Hyperledger Fabric: How to give full read access to all participants?

0 votes

ACL:

rule NetworkAdminUser {
    description: "Grant business network administrators full access to user resources"
    participant: "org.hyperledger.composer.system.NetworkAdmin"
    operation: ALL
    resource: "**"
    action: ALLOW
}

rule NetworkAdminSystem {
    description: "Grant business network administrators full access to system resources"
    participant: "org.hyperledger.composer.system.NetworkAdmin"
    operation: ALL
    resource: "org.hyperledger.composer.system.**"
    action: ALLOW
}

rule SystemACL {
  description:  "System ACL to permit all access"
  participant: "org.hyperledger.composer.system.Participant"
  operation: ALL
  resource: "org.hyperledger.composer.system.**"
  action: ALLOW
}

rule transaction {
    description: "Allow participants full access to transactions"
    participant: "org.acme.shipping.participants.Person"
    operation: ALL
    resource: "org.acme.shipping.transactions.**"
    action: ALLOW
}

rule containers {
    description: "Allow participants access to containers owned by their company"
    participant(p): "org.acme.shipping.participants.Person"
    operation: ALL
    resource(c): "org.acme.shipping.assets.**"
    condition: (c.owner.getIdentifier() == p.company.getIdentifier())
    action: ALLOW
}

rule border {
    description: "Allow Border access to containers"
    participant(p): "org.acme.shipping.participants.Person"
    operation: READ
    resource: "org.acme.shipping.assets.**"
    condition: (p.company.type == "BORDER")
    action: ALLOW
}

Participant model file:

namespace org.acme.shipping.participants

participant Company identified by cid {
  o String cid
  o String name
  o CompanyType type
}

enum CompanyType {
  o BORDER
  o COURIER
  o SHIPPER
}

participant Person identified by id {
  o String id
  o String name
  --> Company company
}

Company type: BORDER (enum)

How can I do this?

Nov 9, 2018 in Blockchain by digger
• 27,620 points
185 views

1 answer to this question.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.
0 votes

To do this, you must first provide READ access to the Person's own company using

rule readCompany {
    description: "Allow Read Access to Person's Own Company"
    participant(p): "org.acme.shipping.participants.Person"
    operation: READ
    resource(comp): "org.acme.shipping.participants.Company"
    condition: (p.company.getIdentifier() == comp.getIdentifier())
    action: ALLOW
}

Then can grant access to all the containers to the persons belonging to company of type Border using your same rule as

rule border {
    description: "Allow Border access to containers"
    participant(p): "org.acme.shipping.participants.Person"
    operation: READ
    resource: "org.acme.shipping.assets.**"
    condition: (p.company.type == "BORDER")
    action: ALLOW
}
answered Nov 9, 2018 by Omkar
• 65,820 points

Related Questions In Blockchain

0 votes
1 answer

How do I use hyperledger fabric blockchain to build my own application?

To use fabric I would recommend you ...READ MORE

answered May 16, 2018 in Blockchain by Johnathon
• 9,030 points
42 views
0 votes
1 answer
0 votes
1 answer
0 votes
1 answer

Invalid Batch or signature in Savtooth

This will solve your problem import org.apache.commons.codec.binary.Hex; Transaction txn ...READ MORE

answered Aug 1, 2018 in Blockchain by digger
• 27,620 points
37 views
+1 vote
1 answer
0 votes
1 answer

Hyperledger Fabric: How to access transaction ID in invoke function?

You can access transaction ID in Invoke ...READ MORE

answered Nov 5, 2018 in Blockchain by Omkar
• 65,820 points
181 views

© 2018 Brain4ce Education Solutions Pvt. Ltd. All rights Reserved.
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.