Uploaded image for project: 'Fabric'
  1. Fabric
  2. FAB-18377

private data collection allows orgs with no r/w access to delete registers

    XMLWordPrintable

Details

    • Bug
    • Status: Unverified
    • High
    • Resolution: Unresolved
    • v2.1.0
    • None
    • fabric-ledger
    • (Please add steps to reproduce)

    Description

      Hello everyone, i dont know if this is the intended behaviour or a bug but, lets say you have 2 organizations each one with a private data collection set up to:

          "memberOnlyRead": true,
          "memberOnlyWrite": true,
      

      They have access to their own collection but not the other orgs collection, they cant query or write on the other org collection either. What i would expect from setting these parameters to true is that there is no access from org1 to org 2 collection and vice versa. What i dont understand that org1 can delete private data from org2, this is shown in fabric samples asset transfer secured agreement https://github.com/hyperledger/fabric-samples/blob/master/asset-transfer-secured-agreement/chaincode-go/asset_transfer.go#L372

      i replicated this using node sdk and chaincode too. i dont understand and it is not explained anywere, is this behaviour intended?

       

       

      Attachments

        Activity

          People

            denyeart David Enyeart
            icarrascol italo carrasco
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: