1. Using Oracle Blockchain Platform
  2. Manage the Organization and Network
  3. Manage Channels

Manage Channels

This topic contains information about managing the channels in your network, such as how to create and view channels, how to join peers and designate and anchor peer, how to work with policies and access control lists, and how to associate orderers with a channel.

What Are Channels?

Channels partition and isolate peers and ledger data to provide private and confidential transactions on the blockchain network.

Members define and structure channels to allow specific peers to conduct private and confidential transactions that other members on the same blockchain network can't see or access. Each channel includes:
  • Peers
  • Shared ledger
  • Chaincodes instantiated on the channel
  • One or more ordering service nodes
  • Channel policy definitions and ACLs where the definitions are applied

Each peer that joins a channel has its own identity that authenticates it to the channel peers and services. Although peers can belong to multiple channels, the information on transactions, ledger state, and channel membership is restricted to peers within each channel. 

You can use the Oracle Blockchain Platform console or the Hyperledger Fabric SDK to create channels on your blockchain network. See View Channels.

View Channels

Members in your network use channels to privately communicate blockchain transactions information.

Use the Channel tab to view a list of the channels in your network, create and monitor channels, specify anchor peers, and upgrade the instantiated chaincodes used on your channels.
  1. Go to the console and select the Channels tab.
    The Channels tab is displayed and the channel table contains a list of all of the channels on your network.
  2. In the channel table, click the channel name you want information about. Note that if all peers joined to the channel are stopped, then the channel is listed but its information isn't available to view.
    The Channel Information page is displayed.
  3. Click through the Channel Information page's panes to find information about the channel.
    Section What can I do in this pane?
    Ledger Get information about the channel’s ledger activity such as block number and the number of user transactions in the block. Click a block number to drill into information about its transactions. You can use the filter field to specify the summary information that you want to see (for example, information from the last day or last month), or use the custom option to enter start and end times. See View a Channel’s Ledger Activity.
    (Hyperledger Fabric v2.x) Deployed Chaincodes View the list of chaincodes that have been deployed on the channel.
    (Hyperledger Fabric v1.4.7) Instantiated Chaincodes View the list of chaincodes that have been instantiated on the channel.
    Orderers View a list of the orderers currently active, and allows you to add a new OSN to join the channel.
    Peers View the list of peers that are joined to the channel. Use this section to set anchor peers for the channel.
    Organizations View the list of network members whose peers are using the channel to communicate.
    Channel Policies View the list of the standard policies and any policies that you created for the channel. Use this section to add, modify, and delete policies.
    ACLs View the access control lists (ACLs) and the policies used to manage which organizations and roles can access the channel's resources.

Create a Channel

You can add channels to the network and specify which members can use the channel, and which peers can join the channel. You can’t delete channels.

You must be an administrator to perform this task.

  1. Go to the console and select the Channels tab.
  2. In the Channels tab, click Create a New Channel.
  3. In the Channel Name field, enter a unique name for the channel. The channel's name can be up to 128 characters long.
  4. In the Organizations section, select any additional members that you want to communicate on the channel.
    If you’re working in a participant instance, you need to add the founder to your instance before the founder’s MSP ID displays in the Organization section. To add the founder organization, go to the Network tab and click the Add Organization button to upload the founder’s certificates.
  5. In the MSP ID ACL section, specify the organizations that have access to the channel and permissions for each selected organization. Note that you can add more organizations to or delete them from the channel later, as needed.
    Your organization’s permissions are set to write (ReaderWriter) and you can't modify this setting. By default, other member’s permissions are set to write (ReaderWriter), but you can change them to read (ReaderOnly) if you don’t want the members to invoke chaincodes and to only read channel information and blocks on the channel.
  6. (Optional) In the Peers to Join Channel field, select one or more peers. Note the following information:
    • If your network contains participants, the participants’ peers don’t display in this list. Participants must use their consoles to join peers to the channel. A participant can’t join its peers to the channel unless its organization was added to the channel’s MSP ID ACL section.
    • If you want to create the channel only, then don’t select any peers. You can add peers to the channel later.
  7. Click Submit.
    The channel table displays the new channel.
After you create the channel, you can:

View a Channel’s Ledger Activity

Use the ledger to find summary information and runtime statistics for transactions on a specific channel.

  1. Go to the console and select the Channels tab.
  2. In the channel table, click the channel name that you want transaction information about. In the Channel Information page, confirm that the Ledger pane is selected.
  3. Use the Ledger Summary area to find basic information about the channel’s activity, such as the total number of blocks in the ledger’s chain and the total number of user transactions on the channel.
  4. To see blockchain activity that occurred at a specific time such as the last day or week, use the filter drop-down list to select the time range that you want. To locate and drill down into a specific set of transactions, select Custom and enter search criteria in the Start Time and End Time fields, or click the calendar icon and pick the dates that you want. Click Apply.
    If you select a specific time period (for example, Last day) and then select it again to re-run the query, the query doesn’t run again. To get the latest information, click the Refresh button.
    The following transaction types can be displayed for a block:
    • genesis — The transaction that runs the configuration block to initialize the channel.
    • data (sys) — The transaction that starts the chaincode’s container to make the chaincode available for use.
    • data — A chaincode transaction called for execution on the channel.
  5. To find more information about a specific transaction, locate the transaction in the query ledger table and click it. The transactions table displays the transaction’s details.

    For any given block, the transactions in the table are listed in the order of the transaction number, which is assigned by the ordering service when the block is created. Because of this, the transactions listed in the table might have time stamps (which are from the peer's endorsement of the chaincode) that are before or after other transactions in the same block. The time range of transactions in a single block is governed by ordering service settings including the batch timeout parameter (the time that the ordering service waits for additional transactions after an initial transaction before cutting a block).

    Transaction Detail Description
    TxID The unique alphanumeric ID assigned to the transaction. The TxID is constructed as a hash of a nonce concatenated with the signing identity's serialized bytes.
    Time The transaction’s time stamp (date and time that the transaction occurred).
    Chaincode The name of the chaincode that executed the transaction. This field can show the name of a chaincode that you wrote, installed, and deployed, but can also show a system chaincode.

    System chaincode options are:

    • (Hyperledger Fabric v2.x) _lifecycle — For lifecycle requests, such as install, deploy, and upgrade.
    • (Hyperledger Fabric v1.4.7) LSCC — For lifecycle requests, such as instantiate, install, and upgrade.
    • QSCC — For querying. This chaincode includes APIs for ledger query.
    Status Status that indicates whether the transaction succeeded or failed.
  6. Click the triangle icon next to the TxID to view in-depth information about the transaction, such as function name, arguments, validation results, response status, the initiator, and the endorser.
    If a transaction failed, you can use the TxID to search the error logs on the peer node or orderer nodes for more information.

View or Update a Channel’s Organizations List

You can view the list of the organizations that have access to the channel. If you created the channel, then you can change an organization’s permissions on the channel, and you can add organizations to or remove them from the channel

  1. Go to the console and select the Channels tab.
    The Channels tab is displayed and the channel table contains a list of all of the channels in your network.
  2. In the channels table, locate the channel that you want information about, click the channels More Actions button, and click Edit Channel Organizations.
    The Edit Organizations page is displayed.
  3. In the MSP ID ACL section, you can do the following:

    • Modify an organization’s permissions. The organization that created the channel is set to write (ReaderWriter). You can't change this setting.

    • If you’re the network founder, then clear an organization’s checkbox to delete it from the channel. If you’re a network participant, then use the Delete button to delete an organization from the channel. If you delete an organization from a channel, then the organization and its peers can no longer query, invoke, and instantiate a chaincode on the channel. And the removed organization’s peers can’t join the channel.

    • Click an organization’s checkbox to add the organization to the channel and set its permissions. By default, each member’s permissions is set to write (ReaderWriter), but you can change it to read (ReaderOnly) if you don’t want the member to invoke chaincodes and to only read channel information and blocks on the channel.

  4. Click Submit to save the changes.

Join a Peer to a Channel

You can add a peer node to a channel so that the node can use it to exchange private transaction information with other peer nodes on the channel.

Note the following information:

  • When you create a channel, you specify which local peer nodes can join the channel.

  • If you’re creating a network containing a participant, then you can select the participant as a member on the channel. Or you can add the participant after the channel is created.

  • Your instance has multiple availability domains or fault domains, and Oracle recommends that you join one peer from each partition to the channel. This is because if one VM is unavailable that the channel is still available for endorsements and commits. To determine which domain a peer is located in, in the More Actions menu select Show AD Info to see the availability domain information.

  • You can join a maximum of seven peers from each domain.

See Create a Channel.

You must be an administrator to perform this task.

  1. Go to the console and select the Nodes tab.
  2. In the Nodes tab, click the peer node that you want to add to a channel.
  3. In the Node Information page, click the Channels pane to view the list of channels the peer is already using.
  4. Click Join New Channels.
    The Join New Channels dialog is displayed.
  5. Click the Channel Name field and from the list select the name of the channel to join. Click the field again to select another channel. Click Join.

Add an Anchor Peer

Each member using a channel must designate at least one anchor peer. Anchor peers are primary network contact points, and are used to discover and communicate with other network peers on the channel.

You can designate one or more peers in your organization as an anchor peer on a channel. For a high availability network, you can specify two or more anchor peers. All members using the network channel must use their console to designate one or more of their peer nodes as anchor peers.

You must be an administrator to perform this task.

  1. Go to the console and select the Channels tab.
    The Channels tab is displayed and the channel table contains a list of all of the channels on your network.
  2. In the channels table, click the channel name you want to add anchor peers to.
    The Channel Information page is displayed.
  3. In the Channel Information page, click the Peers pane.
  4. Locate the peer or peers that you want to designate as anchor peers and click their Anchor Peer checkboxes to select them.
  5. Click the Apply button.

Change or Remove an Anchor Peer

You can change or remove a channel's anchor peers. Anchor peers are primary network contact points, and are used to discover and communicate with other network peers on the channel.

Before you change or remove the channel's anchor peers, note the following information:

  • To communicate on the channel, you must designate one or more peers in your organization as an anchor peer.
  • For a high availability network, you can specify two or more anchor peers.
  • All members using the network channel must use their console to designate one or more of their peer nodes as anchor peers.

You must be an administrator to perform this task.

  1. Go to the console and select the Channels tab.
    The Channels tab is displayed and the channel table contains a list of all of the channels on your network.
  2. In the channels table, click the channel name you want to remove anchor peers from.
    The Channel Information page is displayed.
  3. In the Channel Information page, click the Peers pane.
  4. Locate the peer or peers that you want to remove as anchor peers and clear their Anchor Peer checkboxes. Alternatively, to add another peer as an anchor peer, click its Anchor Peer checkbox to select it.
  5. Click the Apply button.

View Information About Deployed Chaincodes

You can view information about the chaincodes that are deployed on the different channels in your network.

You might need information about deployed chaincodes to determine if you need to upgrade the chaincode, or to find out which channels the chaincode was deployed on.
  1. Go to the console and select the Channels tab.
  2. In the channels table, click the channel name with the chaincode that you want to view information for.
  3. In the Channel Information page, confirm that the Deployed Chaincodes pane is selected
  4. In the chaincode table, you can:
    • Click the chaincode package ID to go to the Chaincodes tab to learn more information about it. For example, the peers that the chaincode is installed on and the channels that the chaincode is deployed on.
    • In a chaincode’s More Actions menu, click View Chaincode Definition to find details about the chaincode’s definition, including the endorsement policy.
  5. (Optional) If you see a channel listing without a chaincode, then you can go to the Chaincodes tab and deploy a chaincode to the channel. See Deploy a Chaincode.

Work With Channel Policies and ACLs

This topic contains information about a channel's policies and access control lists (ACLs). It provides an overview of what policies are, policy types, and how to modify them, as well as how to use ACLs to manage which organizations and roles can access a channel's resources.

What Are Channel Policies? (Hyperledger Fabric v2.x)

A policy defines a set of conditions. The required parties must meet the policy's conditions before their signatures are considered valid and the corresponding request happens on the network.

The blockchain network is managed by these policies. Policies check the identity associated with a request against the policy associated with the resource needed to fulfill the request. Policies are located in the channel's configuration.

After you configure the channel's policies, you assign them to the channel's ACLs resources to determine which members are required to sign before a change or action can happen on the channel. For example, suppose you modified the Writers policy to include members from Organization A or Organization B. Then you assigned the Writers policy to the channel's cscc/GetConfigBlock ACL resource. Now only a member from Organization A or Organization B can call GetConfigBlock on the cscc component.

What Are the Policy Types?

There are two policy types: Signature and ImplicitMeta.

  • Signature — Specifies a combination of evaluation rules. It supports combinations of AND, OR, and NOutOf. For example, you could define something like “An admin of org A and 2 other admins" or "11 of 20 org admins.”

    Any new policies you create will be Signature policies.

  • ImplicitMeta — This policy type is only valid in the context of configuration. It aggregates the result of evaluating policies deeper in the configuration hierarchy, which are defined by Signature policies. It supports default rules, for example “A majority of the organization admin policies.”

When Are Policies Created?

When you add a channel to the network, Oracle Blockchain Platform creates default policies. The default policies are: Admins, Writers, Readers, Endorsement, LifecycleEndorsement (ImplicitMeta policies), and Creator (Signature policy). If needed, you can modify these policies or create new policies.

Note the following important issue about channel policies:

  • You can use the console to create a channel and set your organization's ACL to ReaderOnly. After you save the new channel, you can't update this ACL setting from the channel's Edit Organization option.

    However, you can use the console's Manage Channel Policies functionality to add your organization to the Writers policy, which overwrites the channel's ReaderOnly ACL setting.

What Are Channel Policies? (Hyperledger Fabric v1.4.7)

A policy defines a set of conditions. The required parties must meet the policy's conditions before their signatures are considered valid and the corresponding request happens on the network.

The blockchain network is managed by these policies. Policies check the identity associated with a request against the policy associated with the resource needed to fulfill the request. Policies are located in the channel's configuration.

After you configure the channel's policies, you assign them to the channel's ACLs resources to determine which members are required to sign before a change or action can happen on the channel. For example, suppose you modified the Writers policy to include members from Organization A or Organization B. Then you assigned the Writers policy to the channel's cscc/GetConfigBlock ACL resource. Now only a member from Organization A or Organization B can call GetConfigBlock on the cscc component.

What Are the Policy Types?

There are two policy types: Signature and ImplicitMeta.

  • Signature — Specifies a combination of evaluation rules. It supports combinations of AND, OR, and NOutOf. For example, you could define something like “An admin of org A and 2 other admins" or "11 of 20 org admins.”

    Note that when you modify the Oracle Blockchain Platform's default Admins policy, which was created as an ImplicitMeta policy, you'll use the Signature policy. Any new policies you create will be Signature policies.

  • ImplicitMeta — This policy type is only valid in the context of configuration. It aggregates the result of evaluating policies deeper in the configuration hierarchy, which are defined by Signature policies. It supports default rules, for example “A majority of the organization admin policies.”

    Oracle Blockchain Platform uses the ImplicitMeta policy type to create the Admins policy. When you modify the Admins policy, you'll use the Signature policy. You can't create or modify any policies using the ImplicitMeta policy. Oracle Blockchain Platform only supports modifying or creating policies using the Signature policy type.

When Are Policies Created?

When you add a channel to the network, Oracle Blockchain Platform creates default policies. The default policies are: Admins (ImplicitMeta policy), Creator, Writers, and Readers (Signature policies). If needed, you can modify these policies or create new policies.

Note the following important issues about channel policies:

  • You can use the console to create a channel and set your organization's ACL to ReaderOnly. After you save the new channel, you can't update this ACL setting from the channel's Edit Organization option.

    However, you can use the console's Manage Channel Policies functionality to add your organization to the Writers policy, which overwrites the channel's ReaderOnly ACL setting.

  • When you use the Hyperledger Fabric SDKs to create a channel, Fabric uses the ImplicitMeta policies as the default channel policies for Readers and Writers. When the channel uses these policies, the Oracle Blockchain Platform console can't guarantee that the administrative operations (for example, edit organization) will be successfully processed.

    To correct this issue, update the readers and writers policies to Signature policies, and define the policy rules as needed. See https://hyperledger-fabric.readthedocs.io/en/release-1.3/access_control.html

  • When you use the Hyperledger Fabric SDKs or CLI to create a channel, the Creator policy isn't included in the configtx.yaml file. The Creator policy is required by Oracle Blockchain Platform to allow the channel creator to edit a channel's configuration. You must manually edit the configtx.yaml file and add the Creator policy.

Add or Modify a Channel's Policies

You can add or modify a channel's policy to specify which members are required to perform a specific action on the channel. After you define policies, you assign them to the channel's ACLs.

Before you add or update policies, you need to understand how Oracle Blockchain Platform creates default channel policies. See What Are Channel Policies? (Hyperledger Fabric v1.4.7) or What Are Channel Policies? (Hyperledger Fabric v2.x).

You must be an administrator to perform this task.

  1. Go to the console and select the Channels tab.

    The Channels tab is displayed and the channel table contains a list of all of the channels on your network.

  2. In the channels table, click the channel name that you want to add policies to or modify policies for.

    The Channel Information page is displayed.

  3. In the Channel Information page, click the Channel Policies pane.
  4. Do one of the following:
    • To add a new policy, click the Create a New Policy button. The Create Policy dialog is displayed. Enter a name in the Policy Name field and select Signature in the Policy Type field. Expand the Signature Policy section.
    • To modify an existing policy, click a policy's name. The Update Policy dialog is displayed.
  5. Click the Add Identity button to add an organization. Or modify an existing signature policy as needed. Note the following information:
    Field Description
    MSP ID From the dropdown menu, select the organization that must sign the policy.
    Role Select the corresponding peer role required by the policy. Usually this will be member. You can find a peer’s role by viewing its configuration information.
    Policy Expression Mode In most cases, you’ll use Basic. Select Advanced to write an expression string using AND, OR, and NOutOf. For information about how to write a valid policy expression string, see Endorsement policies in the Hyperledger Fabric documentation.
    Signed By Select how many members must sign the policy to fulfill the request.
  6. If you're adding a new policy, then click Create. If you're modifying a policy, then click Update.

Delete a Channel's Policies

You can delete channel policies that you have created.

You can't delete the default policies: Admins, Creator, Readers, Writers, Endorsement, and LifecycleEndorsement. Also, you can't delete a channel policy if it is assigned to an ACL. Before you try to delete a channel policy, confirm that the policy isn't assigned.

You must be an administrator to perform this task.

  1. Go to the console and select the Channels tab.

    The Channels tab is displayed and the channel table contains a list of all of the channels on your network.

  2. In the channels table, click the channel that you want to delete a policy from.

    The Channel Information page is displayed.

  3. In the Channel Information page, click the Channel Policies pane.
  4. Locate the policy that you want to delete and click its More Options button.
  5. Click Remove and confirm the deletion.

What Are Channel ACLs?

Access control lists (ACLs) use policies to manage which organizations and roles can access a channel's resources.

Users interact with the blockchain network by targeting components such as the query system chaincode (qscc), lifecycle system chaincode (_lifecycle on Hyperledger Fabric v2.x, lscc on Hyperledger Fabric v1.4.7), configuration system chaincode (cscc), peer, and event. These components are associated with specific resources (for example, GetConfigBlock or GetChaincodeData) that you can assign policies to at the channel level. These policies are a part of the channel's configuration.

A policy defines which organizations and roles can request a resource. When a request is made, the policy tells the system to check the requester's identity and determine if it's authorized to make the request. When you create a channel, Oracle Blockchain Platform includes the default Hyperledger Fabric ACLs with the channel. Oracle Blockchain Platform also creates default policies (Admin, Creator, Writers, and Readers; also Endorsement and LifecycleEndorsement on Hyperledger Fabric v2.x) for the channel. You can modify these policies or create new policies as needed. See What Are Channel Policies? (Hyperledger Fabric v2.x) or What Are Channel Policies? (Hyperledger Fabric v1.4.7).

Update Channel ACLs

You can update the channel's ACLs by assigning policies to the channel's resources. A policy defines which organizations and roles can request a resource

Before you update a channel's ACLs, you should understand what policies and ACLs are. See What Are Channel Policies? (Hyperledger Fabric v1.4.7) and What Are Channel ACLs?

  1. Go to the console and select the Channels tab.

    The Channels tab is displayed and the channel table contains a list of all of the channels on your network.

  2. In the channels table, click the name of the channel that you want to update ACLs for.

    The Channel Information page is displayed.

  3. In the Channel Information page, click the ACLs pane.
  4. In the Resources table, locate the resource that you want to update. Click the resource's Expand button and select the policy that you want to assign to the resource.
  5. Modify the other resource's policies as needed.
  6. Click Update ACLs.

Add or Remove Orderers To or From a Channel

The orderer admin organization can add or remove orderers from a channel.

To add orderers to a channel:
  1. In the founder console, open the Channels tab and select the channel to see its details view.
  2. Open the Orderers subtab. All orderer nodes currently joined to the channel are listed.
  3. Click Join Channel. Select an OSN not yet in this channel and click Join.
To remove orderers from a channel:
  1. In the founder console, open the Channels tab and select the channel to see its details view.
  2. Open the Orderers subtab. All orderer nodes currently joined to the channel are listed.
  3. Select the orderer you want to remove from the channel and from its More Actions menu select Remove.

Set the Orderer Administrator Organization

You can assign the administration of OSNs in a channel to any organization. Normally either the founder or the channel creator would be assigned.

  1. In the founder console, open the Channels tab.
  2. Select the channel for which you want to set the orderer administrator organization, and from the Action menu select Manage OSNs Admin.
  3. Select from the list of available organizations, and click Submit.

Edit Ordering Service Settings for a Channel

You can update the ordering service settings for a particular channel.

Note the following important information about editing the ordering service settings for a channel:
  • Separately you can update the ordering service settings for the entire network as described in Edit Ordering Service Settings for the Network.
  • If you change the ordering service settings and there are applications running against the network, then those applications must be manually updated to use the revised ordering service settings.
  • It isn’t common, but in some situations, you might expose a different ordering service to some of the network participants. In this case, you’ll export the updated network config block and the required participants will import the revised settings. See Join the Participant or Scaled-Out OSNs to the Founder's Ordering Service.
You must be an administrator to perform this task.
  1. Go to the founder’s console and select the Channels tab.
  2. Locate the channel, click the More Actions menu, and select Update Ordering Service Settings.
    The Ordering Service Settings dialog is displayed.
  3. Update the settings as needed.
    Field Description
    Batch Timout (ms) Specify the amount of time in milliseconds that the system should wait before creating a batch. Enter a number between 1 and 3600000.
    Max Message Count Specify the maximum number of message to include in a batch. Enter a number between 1 and 4294967295.
    Absolute Message Bytes Specify the maximum number of bytes allowed for the serialized messages in a batch.

    This number must be larger than the value you enter in the Preferred Message Bytes field.
    Preferred Message Bytes Specify the preferred number of bytes allowed for the serialized messages in a batch. A message larger than this size results in a larger batch, but the batch size will be equal to or less than the number of bytes you specified in the Absolute Message Bytes field.

    Oracle recommends that you set this value to 1 MB or less.

    The value that you enter in this field must be smaller than the value you enter in the Absolute Message Bytes field.
    Snapshot Interval Size Defines number of MB per which a snapshot is taken.
  4. Click Update.
    The updated settings are saved.