Hyperledger Composer v0.19 在 ACL 中隐藏 Historian
Hyperledger Composer v0.19 Hiding Historian in ACL
请问如何在v0.19 中隐藏Historian // 事务日志?
我已经从一个例子中试过了 -->
rule hideHistorianAccess{
description: "Deny access to Historian"
participant: "org.blockknowhow.com.Users"
operation: READ
resource: "org.hyperledger.composer.system.HistorianRecord"
action: DENY
}
rule historianAccess{
description: "Only allow members to read historian records referencing transactions they submitted."
participant(p): "org.blockknowhow.com.Users"
operation: READ
resource(r): "org.hyperledger.composer.system.HistorianRecord"
condition: (r.participantInvoking.getIdentifier() == p.getIdentifier())
action: ALLOW
}
但是 none 这似乎可行,我想主要隐藏添加新参与者,但如果那不可能,我想隐藏完整的事务日志。我不想公开访问参与者字段中的个人详细信息。
我认为不需要第一条规则。根据您的 ALLOW 规则,仅适用于严格条件下的特定参与者,所有其他不符合条件的参与者都将得到其操作 denied.
我看到您找到了 ALLOW 规则 in the docs,这看起来也不错,我不会采用不同的方法。但要得到它 运行,请尝试删除第一条规则。如果这不起作用,我建议在 Github 上的 composer 创建一个问题。
如 david_k 所述 - 您的规则(以上)与 permissions.acl 中所有规则的相关上下文将需要理解您为什么看到您所做的事情。
从 Rocketchat 对话看来,问题与规则集中规则的顺序有关,即在词汇规则中 'specific' 规则之前评估了更多 'general' 规则评估,并找到匹配项(因此未评估后续 'specific' 规则,因此您最初看到这些结果的原因)。
下面显示了一个例子:
'CORRECT ORDER'
// specifically allow users to see historian records they invoked
rule historianAccess{
description: "Only allow members to read historian records referencing transactions they submitted."
participant(p): "org.blockknowhow.com.Users"
operation: READ
resource(r): "org.hyperledger.composer.system.HistorianRecord"
condition: (r.participantInvoking.getIdentifier() == p.getIdentifier())
action: ALLOW
}
// prevent users from seeing historian records
rule hidehistorianAccess{
description: "Deny access to Historian"
participant: "org.blockknowhow.com.Users"
operation: READ
resource: "org.hyperledger.composer.system.HistorianRecord"
action: DENY
}
对比'INCORRECT ORDER':
rule hidehistorianAccess{
description: "Deny access to Historian"
participant: "org.blockknowhow.com.Users"
operation: READ
resource: "org.hyperledger.composer.system.HistorianRecord"
action: DENY
}
rule historianAccess{
description: "Only allow members to read historian records referencing transactions they submitted."
participant(p): "org.blockknowhow.com.Users"
operation: READ
resource(r): "org.hyperledger.composer.system.HistorianRecord"
condition: (r.participantInvoking.getIdentifier() == p.getIdentifier())
action: ALLOW
}
请问如何在v0.19 中隐藏Historian // 事务日志?
我已经从一个例子中试过了 -->
rule hideHistorianAccess{
description: "Deny access to Historian"
participant: "org.blockknowhow.com.Users"
operation: READ
resource: "org.hyperledger.composer.system.HistorianRecord"
action: DENY
}
rule historianAccess{
description: "Only allow members to read historian records referencing transactions they submitted."
participant(p): "org.blockknowhow.com.Users"
operation: READ
resource(r): "org.hyperledger.composer.system.HistorianRecord"
condition: (r.participantInvoking.getIdentifier() == p.getIdentifier())
action: ALLOW
}
但是 none 这似乎可行,我想主要隐藏添加新参与者,但如果那不可能,我想隐藏完整的事务日志。我不想公开访问参与者字段中的个人详细信息。
我认为不需要第一条规则。根据您的 ALLOW 规则,仅适用于严格条件下的特定参与者,所有其他不符合条件的参与者都将得到其操作 denied.
我看到您找到了 ALLOW 规则 in the docs,这看起来也不错,我不会采用不同的方法。但要得到它 运行,请尝试删除第一条规则。如果这不起作用,我建议在 Github 上的 composer 创建一个问题。
如 david_k 所述 - 您的规则(以上)与 permissions.acl 中所有规则的相关上下文将需要理解您为什么看到您所做的事情。
从 Rocketchat 对话看来,问题与规则集中规则的顺序有关,即在词汇规则中 'specific' 规则之前评估了更多 'general' 规则评估,并找到匹配项(因此未评估后续 'specific' 规则,因此您最初看到这些结果的原因)。
下面显示了一个例子:
'CORRECT ORDER'
// specifically allow users to see historian records they invoked
rule historianAccess{
description: "Only allow members to read historian records referencing transactions they submitted."
participant(p): "org.blockknowhow.com.Users"
operation: READ
resource(r): "org.hyperledger.composer.system.HistorianRecord"
condition: (r.participantInvoking.getIdentifier() == p.getIdentifier())
action: ALLOW
}
// prevent users from seeing historian records
rule hidehistorianAccess{
description: "Deny access to Historian"
participant: "org.blockknowhow.com.Users"
operation: READ
resource: "org.hyperledger.composer.system.HistorianRecord"
action: DENY
}
对比'INCORRECT ORDER':
rule hidehistorianAccess{
description: "Deny access to Historian"
participant: "org.blockknowhow.com.Users"
operation: READ
resource: "org.hyperledger.composer.system.HistorianRecord"
action: DENY
}
rule historianAccess{
description: "Only allow members to read historian records referencing transactions they submitted."
participant(p): "org.blockknowhow.com.Users"
operation: READ
resource(r): "org.hyperledger.composer.system.HistorianRecord"
condition: (r.participantInvoking.getIdentifier() == p.getIdentifier())
action: ALLOW
}