0

I am writing a data management system with Hyperledger Composer. I know about .acl- and .cto-files, but I have no idea how I would go about adding (and saving) permissions via transactions (=during runtime).

Example use case:

  1. A Patient allows a particular Physician to look at his data. The permission is saved, and the Physician can look at the data of the Patient.
  2. The Patient withdraws his permission. The Physician can no longer look at the data.

One could save a list of all patient permissions for every physician, and make it a Patient-only transaction to add their name to the list, but the Modeling Language does not allow lists, only arrays.

Does someone have an idea? :)

Happy
  • 59
  • 6
  • Thank you for the link! That's just perfect. I know about checks in the ACL and I agree that it makes a lot more sense to have an array of authorized physicians which is not only faster but should also be somewhat limitable in space since one patient should not have a thousand doctors. :) Did I understand the modeling language correctly in that arrays can be declared without pre-determined size? – Happy Jan 09 '19 at 08:53
  • And also - I'm new to Stackoverflow - but don't you want to post that as an answer, so I can check that as the solution? :) – Happy Jan 09 '19 at 08:54
  • fyi posted original comments as an accepted answer below – Paul O'Mahony Jan 09 '19 at 09:26

1 Answers1

0

suggest to check out the Composer sample networks for code samples - this PII (Personally Identifiable Information) network has similarities to what you're trying to achieve (controlling access to a patient record by the identifier of (in this case) the Physician) https://github.com/hyperledger/composer-sample-networks/blob/master/packages/pii-network/lib/logic.js .

Your ACLs can obviously be written to control access to the Patients record (ie he/she has consented) and only allow a matching Physician identifier to access, based on a condition check in the ACL - an example of use of something similar can be found in this Stack Overflow here -> Hyperledger-Composer: ACL-rules with condition of type (r.someArray.indexOf(p.getIdentifier()) > -1) not working

I would say its better to have an array of authorized Physicians per patient (ie a lot less than the converse where a physician might have a lot of patient IDs to check each time). Your array size is a javascript constraint in theory (heap size etc) but see discussion here -> Maximum size of an Array in Javascript

Paul O'Mahony
  • 6,740
  • 1
  • 10
  • 15