Private data collections define which organization's peers are authorized to receive and store the private data. This is orthogonal to user based access control. You need to consider both aspects.
So the questions to ask yourself are:
1) Do you want Org 2 peers to have the private data? This implies that Org 2 is in control of which users they share the private data with. If you want to go down this path, look into per-organization collections where Org 1 creates a copy of the private data in an Org 2 private data collection. As part of this, Org 2 peer's chaincode can validate the private data against the prior on-chain hashes.
2) Or do you want to keep the private data on Org 1 peers only and simply allow Org 2 users query the Org 1 peer? In this case add access control logic, either in an application layer on top of the Org 1 peer, or in the chaincode itself. For example you could maintain an access control list per private key on the ledger itself (either public state or in a Org1 collection), such that chaincode checks the private key's ACL against the client certificate before returning the private data to them.
If you want sharing for a limited time, you'd have to go with the latter approach. Once private data is shared with another organization's peer, there is really no 'unsharing' it. Even if you use the blockToLive collection property, the Org 2 admin could make a copy of the peer that doesn't process blocks, thereby preserving the access forever.
Hopefully you have found the documentation topic which mentions these patterns (beyond just asset transfer scenarios):
praviteja---04/29/2020 10:55:21 AM---There are two organizations A and B. *User1* in *Org1* has a document *Doc1* in his private data sto
Date: 04/29/2020 10:55 AM
Subject: [EXTERNAL] [Hyperledger Fabric] How to share an Asset that belongs to UserA in Org1 to UserB of Org2 instaed of asset transfer in Hyperledger fabric v1.4 ? #fabric-chaincode #couchdb #fabric-questions #hyperledger-fabric
Sent by: fabric@...
There are two organizations A and B. User1
has a document Doc1
in his private data store and he wants to share it with User2
for a limited time like 3 days, the document shared should expire after this time keeping the original with User A.
From the literature of Hyperledger fabric I have been through, everything is explained about asset transfer. But I want to keep the hold of the asset at point A and give temporary access to other users in different organizations.
Any suggestions on how to achieve this in fabric infrastructure.