How does Amazon Managed Blockchain's QLDB handle permissions for the different orgs?

Question

QLDB seems to be this centralized extension built upon the Fabric orderer service that allows you to query a replication of the blockchain network in an SQL-like manner.

With the different orgs on the network, I was wondering how QLDB handles permissions? It wouldn't make sense for every member to have full access to all data in QLDB, so is there some built-in method of access control for specific parts of the data?

Do you have reference? I don't think it's built on Fabric orderer... — guoger, Mar 25 '19 at 09:27

Joey Kilpatrick · Answer 1 · 2019-09-13T05:25:47.477

1

As with all AWS services, permissions are managed by IAM.

With the general availability announcement of QLDB on 9/10/29, we now have the answer to this question from Actions, Resources, and Condition Keys for Amazon QLDB.

At the time of this writing, the following are the QLDB permissions that you can grant with IAM:

CreateLedger
DeleteLedger
DescribeJournalS3Export
DescribeLedger
ExecuteStatement
ExportJournalToS3
GetBlock
GetDiges
GetRevision
InsertSampleData
ListJournalS3Exports        
ListJournalS3ExportsForLedger
ListLedgers         
ListTagsForResource
SendCommand
ShowCatalog
TagResource
UntagResource
UpdateLedger

edited Sep 13 '19 at 05:25

answered Sep 13 '19 at 05:17

Joey Kilpatrick

1,394
8
20

These are actions that can be performed in qldb on various components of ledger and not permissions, right? – PrashantNagawade Nov 20 '19 at 06:53

How does Amazon Managed Blockchain's QLDB handle permissions for the different orgs?

1 Answers1