如何将资产更新限制为仅限一个组织,但允许所有人读取资产?

huangapple go评论86阅读模式
英文:

How to restrict asset update to only one organisation but allow asset read by all?

问题

我有3个组织Org1、Org2和Org3,它们使用HLF v2.2。这些组织将一些特定于组织的数据以键值对(资产)的形式存储在区块链上(键是唯一的,因为我们使用组织代码作为前缀)。带有组织代码前缀的键值对可以由该组织进行更新(创建、更新和删除),而其他组织只能进行读取操作。我们如何实现这种行为?我考虑在链码中使用一个缓存,将组织的msp id与组织代码进行映射,在管理组织资产的函数中,我可以检查调用是否来自特定的组织,并相应地允许执行更新操作。非常感谢任何想法。

英文:

I have 3 organizations Org1, Org2, and Org3 which use HLF v2.2. The organizations store some organization-specific data in key-value pairs(assets) on the blockchain (keys are unique across as we prefix with organization code). The key-value pair which goes on the blockchain with an organization code prefix is updatable by that organization (CREATE, UPDATE & DELETE) and the rest of the organizations can only have READ access. How can we achieve this behaviour? I am thinking of having a cache within the chaincode that maps Org mspid with Org code and in the functions that manage organization assets, I can then check if the invocation is coming from a specific organization and accordingly allow to perform the update operation. Any ideas are greatly appreciated.

答案1

得分: 1

也许私有数据适合您的用例。请查看这篇文章中的第二种情况:https://kctheservant.medium.com/private-data-collection-policy-demonstrating-members-only-read-and-write-features-b2e03ff02332。通过这种方式,您可以为每个组织定义一个私有集合,其他组织可以读取该集合(尽管请求的客户端应该查询相应组织的对等节点)。

如果您的隐私问题只涉及客户端(如果您信任其他组织的对等节点和排序节点),也许您不需要私有数据功能。您可以在您的链码中评估请求者的MSP以应用您的限制。

英文:

Maybe Private Data fits your use case. Look at Scenario 2 in this article: https://kctheservant.medium.com/private-data-collection-policy-demonstrating-members-only-read-and-write-features-b2e03ff02332. This way you could define a private collection per organization that could be read by the other organizations (although the requesting client should query the peer of the corresponding organization).

If your privacy concerns are related only to clients (if you trust the peers and orderers from other organizations), maybe you don't need Private Data features. You can simply evaluate the requestor MSP in your chaincode to apply your restrictions.

huangapple
  • 本文由 发表于 2021年9月4日 17:44:21
  • 转载请务必保留本文链接:https://go.coder-hub.com/69054153.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定