Manage Channels
This topic contains information about managing the channels in your network.
What Are Channels?
Channels partition and isolate peers and ledger data to provide private and confidential transactions on the blockchain network.
- Peers
- Shared ledger
- Chaincodes instantiated on the channel
- One or more ordering service nodes
- Channel policy definitions and ACLs where the definitions are applied
Each peer that joins a channel has its own identity that authenticates it to the channel peers and services. Although peers can belong to multiple channels, the information on transactions, ledger state, and channel membership is restricted to peers within each channel.
You can use the Oracle Blockchain Platform console or the Hyperledger Fabric SDK to create channels on your blockchain network. See View Channels.
View Channels
Members in your network use channels to privately communicate blockchain transactions information.
Create a Channel
You can add channels to the network and specify which members can use the channel, and which peers can join the channel. You can’t delete channels.
You must be an administrator to perform this task.
-
Instantiate a chaincode on the channel. See Instantiate a Chaincode.
-
If the network contains participants, then they use their consoles to join member peers to the channel. See Join a Peer to a Channel.
View a Channel’s Ledger Activity
Use the ledger to find summary information and runtime statistics for transactions on a specific channel.
View or Update a Channel’s Organizations List
You can view the list of the organizations that have access to the channel. If you created the channel, then you can change an organization’s permissions on the channel, and you can add organizations to or remove them from the channel
Join a Peer to a Channel
You can add a peer node to a channel so that the node can use it to exchange private transaction information with other peer nodes on the channel.
-
When you create a channel, you specify which local peer nodes can join the channel.
-
If you’re creating a network containing a participant, then you can select the participant as a member on the channel. Or you can add the participant after the channel is created.
-
Your instance has two VMs (Partition 1 and Partition 2) and Oracle recommends that you join one peer from each partition to the channel. This is because if one VM is unavailable that the channel is still available for endorsements and commits. A peer’s name tells you which partition it’s located in. For example, peer0–1 and peer1–1 are located in Partition 1. And peer0–2 and peer1–2 are located in Partition 2.
- You can join a maximum of seven peers from Partition 1 and seven peers from Partition 2.
See Create a Channel.
You must be an administrator to perform this task.
Add an Anchor Peer
Each member using a channel must designate at least one anchor peer. Anchor peers are primary network contact points, and are used to discover and communicate with other network peers on the channel.
You can designate one or more peers in your organization as an anchor peer on a channel. For a high availability network, you can specify two or more anchor peers. All members using the network channel must use their console to designate one or more of their peer nodes as anchor peers.
You must be an administrator to perform this task.
Change or Remove an Anchor Peer
(New in 19.2.1) You can change or remove a channel's anchor peers. Anchor peers are primary network contact points, and are used to discover and communicate with other network peers on the channel.
Before you change or remove the channel's anchor peers, note the following information:
- To communicate on the channel, you must designate one or more peers in your organization as an anchor peer.
- For a high availability network, you can specify two or more anchor peers.
- All members using the network channel must use their console to designate one or more of their peer nodes as anchor peers.
You must be an administrator to perform this task.
View Information About Instantiated Chaincodes
You can view information about the chaincodes instantiated on the different channels in your network.
- Go to the console and select the Channels tab.
- In the channels table, click the channel name with the chaincode that you want to view information for.
- In the Channel Information page, confirm that the Instantiated Chaincodes pane is selected
- In the chaincode table, you can:
- Click the chaincode to go to the Chaincodes tab to learn more information about it, for example the peers that the chaincode is installed on and the channels that the chaincode is instantiate on.
- In a chaincode’s More Actions menu, click View Endorsement Policy to find details about the chaincode’s endorsement policy, for example who must endorse the chaincode and the signed by expression string.
- (Optional) If you see a channel listing without a chaincode, then you can go to the Chaincodes tab and instantiate a chaincode to the channel. See Instantiate a Chaincode.
Work With Channel Policies and ACLs
(19.1.3 and later versions only) This topic contains information about a channel's policies and ACLs.
What Are Channel Policies?
(19.1.3 and later versions only) A policy defines a set of conditions. The required parties must meet the policy's conditions before their signatures are considered valid and the corresponding request happens on the network.
The blockchain network is managed by these policies. Policies check the identity associated with a request against the policy associated with the resource needed to fulfill the request. Policies are located in the channel's configuration.
After you configure the channel's policies, you assign them to the channel's ACLs resources to determine which members are required to sign before a change or action can happen on the channel. For example, suppose you modified the Writers policy to include members from Organization A or Organization B. Then you assigned the Writers policy to the channel's cscc/GetConfigBlock ACL resource. Now only a member from Organization A or Organization B can call GetConfigBlock on the cscc component.
What Are the Policy Types?
There are two policy types: Signature and ImplicitMeta.
- Signature — Specifies a combination of evaluation rules. It supports combinations of AND, OR, and NOutOf. For example, you could define something like “An admin of org A and 2 other admins" or "11 of 20 org admins.”
Note that when you modify the Oracle Blockchain Platform's default Admins policy, which was created as an ImplicitMeta policy, you'll use the Signature policy. Any new policies you create will be Signature policies.
- ImplicitMeta — This policy type is only valid in the context of configuration. It aggregates the result of evaluating policies deeper in the configuration hierarchy, which are defined by Signature policies. It supports default rules, for example “A majority of the organization admin policies.”
Oracle Blockchain Platform uses the ImplicitMeta policy type to create the Admins policy. When you modify the Admins policy, you'll use the Signature policy. You can't create or modify any policies using the ImplicitMeta policy. Oracle Blockchain Platform only supports modifying or creating policies using the Signature policy type.
When Are Policies Created?
When you add a channel to the network, Oracle Blockchain Platform created new default policies. The default policies are: Admins (ImplicitMeta policy), Creator, Writers, and Readers (Signature policies). If needed, you can modify these policies or create new policies.
Note the following important issues about channel policies:
-
You can use the console to create a channel and set your organization's ACL to ReaderOnly. After you save the new channel, you can't update this ACL setting from the channel's Edit Organization option.
However, you can use the console's Manage Channel Policies functionality to add your organization to the Writers policy, which overwrites the channel's ReaderOnly ACL setting.
-
When you use the Hyperledger Fabric SDKs to create a channel, Fabric uses the ImplicitMeta policies as the default channel policies for Readers and Writers. When the channel uses these policies, the Oracle Blockchain Platform console can't guarantee that the administrative operations (for example, edit organization) will be successfully processed.
To correct this issue, update the readers and writers policies to Signature policies, and define the policy rules as needed. See https://hyperledger-fabric.readthedocs.io/en/release-1.3/access_control.html
- When you use the Hyperledger Fabric SDKs or CLI to create a channel, the Creator policy isn't included in the configtx.yaml file. The Creator policy is required by Oracle Blockchain Platform to allow the channel creator to edit a channel's configuration. You must manually edit the configtx.yaml file and add the Creator policy.
Add or Modify a Channel's Policies
(19.1.3 and later versions only) You can add or modify a channel's policy to specify which members are required to perform a specific action on the channel. After you define policies, you assign them to the channel's ACLs.
Before you add or update policies, you need to understand how Oracle Blockchain Platform creates default channel policies. See What Are Channel Policies?
You must be an administrator to perform this task.
- Go to the console and select the Channels tab.
The Channels tab is displayed and the channel table contains a list of all of the channels on your network.
- In the channels table, click the channel name that you want to add policies to or modify policies for.
The Channel Information page is displayed.
- In the Channel Information page, click the Channel Policies pane.
- Do one of the following:
- To add a new policy, click the Create a New Policy button. The Create Policy dialog is displayed. Enter a name in the Policy Name field and select Signature in the Policy Type field. Expand the Signature Policy section.
- To modify an existing policy, click a policy's name. The Update Policy dialog is displayed.
- Click the Add Identity button to add an organization. Or modify an existing signature policy as needed. Note the following information:
Field Description MSP ID From the dropdown menu, select the organization that must sign the policy. Role Select the corresponding peer role required by the policy. Usually this will be member. You can find a peer’s role by viewing its configuration information. Policy Expression Mode In most cases, you’ll use Basic. Select Advanced to write an expression string using AND, OR, and NOutOf. See the Hyperledger Fabric documentation for information about how to write a valid policy expression string. Signed By Select how many members must sign the policy to fulfill the request. - If you're adding a new policy, then click Create. If you're modifying a policy, then click Update.
Delete a Channel's Policies
(19.1.3 and later versions only) You can delete a policy from a channel.
You can't delete a channel policy if it is assigned to an ACL. Before you try to delete a channel policy, confirm that the policy isn't assigned.
You must be an administrator to perform this task.
- Go to the console and select the Channels tab.
The Channels tab is displayed and the channel table contains a list of all of the channels on your network.
- In the channels table, click the channel that you want to delete a policy from.
The Channel Information page is displayed.
- In the Channel Information page, click the Channel Policies pane.
- Locate the policy that you want to delete and click its More Options button.
- Click Remove and confirm the deletion.
What Are Channel ACLs?
(19.1.3 and later versions only) Access control lists (ACLs) use policies to manage which organizations and roles can access a channel's resources.
Users interact with the blockchain network by targeting components such as the query system chaincode (qscc), lifecycle system chaincode (lscc), configuration system chaincode (cscc), peer, and event. These components are associated with specific resources (for example, GetConfigBlock or GetChaincodeData) that you can assign policies to at the channel level. These policies are a part of the channel's configuration.
A policy defines which organizations and roles can request a resource. When a request is made, the policy tells the system to check the requester's identity and determine if it's authorized to make the request. When you create a channel, Oracle Blockchain Platform includes the default Hyperledger Fabric ACLs with the channel. Oracle Blockchain Platform also creates four default policies (Admin, Creator, Writers, and Readers) for the channel. You can modify these policies or create new policies as needed. See What Are Channel Policies?
Update Channel ACLs
(19.1.3 and later versions only) You can update the channel's ACLs by assigning policies to the channel's resources. A policy defines which organizations and roles can request a resource
Before you update a channel's ACLs, you should understand what policies and ACLs are. See What Are Channel Policies? and What Are Channel ACLs?
- Go to the console and select the Channels tab.
The Channels tab is displayed and the channel table contains a list of all of the channels on your network.
- In the channels table, click the name of the channel that you want to update ACLs for.
The Channel Information page is displayed.
- In the Channel Information page, click the ACLs pane.
- In the Resources table, locate the resource that you want to update. Click the resource's Expand button and select the policy that you want to assign to the resource.
- Modify the other resource's policies as needed.
- Click Update ACLs.