,22 +396,24 @@ Yes.[Go to alcf#dtn_eagle-> Groups > group_name -> Members -> click on specific **8. Can an Access Manager delete guest collections created by PI?** No. Access managers cannot delete guest collections. -Guest Collection Collaborators: +### Guest Collection Collaborators FAQs: **1. What actions can collaborators perform?** - 1. Collaborators can read files from a collection * - 2. Collaborators can write to a collection ** - 3. Collaborators can delete files in a collection ** -** *If the PI has read permissions for those files on the POSIX side and the collaborator is given read permissions in Globus for the guest collection.* +1. Collaborators can read files from a collection* +2. Collaborators can write to a collection** +3. Collaborators can delete files in a collection** + +*If the PI has read permissions for those files on the POSIX side and the collaborator is given read permissions in Globus for the guest collection. -** *If the PI has write permissions for those files on the POSIX side and the collaborator is given write permissions in Globus for the guest collection.* +**If the PI has write permissions for those files on the POSIX side and the collaborator is given write permissions in Globus for the guest collection. **2. I am a collaborator. Why do I see a 'Permission Denied' error when I try to ACCESS a guest collection created by the PI?** + If you are a non-PI and you see this error while trying to access the collection, it means that you do not have read permissions to access the quest collection. Please contact the PI for required access.
- ![Permission denied](files/roles.png){ width="700" } + ![Permission denied](files/roles.png){ width="1000" }
If you get thie error, you do not have read permissions.