Hyperledger Composer v0.19在ACL中隐藏历史记录 [英] Hyperledger Composer v0.19 Hiding Historian in ACL
问题描述
我想问一下如何在v0.19中隐藏历史记录//事务日志?
I would like to ask how to hide the Historian // Transaction log in v0.19?
我已通过示例->
rule hideHistorianAccess{
description: "Deny access to Historian"
participant: "org.blockknowhow.com.Users"
operation: READ
resource: "org.hyperledger.composer.system.HistorianRecord"
action: DENY
}
rule historianAccess{
description: "Only allow members to read historian records referencing transactions they submitted."
participant(p): "org.blockknowhow.com.Users"
operation: READ
resource(r): "org.hyperledger.composer.system.HistorianRecord"
condition: (r.participantInvoking.getIdentifier() == p.getIdentifier())
action: ALLOW
}
但是这似乎都不起作用,我想主要是隐藏添加新参与者,但是,如果这不可能的话,我想隐藏完整的事务日志.我在参与者字段中有个人详细信息,但我不想公开.
But none of this seems to work, I would like to hide adding new participants mostly, but if that is not possible I would like to hide the complete transaction log. I have personal details in the participant fields which I would not like to make publicly accessible.
推荐答案
如david_k所述-您的规则上下文(与上方权限中的所有规则有关)将需要了解为什么您看到自己所做的事情
As mentioned by david_k - the context of your rules (above) in relation to ALL rules in permissions.acl would be needed to understand why you saw what you did.
从Rocketchat对话中发现,问题与规则集中规则的ORDER有关,即,在词法规则评估中,比特定"规则先评估更通用"的规则,并找到匹配项(因此未评估随后的特定"规则,因此为什么您最初会看到这些结果.)
It appears from a Rocketchat conversation that the issue was related to the ORDER of the rules in the ruleset, ie a more 'general' rule is evaluated ahead of the 'specific' rule in the lexical rules evaluation, and found a match (so subsequent 'specific' rule wasn't evaluated, hence why you saw those results initially).
下面是一个示例:
正确的订单"
// specifically allow users to see historian records they invoked
rule historianAccess{
description: "Only allow members to read historian records referencing transactions they submitted."
participant(p): "org.blockknowhow.com.Users"
operation: READ
resource(r): "org.hyperledger.composer.system.HistorianRecord"
condition: (r.participantInvoking.getIdentifier() == p.getIdentifier())
action: ALLOW
}
// prevent users from seeing historian records
rule hidehistorianAccess{
description: "Deny access to Historian"
participant: "org.blockknowhow.com.Users"
operation: READ
resource: "org.hyperledger.composer.system.HistorianRecord"
action: DENY
}
vs '不正确的订单':
rule hidehistorianAccess{
description: "Deny access to Historian"
participant: "org.blockknowhow.com.Users"
operation: READ
resource: "org.hyperledger.composer.system.HistorianRecord"
action: DENY
}
rule historianAccess{
description: "Only allow members to read historian records referencing transactions they submitted."
participant(p): "org.blockknowhow.com.Users"
operation: READ
resource(r): "org.hyperledger.composer.system.HistorianRecord"
condition: (r.participantInvoking.getIdentifier() == p.getIdentifier())
action: ALLOW
}
这篇关于Hyperledger Composer v0.19在ACL中隐藏历史记录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!