You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/source/Fabric-FAQ.rst
+17-18Lines changed: 17 additions & 18 deletions
Original file line number
Diff line number
Diff line change
@@ -32,15 +32,19 @@ Security & Access Control
32
32
that are authorized to see the data for the chaincodes that are deployed to
33
33
that channel.
34
34
35
-
Second, within a channel you can restrict the input data to
36
-
chaincode to the set of endorsers only, by using visibility settings. The
37
-
visibility setting will determine whether input and output chaincode data is
38
-
included in the submitted transaction, versus just output data.
39
-
40
-
Third, you can hash or encrypt the data before calling chaincode. If you hash
41
-
the data then you will need to provide a means to share the source data. If
42
-
you encrypt the data then you will need to provide a means to share the
43
-
decryption keys.
35
+
Second, you can use `private-data <private-data/private-data.html>`_ to keep ledger data private from
36
+
other organizations on the channel. A private data collection allows a
37
+
defined subset of organizations on a channel the ability to endorse, commit,
38
+
or query private data without having to create a separate channel.
39
+
Other participants on the channel receive only a hash of the data.
40
+
For more information refer to the :doc:`private_data_tutorial` tutorial.
41
+
Note that the key concepts topic also explains `when to use private data instead of a channel <private-data/private-data.html#when-to-use-a-collection-within-a-channel-vs-a-separate-channel>`_.
42
+
43
+
Third, as an alternative to Fabric hashing the data using private data,
44
+
the client application can hash or encrypt the data before calling
45
+
chaincode. If you hash the data then you will need to provide a means to
46
+
share the source data. If you encrypt the data then you will need to provide
47
+
a means to share the decryption keys.
44
48
45
49
Fourth, you can restrict data access to certain roles in your organization, by
46
50
building access control into the chaincode logic.
@@ -53,15 +57,10 @@ Security & Access Control
53
57
54
58
:Answer:
55
59
No, the orderers only order transactions, they do not open the transactions.
56
-
If you do not want the data to go through the orderers at all, and you are
57
-
only concerned about the input data, then you can use visibility settings. The
58
-
visibility setting will determine whether input and output chaincode data is
59
-
included in the submitted transaction, versus just output data. Therefore,
60
-
the input data can be private to the endorsers only. If you do not want the
61
-
orderers to see chaincode output, then you can hash or encrypt the data before
62
-
calling chaincode. If you hash the data then you will need to provide a means
63
-
to share the source data. If you encrypt the data then you will need to
64
-
provide a means to share the decryption keys.
60
+
If you do not want the data to go through the orderers at all, then utilize
61
+
the private data feature of Fabric. Alternatively, you can hash or encrypt
62
+
the data in the client application before calling chaincode. If you encrypt
63
+
the data then you will need to provide a means to share the decryption keys.
0 commit comments