New permissions on runs for flow owners

February 17, 2025   |  Brigitte Raumann

Globus Flows provides secure, managed automation of complex workflows at scale. As more users adopt Flows, we are receiving many requests from flow authors to provide visibility into how their flow is being used by others. For example, a growing number of shared instrument facilities offer flows to their users in order to automate routine workflows, such as data movement between instruments and computing resources, execution of data analysis pipelines, metadata extraction, and publication to data distribution portals. These facilities need to be able to view and manage runs of their flows so that they can understand usage patterns of their flows and help their users troubleshoot runs encountering errors.

We are working on delivering new features to support these use cases. In the near future:

  • Flow owners and administrators will be able to view and manage all runs of their flow.
  • Flow owners and administrators will be able to assign users or groups to two new roles: flow run monitor and flow run manager.
  • The flow run monitor role will have permission to view the metadata and event logs of all runs of a flow.
  • The flow run manager role will have additional permissions to cancel or resume a run, as well as view and modify the metadata and roles on all runs of the flow.

Run owners and managers will still be able to assign manager and monitor roles to specific runs.

Any run owners that do not want their runs to be accessible to flow owners and their delegates, may delete their runs before March 19, 2025. Moving forward, you may use the flow’s definition and input schema to deploy your own flow and run it.

Release of this new feature will be announced on the Globus Discuss mailing list.

Tags

Older
Congratulations You Have Built a Globus