What is hf.Registrar.Roles in fabric-ca-client command?

+1 vote

I am working on a tutorial and i have the following command there:

fabric-ca-client register  --id.name admin2 --id.type user --id.affiliation org1.department1 --id.attrs  '"hf.Registrar.Roles=peer,user",hf.Revoker=true'

I have a few questions.. Why is admin2 used and not admin? what are the roles of admin2 compared to admin? What is admin and hf.Registrar.Roles?

Jul 11, 2018 in Blockchain by digger
• 27,620 points
470 views

4 answers to this question.

+1 vote
Best answer

The "hf.Registrar.Roles" attribute is used to control the type of identity that can be registered by an identity. The "hf.Revoker" attribute is used to control which identities can revoke certificates. admin2 is not a role, its the name of the user.. you can use other names instead of admin2(but it should be defined). As admin2 is a user, its roles compared to admin depends on the privileges it has.. in this case, it is just a normal user.

An admin has special privileges, ex: it can enroll other users.. adminWithoutRoles is a user with no special privileges.

answered Jul 11, 2018 by slayer
• 29,050 points

selected May 7 by Omkar
0 votes

admin2 is just a name given to the admin. You can give any name to the admin.

answered May 7 by Karan
+1 vote

An admin user is allowed to register certain nodes in the network. So while registering the admin, you need to specify which nodes the admin can register. To specify this, the flag hf.Registrar.Roles is used. In the above command, it is specified that admin2 can register peers and users.

answered May 7 by John
+1 vote

Suppose you want to revoke a certificate or an identity, then any random node cannot do this. There are particular admin nodes in the network that have permission to do this. There are different types of identities: user, peer, orderer, etc. And different admins can be assigned to register/revoke different types of identities. To specify which admin has permission to revoke which type of identity, hf.Registrar.Roles is used. The admin can revoke or register only those types of identities that is allowed to. 

answered May 7 by Tina
Nice explanation @Tina. I didn't know that this can be used to revoke identities too. I thought it was only for registration.

Related Questions In Blockchain

0 votes
1 answer

What is CA (Authority) in Hyperledger Fabric?

Hyperledger fabric includes a modular Certificate Authority ...READ MORE

answered Jul 12, 2018 in Blockchain by shweta
• 440 points
138 views
+1 vote
4 answers
0 votes
1 answer

What is the difference between o and --> in Fabric Composer?

'o' indicates has-a relationship '-->' indicates pass by ...READ MORE

answered Aug 24, 2018 in Blockchain by Perry
• 17,010 points
32 views
0 votes
1 answer
0 votes
1 answer

Invalid Batch or signature in Savtooth

This will solve your problem import org.apache.commons.codec.binary.Hex; Transaction txn ...READ MORE

answered Aug 1, 2018 in Blockchain by digger
• 27,620 points
54 views
+1 vote
1 answer
0 votes
1 answer