Re: HLF production infra and permission control #hyperledger-fabric #fabric


For permission control at user level, attribute based access control can be used.


On Monday, February 20, 2023 at 01:27:29 PM GMT+5:30, Eddy Ng <iteddy@...> wrote:

Hi All,
We are new to HLF, our boss want to make use of HLF for information sharing between difference departments (d1, d2, d3 ...) only inside our corp (org1).
And multiple channels (c1, c2, c3 ...) will be created for difference Apps. Multiple users (u1_d1, u2_d1, u1_d2, u2_d2 ...) will be created for developers from
difference departments to interact apps with chaincodes. The information in all channels will not be shared out to other corp at the moment.

Couples of questions need some comments,

1. Since we are the only admin for infra and servers, and the users from difference departments will only cater for chaincode/Apps development.
   To simplify the HLF infra, we planned to setup with 1 x CA + 3 x Orderer + 3 x Peer ? Any better recommendation ?
2. We planned to join all channels to all 3 peers to simplified the infra setup. As all users will get a cert and can connect to all peers, 
Is the proposed infra allow the following permission control ? What is the corresponding setting required ? It seems we cannot apply ACL for each users ?
Channel c1 - Read: All users, Write: u2_d1 (All users allow to Read, only u2 from d1 dept can write)
Channel c2 - Read: u1_d2, u2_d2, Write: u2_d2   (Only users from d2 dept allow to Read, and only u2 from d2 dept can write)

3. For chaincode installation, can it be delegated out to a difference user(s) instead of only be done by the "admin" user ?
4. For the production infra setup, is it popular to setup with docker or better done with systemd ?

Thanks all.

Join { to automatically receive all group messages.