Re: HLF production infra and permission control #hyperledger-fabric #fabric
If u1 and u2 are part of organizations in both channels c1 and c2, then org level policies can be defined in channel configuration. But if you are looking for user level policy, I doubt if that is possible outside of chaincode access control.
On Monday, February 27, 2023 at 02:35:29 PM GMT+5:30, Eddy Ng <iteddy@...> wrote:
Hi,
Gone thru "abac" sample as well as ACL docs.
For a peer with two joined channels (c1 and c2), two users (u1 and u2) with "client" role. If no logic is embedded in the deployed chaincodes, both of the users can freely invoke/query any chaincodes ? Can we apply such ACL out of chaincode ? such that u1 can only r/w c1 and u2 to c2 ?
Same for chaincode installation/approval, from configtx, default is that users with "admin" role can perform Admin tasks. If both u1 and u2 is "admin" user, how to separate them from touch each other's channel ?
Thanks.
Gone thru "abac" sample as well as ACL docs.
For a peer with two joined channels (c1 and c2), two users (u1 and u2) with "client" role. If no logic is embedded in the deployed chaincodes, both of the users can freely invoke/query any chaincodes ? Can we apply such ACL out of chaincode ? such that u1 can only r/w c1 and u2 to c2 ?
Same for chaincode installation/approval, from configtx, default is that users with "admin" role can perform Admin tasks. If both u1 and u2 is "admin" user, how to separate them from touch each other's channel ?
Thanks.