Hyperledger Composer v0.19在ACL中隐藏历史记录 [英] Hyperledger Composer v0.19 Hiding Historian in ACL

问题描述

我想问一下如何在v0.19中隐藏历史记录//事务日志?

I would like to ask how to hide the Historian // Transaction log in v0.19?

我已通过示例->

    rule hideHistorianAccess{
    description: "Deny access to Historian"
    participant: "org.blockknowhow.com.Users"
    operation: READ
    resource: "org.hyperledger.composer.system.HistorianRecord"
    action: DENY
    }

    rule historianAccess{
    description: "Only allow members to read historian records referencing transactions they submitted."
    participant(p): "org.blockknowhow.com.Users"
    operation: READ
    resource(r): "org.hyperledger.composer.system.HistorianRecord"
    condition: (r.participantInvoking.getIdentifier() == p.getIdentifier())
    action: ALLOW
    }

但是这似乎都不起作用，我想主要是隐藏添加新参与者，但是，如果这不可能的话，我想隐藏完整的事务日志.我在参与者字段中有个人详细信息，但我不想公开.

But none of this seems to work, I would like to hide adding new participants mostly, but if that is not possible I would like to hide the complete transaction log. I have personal details in the participant fields which I would not like to make publicly accessible.

推荐答案

如david_k所述-您的规则上下文(与上方权限中的所有规则有关)将需要了解为什么您看到自己所做的事情

As mentioned by david_k - the context of your rules (above) in relation to ALL rules in permissions.acl would be needed to understand why you saw what you did.

从Rocketchat对话中发现，问题与规则集中规则的ORDER有关，即，在词法规则评估中，比特定"规则先评估更通用"的规则，并找到匹配项(因此未评估随后的特定"规则，因此为什么您最初会看到这些结果.)

It appears from a Rocketchat conversation that the issue was related to the ORDER of the rules in the ruleset, ie a more 'general' rule is evaluated ahead of the 'specific' rule in the lexical rules evaluation, and found a match (so subsequent 'specific' rule wasn't evaluated, hence why you saw those results initially).

下面是一个示例:

正确的订单"

// specifically allow users to see historian records they invoked
rule historianAccess{
  description: "Only allow members to read historian records referencing transactions they submitted."
  participant(p): "org.blockknowhow.com.Users"
  operation: READ
  resource(r): "org.hyperledger.composer.system.HistorianRecord"
  condition: (r.participantInvoking.getIdentifier() == p.getIdentifier())
  action: ALLOW
}

// prevent users from seeing historian records
rule hidehistorianAccess{
  description: "Deny access to Historian"
  participant: "org.blockknowhow.com.Users"
  operation: READ
  resource: "org.hyperledger.composer.system.HistorianRecord"
  action: DENY
}

vs '不正确的订单':

rule hidehistorianAccess{
  description: "Deny access to Historian"
  participant: "org.blockknowhow.com.Users"
  operation: READ
  resource: "org.hyperledger.composer.system.HistorianRecord"
  action: DENY
}

rule historianAccess{
  description: "Only allow members to read historian records referencing transactions they submitted."
  participant(p): "org.blockknowhow.com.Users"
  operation: READ
  resource(r): "org.hyperledger.composer.system.HistorianRecord"
  condition: (r.participantInvoking.getIdentifier() == p.getIdentifier())
  action: ALLOW

}

这篇关于Hyperledger Composer v0.19在ACL中隐藏历史记录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！