Shares Terms and Concepts
Aspera Storage Terms
| Term | Definition |
|---|---|
| transfer server | A transfer server is any server running an Aspera transfer server product, which includes IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point-to-Point Client, IBM Aspera Faspex, and IBM Aspera Transfer Cluster Manager. Transfer servers may be on premises, or in the cloud. |
| node | A node is a server that has been configured with the Node API running an Aspera transfer server product. Aspera transfer server products include: IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point-to-Point Client, IBM Aspera Faspex, and IBM Aspera Transfer Cluster Manager. Nodes are accessible to your Shares application. Node access is set up by your Shares system admin. Once a node has been linked to your Shares application it can be assigned to one (or more) of your organizations. Nodes contain shares, and shares can be assigned to projects. |
| Node API | The Aspera Node API is the primary REST API for interacting with an Aspera transfer server. The Node API provides functions, including file operations, transfer authorization, transfer initiation, and transfer status. Enabling the Node API on a transfer server makes it a “node.” Nodes contain shares, which in turn can be assigned to projects. |
| share | A share is a directory and it’s contents.
It is available on a node. Each share exists on one, and only
one node. Shares are assigned to organizations and projects by system and
organization admins. Organizations and projects can contain any number of
shares.
Users authorized to a project can browse, download from, upload to, and manage files and folders in that project's shares, provided they have the necessary permissions. Users can also be authorized directly to a share, within a project. |
| sub-share | It is possible to create shares at the node level, and also possible to create a share within another share. A shares within a share is called a “sub-share.” Project managers, for example, can create sub-shares on shares they have access to. |
| folder | A directory within a share, or on your local computer. |
Organizational Structure
| Term | Definition |
|---|---|
| Shares application | In the Shares application, but outside the organization and project levels, as a
Shares system admin, you can control the settings and contents of the application. (See also:
system admin) For example you can:
|
| organization | Organizations can represent an entire company, an individual department, or other
entity, depending on your needs. An organization is a collection of:
|
| project | A project is a collection of nodes, shares, users, and groups. Shares are assigned only at the project level. A project admin can make available users authorized, and modify permissions. |
| resource | A resource can be a node, share, group, or user. Resources are allocated to organizations for admins in that organization to authorize to projects and shares. |
User Roles and Capabilities
| Term | Definition |
|---|---|
| system admin | A system administrator is a user account with access and management rights for the entire Shares application. |
| organization admin | An organization admin is a user account that has been given admin rights to an organization. |
| project admin | A project admin is a user account that has been given admin rights to a project. Shares system admins and organization admins can assign project admin rights to a user account by enabling the user's privilages within that project’s settings. |
| standard user | A standard user is a non-admin user account in the Shares application.
Standard users can only access project resources authorized by an admin. Depending on the permissions set by an admin, this user may have a subset of
the following permissions:
|
Permissions
Permissions can be assigned to users and groups at many levels. The most specific permissions granted to a user, whether directly or by way of group membership, and by way of assignment via organization, project or share are the permissions they are granted. For example, If user1 is a member of group1, and both the user and group are assigned to a project the user’s permissions will be used.| Group permission settings | User permission settings | Resulting access granted |
|---|---|---|
| Read/Write | Read | Read |
| Read | Read/Write | Read/Write |
- Users directly to a share
- Groups directly to a share
- Teams directly to a share
- Users to a project
- Groups to a project
- Teams to a project
- Users to an organization
- Groups to an organization
- Teams to an organization
- Admins to a project – have full permissions to every share in that project
- Admins to an organization – have full permissions to every project and share in their organization
- Admins to the Shares application (system admin) – have full permissions to every organization, project, node and share
| Permission | Definition | Edit Page |
|---|---|---|
| Delete | Allows you to Delete files and folders on a share. | Delete |
| Download | Allows you to Download files and folders. Download permissions are also needed for the source share when doing a copy or move. For more information, see Moving and Copying Content from One Share to Another. |
Download, Copy and Move |
| Make Folder | Allows you to make folders (directories) on a share, and upload files to them. | New Folder |
| Rename | Allows you to rename files and folders on a share. | Rename |
| Upload | Allows you to upload files to a share, but not create new folders. You can perform a
“blind upload” to a share if you do not have the View permission. Upload permissions are also needed for the destination share when doings a copy or move. For more information, see Moving and Copying Content from One Share to Another. |
Upload Files, Upload Folders, Copy and Move |
| View | Allows you to browse files and folders on the share. Users must have View permission to perform any action other than a “blind upload” to a write-only share. | |
| New share (Admin only) |
Create a new share from the selected directory. Project, organisation, or Shares system admin. | |
| Can see all nodes (Admin only) |
If this permission is enabled the admin can not only see the nodes at their level
(project admins can see project nodes) they can also see the nodes one level above their admin
access. That is they can see and assign nodes that are assigned to the organization level, in
this example. This is done to relieve the burden on the organization admins as long as it’s not a security problem for a project admin to see every node in the entire organization. Across all projects. |
|
| Can see all users (Admin only) |
If this permission is enabled the admin can not only see the nodes at their level
(organization admins can see organization users) they can also see and assign the users one
level above their admin access. Shares application level, in this example. This is done to relieve the burden on the system admins as long as it’s not a security problem for an organizational admin to see every user in the entire Shares application. Across all organizations. |
Interaction Between Authorization Levels
The Shares application allows you to configure user and group permissions at the project-level
and shares-level. This allows you to restrict or increase permissions for a particular user, or
group of users, for a project or a share. For example, you can authorize a user with limited
permissions to a project and a share, but full permissions to a sub-share, by assigning
different permissions to the user at the project, top-level share, and sub-share levels. This
table shows an example of how that would be done for a single user.
| Authorization Level | Permission |
|---|---|
| Project | View only |
| Top-Level Share (/home/aspera/share) | View and download only |
| Sub-Share (/home/aspera/share/project_files/) | Full permissions |