Hyperledger Fabric How to give full read access to all participants

0 votes

ACL:

rule NetworkAdminUser {
    description: "Grant business network administrators full access to user resources"
    participant: "org.hyperledger.composer.system.NetworkAdmin"
    operation: ALL
    resource: "**"
    action: ALLOW
}

rule NetworkAdminSystem {
    description: "Grant business network administrators full access to system resources"
    participant: "org.hyperledger.composer.system.NetworkAdmin"
    operation: ALL
    resource: "org.hyperledger.composer.system.**"
    action: ALLOW
}

rule SystemACL {
  description:  "System ACL to permit all access"
  participant: "org.hyperledger.composer.system.Participant"
  operation: ALL
  resource: "org.hyperledger.composer.system.**"
  action: ALLOW
}

rule transaction {
    description: "Allow participants full access to transactions"
    participant: "org.acme.shipping.participants.Person"
    operation: ALL
    resource: "org.acme.shipping.transactions.**"
    action: ALLOW
}

rule containers {
    description: "Allow participants access to containers owned by their company"
    participant(p): "org.acme.shipping.participants.Person"
    operation: ALL
    resource(c): "org.acme.shipping.assets.**"
    condition: (c.owner.getIdentifier() == p.company.getIdentifier())
    action: ALLOW
}

rule border {
    description: "Allow Border access to containers"
    participant(p): "org.acme.shipping.participants.Person"
    operation: READ
    resource: "org.acme.shipping.assets.**"
    condition: (p.company.type == "BORDER")
    action: ALLOW
}

Participant model file:

namespace org.acme.shipping.participants

participant Company identified by cid {
  o String cid
  o String name
  o CompanyType type
}

enum CompanyType {
  o BORDER
  o COURIER
  o SHIPPER
}

participant Person identified by id {
  o String id
  o String name
  --> Company company
}

Company type: BORDER (enum)

How can I do this?

Nov 9, 2018 in Blockchain by digger
• 26,740 points
1,264 views

1 answer to this question.

0 votes

To do this, you must first provide READ access to the Person's own company using

rule readCompany {
    description: "Allow Read Access to Person's Own Company"
    participant(p): "org.acme.shipping.participants.Person"
    operation: READ
    resource(comp): "org.acme.shipping.participants.Company"
    condition: (p.company.getIdentifier() == comp.getIdentifier())
    action: ALLOW
}

Then can grant access to all the containers to the persons belonging to company of type Border using your same rule as

rule border {
    description: "Allow Border access to containers"
    participant(p): "org.acme.shipping.participants.Person"
    operation: READ
    resource: "org.acme.shipping.assets.**"
    condition: (p.company.type == "BORDER")
    action: ALLOW
}
answered Nov 9, 2018 by Omkar
• 69,220 points

Related Questions In Blockchain

+15 votes
5 answers
0 votes
1 answer

How do I use hyperledger fabric blockchain to build my own application?

To use fabric I would recommend you ...READ MORE

answered May 17, 2018 in Blockchain by Johnathon
• 9,090 points
1,087 views
0 votes
1 answer

Hyperledger Sawtooth vs Quorum in concurrency and speed Ask

Summary: Both should provide similar reliability of ...READ MORE

answered Sep 26, 2018 in IoT (Internet of Things) by Upasana
• 8,620 points
1,468 views
0 votes
1 answer

Invalid Batch or signature in Savtooth

This will solve your problem import org.apache.commons.codec.binary.Hex; Transaction txn ...READ MORE

answered Aug 1, 2018 in Blockchain by digger
• 26,740 points
1,035 views
+1 vote
1 answer
0 votes
1 answer

Hyperledger Fabric: How to access transaction ID in invoke function?

You can access transaction ID in Invoke ...READ MORE

answered Nov 5, 2018 in Blockchain by Omkar
• 69,220 points
2,436 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP