My question is on access control in hyperledger fabric composer.
Assume you have a business network, in which you have the following participants:
- Sellers
- (Potential) Buyers
A seller is an employee of a company that sells products to a buying company. A buyer is an employee of a buying company.
Example: The buying company is Daimler. Three employees of Daimler are registered as Buyers in the network. The selling company is General Electric. Two employees of General Electric are registered as Sellers in the network.
With hyperledger composer's Access Control Language, one can restrict the access rights of buyers and sellers at will.
But how is the situation regarding Access Control at the Node level?
There are not only buyers and sellers but also two system administrators: one system administrator responsible for the Daimler peer and one system administrator responsible for the General Electric peer.
By default, the system administrators have access to all data. That is, the Daimler system administrator has access to all data of the registered General Electric employees. Vice versa, the General Electric system administrator has access to all data of the registered Daimler employees.
Is it possible to restrict the access of the system administrators to a handful of rights, such as:
- right to install and start the business network
- right to control changes to the system made by the other system administrator (e.g. if the Daimler system administrator changes the code of the application, then the General Electric administrator must approve those changes before they can become effective)
- Read Access to employees of one's own company