6

On the endorsement policy syntax documentation on https://hyperledger-fabric.readthedocs.io/en/release-1.2/endorsement-policies.html it is stated that principals are defined as MSP.ROLE where MSP is the MSP ID and the ROLE is either member, admin, client or peer

In the examples shown mostly member is used. It is states "MSP.member" would mean "any member", but what is a member? Currently, as most endorsement policy we use follow that syntax, we are assuming that it means any peer? But there is also the example of "MSP.peer".

And as this is an endorsement policy where it checks transactions have been endorsed, when are "admin" and "client" used?? (as it does not seem possible for an admin or client to endorse a transaction).

Is there a clear guide on when to use member, admin, client and peer for Endorsement Policies?

Jonathan Declan Tan
  • 141
  • 1
  • 11

3 Answers3

3

A Fabric network member is an user on the Blockchain network. Usually, a member indicates an organization.

The example below from the official docs means that in order for a transaction to be endorsed and sent to the orderer, a user from each organization must sign/endorse. 

AND('Org1.member', 'Org2.member', 'Org3.member') requests 1 signature from each of the three principals

Admins are one level above a member. An admin can add and remove members from the network and modify member settings.

A peer can be an endorsing peer or a regular peer which does not endorse but commits transactions.

A client is usually an organization that invokes the smart contracts on the Blockchain network.

OneMoreQuestion
  • 1,693
  • 3
  • 25
  • 51
2

In your organization you will have roles, and every role will have their privileges. For policy endorsement, there are only 4 types of roles: member, client, peer and admin And the endorsement policy can be:

OR('Org1.admin', AND('Org1.member', 'Org1.member'))

That mean, a chaincode transaction previously instantiated in the Org1, can be endorsed by one admin or two members of the Org1. In a Fabric environment, you can set which peers can validate and endorse a transaction, and with the MSP provided by Fabric CA, you can set which role is allowed for your peer. You can read more about that here.

In Fabric CA you can register and enroll new identities in your Org. Every identity has a role and an attributes, for example, you as an admin of Amazon Programing Department, you can register,give a role and an attributes to enroll new users in the Programming Department. This works the same for peers, you can enroll new peer identity and give it a role (member, admin, client and peer) as found here

credits : Alexander Yammine

Hem M
  • 326
  • 2
  • 13
0

I think you could consider the answer in this thread link, and the document here

admin: a user role that has the ability to add/remove peers, deploy chaincode, create and join channels, etc. on behalf of that organization.

client: an identity should be classified as a client if it submits transactions, queries peers, etc. (e.g your application)

peer: an identity should be classified as a peer if it endorses or commits transactions. (e.g endorser, committing peer)

Hien Pham
  • 106
  • 8
  • The first link describes the Peer Admin card issued by a Hyperledger Composer network, this is not related to my question, the second link you have shared is just the default Hyperleger Fabric MSP and role definition, just as in your description, nothing about how the endorsement poilcies are related as in my question. Please clarify. – Jonathan Declan Tan Jan 19 '19 at 07:07
  • The endorsement policy is executed based on the definition of MSP. Regarding admin role, it is a deficiency from previous HLF version. I think they will be removed in the future release. More detail here: [Link](https://lists.hyperledger.org/g/fabric/topic/admin_in_endorsement_policy/17550108?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,20,17550108) – Hien Pham Jan 22 '19 at 15:56
  • @HienPham Do you know the difference between "peer" and "client" roles? – Honey Shah Jan 31 '19 at 12:29