API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 17th, 2018
164
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.31 KB | None | 0 0
raw download clone embed print report
  1. /**
  2. * System and Network Admin access rules
  3. */
  4. rule SystemACL {
  5. description: "System ACL to permit all access"
  6. participant: "org.hyperledger.composer.system.Participant"
  7. operation: ALL
  8. resource: "org.hyperledger.composer.system.**"
  9. action: ALLOW
  10. }
  11.  
  12. rule NetworkAdminUser {
  13. description: "Grant business network administrators full access to user resources"
  14. participant: "org.hyperledger.composer.system.NetworkAdmin"
  15. operation: ALL
  16. resource: "**"
  17. action: ALLOW
  18. }
  19.  
  20. /**
  21. * Rules for Participant registry access
  22. */
  23. rule Grower_R_Grower {
  24. description: "Grant Growers access to Grower resources"
  25. participant: "org.acme.shipping.perishable.Grower"
  26. operation: READ
  27. resource: "org.acme.shipping.perishable.Grower"
  28. action: ALLOW
  29. }
  30.  
  31. rule Shipper_R_Shipper {
  32. description: "Grant Shippers access to Shipper resources"
  33. participant: "org.acme.shipping.perishable.Shipper"
  34. operation: READ
  35. resource: "org.acme.shipping.perishable.Shipper"
  36. action: ALLOW
  37. }
  38.  
  39. rule Importer_RU_Importer {
  40. description: "Grant Importers access to Importer resources"
  41. participant: "org.acme.shipping.perishable.Importer"
  42. operation: READ,UPDATE
  43. resource: "org.acme.shipping.perishable.Importer"
  44. action: ALLOW
  45. }
  46.  
  47. rule Importer_RU_Grower {
  48. description: "Grant Importers access to Grower participant"
  49. participant: "org.acme.shipping.perishable.Importer"
  50. operation: READ,UPDATE
  51. resource: "org.acme.shipping.perishable.Grower"
  52. action: ALLOW
  53. }
  54.  
  55. /**
  56. * Rules for Asset registry access
  57. */
  58. rule ALL_RU_Shipment {
  59. description: "Grant All Participants in org.acme.shipping.perishable namespace READ/UPDATE access to Shipment assets"
  60. participant: "org.acme.shipping.perishable.*"
  61. operation: READ,UPDATE
  62. resource: "org.acme.shipping.perishable.Shipment"
  63. action: ALLOW
  64. }
  65.  
  66. rule ALL_RU_Contract {
  67. description: "Grant All Participants in org.acme.shipping.perishable namespace READ/UPDATE access to Contract assets"
  68. participant: "org.acme.shipping.perishable.*"
  69. operation: READ,UPDATE
  70. resource: "org.acme.shipping.perishable.Contract"
  71. action: ALLOW
  72. }
  73.  
  74. /**
  75. * Rules for Transaction invocations
  76. */
  77. rule Grower_C_ShipmentPacked {
  78. description: "Grant Growers access to invoke ShipmentPacked transaction"
  79. participant: "org.acme.shipping.perishable.Grower"
  80. operation: CREATE
  81. resource: "org.acme.shipping.perishable.ShipmentPacked"
  82. action: ALLOW
  83. }
  84.  
  85. rule Shipper_C_ShipmentPickup {
  86. description: "Grant Shippers access to invoke ShipmentPickup transaction"
  87. participant: "org.acme.shipping.perishable.Shipper"
  88. operation: CREATE
  89. resource: "org.acme.shipping.perishable.ShipmentPickup"
  90. action: ALLOW
  91. }
  92.  
  93. rule Shipper_C_ShipmentLoaded {
  94. description: "Grant Shippers access to invoke ShipmentLoaded transaction"
  95. participant: "org.acme.shipping.perishable.Shipper"
  96. operation: CREATE
  97. resource: "org.acme.shipping.perishable.ShipmentLoaded"
  98. action: ALLOW
  99. }
  100.  
  101. rule GpsSensor_C_GpsReading {
  102. description: "Grant IoT GPS Sensor devices full access to the appropriate transactions"
  103. participant: "org.acme.shipping.perishable.GpsSensor"
  104. operation: CREATE
  105. resource: "org.acme.shipping.perishable.GpsReading"
  106. action: ALLOW
  107. }
  108.  
  109. rule TemperatureSensor_C_TemperatureReading {
  110. description: "Grant IoT Temperature Sensor devices full access to the appropriate transactions"
  111. participant: "org.acme.shipping.perishable.TemperatureSensor"
  112. operation: CREATE
  113. resource: "org.acme.shipping.perishable.TemperatureReading"
  114. action: ALLOW
  115. }
  116.  
  117. rule Importer_C_ShipmentReceived {
  118. description: "Grant Importers access to invoke the ShipmentReceived transaction"
  119. participant: "org.acme.shipping.perishable.Importer"
  120. operation: CREATE
  121. resource: "org.acme.shipping.perishable.ShipmentReceived"
  122. action: ALLOW
  123. }
  124.  
  125. /**
  126. * Make sure all resources are locked down by default.
  127. * If permissions need to be granted to certain resources, that should happen
  128. * above this rule. Anything not explicitly specified gets locked down.
  129. */
  130. rule Default {
  131. description: "Deny all participants access to all resources"
  132. participant: "ANY"
  133. operation: ALL
  134. resource: "org.acme.shipping.perishable.*"
  135. action: DENY
  136. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!