How does Hyperledger Fabric enforces ACL?

前端 未结 2 1913
忘了有多久
忘了有多久 2021-01-26 16:38

I would like to know how either Fabric or composer can enforce Access Control Logic (ACL). As I read through the documents, ACL is a way to control permission to peers within a

相关标签:
2条回答
  • 2021-01-26 17:19
    1. Nothing can prevent you from reading the data that you have locally, if you have access to that data.

    2. ACL enforcement in Hyperledger Fabric works via policy evaluation - an ACL is just a policy, and for every action that a network node (peer or orderer) performs - it consults the policy to determine if the requester of the data is eligible according to the policy.

    3. Note, that any data segregation mechanism may be not enough by its own, if the data may be obtained via other actions that have permissive policies. A good example for that is if you have a chaincode that checks that the client originates from a certain organization, but that client's certificate satisfies the "channel readers" policy - then the client can just request the block from the ordering service itself - and just compute the data that the client wants on its own after reading the data blocks.

    0 讨论(0)
  • 2021-01-26 17:30

    Every peer can read from his local data but when it comes to data that is stored on ledger peers can't read that data without permission. Actually you as a peer only can access and store some part of ledger that is available not the whole of that.

    0 讨论(0)
提交回复
热议问题