Sharing files on Savio using Globus
With Globus, you can easily share research data with your collaborators. You don’t need to create accounts on the server(s) (i.e., Savio) where your data is stored. You can share data with anyone using their identity or their email address. This means that users can access a “guest collection” without a local account on Savio. Access is based on permissions that you grant via Globus.
The Globus user interface (UI) can be accessed through a browser, such as Google Chrome. It is generally recommended that an “incognito” browser window (e.g., a Google Chrome “incognito” or “private” browser window) be used when accessing the Globus UI so other credentials are ignored. This can also help avoid sending (old) login cookies. Incognito will also automatically forget your passwords when you close out at the end of a session. You can access an Incognito Google Chrome browser by clicking on the three vertical dots in the upper right corner of the browser and clicking “New Incognito Window” in the drop-down menu. You’ll know you are incognito when the address bar turns black at the top of the window and you’ll see the word “Incognito” in the top right of the browser window. For more instructions on this, please see here and here.
To share data on Savio, you’ll create a "guest collection” and grant your collaborators access as described in the instructions below. If you like, you can designate other Globus users as "access managers" for the guest collection, allowing them to grant or revoke access privileges for other Globus users.
- Log into Globus and navigate to the File Manager page for the ucb#brc collection, as described in our documentation here.
- Click on the three vertical dots on the File Manager page next to and to the right of the Collection box with “ucb#brc” at the top, and then on the following description page that opens up, select the "Collections" tab:
- Click the "Add a Guest Collection" button in the upper right of the “Guest Collections” page.
- Fill out the form on the next page that comes up, choosing the Directory you’d like to share. (Note that if you use "/~/" in the “Directory” field, this will display the contents of your home directory on Savio, but you can click on the Browse button there and restrict the guest collection to be a particular subdirectory, which is often recommended). Sharing occurs at the directory level – individual files can only be shared by sharing the folder that contains them. Provide a name for the guest collection in the “Display Name” field. In the example here, we name the guest collection “ucb#brc GCSv5 Guest Collection”. This will enable you and your collaborators to easily find the collection by that name. Fill in the other fields as needed, and click “Create Collection”. (Note also that there is no need to specify encryption using the advanced transfer option in the Globus UI – the collection was created with the encryption feature already enabled. It can not be disabled). If this is the first time you are accessing the collection, you may need to authenticate and consent to allow Globus services to manage your collections on your behalf.
- When your guest collection is created, you’ll be taken to the “Permissions” tab, where you can set permissions. As shown below, the starting permissions give read and write access (and the Administrator role) to the person who created the collection such that, initially, only you can access the contents of your Savio space via the guest collection.
Click the “Add Permissions – Share With" button to share access with others. You can add permissions for an individual user, for a group, or for all logged-in users. In the Identity/E-mail field, type a person’s name or Globus username (if user is selected) or a group name (if group is selected) and press Enter. Globus will display matching identities. Pick from the list. If the user hasn’t used Globus before or you only have an email address, enter the email address and click “Add Permissions".
The example above grants read and write access to the subdirectory “brc-cyberinfrastructure” in your Savio home directory to Globus user firstname.lastname@example.org. The users you share with will receive an email notification containing a link to the shared endpoint. You may add a customized message to this email. If you don’t want to send a notification, uncheck the “Send Email” checkbox. Note that granting write access to a folder allows users to modify and delete files and folders within the folder.
- After receiving the email notification, your colleague can click on the link to log into Globus and access the guest collection. In the example below, user paciorek@.berkeley.edu accesses the guest collection. Note that the collection name is “ucb#brcGCSv5 Guest Collection” and the path is
~/brc-cyberinfrastructure, because this is what the user was given access to.
- You can allow others to manage the permissions for a collection you create. Use the "Roles" tab to manage roles for other users. You can assign roles to individual users or to groups. As shown below, the default is for the person who created the collection to have the Administrator role.
The Access Manager role grants the ability to manage permissions for a collection. (Users with this role automatically have read/write access for the collection.) In the example below (after clicking on the “Assign New Role” button in the upper right), the user email@example.com is being granted the Access Manager role.
When a role is assigned to a group, all members of the group have the assigned role.
For additional details, instructions, and examples on sharing permissions and sharing data from a guest collection, please see the Globus how-to articles How to share data using Globus and Access and share data from a guest collection.