Add Private Data Collections

(Hyperledger Fabric v2.2.4) You can add private data collections to channels. Private data collections specify subsets of organizations that endorse, commit, or query private data on the channel.

Use private data collections in cases where you want a group of organizations on the channel to share data within a transaction and to prevent the other organizations on the channel from seeing the data.

If you're going to use private data collections across the organizations in your network, then you need to configure anchor peers. Anchor peers facilitate private data gossip among the organizations. See Add an Anchor Peer.

You specify the private data collections when you deploy the chaincode.

  1. Go to the console and select the Chaincodes tab.
  2. Locate the chaincode that you want to deploy and begin the deployment process.
  3. Expand the Private Data Collections section and add the collection definition as needed.
    Field Description
    Collection Name Enter the collection's name. You'll reference this name in the chaincode.
    Policy

    Create the policy to specify which organizations are included in the collection and which peers can store the private data.

    Each member listed in the policy must be included in an OR signature policy list.

    To support read/write transactions, the private data distribution policy must contain more organizations than the chaincode endorsement policy because peers must have the private data to endorse transactions. For example, in a channel with ten organizations, five of the organizations are included in a private data collection policy, but the endorsement policy requires three organizations to endorse a transaction.

    Peers Required

    Enter the number of peers that each endorsing peer must distribute private data to before the peer signs the endorsement and returns the proposal response.

    Set this value to 1 or more peers to ensure the following:
    • Redundancy of the private data on multiple peers in the network.
    • Availability of the private data if the endorsing peers become unavailable.

    Note that setting this value to 0 means that distribution isn't required. However, if the Max Peer Count field is set to greater than 0, private data distribution might still occur.

    Max Peer Count

    Enter the maximum number of peers that the current endorsing peer attempts to distribute the data to. This is to ensure redundancy so that peers are available between endorsement time and commit time to pull the private data if an endorsing peer isn't available.

    If you set this value to 0, the private data isn't distributed at the time of endorsement. This causes private data pulls against the endorsing peers on all authorized peers at commit time.

    Block to Live

    Enter the length in number of blocks that you want data to reside on the private database. The data is purged when the number of blocks is reached.

    Set this value to 0 if you never want to purge the data.

    Note that a peer can fail to pull private data from another peer if a private data collection's blocktolive value is less than 10, and its requiredPeerCount and maxPeerCount are less than the total number of peers in the channel. This is a known Hyperledger Fabric issue. See https://jira.hyperledger.org/browse/FAB-11889.

    Endorsement Policy

    Optionally, specify an endorsement policy for the collection that overrides the chaincode's endorsement policy.

    Choose a Policy Type of either Signature Policy or Channel Config policy to use a signature policy or an existing channel configuration policy.

    For Policy, specify an expression that represents the endorsement policy. For more information, see Endorsement policies in the Hyperledger Fabric documentation.

    Member Only Read Select to automatically prevent members of organizations that are not part of the collection from reading private data.
    Member Only Write Select to automatically prevent members of organizations that are not part of the collection from writing private data.
  4. Click Add New Collection and your collection's information is displayed in the private data collection table.
  5. If needed, specify other collections.
  6. Complete the other fields on the Deploy Chaincode page as needed.
  7. Click Deploy.