Merge "[FAB-5346] - ABAC doc"

hyperledger · Oct 29, 2017 · 0499033 · 0499033
2 parents 9cf33f9 + 92f2cf6
commit 0499033
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/docs/source/users-guide.rst b/docs/source/users-guide.rst
@@ -1036,7 +1036,7 @@ during registration as follows:
         because the registrar's 'hf.Registrar.Attributes' attribute values do not contain 'attr1'.
 
         3. If the Registrar has the attribute 'hf.Registrar.Attributes = a.b.*, x.y.z' and
-        is registering attribute 'a.b', it is invalid because the value 'a.b' is not contained in 
+        is registering attribute 'a.b', it is invalid because the value 'a.b' is not contained in
         'a.b.*'.
 
         4. If the Registrar has the attribute 'hf.Registrar.Attributes = a.b.*, x.y.z' and
@@ -1337,7 +1337,7 @@ value need not be a boolean value.
 So how do you get an enrollment certificate with an attribute?
 There are two methods:
 
-  1. When you register an identity, you can specify that an enrollment certificate
+1.   When you register an identity, you can specify that an enrollment certificate
      issued for the identity should by default contain an attribute.  This behavior
      can be overridden at enrollment time, but this is useful for establishing
      default behavior and, assuming registration occurs outside of your application,
@@ -1348,12 +1348,13 @@ There are two methods:
      The ":ecert" suffix causes the *appAdmin* attribute to be inserted into user1's
      enrollment certificate by default.  The *email* attribute is not added
      to the enrollment certificate by default.
+
 .. code:: bash
 
     fabric-ca-client register --id.name user1 --id.secret user1pw --id.type user --id.affiliation org1 --id.attrs 'app1Admin=true:ecert,email=user1@gmail.com'
 
 
-  2. When you enroll an identity, you may request that one or more attributes
+2.   When you enroll an identity, you may request that one or more attributes
      be added to the certificate.
      For each attribute requested, you may specify whether the attribute is
      optional or not.  If it is not optional but does not exist for the identity,
@@ -1362,6 +1363,7 @@ There are two methods:
      The following shows how to enroll *user1* with the *email* attribute,
      without the *app1Admin* attribute, and optionally with the *phone*
      attribute (if the user possesses the *phone* attribute).
+
 .. code:: bash
 
     fabric-ca-client enroll -u http://user1:user1pw@localhost:7054 --enrollment.attrs "email,phone:opt"
@@ -1465,7 +1467,7 @@ Troubleshooting
 
 2. The error ``[ERROR] No certificates found for provided serial and aki`` will occur
    if the following sequence of events occurs:
- 
+
    a. You issue a `fabric-ca-client enroll` command, creating an enrollment certificate (i.e. an ECert).
       This stores a copy of the ECert in the fabric-ca-server's database.
    b. The fabric-ca-server's database is deleted and recreated, thus losing the ECert from step 'a'.