In hyperledger fabric, suppose there is a channel, 'channel_12' between org1 and org2 and another channel, 'channel_13' between org1 and org3. Suppose there are 2 users, 'Org1User1' & 'Org1User2' in org1. Can we restrict the access of Org1User1 to channel_12 and that of Org1User2 to channel_13?
Asked
Active
Viewed 232 times
4
Martijn Pieters
- 1,048,767
- 296
- 4,058
- 3,343
Abhinay B
- 199
- 10
-
Please share if you know the answer for this now – jkstar Nov 16 '18 at 11:16
-
@jkstar There is privateDB in HLF that restricts access to only a few of the organizations in a channel. But to restrict access to users in the same organization, I still don't know an efficient way. One brute-force method is to check the user's info at the chaincode level and decide to allow or restrict acess. – Abhinay B Nov 19 '18 at 06:05
1 Answers
2
One way with which we can achieve this is:
While enrolling the user we can set the attributes in the X509 certificate for the user about which channel he has access to. For this, we need to generate a CSR with these details and send it to the CA server.
Now, when the user is submitting the transaction, we can check the value of this attribute on either the client side or within the chaincode. Based on this attribute we can control the access to the channel.
P.S: This is on the certificate level. Would love to know if there are any methods/apis that fabric provides for the same.
Mrudav Shukla
- 708
- 1
- 7
- 25