CODEWITHSUNDEEP
configurationhyperledger-fabricpolicy
M Yil
M Yil

Reputation: 967

Hyperledger Fabric - implicitMeta vs signature

What is the difference between ImplicitMeta and Signature? I'm trying to understand how hyperledger policy works, but I find it hard to understand.. What excactly is the difference between the next two code blocks?:

        Policies:
        Readers:
            Type: Signature
            Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"
        Writers:
            Type: Signature
            Rule: "OR('Org2MSP.admin', 'Org2MSP.client')"
        Admins:
            Type: Signature
            Rule: "OR('Org2MSP.admin')"


    Policies:
    Readers:
        Type: ImplicitMeta
        Rule: "ANY Readers"
    Writers:
        Type: ImplicitMeta
        Rule: "ANY Writers"
    Admins:
        Type: ImplicitMeta
        Rule: "MAJORITY Admins"

Upvotes: 1

Views: 597

Answers (1)

Polem
Polem

Reputation: 171

A Signature policy is a low-level policy and specifies the particular roles whose signature can satisfy the policy. It can be applied to all levels from organization related to channel related policies.
There are some default Signature policies in Fabric: Readers, Writes, Admin. Readers defines which principal can read the ledger, Writes defines which principal can write in the channel ledger and Admins defines which principal can perform administrator actions (organization/channel update). Also, custom policies can be created according to the needs.

Rules in Signature policies involve expressions which consist of operations and principals. For example the statement: 

Admins:
       Type: Signature
       Rule: "OR('Org2MSP.admin')"

Declare that every admin of Organization 2 can perform administrative tasks.

An ImplicitMeta policy stands higher in configuration level. ImplicitMeta policies avoid duplicate records and the multiple changes when a policy is updated. Rule here is linked with other ImplicitMeta or Signatures policies, but the final decision will be evaluated by a Signature policy. In contrast to Signature, an ImplicitMeta can be applied only in channel configuration level.

For example: 

Admins:
       Type: ImplicitMeta
       Rule:  "MAJORITY Admins"

Admins is the Signature policy named Admins that specified the admins in organization level. Hence, in order to edit application-related parameter such as adding a new organization in the application channel, the majority of the organizations admins that participate in the channel must agree with that change.

For more please study: https://hyperledger-fabric.readthedocs.io/en/release-1.4/access_control.html

Upvotes: 1

Related Questions