From baad320a334e58ddcb5540ef18b0fd3ecfc254fc Mon Sep 17 00:00:00 2001
From: Srinivasan Muralidharan <srinivasan.muralidharan99@gmail.com>
Date: Sat, 17 Feb 2018 11:19:31 -0500
Subject: [PATCH] [FAB-5893] doc: modify endorse. pol. to include new org

Update docs to reflect endorsement policy update needed to
commit transactions with endorsements from a new org added
to a channel.
[ci-skip]

Change-Id: Iacabd8221804af50f50172fe374f6b893a6a6132
Signed-off-by: Srinivasan Muralidharan <srinivasan.muralidharan99@gmail.com>
---
 docs/source/channel_update.rst       |  6 ++++++
 docs/source/endorsement-policies.rst | 15 ++++++++++++---
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/docs/source/channel_update.rst b/docs/source/channel_update.rst
index bb703b76d53..cab86595e1b 100644
--- a/docs/source/channel_update.rst
+++ b/docs/source/channel_update.rst
@@ -436,6 +436,12 @@ and reissue the ``peer channel join command``:
 Upgrade & invoke
 ================
 
+The new organization added to the channel can query a chaincode (provided the query has
+appropriate authorization as defined by channel policies and any application level checks
+enforced by the chaincode) but will not be able to commit a transaction.  The endorsement policy
+needs to be modified to allow transactions to be committed with endorsements from the new
+organization.
+
 The final piece of the puzzle is to increment the chaincode version and update
 the endorsement policy to include Org3.  Stay in the Org3 CLI container and
 install the chaincode.  Since we know that an upgrade is coming, we can forgo
diff --git a/docs/source/endorsement-policies.rst b/docs/source/endorsement-policies.rst
index 5686f0f4bad..bf13517be95 100644
--- a/docs/source/endorsement-policies.rst
+++ b/docs/source/endorsement-policies.rst
@@ -57,9 +57,11 @@ Specifying endorsement policies for a chaincode
 
 Using this language, a chaincode deployer can request that the
 endorsements for a chaincode be validated against the specified policy.
-NOTE - the default policy requires one signature from a member of the
-``DEFAULT`` MSP). This is used if a policy is not specified in the CLI
-when instantiating chaincode.
+
+.. note:: if not specified at instantiation time, the endorsement policy
+          defaults to "any member of the organizations in the channel".
+          For example, a channel with "Org1" and "Org2" would have a default
+          endorsement policy of "OR('Org1.member', 'Org2.member')".
 
 The policy can be specified at instantiate time using the ``-P`` switch,
 followed by the policy.
@@ -83,5 +85,12 @@ For example:
 
     peer chaincode instantiate -C <channelid> -n mycc -P "AND('Org1.peer', 'Org2.peer')"
 
+.. note:: A new organization added to the channel after instantiation can query a chaincode
+          (provided the query has appropriate authorization as defined by channel policies
+          and any application level checks enforced by the chaincode) but will not be able
+          to commit a transaction endorsed by it.  The endorsement policy needs to be modified
+          to allow transactions to be committed with endorsements from the new organization
+          (see `Upgrade & invoke <http://hyperledger-fabric.readthedocs.io/en/latest/channel_update.html>`_).
+
 .. Licensed under Creative Commons Attribution 4.0 International License
    https://creativecommons.org/licenses/by/4.0/