What are the different roles in Hyperledger Fabric?

Question

I know that each entity in the hyperledger network does need an Identity. This identity is given by an certificate authority. The local and channel MSP maps this identity with an organization and gives the identity a role.

A couple of questions:

1. What are the roles I can choose from? I know for example there is a role 'Admin', but what else?
2. Does each role have a specific access, or do I need to specify this somewhere?
3. Is this a possible scenario: A user with the role 'Reader' and a peer with the role 'reader'? Or does identities other than users have total different roles?
4. Does each node have all the channel MSP's?
5. Let's say I have a peer with the role 'Admin' and a user with the role 'Admin'. What is the difference?

Answer 1

Q1: Different roles in the fabric

1. Admin
2. Writer
3. Reader

Q2: Yes, each role has specific access. While creating a channel we need to define all roles. Admin can do configuration block changes as per policies defined.

There are two types of policies

• Signature Policy
• ImpliciteMeta Policy

The reader can only read transactions, where the Writer can invoke a transaction. We define all policies in channel configuration block.

Q3: Only Organization(Orderer Organization, Peer Organization) has user, not for peer, so user can be one of (Admin, Reader, Writer)

Q4: There are two types of MSP

• Channel MSP

• Local MSP

  channel configuration (channel MSPs), and locally on an actor’s premise (local MSP). Local MSPs are defined for clients (users) and for nodes (peers and orderers). Node local MSPs define the permissions for that node (who the peer admins are, for example). The local MSPs of the users allow the user side to authenticate itself in its transactions as a member of a channel (e.g. in chaincode transactions), or as the owner of a specific role into the system (an org admin, for example, in configuration transactions).

Q5: Only user of Organization have the role of Admin, I don't think peer have admin role, where as peer comes under some organization who will have some users(Admin user would be one of them)