Access control
Before we delve into the implementation of Chaincode
functions, we need to first define our access control mechanism.
A key feature of a secure and permissioned blockchain is access control. In Fabric, the Membership Services Provider (MSP) plays a pivotal role in enabling access control. Each organization of a Fabric network can have one or more MSP providers. The MSP is implemented as a Certificate Authority (Fabric CA). More information on Fabric CA, including its documentation, is available at: https://hyperledger-fabric-ca.readthedocs.io/.
Fabric CA issues Enrollment Certificates (ecerts) for network users. The ecert represents the identity of the user and is used as a signed transaction when a user submits to Fabric. Prior to invoking a transaction, the user must therefore first register and obtain an ecert from the Fabric CA.
Fabric supports an Attribute-based Access Control (ABAC) mechanism that can be used by the chaincode to control access to its functions and data...