What is hf Registrar Roles in fabric-ca-client command

+1 vote

I am working on a tutorial and i have the following command there:

fabric-ca-client register  --id.name admin2 --id.type user --id.affiliation org1.department1 --id.attrs  '"hf.Registrar.Roles=peer,user",hf.Revoker=true'

I have a few questions.. Why is admin2 used and not admin? what are the roles of admin2 compared to admin? What is admin and hf.Registrar.Roles?

Jul 11, 2018 in Blockchain by digger
• 26,740 points
2,808 views

4 answers to this question.

+1 vote
Best answer

The "hf.Registrar.Roles" attribute is used to control the type of identity that can be registered by an identity. The "hf.Revoker" attribute is used to control which identities can revoke certificates. admin2 is not a role, its the name of the user.. you can use other names instead of admin2(but it should be defined). As admin2 is a user, its roles compared to admin depends on the privileges it has.. in this case, it is just a normal user.

An admin has special privileges, ex: it can enroll other users.. adminWithoutRoles is a user with no special privileges.

answered Jul 11, 2018 by slayer
• 29,370 points

selected May 7, 2019 by Omkar
0 votes

admin2 is just a name given to the admin. You can give any name to the admin.

answered May 7, 2019 by Karan
+1 vote

An admin user is allowed to register certain nodes in the network. So while registering the admin, you need to specify which nodes the admin can register. To specify this, the flag hf.Registrar.Roles is used. In the above command, it is specified that admin2 can register peers and users.

answered May 7, 2019 by John
+1 vote

Suppose you want to revoke a certificate or an identity, then any random node cannot do this. There are particular admin nodes in the network that have permission to do this. There are different types of identities: user, peer, orderer, etc. And different admins can be assigned to register/revoke different types of identities. To specify which admin has permission to revoke which type of identity, hf.Registrar.Roles is used. The admin can revoke or register only those types of identities that is allowed to. 

answered May 7, 2019 by Tina
Nice explanation @Tina. I didn't know that this can be used to revoke identities too. I thought it was only for registration.

Related Questions In Blockchain

0 votes
1 answer

What is CA (Authority) in Hyperledger Fabric?

Hyperledger fabric includes a modular Certificate Authority ...READ MORE

answered Jul 12, 2018 in Blockchain by shweta
• 440 points
1,141 views
+1 vote
4 answers
0 votes
1 answer

What is the difference between o and --> in Fabric Composer?

'o' indicates has-a relationship '-->' indicates pass by ...READ MORE

answered Aug 25, 2018 in Blockchain by Perry
• 17,100 points
760 views
0 votes
1 answer

Hyperledger Sawtooth vs Quorum in concurrency and speed Ask

Summary: Both should provide similar reliability of ...READ MORE

answered Sep 26, 2018 in IoT (Internet of Things) by Upasana
• 8,620 points
1,441 views
0 votes
1 answer

Invalid Batch or signature in Savtooth

This will solve your problem import org.apache.commons.codec.binary.Hex; Transaction txn ...READ MORE

answered Aug 1, 2018 in Blockchain by digger
• 26,740 points
983 views
+1 vote
1 answer
0 votes
1 answer
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP