I have implemented three org structure on the Fabric network. And a solo orderer. Let's say Org1, Org2, Org3 and the Orderer. Org1, Org2, and Org3 have their own CA and uses CouchDB. All the peer nodes are connected to the same channel.
This is a trade network where each organization represents a trading company. And to operate they create their own participants to transact in the network.
There are two users per organization who'll be carrying out trades for their company.
I'm using Composer REST server to access the network. Thus, each of these organizations has a business network admin through which they can create participants/users on the network.
To start the REST server, say I use business network card of Org1.
- How do I make sure that if Org1 is creating any participant, it gets mapped to Org1's company only? And how can I restrict Org1 from creating participant for Org2, sighting that this REST server is setup using Org1's card? Can I manage this using Composer's permissions.acl file?
- Is there a way to get the invoking network admin's identity at the runtime to manage this?
Am I lacking research somewhere? Any refrences/guidance will be helpful.