开发者社区> 问答> 正文

区块链服务 BaaS的蚂蚁区块链RAM鉴权有哪些?

区块链服务 BaaS的蚂蚁区块链RAM鉴权有哪些?

展开
收起
保持可爱mmm 2020-03-26 20:12:54 1028 0
1 条回答
写回答
取消 提交回答
  • 在使用RAM账号调用蚂蚁区块链服务API前,需要主账号通过创建授权策略对RAM账号进行授权。在授权策略中,使用资源描述符(Alibaba Cloud Resource Name,ARN)指定授权资源。 本文提供了在蚂蚁区块链服务中通过访问控制实现团队或者部门成员鉴权、跨账号资源授权以及跨云服务授权的RAM鉴权规则。在了解如何使用访问控制RAM授权和访问区块链服务之前,确保您已阅读了RAM产品文档和RAM API文档。 可授权的蚂蚁区块链资源类型 在进行RAM子账号授权时,蚂蚁区块链资源的描述方式如下:

    资源类型 授权策略中的资源描述方法 联盟 acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId 区块链 acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/$blockchainId 合约工程 acs:baas:*:$consortiumOwnerUid:antChainConsortium/$consortiumId/contractProject/$projectId 其中,$consortiumId为联盟Id,$blockchainId为区块链Id,$projectId为联盟内的合约工程Id。 可授权的蚂蚁区块链接口 下表列举了蚂蚁区块链中可授权的API及其描述方式:

    API 资源描述 CreateAntChainConsortium acs:baas::$accountId:antChainConsortium/ DescribeAntChainConsortiums acs:baas::$accountId:antChainConsortium/ UpdateAntChainConsortium acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId DeleteAntChainConsortium acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId InviteAntChainMember acs:baas::$accountId: AgreeAntChainInvitation acs:baas::$accountId: DescribeAntChainMembers acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId UpdateAntChainMember acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId DescribeAntChains acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/ CreateAntChain acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/ UpdateAntChain acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/$blockchainId ApplyAntChainCertificate acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/$blockchainId ApplyAntChainCertificateWithKeyAutoCreation acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/$blockchainId DescribeAntChainDownloadPaths acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/$blockchainId ResetAntChainCertificate acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/$blockchainId DescribeAntChainLatestBlocks acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/$blockchainId DescribeAntChainLatestTransactionDigests acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/$blockchainId DescribeAntChainInformation acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/$blockchainId DescribeAntChainTransactionStatistics acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/$blockchainId DescribeAntChainBlock acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/$blockchainId DescribeAntChainTransaction acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/$blockchainId DescribeAntChainTransactionReceipt acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/$blockchainId ResetAntChainUserCertificate acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/$blockchainId DescribeAntChainAccounts acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/$blockchainId DescribeAntChainNodes acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/$blockchainId CreateAntChainAccount acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/$blockchainId CreateAntChainAccountWithKeyPairAutoCreation acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/$blockchainId FreezeAntChainAccount acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/$blockchainId UnfreezeAntChainAccount acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/$blockchainId DescribeAntChainCertificateApplications acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/$blockchainId CreateAntChainContractProject acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/contractProject/ CopyAntChainContractProject acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/contractProject/ DeleteAntChainContractProject acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/contractProject/$projectId UpdateAntChainContractProject acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/contractProject/$projectId DescribeAntChainContractProjects acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/contractProject/ DescribeAntChainContractProjectContentTree acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/contractProject/$projectId CreateAntChainContractContent acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/contractProject/$projectId DeleteAntChainContractContent acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/contractProject/$projectId UpdateAntChainContractContent acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/contractProject/$projectId DescribeCloudIDEEnvConfigs acs:baas::$accountId: ProcessCloudIDEContractTransaction acs:baas::$accountId: 概览页面体验链相关接口 符合不鉴权条件,不进行RAM鉴权。 DescribeAntChainRegions 该接口不进行RAM鉴权。 DescribeAntChainQRCodeAuthorization acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/$blockchainId UpdateAntChainQRCodeAuthorization acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/$blockchainId DescribeAntChainMiniAppBrowserQRCodeAuthorizedUsers acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/$blockchainId BatchAddAntChainMiniAppQRCodeAuthorizedUsers acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/$blockchainId DeleteAntChainMiniAppQRCodeAuthorizedUser acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/$blockchainId DescribeAntChainMiniAppBrowserQRCodeAccessLog acs:baas::$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/$blockchainId DescribeAntChainMiniAppBrowserTransactionQRCode acs:baas:*:$consortiumOwnerUid:antChainConsortium/$consortiumId/blockchain/$blockchainId 蚂蚁区块链RAM规则示例 例1 :授权BaaS服务只读类操作。这种类型的权限能够允许用户通过控制台或API查看区块链状态,下载SDK。

    {

    "Statement": [{

       "Action": ["baas:DescribeAntChain*"],
    
        "Effect": "Allow",
    
        "Resource": "acs:baas:*:*:*"
    

    }],

    "Version": "1"

    } 例2:授权联盟管理类操作(查询,创建、更新、删除)。这种类型的权限允许用户通过控制台或API管理联盟。

    {

    "Statement": [{

     "Action": "baas:*AntChainConsortium*",
    
     "Effect": "Allow",
     "Resource": ["acs:baas:*:*:antChainConsortium/*"]
    

    }],

    "Version": "1"

    } 例3:更精细化的链码开发者授权。该权限通常需要全部的读类型操作,以及特定联盟的资源管理类操作。按照最小权限原则,以合约管理功能为例,需要限制该用户仅能对用于指定联盟的指定合约工程进行操作。将下面的antChainConsortium/$consortiumId/contractProject/$projectId替换为具体资源在区块链服务中的资源Id。

    {

    "Statement": [{

    "Action": ["baas:DescribeAntChain*"],

    "Effect": "Allow",
    
    "Resource": "acs:baas:*:*:*"
    

    },

    {

    "Action": "baas:*AntChainContract*",
    
    "Effect": "Allow",
    
    "Resource": ["acs:baas:*:*:antChainConsortium/$consortiumId/contractProject/$projectId"]
    

    }],

    "Version": "1"

    }

    2020-03-26 20:14:35
    赞同 展开评论 打赏
问答排行榜
最热
最新

相关电子书

更多
区块链开启可问责服务新时代 立即下载
区块链在当前实际金融业务应用中的关键技术实施和解决方案 立即下载
IBM区块链技之道 立即下载

相关实验场景

更多