Re: ACL - Read Only


David Enyeart
 

I'm going to have to rescind my response. Yacov's and Simon's comment in the Jira is correct. The Jira stories were opened in 2017 with a pre-fine-grained-ACL mindset. With the fine-grained ACL support (since v1.2), you can now simply exclude the org from the coarse /Channel/Writers policy so that they can't submit transactions to ordering service:
https://github.com/hyperledger/fabric/blob/release-1.4/sampleconfig/configtx.yaml#L414-L416

and change peer/Propose fine-grained ACL to /Channel/Application/Readers so that they can invoke chaincode:
https://github.com/hyperledger/fabric/blob/release-1.4/sampleconfig/configtx.yaml#L211


Dave Enyeart

"David Enyeart" ---01/17/2020 09:09:17 AM---Unfortunately it still has to be managed in chaincode. The requirement for channel readers to be abl

From: "David Enyeart" <enyeart@...>
To: nlzanutim@...
Cc: Fabric <fabric@...>
Date: 01/17/2020 09:09 AM
Subject: [EXTERNAL] Re: [Hyperledger Fabric] ACL - Read Only
Sent by: fabric@...





Unfortunately it still has to be managed in chaincode. The requirement for channel readers to be able to call read-only chaincode functions has been open for a long time, see https://jira.hyperledger.org/browse/FAB-6959 and its duplicates. I think it is time to prioritize this on the roadmap. What do others think?


Dave Enyeart

"Nicholas Leonardi via Lists.Hyperledger.Org" ---01/17/2020 08:36:00 AM---Hey, I'm trying to achieve an organization to be read-only (query-only) in a channel. Is that possib

From:
"Nicholas Leonardi via Lists.Hyperledger.Org" <nlzanutim=yahoo.com@...>
To:
Fabric <fabric@...>
Cc:
fabric@...
Date:
01/17/2020 08:36 AM
Subject:
[EXTERNAL] [Hyperledger Fabric] ACL - Read Only
Sent by:
fabric@...




Hey,


I'm trying to achieve an organization to be read-only (query-only) in a channel. Is that possible?
I've been researching on different ACLs but since a "peer chaincode query" is a proposal because
it needs to verify the authenticity of the data with other peers, I haven't been able to map out how
to do it.
I know it's possible in chaincode level but I needed it to be channel application-level. If anyone
has any idea please let me know.
Thanks in advance.


Regards,
Nick






Join fabric@lists.hyperledger.org to automatically receive all group messages.