...by Daniel Szego
"On a long enough timeline we will all become Satoshi Nakamoto.."
Daniel Szego

Thursday, July 26, 2018

Fabric composer tips and tricks - ACL for admin

If you start to modify or define the access control rules for a business blockchain network, pay attention that you coincidentally should not revoke code changing or code reading access for the networkAdmin role. If you do, it might happen, that you do not have access to your source code anymore. As a consequence, it is practical to start with general rules, that gives access to your admin role for everything, like:

rule NetworkAdminUser {
 description: "Grant business network administrators full access to user resources"
 participant: "org.hyperledger.composer.system.NetworkAdmin"
 operation: ALL
 resource: "**"
 action: ALLOW

rule NetworkAdminSystem {
 description: "Grant business network administrators full access to system resources"
  participant: "org.hyperledger.composer.system.NetworkAdmin"
  operation: ALL
  resource: "org.hyperledger.composer.system.**"
  action: ALLOW

It is important to note that your participant is not your networkAdmin, so creating rules for the Participants but deleting for the networkAdmin will have the same effect.