IBM Aspera Shares 2 is designed for companies that need to ingest or share content (files and directories of any size) in multiple locations, or across multiple servers at the same location. Content can be shared within the company, or with external customers and partners. Content sharing and managing rights can be delegated to authorized roles at each level, providing added layers of security and ensuring access to the right content by the right people. Access and permissions can be scoped by users and groups within organizations and projects.
The Shares 2 API allows you to perform all the functionality available in the Shares 2 product UI.
Shares 2 uses OAuth-based authentication. You first make an API call to generate a bearer token, then you submit the token in the header of the API call with this format:
Authorization: Bearer access_token
Note that the user's email address is the unique user identifier in requests. Shares 2 also supports username for remote users if email is not present.
For detailed information on generating the bearer token, see Access Tokens.
Shares 2 Key Concepts
Here are some definitions that explain the structure and functioning of Shares 2. For additional information, see the introduction of the Aspera Shares Admin Guide
- An Aspera node is a transfer server that is accessible to the Shares 2application. Nodes contain shares. Nodes can be assigned to organizations and projects. Node access is controlled by the Shares 2 system administrator. Organization administrators can make nodes available to their organizations and projects (see definitions of organization and project, below) .
- A share is a directory on a node. To be accessed, shares must be assigned to projects. (Shares are not assigned to Organizations.) Project admins with access and permissions to a node, can create more shares on it for their project. Project admins also control user and group access to the shares.
Users, Groups, Teams, and Admins
- A group is a collection of users. Groups are granted access and permissions to organizations, projects, and shares. Groups may also be assigned admin roles per entity they are assigned to, on a case-by-case basis. In that case, every member of that group becomes a system admin, organization admin, or project admin, depending on the resource they were granted permissions to.
- A user is an individual with a unique login account. Users can be authorized on your Shares application using “local,” SAML, or Active directory/LDAP authentication. Users can be granted access and permissions to organizations, projects, and shares. Users can also be made administrators, including system administrators.
- A team is created within an organization. Teams include users and groups. Teams can be authorized as admins, to projects, and to shares.
- An admin has one of three access levels (listed from most powerful to least): system, organization, and project. Admins may selectively be given two additional permissions: “Can see all users,” and “Can see all nodes”.
Organizations and Projects
- An organization can represent an entire company, an individual department, or other entity, depending on your needs. Organizations have users, groups and nodes assigned to them by the Shares application system admin. Organizations have admins that can create and manage projects within the organization. Organization admins can also assign users, groups, and nodes to the organization’s projects.
- A project is contained in an organization. You can have as many projects as you want in each organization. Users, groups, and shares can be assigned to projects. The project admins, and containing organization admins can manage project resources.
Resources and Containers
- Definitions: a resource is a Node, Share, Group, User, or Project; a container is an Organization, Project, or Group.
- A resource can be unavailable, available, or authorized to a container. For example an organization can have a Node, and a Group available to it.
- If a resource is available, that means it can be authorized to that container by the appropriate administrators.
- If a resource is authorized, that means it is usable within the container. An authorized node is accessible to an Organization. An authorized share is accessible to all the members of a group that has access to a project.
User Permissions Overview
In Shares 2, there are five user types:
- Standard Users
- Project Admins
- Organization Admins
- User Manager
- System Admins
All admins have access to a settings menu that allows them to manage their areas of administration. These may include:
- Adding and removing users and groups
- Authorizing and revoking access for users and groups
- Adding nodes and shares
- Configuring settings
- Configuring content permissions to resources