The gridFTP server currently only checks for appropriate r/w permissions to a given record - regardless of how a transfer was started. If DataFed starts a transfer, it monitors the transfer, then updates the DB on completion. However, a user could start a Globus transfer if they know the path into the repository and have the appropriate permissions - this will cause the DB to out of sync with the size and source of the raw data. (Not a security risk since only the user and those with permission can do this.) Granting permission based on running tasks would narrow the window of opportunity for this, but it would not prevent it entirely since there is not a 100% mapping of transfer to task.
The gridFTP server currently only checks for appropriate r/w permissions to a given record - regardless of how a transfer was started. If DataFed starts a transfer, it monitors the transfer, then updates the DB on completion. However, a user could start a Globus transfer if they know the path into the repository and have the appropriate permissions - this will cause the DB to out of sync with the size and source of the raw data. (Not a security risk since only the user and those with permission can do this.) Granting permission based on running tasks would narrow the window of opportunity for this, but it would not prevent it entirely since there is not a 100% mapping of transfer to task.