Uploaded image for project: 'Fabric'
  1. Fabric
  2. FAB-16146

Need Application ACL for chaincode access control

    Details

    • Type: Story
    • Status: Backlog (View Workflow)
    • Priority: Low
    • Resolution: Unresolved
    • Affects Version/s: v1.4.2
    • Fix Version/s: Future
    • Component/s: fabric-common
    • Labels:
      None
    • SDK Impact:
      Unset
    • System Test Impact:
      Unset
    • Documentation Impact:
      Unset

      Description

      There is no Application ACL for chaincode access control. It is guided to use client identity to control chaincode access in the chaincode itself (https://hyperledger-fabric.readthedocs.io/en/release-1.4/chaincode4ade.html#chaincode-access-control).

       

      For example, It would be much convenient if there's some ACL to prevent clients to send transaction but allow querying. This could be implemented in two ways. One is by peers checking the ACL and the type of the request from clients. Another is by orderer checking the ACL and decide whether to accept the endorsement.

      Possible ACL policy names could be:

      ACL policy for invoking querying chaincodes on peer
        peer/Query: /Channel/Application/Readers

      ACL policy for send transaction on orderer
        orderer/Transaction: /Channel/Application/Writers

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                conanoc Jong-Kwon Lee
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Git Source Code