Why do only ADMIN users in Hyperledger Fabric have the permission to install query in chaincode?

+16 votes

I read in Node SDK Tutorial the following lines:

User identities provisioned this way are only of the MEMBER role, which means it won't be able to perform certain operations reserved for the ADMIN role:

create/update channel
install/instantiate chaincode

query installed/instantiated chaincodes

For these privileged operations, the client must use an ADMIN user to submit the request.

Calling an ADMIN user only for query will cause extra latency in the network response instead of other MEMBER users ( reducing the load on one user that is ADMIN user ) in a given channel. Then why only ADMIN has the permission to query installed/instantiated chaincodes? Isn't it better if other members also had this permission?

Apr 3, 2018 in Blockchain by Johnathon
• 9,080 points
1,368 views

4 answers to this question.

+2 votes
Best answer

It was already decided that installing chaincode on individual peers should be an "administrative action". In keeping with that, it made sense that actually querying a peer for the chaincodes which are installed and running on the peer should be administrative actions as well.

The access control model is currently being updated which will allow you to set the access control policies for these APIs.

answered Apr 3, 2018 by Perry
• 17,020 points

selected Jul 27, 2018 by Omkar
+3 votes
The main intention of hyperledger is to provide confidential transactions. Chaincode contains sensitive information such as business logic. The main purpose of hyperledger would not be satisfied if any user could install or instantiate a query in chaincode. Hence, for now, only the Admin has the permission to install and/or instantiate queries.
answered Jun 26, 2018 by Omkar
• 67,660 points
+2 votes
Only the Admin has permission to install query because if every user was given this privilege, there could be misuse and compromise in the security on the Fabric. So looking from the security perspective, giving only the admin these privileges would be the best way to maintain the integrity and security.
answered Jul 27, 2018 by Vicky
0 votes
Installing a query in chaincode is an important task. There are many nodes in the network and most of whose identity is not revealed. Giving such permissions to any nodes in the network would be a problem if the node is malicious. That's why only admins have the permission to do this.
answered Apr 25 by Tina

Related Questions In Blockchain

0 votes
1 answer
0 votes
1 answer

How to set chaincode path in Hyperledger Fabric?

For chaincode to properly run on your ...READ MORE

answered Jul 27, 2018 in Blockchain by digger
• 26,550 points
548 views
0 votes
1 answer

How to define the path to hyperledger-fabric chaincode?

You can find that in docker-compose files ...READ MORE

answered Oct 4, 2018 in Blockchain by Perry
• 17,020 points
248 views
+1 vote
3 answers
0 votes
1 answer
0 votes
1 answer

Invalid Batch or signature in Savtooth

This will solve your problem import org.apache.commons.codec.binary.Hex; Transaction txn ...READ MORE

answered Aug 1, 2018 in Blockchain by digger
• 26,550 points
81 views
+1 vote
1 answer
+1 vote
2 answers
+1 vote
2 answers

How to return value from a chaincode in Hyperledger Fabric?

Hyperledger Fabric supports only 2 types of ...READ MORE

answered Jun 13, 2018 in Blockchain by Perry
• 17,020 points
918 views