Suppose I create two Participant type A and B respectively, and a transaction X which can only be executed by participant type B or admin.
Moreover, I added some permission rule that Participant A can be created/updated only by the admin or other Participant of type A.
Now, my logic in transaction X requires creation/updating of Participant A. So, If I execute the transaction X using one of the Participant B registry ID, will it be able to create/update the participant A?
If not, then is there any way to do so?
Asked
Active
Viewed 47 times
0
Sourav
- 145
- 1
- 14
1 Answers
2
If I have understood your requirement correctly, then these rules should work for the core of what you want: (This example uses the default Basic Sample Network)
rule BforX {
description: "Allow B access to transaction X"
participant: "org.example.basic.SampleParticipantB"
operation: READ, CREATE, UPDATE
resource: "org.example.basic.SampleTransactionX"
action: ALLOW
}
rule BforAinX {
description: "Allow B access to A whilst in X"
participant: "org.example.basic.SampleParticipantB"
operation: READ, CREATE, UPDATE
resource: "org.example.basic.SampleParticipantA"
transaction: "org.example.basic.SampleTransactionX"
action: ALLOW
}
rule NotAforX {
description: "Deny A access to transaction X"
participant: "org.example.basic.SampleParticipantA"
operation: ALL
resource: "org.example.basic.SampleTransactionX"
action: DENY
}
rule AforA {
description: "Allow A access to Participant_A"
participant: "org.example.basic.SampleParticipantA"
operation: READ, CREATE, UPDATE
resource: "org.example.basic.SampleParticipantA"
action: ALLOW
}
R Thatcher
- 5,550
- 1
- 7
- 15
-
Thanks for the example – Sourav Jan 24 '19 at 12:48