'How does Amazon Managed Blockchain's QLDB handle permissions for the different orgs?

QLDB seems to be this centralized extension built upon the Fabric orderer service that allows you to query a replication of the blockchain network in an SQL-like manner.

With the different orgs on the network, I was wondering how QLDB handles permissions? It wouldn't make sense for every member to have full access to all data in QLDB, so is there some built-in method of access control for specific parts of the data?



Solution 1:[1]

As with all AWS services, permissions are managed by IAM.

With the general availability announcement of QLDB on 9/10/29, we now have the answer to this question from Actions, Resources, and Condition Keys for Amazon QLDB.

At the time of this writing, the following are the QLDB permissions that you can grant with IAM:

CreateLedger
DeleteLedger
DescribeJournalS3Export
DescribeLedger
ExecuteStatement
ExportJournalToS3
GetBlock
GetDiges
GetRevision
InsertSampleData
ListJournalS3Exports        
ListJournalS3ExportsForLedger
ListLedgers         
ListTagsForResource
SendCommand
ShowCatalog
TagResource
UntagResource
UpdateLedger

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1