participant(参与者)NetworkControl拥有使用网络命令的所有操作的权限
rule NetworkControlPermission {
description: "NetworkControl can access network commands"
participant: "org.example.basic.NetworkControl"
operation: ALL
resource: "org.hyperledger.composer.system.Network"
action: ALLOW
}
所有的participant(参与者)拥有使用网络命令的所有操作的权限
rule AllAccess {
description: "AllAccess - grant everything to everybody"
participant: "org.hyperledger.composer.system.Participant"
operation: ALL
resource: "org.hyperledger.composer.system.**"
action: ALLOW
}
participant(参与者)SampleParticipant拥有对asset(资产)SampleAsset使用网络命令的所有操作的权限
rule SimpleRule {
description: "Description of the ACL rule"
participant: "org.example.SampleParticipant"
operation: ALL
resource: "org.example.SampleAsset"
action: ALLOW
}
如果participant(参与者)是asset(资产)的所有者,participant(参与者)SampleParticipant拥有对asset(资产)SampleAsset使用网络命令的所有操作的权限
rule SampleConditionalRule {
description: "Description of the ACL rule"
participant(m): "org.example.SampleParticipant"
operation: ALL
resource(v): "org.example.SampleAsset"
condition: (v.owner.getIdentifier() == m.getIdentifier())
action: ALLOW
}
如果participant(参与者)是asset(资产)的所有者,以及participant(参与者)提交了transaction (交易)org.example.SampleTransaction,participant(参与者)SampleParticipant拥有对asset(资产)SampleAsset使用网络命令的所有操作的权限
rule SampleConditionalRuleWithTransaction {
description: "Description of the ACL rule"
participant(m): "org.example.SampleParticipant"
operation: READ, CREATE, UPDATE
resource(v): "org.example.SampleAsset"
transaction(tx): "org.example.SampleTransaction"
condition: (v.owner.getIdentifier() == m.getIdentifier())
action: ALLOW
}
//参与者Fred拥有对资产ABC123的删除权限
rule R1 {
description: "Fred can DELETE the car ABC123"
participant: "org.example.Driver#Fred"
operation: DELETE
resource: "org.example.Car#ABC123"
action: ALLOW
}
//如果资产Car的所有者是参与者Bill,则参与者Bill拥有对资产Car的更新权限
rule R2 {
description: "regulator with ID Bill can not update a Car if they own it"
participant(r): "org.example.Regulator#Bill"
operation: UPDATE
resource(c): "org.example.Car"
condition: (c.owner == r)
action: DENY
}
//所有的参与者Regulator拥有对资产Car的所有权限
rule R3 {
description: "regulators can perform all operations on Cars"
participant: "org.example.Regulator"
operation: ALL
resource: "org.example.Car"
action: ALLOW
}
//任何人可读取org.example namespace资产
rule R4 {
description: "Everyone can read all resources in the org.example namespace"
participant: "ANY"
operation: READ
resource: "org.example.*"
action: ALLOW
}
//任何人可读取org.example namespace资产
rule R5 {
description: "Everyone can read all resources under the org.example namespace"
participant: "ANY"
operation: READ
resource: "org.example.**"
action: ALLOW
}