ACL - Read Only


Nicholas Leonardi
 

Hey,

I'm trying to achieve an organization to be read-only (query-only) in a channel. Is that possible?
I've been researching on different ACLs but since a "peer chaincode query" is a proposal because 
it needs to verify the authenticity of the data with other peers, I haven't been able to map out how
to do it.
I know it's possible in chaincode level but I needed it to be channel application-level. If anyone
has any idea please let me know.
Thanks in advance.

Regards, 
Nick


David Enyeart
 

Unfortunately it still has to be managed in chaincode. The requirement for channel readers to be able to call read-only chaincode functions has been open for a long time, see https://jira.hyperledger.org/browse/FAB-6959 and its duplicates. I think it is time to prioritize this on the roadmap. What do others think?


Dave Enyeart

"Nicholas Leonardi via Lists.Hyperledger.Org" ---01/17/2020 08:36:00 AM---Hey, I'm trying to achieve an organization to be read-only (query-only) in a channel. Is that possib

From: "Nicholas Leonardi via Lists.Hyperledger.Org" <nlzanutim=yahoo.com@...>
To: Fabric <fabric@...>
Cc: fabric@...
Date: 01/17/2020 08:36 AM
Subject: [EXTERNAL] [Hyperledger Fabric] ACL - Read Only
Sent by: fabric@...





Hey,

I'm trying to achieve an organization to be read-only (query-only) in a channel. Is that possible?
I've been researching on different ACLs but since a "peer chaincode query" is a proposal because
it needs to verify the authenticity of the data with other peers, I haven't been able to map out how
to do it.
I know it's possible in chaincode level but I needed it to be channel application-level. If anyone
has any idea please let me know.
Thanks in advance.

Regards,
Nick




Nicholas Leonardi
 

I see. 
I think this should be prioritized ASAP on the next 1.4.5 update because many business models require this already. As is in my case and
I'm sure many others are also depending on this feature for efficiency. 

Em sexta-feira, 17 de janeiro de 2020 11:09:09 BRT, David Enyeart <enyeart@...> escreveu:


Unfortunately it still has to be managed in chaincode. The requirement for channel readers to be able to call read-only chaincode functions has been open for a long time, see https://jira.hyperledger.org/browse/FAB-6959 and its duplicates. I think it is time to prioritize this on the roadmap. What do others think?


Dave Enyeart

Inactive hide details for "Nicholas Leonardi via Lists.Hyperledger.Org" ---01/17/2020 08:36:00 AM---Hey, I'm trying to achieve an organization to be read-only (query-only) in a channel. Is that possib


From: "Nicholas Leonardi via Lists.Hyperledger.Org" <nlzanutim=yahoo.com@...>
To: Fabric <fabric@...>
Cc: fabric@...
Date: 01/17/2020 08:36 AM
Subject: [EXTERNAL] [Hyperledger Fabric] ACL - Read Only
Sent by: fabric@...




Hey,

I'm trying to achieve an organization to be read-only (query-only) in a channel. Is that possible?
I've been researching on different ACLs but since a "peer chaincode query" is a proposal because
it needs to verify the authenticity of the data with other peers, I haven't been able to map out how
to do it.
I know it's possible in chaincode level but I needed it to be channel application-level. If anyone
has any idea please let me know.
Thanks in advance.

Regards,
Nick





Brian Behlendorf <bbehlendorf@...>
 

Can you work on a PR for the feature? That's the fastest way to get it in, if the Fab maintainers are open to adding minor new features in the 1.4 branch.

Brian


On January 17, 2020 10:12:57 PM GMT+08:00, "Nicholas Leonardi via Lists.Hyperledger.Org" <nlzanutim=yahoo.com@...> wrote:
I see. 
I think this should be prioritized ASAP on the next 1.4.5 update because many business models require this already. As is in my case and
I'm sure many others are also depending on this feature for efficiency. 

Em sexta-feira, 17 de janeiro de 2020 11:09:09 BRT, David Enyeart <enyeart@...> escreveu:


Unfortunately it still has to be managed in chaincode. The requirement for channel readers to be able to call read-only chaincode functions has been open for a long time, see https://jira.hyperledger.org/browse/FAB-6959 and its duplicates. I think it is time to prioritize this on the roadmap. What do others think?


Dave Enyeart

"Nicholas Leonardi via Lists.Hyperledger.Org" ---01/17/2020 08:36:00 AM---Hey, I'm trying to achieve an organization to be read-only (query-only) in a channel. Is that possib


From: "Nicholas Leonardi via Lists.Hyperledger.Org" <nlzanutim=yahoo.com@...>
To: Fabric <fabric@...>
Cc: fabric@...
Date: 01/17/2020 08:36 AM
Subject: [EXTERNAL] [Hyperledger Fabric] ACL - Read Only
Sent by: fabric@...




Hey,

I'm trying to achieve an organization to be read-only (query-only) in a channel. Is that possible?
I've been researching on different ACLs but since a "peer chaincode query" is a proposal because
it needs to verify the authenticity of the data with other peers, I haven't been able to map out how
to do it.
I know it's possible in chaincode level but I needed it to be channel application-level. If anyone
has any idea please let me know.
Thanks in advance.

Regards,
Nick





--
Sent from my Android device with K-9 Mail. Please excuse my brevity.


David Enyeart
 

I'm going to have to rescind my response. Yacov's and Simon's comment in the Jira is correct. The Jira stories were opened in 2017 with a pre-fine-grained-ACL mindset. With the fine-grained ACL support (since v1.2), you can now simply exclude the org from the coarse /Channel/Writers policy so that they can't submit transactions to ordering service:
https://github.com/hyperledger/fabric/blob/release-1.4/sampleconfig/configtx.yaml#L414-L416

and change peer/Propose fine-grained ACL to /Channel/Application/Readers so that they can invoke chaincode:
https://github.com/hyperledger/fabric/blob/release-1.4/sampleconfig/configtx.yaml#L211


Dave Enyeart

"David Enyeart" ---01/17/2020 09:09:17 AM---Unfortunately it still has to be managed in chaincode. The requirement for channel readers to be abl

From: "David Enyeart" <enyeart@...>
To: nlzanutim@...
Cc: Fabric <fabric@...>
Date: 01/17/2020 09:09 AM
Subject: [EXTERNAL] Re: [Hyperledger Fabric] ACL - Read Only
Sent by: fabric@...





Unfortunately it still has to be managed in chaincode. The requirement for channel readers to be able to call read-only chaincode functions has been open for a long time, see https://jira.hyperledger.org/browse/FAB-6959 and its duplicates. I think it is time to prioritize this on the roadmap. What do others think?


Dave Enyeart

"Nicholas Leonardi via Lists.Hyperledger.Org" ---01/17/2020 08:36:00 AM---Hey, I'm trying to achieve an organization to be read-only (query-only) in a channel. Is that possib

From:
"Nicholas Leonardi via Lists.Hyperledger.Org" <nlzanutim=yahoo.com@...>
To:
Fabric <fabric@...>
Cc:
fabric@...
Date:
01/17/2020 08:36 AM
Subject:
[EXTERNAL] [Hyperledger Fabric] ACL - Read Only
Sent by:
fabric@...




Hey,


I'm trying to achieve an organization to be read-only (query-only) in a channel. Is that possible?
I've been researching on different ACLs but since a "peer chaincode query" is a proposal because
it needs to verify the authenticity of the data with other peers, I haven't been able to map out how
to do it.
I know it's possible in chaincode level but I needed it to be channel application-level. If anyone
has any idea please let me know.
Thanks in advance.


Regards,
Nick