1. Using Oracle Blockchain Platform
  2. Manage the Organization and Network
  3. Manage Channels

Manage Channels

This topic contains information about managing the channels in your network.

Topics

What Are Channels?

Channels partition and isolate peers and ledger data to provide private and confidential transactions on the blockchain network.

Members define and structure channels to allow specific peers to conduct private and confidential transactions that other members on the same blockchain network can't see or access. Each channel includes:
  • Peers
  • Shared ledger
  • Chaincodes instantiated on the channel
  • One or more ordering service nodes
  • Channel policy definitions and ACLs where the definitions are applied

Each peer that joins a channel has its own identity that authenticates it to the channel peers and services. Although peers can belong to multiple channels, the information on transactions, ledger state, and channel membership is restricted to peers within each channel. 

You can use the Oracle Blockchain Platform console or the Hyperledger Fabric SDK to create channels on your blockchain network. See View Channels.

View Channels

Members in your network use channels to privately communicate blockchain transactions information.

Use the Channel tab to view a list of the channels in your network, create and monitor channels, specify anchor peers, and upgrade the instantiated chaincodes used on your channels.
  1. Go to the console and select the Channels tab.
    The Channels tab is displayed and the channel table contains a list of all of the channels on your network.
  2. In the channel table, click the channel name you want information about. Note that if all peers joined to the channel are stopped, then the channel is listed but its information isn't available to view.
    The Channel Information page is displayed.
  3. Click through the Channel Information page's panes to find information about the channel.
    Section What can I do in this pane?
    Ledger Get information about the channel’s ledger activity such as block number and the number of user transactions in the block. Click a block number to drill into information about its transactions. You can use the filter field to specify the summary information that you want to see (for example, information from the last day or last month), or use the custom option to enter start and end times. See View a Channel’s Ledger Activity.
    Instantiated Chaincodes View the list of chaincodes that have been instantiated on the channel.
    Peers View the list of peers that are joined to the channel. Use this section to set anchor peers for the channel.
    Organizations View the list of network members whose peers are using the channel to communicate.
    Channel Policies View the list of the standard policies and any policies that you created for the channel. Use this section to add, modify, and delete policies.
    ACLs View the access control lists (ACLs) and the policies used to manage which organizations and roles can access the channel's resources.

Create a Channel

You can add channels to the network and specify which members can use the channel, and which peers can join the channel. You can’t delete channels.

You must be an administrator to perform this task.

  1. Go to the console and select the Channels tab.
  2. In the Channels tab, click Create a New Channel.
  3. In the Channel Name field, enter a unique name for the channel. The channel's name can be up to 128 characters long.
  4. In the Application Capabilities field, select 1_3 as the capabilities level for the channel. Don't select 1_1 - it was used in earlier versions of the product and selecting it will remove support for newer product features.
  5. In the Organizations section, select any additional members that you want to communicate on the channel.
    If you’re working in a participant instance, you need to add the founder to your instance before the founder’s MSP ID displays in the Organization section. To add the founder organization, go to the Network tab and click the Add Organization button to upload the founder’s certificates.
  6. In the MSP ID ACL section, specify the organizations that have access to the channel and permissions for each selected organization. Note that you can add more organizations to or delete them from the channel later, as needed.
    Your organization’s permissions are set to write (ReaderWriter) and you can't modify this setting. By default, other member’s permissions are set to write (ReaderWriter), but you can change them to read (ReaderOnly) if you don’t want the members to invoke chaincodes and to only read channel information and blocks on the channel.
  7. (Optional) In the Peers to Join Channel field, select one or more peers. Note the following information:
    • Your instance has two VMs (Partition 1 and Partition 2) and Oracle recommends that you join one peer from each partition to the channel. This is because if one VM is unavailable that the channel can still process endorsements and commits. A peer’s name tells you which partition it's located in. For example, peer0–1 and peer1–1 are located in Partition 1. And peer0–2 and peer1–2 are located in Partition 2.
    • You can join a maximum of seven peers from Partition 1 and seven peers from Partition 2.
    • If your network contains participants, the participants’ peers don’t display in this list. Participants must use their consoles to join peers to the channel. A participant can’t join its peers to the channel unless its organization was added to the channel’s MSP ID ACL section.
    • If you want to create the channel only, then don’t select any peers. You can add peers to the channel later.
  8. Click Submit.
    The channel table displays the new channel.
After you create the channel, you can:

View a Channel’s Ledger Activity

Use the ledger to find summary information and runtime statistics for transactions on a specific channel.

  1. Go to the console and select the Channels tab.
  2. In the channel table, click the channel name that you want transaction information about. In the Channel Information page, confirm that the Ledger pane is selected.
  3. Use the Ledger Summary area to find at a glance information about the channel’s activity, such as the total number of blocks in the ledger’s chain and the total number of user transactions on the channel.
  4. To see blockchain activity that occurred at a specific time such as for the last day or week, go to the filter dropdown menu to select the time range that you want. To locate and drill into a specific set of transactions, select Custom and enter search criteria in the Start Time and End Time fields, or click the calendar icon and pick the dates that you want. Click Apply.
    If you select a specific time period (for example, Last day) and then select it again to re-run the query, the query doesn’t re-run. To get the latest information, click the Refresh button.
    Note the following transaction types that can display for a block:

    • genesis — The transaction that runs the configuration block to initialize the channel.

    • data (sys) — The transaction that starts the chaincode’s container to make the chaincode available for use.

    • data — A chaincode transaction called for execution on the channel.

  5. To find more information about a specific transaction, locate the transaction in the query ledger table and click it. The transactions table displays the transaction’s details.
    Transaction Detail Description
    TxID The unique alphanumeric ID assigned to the transaction. The TxID is constructed as a hash of a nonce concatenated with the signing identity's serialized bytes.
    Time The transaction’s time stamp (date and time that the transaction occurred).
    Chaincode Displays the name of the chaincode that executed the transaction. This field can show the name of a chaincode that you wrote, installed, and instantiated, but can also show a system chaincode.

    System chaincode options are:

    • LSCC — For lifecycle requests, such as instantiate, install, and upgrade.

    • QSCC — For querying. This chaincode includes APIs for ledger query.
    Status Shows if the transaction succeeded or failed.
  6. Click the triangle next to the TxID to view in depth information about the transaction, such as function name, arguments, validation results, response status, the initiator and the endorser.
    Note that if a transaction failed, then you can use the TxID to search error logs in the peer node or orderer nodes for more information.

View or Update a Channel’s Organizations List

You can view the list of the organizations that have access to the channel. If you created the channel, then you can change an organization’s permissions on the channel, and you can add organizations to or remove them from the channel

  1. Go to the console and select the Channels tab.
    The Channels tab is displayed and the channel table contains a list of all of the channels in your network.
  2. In the channels table, locate the channel that you want information about, click the channels More Actions button, and click Edit Channel Organizations.
    The Edit Organizations page is displayed.
  3. In the MSP ID ACL section, you can do the following:

    • Modify an organization’s permissions. The organization that created the channel is set to write (ReaderWriter). You can't change this setting.

    • If you’re the network founder, then clear an organization’s checkbox to delete it from the channel. If you’re a network participant, then use the Delete button to delete an organization from the channel. If you delete an organization from a channel, then the organization and its peers can no longer query, invoke, and instantiate a chaincode on the channel. And the removed organization’s peers can’t join the channel.

    • Click an organization’s checkbox to add the organization to the channel and set its permissions. By default, each member’s permissions is set to write (ReaderWriter), but you can change it to read (ReaderOnly) if you don’t want the member to invoke chaincodes and to only read channel information and blocks on the channel.

  4. Click Submit to save the changes.

Join a Peer to a Channel

You can add a peer node to a channel so that the node can use it to exchange private transaction information with other peer nodes on the channel.

Note the following information:

  • When you create a channel, you specify which local peer nodes can join the channel.

  • If you’re creating a network containing a participant, then you can select the participant as a member on the channel. Or you can add the participant after the channel is created.

  • Your instance has two VMs (Partition 1 and Partition 2) and Oracle recommends that you join one peer from each partition to the channel. This is because if one VM is unavailable that the channel is still available for endorsements and commits. A peer’s name tells you which partition it’s located in. For example, peer0–1 and peer1–1 are located in Partition 1. And peer0–2 and peer1–2 are located in Partition 2.

  • You can join a maximum of seven peers from Partition 1 and seven peers from Partition 2.

See Create a Channel.

You must be an administrator to perform this task.

  1. Go to the console and select the Nodes tab.
  2. In the Nodes tab, click the peer node that you want to add to a channel.
  3. In the Node Information page, click the Channels pane to view the list of channels the peer is already using.
  4. Click Join New Channels.
    The Join New Channels dialog is displayed.
  5. Click the Channel Name field and from the list select the name of the channel to join. Click the field again to select another channel. Click Join.

Add an Anchor Peer

Each member using a channel must designate at least one anchor peer. Anchor peers are primary network contact points, and are used to discover and communicate with other network peers on the channel.

You can designate one or more peers in your organization as an anchor peer on a channel. For a high availability network, you can specify two or more anchor peers. All members using the network channel must use their console to designate one or more of their peer nodes as anchor peers.

You must be an administrator to perform this task.

  1. Go to the console and select the Channels tab.
    The Channels tab is displayed and the channel table contains a list of all of the channels on your network.
  2. In the channels table, click the channel name you want to add anchor peers to.
    The Channel Information page is displayed.
  3. In the Channel Information page, click the Peers pane.
  4. Locate the peer or peers that you want to designate as anchor peers and click their Anchor Peer checkboxes to select them.
  5. Click the Apply button.

Change or Remove an Anchor Peer

(New in 19.2.1) You can change or remove a channel's anchor peers. Anchor peers are primary network contact points, and are used to discover and communicate with other network peers on the channel.

Before you change or remove the channel's anchor peers, note the following information:

  • To communicate on the channel, you must designate one or more peers in your organization as an anchor peer.
  • For a high availability network, you can specify two or more anchor peers.
  • All members using the network channel must use their console to designate one or more of their peer nodes as anchor peers.

You must be an administrator to perform this task.

  1. Go to the console and select the Channels tab.
    The Channels tab is displayed and the channel table contains a list of all of the channels on your network.
  2. In the channels table, click the channel name you want to remove anchor peers from.
    The Channel Information page is displayed.
  3. In the Channel Information page, click the Peers pane.
  4. Locate the peer or peers that you want to remove as anchor peers and clear their Anchor Peer checkboxes. Alternatively, to add another peer as an anchor peer, click its Anchor Peer checkbox to select it.
  5. Click the Apply button.

View Information About Instantiated Chaincodes

You can view information about the chaincodes instantiated on the different channels in your network.

Some examples of when you need information about instantiated chaincodes are to determine if you need to upgrade the chaincode, or to find out which channels the chaincode was instantiated on.
  1. Go to the console and select the Channels tab.
  2. In the channels table, click the channel name with the chaincode that you want to view information for.
  3. In the Channel Information page, confirm that the Instantiated Chaincodes pane is selected
  4. In the chaincode table, you can:
    • Click the chaincode to go to the Chaincodes tab to learn more information about it, for example the peers that the chaincode is installed on and the channels that the chaincode is instantiate on.
    • In a chaincode’s More Actions menu, click View Endorsement Policy to find details about the chaincode’s endorsement policy, for example who must endorse the chaincode and the signed by expression string.
  5. (Optional) If you see a channel listing without a chaincode, then you can go to the Chaincodes tab and instantiate a chaincode to the channel. See Instantiate a Chaincode.

Work With Channel Policies and ACLs

(19.1.3 and later versions only) This topic contains information about a channel's policies and ACLs.

Topics:

What Are Channel Policies?

(19.1.3 and later versions only) A policy defines a set of conditions. The required parties must meet the policy's conditions before their signatures are considered valid and the corresponding request happens on the network.

The blockchain network is managed by these policies. Policies check the identity associated with a request against the policy associated with the resource needed to fulfill the request. Policies are located in the channel's configuration.

After you configure the channel's policies, you assign them to the channel's ACLs resources to determine which members are required to sign before a change or action can happen on the channel. For example, suppose you modified the Writers policy to include members from Organization A or Organization B. Then you assigned the Writers policy to the channel's cscc/GetConfigBlock ACL resource. Now only a member from Organization A or Organization B can call GetConfigBlock on the cscc component.

What Are the Policy Types?

There are two policy types: Signature and ImplicitMeta.

  • Signature — Specifies a combination of evaluation rules. It supports combinations of AND, OR, and NOutOf. For example, you could define something like “An admin of org A and 2 other admins" or "11 of 20 org admins.”

    Note that when you modify the Oracle Blockchain Platform's default Admins policy, which was created as an ImplicitMeta policy, you'll use the Signature policy. Any new policies you create will be Signature policies.

  • ImplicitMeta — This policy type is only valid in the context of configuration. It aggregates the result of evaluating policies deeper in the configuration hierarchy, which are defined by Signature policies. It supports default rules, for example “A majority of the organization admin policies.”

    Oracle Blockchain Platform uses the ImplicitMeta policy type to create the Admins policy. When you modify the Admins policy, you'll use the Signature policy. You can't create or modify any policies using the ImplicitMeta policy. Oracle Blockchain Platform only supports modifying or creating policies using the Signature policy type.

When Are Policies Created?

When you add a channel to the network, Oracle Blockchain Platform created new default policies. The default policies are: Admins (ImplicitMeta policy), Creator, Writers, and Readers (Signature policies). If needed, you can modify these policies or create new policies.

Note the following important issues about channel policies:

  • You can use the console to create a channel and set your organization's ACL to ReaderOnly. After you save the new channel, you can't update this ACL setting from the channel's Edit Organization option.

    However, you can use the console's Manage Channel Policies functionality to add your organization to the Writers policy, which overwrites the channel's ReaderOnly ACL setting.

  • When you use the Hyperledger Fabric SDKs to create a channel, Fabric uses the ImplicitMeta policies as the default channel policies for Readers and Writers. When the channel uses these policies, the Oracle Blockchain Platform console can't guarantee that the administrative operations (for example, edit organization) will be successfully processed.

    To correct this issue, update the readers and writers policies to Signature policies, and define the policy rules as needed. See https://hyperledger-fabric.readthedocs.io/en/release-1.3/access_control.html

  • When you use the Hyperledger Fabric SDKs or CLI to create a channel, the Creator policy isn't included in the configtx.yaml file. The Creator policy is required by Oracle Blockchain Platform to allow the channel creator to edit a channel's configuration. You must manually edit the configtx.yaml file and add the Creator policy.

Add or Modify a Channel's Policies

(19.1.3 and later versions only) You can add or modify a channel's policy to specify which members are required to perform a specific action on the channel. After you define policies, you assign them to the channel's ACLs.

Before you add or update policies, you need to understand how Oracle Blockchain Platform creates default channel policies. See What Are Channel Policies?

You must be an administrator to perform this task.

  1. Go to the console and select the Channels tab.

    The Channels tab is displayed and the channel table contains a list of all of the channels on your network.

  2. In the channels table, click the channel name that you want to add policies to or modify policies for.

    The Channel Information page is displayed.

  3. In the Channel Information page, click the Channel Policies pane.
  4. Do one of the following:
    • To add a new policy, click the Create a New Policy button. The Create Policy dialog is displayed. Enter a name in the Policy Name field and select Signature in the Policy Type field. Expand the Signature Policy section.
    • To modify an existing policy, click a policy's name. The Update Policy dialog is displayed.
  5. Click the Add Identity button to add an organization. Or modify an existing signature policy as needed. Note the following information:
    Field Description
    MSP ID From the dropdown menu, select the organization that must sign the policy.
    Role Select the corresponding peer role required by the policy. Usually this will be member. You can find a peer’s role by viewing its configuration information.
    Policy Expression Mode In most cases, you’ll use Basic. Select Advanced to write an expression string using AND, OR, and NOutOf. See the Hyperledger Fabric documentation for information about how to write a valid policy expression string.
    Signed By Select how many members must sign the policy to fulfill the request.
  6. If you're adding a new policy, then click Create. If you're modifying a policy, then click Update.

Delete a Channel's Policies

(19.1.3 and later versions only) You can delete a policy from a channel.

You can't delete a channel policy if it is assigned to an ACL. Before you try to delete a channel policy, confirm that the policy isn't assigned.

You must be an administrator to perform this task.

  1. Go to the console and select the Channels tab.

    The Channels tab is displayed and the channel table contains a list of all of the channels on your network.

  2. In the channels table, click the channel that you want to delete a policy from.

    The Channel Information page is displayed.

  3. In the Channel Information page, click the Channel Policies pane.
  4. Locate the policy that you want to delete and click its More Options button.
  5. Click Remove and confirm the deletion.

What Are Channel ACLs?

(19.1.3 and later versions only) Access control lists (ACLs) use policies to manage which organizations and roles can access a channel's resources.

Users interact with the blockchain network by targeting components such as the query system chaincode (qscc), lifecycle system chaincode (lscc), configuration system chaincode (cscc), peer, and event. These components are associated with specific resources (for example, GetConfigBlock or GetChaincodeData) that you can assign policies to at the channel level. These policies are a part of the channel's configuration.

A policy defines which organizations and roles can request a resource. When a request is made, the policy tells the system to check the requester's identity and determine if it's authorized to make the request. When you create a channel, Oracle Blockchain Platform includes the default Hyperledger Fabric ACLs with the channel. Oracle Blockchain Platform also creates four default policies (Admin, Creator, Writers, and Readers) for the channel. You can modify these policies or create new policies as needed. See What Are Channel Policies?

Update Channel ACLs

(19.1.3 and later versions only) You can update the channel's ACLs by assigning policies to the channel's resources. A policy defines which organizations and roles can request a resource

Before you update a channel's ACLs, you should understand what policies and ACLs are. See What Are Channel Policies? and What Are Channel ACLs?

  1. Go to the console and select the Channels tab.

    The Channels tab is displayed and the channel table contains a list of all of the channels on your network.

  2. In the channels table, click the name of the channel that you want to update ACLs for.

    The Channel Information page is displayed.

  3. In the Channel Information page, click the ACLs pane.
  4. In the Resources table, locate the resource that you want to update. Click the resource's Expand button and select the policy that you want to assign to the resource.
  5. Modify the other resource's policies as needed.
  6. Click Update ACLs.