administering oracle blockchain platformabout application and network security in oracle blockchain...
TRANSCRIPT
Oracle® CloudAdministering Oracle Blockchain Platform
E88957-12September 2019
Oracle Cloud Administering Oracle Blockchain Platform,
E88957-12
Copyright © 2018, 2019, Oracle and/or its affiliates. All rights reserved.
Primary Author: Kate Price
This software and related documentation are provided under a license agreement containing restrictions onuse and disclosure and are protected by intellectual property laws. Except as expressly permitted in yourlicense agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify,license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means.Reverse engineering, disassembly, or decompilation of this software, unless required by law forinteroperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. Ifyou find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it onbehalf of the U.S. Government, then the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software,any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are"commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of theprograms, including any operating system, integrated software, any programs installed on the hardware,and/or documentation, shall be subject to license terms and license restrictions applicable to the programs.No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management applications.It is not developed or intended for use in any inherently dangerous applications, including applications thatmay create a risk of personal injury. If you use this software or hardware in dangerous applications, then youshall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure itssafe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of thissoftware or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks oftheir respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks areused under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron,the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced MicroDevices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information about content, products,and services from third parties. Oracle Corporation and its affiliates are not responsible for and expresslydisclaim all warranties of any kind with respect to third-party content, products, and services unless otherwiseset forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not beresponsible for any loss, costs, or damages incurred due to your access to or use of third-party content,products, or services, except as set forth in an applicable agreement between you and Oracle.
Contents
Preface
Audience v
Documentation Accessibility v
Related Documents v
Conventions vi
1 Get Started with Oracle Blockchain Platform
About Oracle Blockchain Platform 1-1
About Application and Network Security in Oracle Blockchain Platform 1-1
Before You Begin with Oracle Blockchain Platform 1-2
Workflow for Administering Oracle Blockchain Platform 1-2
How to Begin with Oracle Blockchain Platform 1-3
Accessing the Oracle Cloud Infrastructure Console 1-3
2 Create an Oracle Blockchain Platform Instance
Typical Workflow to Create an Oracle Blockchain Platform Instance 2-1
Before You Create an Oracle Blockchain Platform Instance 2-2
Create a QuickStart Instance with a Single Click 2-3
Create a Custom Oracle Blockchain Platform Instance 2-4
Create an Instance Using the PaaS Service Manager 2-5
After You Create a Service Instance 2-7
Verify Your Instance and Access the Oracle Blockchain Platform Console 2-7
3 Manage the Lifecycle of an Instance
Explore the Oracle Blockchain Platform Console 3-1
Monitor Activity 3-4
Track the Number of Oracle Blockchain Platform Instances in an Account 3-4
Manage Tags 3-5
Create, Assign, and Unassign Tags 3-5
Find Tags and Instances Using Search Expressions 3-6
iii
Delete an Oracle Blockchain Platform Instance 3-8
4 Set Up Users and Access Roles
Use Oracle Identity Cloud Service for Authentication 4-1
Connect to Oracle Identity Cloud Service from the Cloud Infrastructure Console 4-2
Add Oracle Identity Cloud Service Users 4-2
Add Hyperledger Fabric Enrollments to a REST Proxy 4-3
Use a Third Party Identity Provider 4-3
Assigning Roles in Oracle Identity Cloud Service 4-6
5 Top FAQs for Administration and Configuration
iv
Preface
Administering Oracle Blockchain Platform explains how to provision and maintainOracle Blockchain Platform instances.
Topics:
• Audience
• Documentation Accessibility
• Related Documents
• Conventions
AudienceThis guide is intended for service administrators responsible for provisioning andmaintaining Oracle Blockchain Platform .
Documentation AccessibilityFor information about Oracle's commitment to accessibility, visit the OracleAccessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support
Oracle customers that have purchased support have access to electronic supportthrough My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.
Related DocumentsFor more information, see these Oracle resources:
• Oracle Cloud:
http://cloud.oracle.com
• Getting Started with Oracle Cloud
• Managing and Monitoring Oracle Cloud
• Using Oracle Blockchain Platform
v
ConventionsThe following text conventions are used in this document:
Convention Meaning
boldface Boldface type indicates graphical user interface elements associatedwith an action, or terms defined in text or the glossary.
italic Italic type indicates book titles, emphasis, or placeholder variables forwhich you supply particular values.
monospace Monospace type indicates commands within a paragraph, URLs, codein examples, text that appears on the screen, or text that you enter.
Preface
vi
1Get Started with Oracle BlockchainPlatform
This section describes how to get started with Oracle Blockchain Platform for OracleCloud account and service administrators.
Topics:
• About Oracle Blockchain Platform
• Before You Begin with Oracle Blockchain Platform
• Workflow for Administering Oracle Blockchain Platform
• How to Begin with Oracle Blockchain Platform
About Oracle Blockchain PlatformOracle Blockchain Platform gives you a pre-assembled platform for building andrunning smart contracts and maintaining a tamper-proof distributed ledger.
Oracle Blockchain Platform is a network consisting of validating nodes (peers) thatupdate the ledger and respond to queries by executing smart contract code—thebusiness logic that runs on the blockchain. External applications invoke transactions orrun queries through client SDKs or REST API calls, which prompts selected peers torun the smart contracts. Multiple peers endorse (digitally sign) the results, which arethen verified and sent to the ordering service. After consensus is reached on thetransaction order, transaction results are grouped into cryptographically secured,tamper-proof data blocks and sent to peer nodes to be validated and appended to theledger. Service administrators can use the Oracle Blockchain Platform web console toconfigure the blockchain and monitor its operation.
With Oracle Blockchain Platform, you complete some simple instance creation steps,and then Oracle takes care of service management, patching, backup and restore, andother service lifecycle tasks.
For information about available features, see Using Oracle Blockchain Platform.
About Application and Network Security in Oracle Blockchain PlatformYour Oracle Cloud account includes Oracle Identity Cloud Service . You use OracleIdentity Cloud Service to add users and manage access for Oracle BlockchainPlatform. When users access an Oracle Blockchain Platform console or a blockchainapplication developed for Oracle Blockchain Platform, they are authenticated againstOracle Identity Cloud Service.
In addition, Oracle Cloud provides a reliable and flexible network security infrastructureto further control how clients, administrators, and other cloud services access yourservice instance and its applications. By default, your service instances can only beaccessed over secure protocols like HTTPS and SSH.
1-1
Before You Begin with Oracle Blockchain PlatformOracle Blockchain Platform is available on Oracle Cloud Infrastructure (OCI). Whenyou order Oracle Blockchain Platform through Oracle Universal Credits, youautomatically get access to other required services, including Oracle CloudInfrastructure Compute, Oracle Cloud Infrastructure Object Storage, and OracleIdentity Cloud Service.
When you activate your Oracle Blockchain Platform order, you get the Cloud AccountAdministrator role. This role gives you full administration privileges on the cloudaccount, so you can complete all aspects of Oracle Blockchain Platform setup andcreate other users.
Here’s some information about how Oracle Blockchain Platform uses other servicesthat you might find useful:
• Oracle Cloud Infrastructure Compute
Oracle Blockchain Platform uses an Oracle Cloud Infrastructure Compute VM todeploy and run the Oracle Blockchain Platform instance and all other requiredapplications such as Oracle Cloud Infrastructure Object Storage,Oracle IdentityCloud Service and Oracle Cloud Infrastructure Load Balancing.
• Oracle Cloud Infrastructure Object Storage
Oracle Blockchain Platform uses Oracle Cloud Infrastructure Object Storage tostore product-related binary files and logs.
• Oracle Identity Cloud Service
Oracle Identity Cloud Service Foundation is automatically provided when yousubscribe to Oracle Blockchain Platform through Oracle Universal Credits. Someadditional features are available with Basic and Standard Editions.
Workflow for Administering Oracle Blockchain PlatformTo start using Oracle Blockchain Platform, refer to the following tasks as a guide.
Task Description More Information
Place an orderfor OracleBlockchain Platformor sign up for a freeOracle Cloudpromotion
Signing up for the free OracleCloud promotion is as easy ascreating a new Oracle Cloudaccount.
Sign up for free credits
Sign up for your Oracle CloudAccount
Activate your OracleCloud account
You receive a welcome emailwhen your account is ready. Toactivate your account, you mustsign in with the credentialsprovided in the email.
Click the Get Started withOracle Cloud link in yourwelcome email and sign in.You’re prompted to change yourpassword.
Signing In For the First Time
Chapter 1Before You Begin with Oracle Blockchain Platform
1-2
Task Description More Information
Access the OracleCloud InfrastructureConsole
Access the Oracle CloudInfrastructure Console.
Accessing the Oracle CloudInfrastructure Console
Add and manageOracle Cloud usersand roles
Optionally, create additionalaccounts for your cloud users andassign the necessary roles.
Adding Users and Assigning Roles inGetting Started with Oracle Cloud
Create a serviceinstance
Use the Create Instance wizard inthe Blockchain page to create aservice instance.
Creating an Oracle BlockchainPlatform instance
Create users andgive them access tothe service instancein Oracle IdentityCloud Service
Optionally, you can use OracleIdentity Cloud Service to createadditional users.
Using Oracle Identity Cloud Servicefor Authentication
After you’ve created your instance and any required users, you can begin to useOracle Blockchain Platform as described in Using Oracle Blockchain Platform
How to Begin with Oracle Blockchain PlatformPlace an order for Oracle Blockchain Platform or sign up for a free Oracle Cloudpromotion.
1. Sign up for a free credit promotion or purchase a subscription. Refer to thesetopics in Getting Started with Oracle Cloud:
• Requesting and Managing Free Oracle Cloud Promotions
• Buying an Oracle Cloud Subscription
2. Access the Oracle Cloud Infrastructure Console.
See Accessing the Oracle Cloud Infrastructure Console.
3. Optional: Create additional Oracle Cloud users and grant them access to OracleBlockchain Platform.
See Adding Users and Assigning Roles in Getting Started with Oracle Cloud.
Additional information on creating roles for Oracle Blockchain Platform can be found in Use Oracle Identity Cloud Service for Authentication.
Accessing the Oracle Cloud Infrastructure ConsoleOracle Blockchain Platform can be accessed through a web-based console.
To access the console:
1. Sign in to Oracle Cloud. If you received a welcome email, use it to identify theURL, your user name, and your temporary password. After signing in, you will beprompted to change your password.
2. From the Infrastructure Console, click the navigation menu in the top left corner,expand Platform Services, and then click Blockchain Platform.
Chapter 1How to Begin with Oracle Blockchain Platform
1-3
2Create an Oracle Blockchain PlatformInstance
As Cloud Account Administrator, you can create and set up an Oracle BlockchainPlatform instance for your organization.
Topics
• Typical Workflow for Creating an Oracle Blockchain Platform Instance
• Before you Create an Oracle Blockchain Platform Instance
• Create a QuickStart Instance with a Single Click
• Create an Oracle Blockchain Platform Instance
• Create an Instance Using the PaaS Service Manager
• After You Create an Oracle Blockchain Platform Instance
Typical Workflow to Create an Oracle Blockchain PlatformInstance
If you’re about to create an Oracle Blockchain Platform instance for the first time,follow these tasks as a guide.
Task Description More Information
Before you start
Activate your order andsign in to Oracle CloudInfrastructure
As Cloud Account Administrator, youcan complete all setup tasks for OracleBlockchain Platform.
Create the serviceinstanceCreate a service Set up and configure your Oracle
Blockchain Platform components.Create a Custom Oracle BlockchainPlatform Instance
Complete the setup Verify that your service instance is upand running and that you can sign in.
Verify Your Instance and Access the OracleBlockchain Platform Console
After creating yourservice instance
Manage users Set up users for Oracle BlockchainPlatform in Oracle Identity CloudService and assign roles to them.
Use Oracle Identity Cloud Service forAuthentication
Manage your blockchainnetwork
Add organizations to your blockchainnetwork and manage a complexnetwork.
See Using Oracle Blockchain Platform
2-1
Before You Create an Oracle Blockchain Platform InstanceBefore you set up Oracle Blockchain Platform, take some time to set up your OracleInfrastructure dashboard and plan your service. However no formal prerequisites existfor creating your instance.
Deciding Which Provisioning Shape to Use
When provisioning an instance, you choose between three configurations. Migrationbetween these options isn't supported currently.
Configuration MinimumCharges
Features
DeveloperRecommendeduse for thisstarter shape isdevelopment andevaluation.
1 unit minimumcharge(500transactions/hr)
• 1 Fabric-CA node• 1 Kafka Orderer node with 1 Kafka broker (Founder
only)• Up to 7 Peer nodes• 2TB of storage• Dynamically managed chaincode execution
containers• Console node for operations web user interface• REST proxy node for RESTful API• Oracle Identity Cloud Service integration for
authentication and role management• Object store backup of configuration and blocks
replicated across regions• Load balancer and web firewall for Oracle Cloud
Interface• Oracle operations management and monitoring
Enterprise-X1Highly availableinstanceconfiguration,suitable for small-to-mediumproductiondeployments ofFounder andParticipantinstances withperformancerequirements intens oftransactions persecond (TPS)single digit TPSrate.
2 unit minimumcharge(1000transactions/hr)
• 2 Fabric-CA nodes replicated across separatevirtual machines for high availability
• 3 x Standard 2.1 VM with 2 Kafka Orderer nodesreplicated across separate virtual machines with 3-VM Kafka/Zookeeper cluster (Founder only) for highavailability
• Up to 14 Peer nodes spread across separate virtualmachines
• 4TB of storage• Dynamically managed chaincode execution
containers in an isolated virtual machine• Console node for operations web user interface
replicated across separate virtual machines for highavailability
• 4 REST proxy nodes for RESTful API replicatedacross separate virtual machines for highavailability
• Oracle Identity Cloud Service integration forauthentication and role management
• Object store backup of configuration and blocksreplicated across regions
• Load balancer and web firewall for Oracle CloudInterface
• Oracle operations management and monitoring
Chapter 2Before You Create an Oracle Blockchain Platform Instance
2-2
Configuration MinimumCharges
Features
Enterprise-X4Highly availableinstanceconfiguration,suitable formedium-to-largeproductiondeployments ofFounder andParticipantinstances withperformancerequirements ofhundreds oftransactions persecond. Itincludes all thecomponents andfeatures listed forEnterprise-X1,but provides 4times thecomputecapacity.
8 unit minimumcharge(4000transactions/hr)
• 2 Fabric-CA nodes replicated across separatevirtual machines for high availability
• 3 x Standard 2.4 VM with 2 Kafka Orderer nodesreplicated across separate virtual machines with 3-VM Kafka/Zookeeper cluster (Founder only) for highavailability
• Up to 14 Peer nodes spread across separate virtualmachines
• 4TB of storage• Dynamically managed chaincode execution
containers in an isolated virtual machine• Console node for operations web user interface
replicated across separate virtual machines for highavailability
• 4 REST proxy nodes for RESTful API replicatedacross separate virtual machines for highavailability
• Oracle Identity Cloud Service integration forauthentication and role management
• Object store backup of configuration and blocksreplicated across regions
• Load balancer and web firewall for Oracle CloudInterface
• Oracle operations management and monitoring
Create a QuickStart Instance with a Single ClickYou can create a QuickStart instance of Oracle Blockchain Platform with a single click.This installs Oracle Blockchain Platform and the services associated with it. Together,these instances are known as the stack. Oracle manages the stack for you.
The QuickStart templates provision a complete blockchain founder network with twopeer nodes. The following templates are available:
• Developer
• Enterprise-X1
• Enterprise-X4
To create a participant network, use the Custom provisioning option.
1. Sign in to your Oracle Cloud account.
2. From the Cloud Infrastructure Console Dashboard, open the Oracle BlockchainPlatform
3. Click QuickStarts.
4. Enter your instance name or accept the default, and click Create.
It will take approximately 15 minutes for your service to be provisioned. Once it’scomplete, you’ll receive an email with the details of the instance.
Chapter 2Create a QuickStart Instance with a Single Click
2-3
Create a Custom Oracle Blockchain Platform InstanceTo create a blockchain founder or participant instance from Oracle Cloud InfrastructureConsole, use the Create New Instance wizard.
There are two types of Oracle Blockchain Platform instances you can provision:
• Founder organization: a complete blockchain environment, including a newnetwork to which participants can join later on.
• Participant instance: if there is already a founder organization you want to join,you can create a participant instance if your credentials provide you with access tothe network.
1. In the Cloud Infrastructure Console, open the Dashboard.
2. Select Create Instance, navigate to Blockchain, and click Create. If theQuickStart creation wizard opens, click Custom to access additionalcustomization options.
3. Complete the following fields:
Field Description
Instance Name Enter a name for your Oracle Blockchain Platform instance.
The service instance name:
• Must contain one or more characters.• Must not exceed 15 characters.• Must start with an ASCII letter: a to z.• Must contain only ASCII lower-case letters or numbers.• Must not contain a hyphen.• Must not contain any other special characters.• Must be unique within the identity domain.
Description Optional.
Enter a short description of the Oracle Blockchain Platform instance.
Notification Email Specify an email address where you would like to receive a notification whenthe service instance provisioning has succeeded or failed.
Region Select the region where you want to host your service instance.
Tags Optional.
Select existing tags or add tags to associate with the service instance.
To select existing tags, select one or more check boxes from the list of tags thatare displayed on the pull-down menu.
To create tags, click Click to create a tag to display the Create Tags dialogbox. In the New Tags field, enter one or more comma-separated tags that canbe a key or a key:value pair.
If you don't assign tags during provisioning, you can create and manage tagsafter the service instance is created.
Create a New Network Selecting this creates a complete blockchain environment. This instancebecomes the founder organization and you can onboard new participants in thenetwork later.
If this option isn't selected, the instance will be a participant organization andmust join an existing blockchain network created elsewhere before this instancecan be used.
Chapter 2Create a Custom Oracle Blockchain Platform Instance
2-4
Field Description
Configuration Select a provisioning shape which meets the needs of your deployment:• Developer• Enterprise X1• Enterprise X4Note that the minimums are charged every hour even if no transactions areused.
Peers Specify the number of peer nodes to be initially created in this service instance.You can create between 1 and 14 peer nodes for an Enterprise configuration,and between 1 and 7 nodes for a Developer configuration. You can createadditional peer nodes in the Oracle Blockchain Platform console at a later time.
Upload Root CA Archive Optional.
Oracle Blockchain Platform includes a certificate authority (CA), which is usedto create self-signed certificates for all blockchain nodes in your instance
If you want to use certificates from your own certificate authority and use theOracle Blockchain Platform certificate authority as an intermediary CA, you canupload your CA archive. The certificate you upload will be used to sign theintermediary certificates for Oracle Blockchain Platform nodes, thus includingthem under your root CA chain.
The archive is a zip file which contains the following files:• CA chain - named xxxca-chain.pem. The entire CA file sequence from
the signing CA to the top-level CA should be present.• key - named xxxca-key.pem. The key should be a 256-bit elliptic curve
key. The prime256v1 curve is recommended.• certificate - named xxxca-cert.pemwhere xxx is an identifier of your choice. The archive must be less than 2MB.
4. Click Next.
5. Verify that the details are correct, and click Confirm.
It takes about 15 minutes to create the service instance. Oracle sends an email to thedesignated email address when your service is ready. Display the Oracle CloudActivity tab to check the current status. Once the instance has been created it isstarted, and can’t be stopped until it is deleted.
Create an Instance Using the PaaS Service ManagerThe Oracle PaaS Service Manager provides a command line interface which containstools you can use to manage the lifecycle of your Oracle services. You can provisionan Oracle Blockchain Platform instance using a REST API.
The following example shows how to create an Oracle Blockchain Platform instanceusing REST API:
curl -X POST \ -u <username>:<password> \ https://<PSM_endpoint>/paas/api/v1.1/instancemgmt/<IdentityDomain>/services/OABCSINST/instances-H "Content-Type: application/vnd.com.oracle.oracloud.provisioning.Service+json" \ -H "X-ID-TENANT-NAME: <IdentityDomain>" \ -d "@service_payload.json" \
Chapter 2Create an Instance Using the PaaS Service Manager
2-5
The service_payload.json file will be of the format:
{"serviceName": "your_service_name","appSize":"Enterprise-X1","serviceLevel": "PAAS","region":"your_region""organizationType": "true","numberOfPeersDev": "8","managedSystemType": "oracle","enableNotification":"true","notificationEmail":"your_email"}
• serviceName
– Must contain one or more characters.
– Must not exceed 15 characters.
– Must start with an ASCII letter: a to z.
– Must contain only ASCII lower-case letters or numbers.
– Must not contain a hyphen.
– Must not contain any other special characters.
– Must be unique within the identity domain.
• appSize
– Developer: A 1 Kafka orderer and 3 OCPU total in 1 VM; 1 unit minimumcharge (500 transactions/hr)
– Enterprise-X1: A 3 node Kafka cluster and 3 X Standard 2.1 VM shapes; 2unit minimum charge (1000 transactions/hr)
– Enterprise-X4: A 3 node Kafka cluster and 3 X Standard 2.4 VM shapes; 8unit minimum charge (4000 transactions/hr)
• serviceLevel
– Must be set to PAAS
• region
– Optional. Select the region where you want to host your service instance.
• organizationType
– Must be set to true
• numberOfPeersDev
– Specify the number of peer nodes that will be initially created in this serviceinstance.
– 1 to 14 peer nodes for an Enterprise configuration.
– 1 to 7 nodes for a Developer configuration
• managedSystemType
– Must be set to oracle
Chapter 2Create an Instance Using the PaaS Service Manager
2-6
• enableNotification
– Must be set to true
• notificationEmail
– Enter the email where all notifications will be sent.
If you are using the instance creation wizard in the Cloud Infrastructure Console, onceyou have entered your desired configuration information, on the informationconfirmation page you can download a service_payload.json file with your selectionsby clicking the download icon.
After You Create a Service InstanceWhen you receive the email to say your service is ready, verify that the service is upand running, and then set up users for the service.
Verify that your instance has been created and access the Oracle Blockchain Platformconsole.
Add users and apply roles to them in IDCS.
You can use the Instances page of the Cloud Infrastructure Console to perform routinemaintenance, or troubleshoot, explore, monitor, or delete your instances.
Verify Your Instance and Access the Oracle Blockchain PlatformConsole
Oracle sends an email to the designated email address when your Oracle BlockchainPlatform instance is ready. Navigate to your service in the Cloud InfrastructureConsole, obtain the service URL, and then sign in to verify your Oracle BlockchainPlatform instance is up and running.
1. In the Cloud Infrastructure Console, open the dashboard.
2. Navigate to Blockchain and click the Action menu beside your instance name.
3. Click Blockchain Console.
4. Sign in with your administrator credentials.
Chapter 2After You Create a Service Instance
2-7
3Manage the Lifecycle of an Instance
You can use the Instances page of the Cloud Infrasructure Console to perform routinemaintenance or troubleshooting for your Oracle Blockchain Platform instance.
You can also monitor these lifecycle operations and other management activities for allOracle Blockchain Platform instances.
Topics:
• Explore the Oracle Blockchain Platform Console
• Monitoring Activity
• Track the Number of Oracle Blockchain Platform Instances in an Account
• Manage Tags
• Delete an Oracle Blockchain Platform Instance
Explore the Oracle Blockchain Platform ConsoleYou can use the Oracle Blockchain Platform console to view all Oracle BlockchainPlatform instances.
What You See on the Oracle Blockchain Platform Console
When you access Oracle Blockchain Platform the first time for an account, you will seethe Welcome page. Click Instances to view the Oracle Blockchain Platform consolehome page.
There is one additional tab on the Oracle Blockchain Platform console: Activity. See:
• Monitor Activity
The following table describes the key information shown on the Oracle BlockchainPlatform console. The information displayed in the Oracle Blockchain Platform consolewill vary based on whether or not you have created Oracle Blockchain Platforminstances. When you access the Oracle Blockchain Platform console for your accountfor the first time and there are no Oracle Blockchain Platform instances created, anyservice instance details will not be displayed. In this case, you can create a serviceinstance by clicking Create Instance and access information about the prerequisitesand steps for creating an instance.
Element Description
identity domain Click to change the resource identity domain.
3-1
Element Description
Click the user menu icon containing the initials of the user in order to accessa menu with the following options:
• Help: Provides links to documentation, videos, tutorials, andtroubleshooting information. You can also choose to download thePaaS Service Manager (PSM) Command Line Interface (CLI) orAppToCloud feature.
• Accessibility: Specify whether you use a screen reader, high contrast,and/or large fonts.
• About: Provides a description of what you can do with OracleBlockchain Platform, and the version of the service and UI you areusing.
• Sign Out: Logs you out of the service.
Access help for this page, including documentation, tutorials, videos, andFAQs.
Click the Contact Use button to:
• Look up Oracle contact phone numbers• Access My Oracle Support• Access Oracle Cloud Discussion Forums• Chat with Oracle Support online
(In the branding bar)
Click and select a choice from the menu to open the service console for oneof the Oracle Cloud Services to which you subscribe.
Instances Click to refresh this page.
Activity Click to view all operations performed on your service instances. See Monitor Activity.
Welcome! Click to return to the Welcome page.
(Adjacent to the Welcome! linkin the banner)
Click and select a choice from the drop-down menu to open the serviceconsole for one of the Oracle Cloud Platform Services to which yousubscribe.
Instances (Summary panel) Number of Oracle Blockchain Platform instances in the identity domain.
OCPUs (Summary panel) Total number of Oracle Compute Units (OCPUs) allocated across all OracleBlockchain Platform instances.
Memory (Summary panel) Total amount of memory in GBs allocated across all Oracle BlockchainPlatform instances.
Storage (Summary panel) Total amount of block storage in GBs allocated across all Oracle BlockchainPlatform instances.
Public IPs (Summary panel) Total number of public IP addresses allocated across all Oracle BlockchainPlatform instances.
Instances (heading) All Oracle Blockchain Platform instances in the identity domain.
Searchfield
Enter a full or partial service instance name to filter the list of serviceinstances to include only the instances that contain the string in their name.
Click to refresh the page. The date and time the page was last refreshed isdisplayed adjacent to this button.
Create Instance Create a new Oracle Blockchain Platform instance. See Creating an OracleBlockchain Platform Instance.
Oracle Blockchain Platform instance. Click this icon to view more details.
Chapter 3Explore the Oracle Blockchain Platform Console
3-2
Element Description
Status icon indicating that the Oracle Blockchain Platform instance is beingcreated.
Status icon indicating the Oracle Blockchain Platform instance is undergoingmaintenance or terminating.
Status icon indicating that the Oracle Blockchain Platform instance wasn’tcreated. This icon can also mean that the service instance has stopped. Seethe Activity section of this page.
service-name Name of the Oracle Blockchain Platform instance. Click the name to viewmore details.
Status Status of the service instance. Valid values include: In Progress,Maintenance, Terminating, Stopped, and Failed.
Click the status label to view progress messages.
Note:
Running service instances do not display thisfield.
Version Version of Oracle Blockchain Platform the instance was created with.
Tags Tags assigned to the service instance. The first tag is displayed. To see alltags assigned to the service instance, hover over the tag name and clickMore.
Submitted On When status is In Progress, date and time in UTC that the OracleBlockchain Platform instance creation request was submitted.
Created On When provisioning is complete, date and time in UTC that the OracleBlockchain Platform instance was created.
OCPUs Number of OCPUs allocated for the Oracle Blockchain Platform instance.
If your service instance has multiple clusters, the OCPUs value is the sum ofall OCPUs used in all the clusters.
Memory Amount of memory in GBs allocated for the Oracle Blockchain Platforminstance.
Storage Amount of storage in GBs allocated for the Oracle Blockchain Platforminstance.
(adjacent to the service instancename)
Instance menu icon provides the following options:
• Blockchain Console: launches the Oracle Blockchain Platform console
• Delete: Deletes the service instance.
Chapter 3Explore the Oracle Blockchain Platform Console
3-3
Element Description
Instance Create and Delete History Shows details about created or deleted service instances.
• Show only failed attempts—Check this box if you want to see failedattempts only.
• Details—Displays system messages logged during the creation ordeletion process. Messages include information about auto-retryattempts.
• Complete Cleanup— This button appears only if there are failedresources created during a successful auto-retry process. If you selectthis button, the failed resources are deleted. You might have to pressthe button again and wait, repeating this process until the button is nolonger displayed.
• Retry Delete—This button appears only if an attempt to delete a failedservice instances is unsuccessful. The software cleans up failedresources and tries again to delete the service instance. You mighthave to press the button again and wait, repeating this process until thebutton is no longer displayed.
Monitor ActivityYou can view all of the cloud operations that have been performed on your OracleBlockchain Platform instances.
You can restrict the list of activities that are displayed by using search filters. For eachactivity, you can view the operation, service name, service type, status, start time andend time. You can also view the name of the cloud user that initiated the activity.
1. Access your service console.
2. Click the Activity tab.
3. To locate a specific activity, complete these fields in the Search Activity Logarea, and then click Search.
By default, this page displays all Oracle Blockchain Platform activities thatoccurred in the previous 24 hours.
4. Optional: Select a value for Results per page to limit the maximum number ofsearch results.
Track the Number of Oracle Blockchain Platform Instancesin an Account
The account administrator can track the number of Oracle Blockchain Platforminstances across all accounts using the My Account Dashboard page.
1. Sign in to Oracle Cloud and navigate to the Cloud Infrastructure Dashboard.
To sign in to your Oracle Cloud Account, you need to know the URL to the sign-inpage and your user name and password.
2. On the Dashboard, select Open Service Console from the menu on theBlockchain tile.
The tile displays the number of Oracle Blockchain Platform instances in theidentity domain.
Chapter 3Monitor Activity
3-4
Manage TagsA tag is an arbitrary key or a key-value pair that you can create and assign to yourOracle Blockchain Platform instances. You can use tags to organize and categorizeyour instances, and to search for them.
Topics:
• Creating, Assigning, and Unassigning Tags
• Finding Tags and Instances Using Search Expressions
Create, Assign, and Unassign TagsYou can create and assign tags to Oracle Blockchain Platform instances while creatingthe instances or later. When you no longer need certain tags for an instance, you canunassign them.
To assign tags to an instance or to unassign tags:
1. Navigate to the Overview page for the instance for which you want to assign orunassign tags.
2. This step depends on whether any tags are already assigned to the instance:
If at least one tag is assigned to the instance, the Overview page shows a Tagsfield.
a. Hover over any of the tags in the Tags field, until a More link is displayed.
b. Click the More link.
If you don’t see the Tags field, then no tags are currently assigned to the instance.
a. Click Manage this service in the instance name bar at the top.
b. Select Add Tags.
3. In the Manage Tags dialog box, assign or unassign tags, as required:
• In the Assign section, from the Tags field, select the tags that you want toassign to the instance.
• If the tags that you want to assign don't exist, select Create and Assign in theTags field, and then enter the required tags in the Enter New Tags field.
• To unassign a tag, in the Unassign section, look for the tag that you want tounassign, and click the X button next to the tag.
Note:
You might see one or more tags with the key starting with ora_.Such tags are auto-assigned and used internally. You can’t assign orunassign them.
• To exit without changing any tag assignments for the instance, click Cancel.
4. After assigning and unassigning tags, click OK for the tag assignments to takeeffect.
Chapter 3Manage Tags
3-5
Find Tags and Instances Using Search ExpressionsA tag is an arbitrary key or a key-value pair that you can create and assign to yourOracle Blockchain Platform instances. You can use tags to organize and categorizeyour instances, and to search for them. Over time, you might create dozens of tags,and you might assign one or more tags to several of your instances. To search forspecific tags and to find instances that are assigned specific tags, you can use filteringexpressions.
For example, on the home page of the web console, you can search for the instancesthat are assigned a tag with the key env and any value starting with dev (example:env:dev1, env:dev2), by entering the search expression 'env':'dev%' in the Searchfield.
Similarly, when you use the REST API to find tags or to find instances that areassigned specific tags, you can filter the results by appending the optionaltagFilter=expression query parameter to the REST endpoint URL.
• To find specific tags: GET paas/api/v1.1/tags/{identity_domain}/tags?tagFilter={expression}
• To get a list of instances that are assigned specific tags: GET paas/api/v1.1/instancemgmt/{identity_domain}/instances?tagFilter={expression}
Syntax and Rules for Building Tag-Search Expressions
• When using cURL to send tag-search API requests, enclose the URL in doublequotation marks.
Example:
curl -s -u username:password -H "X-ID-TENANT-NAME:acme" "restEndpointURL/paas/api/v1.1/instancemgmt/acme/instances?tagFilter='env'"
This request returns all the tags that have the key env.
• Enclose each key and each value in single quotation marks. And use a colon (:) toindicate a key:value pair.
Examples:
'env''env':'dev'
• You can include keys or key:value pairs in a tag-filtering expression.
Chapter 3Manage Tags
3-6
SampleExpression
Description Sample Search Result
'env' Finds the tags with the key env, or theinstances that are assigned the tagswith that key.
The following tags, or the instancesthat are assigned any of these tags:
env:devenv:qa
'env':'dev'
Finds the tag with the key env and thevalue dev, or the instances that areassigned that tag.
The following tag, or the instancesthat are assigned this tag
env:dev
• You can build a tag-search expression by using actual keys and key values, or byusing the following wildcard characters.
% (percent sign): Matches any number of characters.
_ (underscore): Matches one character.
SampleExpression
Description Sample Search Result
'env':'dev%'
Finds the tags with the key env and avalue starting with dev, or theinstances that are assigned such tags.
Note: When you use curl or anycommand-line tool to send tag-searchREST API requests, encode thepercent sign as %25.
The following tags, or the instancesthat are assigned any of these tags:
env:devenv:dev1
'env':'dev_'
Finds the tags with the key env andthe value devX where X can be anyone character, or finds the instancesthat are assigned such tags.
The following tags, or the instancesthat are assigned any of these tags:
env:dev1env:dev2
• To use a single quotation mark ('), the percent sign (%), or the underscore (_) as aliteral character in a search expression, escape the character by prefixing abackslash (\).
SampleExpression
Description Sample Search Result
'env':'dev\_%'
Finds the tags with the key env anda value starting with dev_, or theinstances that are assigned suchtags.
The following tags, or the instancesthat are assigned any of these tags:
env:dev_1env:dev_admin
Chapter 3Manage Tags
3-7
• You can use the Boolean operators AND, OR, and NOT in your searchexpressions:
Sample Expression Description Sample Search Result
'env' OR 'owner' Finds the tags with thekey env or the keyowner, or the instancesthat are assigned eitherof those keys.
The following tags, or theinstances that areassigned any of thesetags:
env:devowner:admin
'env' AND 'owner' Finds the instances thatare assigned the tagsenv and owner.
Note: This expressionwon’t return any resultswhen used to search fortags, because a tag canhave only one key.
The instances that areassigned all of thefollowing tags:
env:devowner:admin
NOT 'env’ Finds the tags that havea key other than env, orthe instances that areassigned such tags.
Note: Untaggedinstances as well willsatisfy this searchexpression.
The following tags, or theinstances that areassigned any of thesetags or no tags:
owner:admindepartment
('env' OR 'owner') AND NOT'department'
Finds the tags that havethe key env or the keyowner but not the keydepartment, or theinstances that areassigned such tags.
The following tags, or theinstances that areassigned any of thesetags:
env:devowner:admin
Delete an Oracle Blockchain Platform InstanceWhen you no longer require an Oracle Blockchain Platform instance, you can delete it.Your account is no longer charged for the instance.
Only a blockchain administrator can delete a service instance. See Assigning Roles inOracle Identity Cloud Service.
When you delete an Oracle Blockchain Platform instance:
• Resources such as IP addresses are removed.
• Storage volumes attached to the VMs hosting the Oracle Blockchain Platforminstance are removed.
To delete an Oracle Blockchain Platform instance:
Chapter 3Delete an Oracle Blockchain Platform Instance
3-8
1. Navigate to the Cloud Infrastructure Console.
2. From the menu for the service instance, select Delete.
The Delete Service dialog is displayed.
3. In the Delete Service dialog box that opens, click Force service deletion and thenclick Delete.
Once deleted, the Oracle Blockchain Platform instance is removed from the list ofservice instances displayed on the Cloud Infrastructure console.
If there is a problem deleting the service instance, the Retry Delete displays. Click theRetry Delete button to attempt to clean up any remaining resources and delete theservice instance completely. The Retry Delete button is displayed for as long as thefailed resources exist. Repeat this process, as necessary, until the Retry Deletebutton is no longer displayed.
You won't be billed for the service if the deletion process times out before all the entirecleanup is complete. Oracle Cloud Services periodically retries to complete thecleanup until the service instance is successfully deleted. Alternatively, you can do thismanually:
1. Click on Service create and delete history on the Cloud Infrastructure console.
2. Select the service instance. The status of the service instance will be DeletionFailed.
3. Click Retry Delete to initiate cleanup again.
Chapter 3Delete an Oracle Blockchain Platform Instance
3-9
4Set Up Users and Access Roles
One of the first jobs you do after setting up a service with Oracle Blockchain Platformis to add user accounts in Oracle Identity Cloud Service for everyone you expect touse the service and assign them suitable permissions in the service.
Oracle Identity Cloud Service is available with your Oracle Blockchain Platformaccount. Use Oracle Identity Cloud Service to add users and groups.
Topics:
• Use Oracle Identity Cloud Service for Authentication
• Connect to Oracle Identity Cloud Service from the Cloud Infrastructure Console
• Add Oracle Identity Cloud Service Users
• Assigning Roles in Oracle Identity Cloud Service
Use Oracle Identity Cloud Service for AuthenticationOracle Blockchain Platform uses Oracle Identity Cloud Service for identitymanagement and authentication.
Oracle Identity Cloud Service provides Oracle Cloud administrators with a centralsecurity platform to manage the relationships that your users have with yourapplications, including with other Oracle Cloud services like Oracle BlockchainPlatform. With Oracle Identity Cloud Service you can create custom password policiesand email notifications, onboard new users, assign users and groups to applications,and run security reports. See these topics in Administering Oracle Identity CloudService:
• About Oracle Identity Cloud Service Concepts
• How to Access Oracle Identity Cloud Service
Each Oracle Cloud service instance in your account is associated with an OracleIdentity Cloud Service security application. Each security application defines one ormore application roles. Assign users and groups to these application roles in order togrant them administrative access to a service. See these topics in AdministeringOracle Identity Cloud Service:
• Creating User Accounts
• Creating Groups
• Assigning Users to Oracle Applications
• Assigning Groups to Oracle Applications
4-1
Connect to Oracle Identity Cloud Service from the Cloud InfrastructureConsole
When you create an Oracle Blockchain Platform instance, Oracle Cloud creates asecurity application for the instance in Oracle Identity Cloud Service Oracle IdentityCloud Service. You have direct access to this application from the Oracle BlockchainPlatform instance page in the Cloud Infrastructure Console so it's easy for you to addusers and grant roles for your instance.
1. Open the Cloud Infrastructure Console.
2. Click the name of the Oracle Blockchain Platform instance.
The Service Overview page displays showing the Web Tier Security Service andthe Blockchain Service Manager.
3. Click the manager for your instance.
An overview page with Oracle Blockchain Platform instance details is displayed.
4. Click the link next to IDCS Application and log in with your Oracle Identity CloudService credentials if prompted.
An instance of Oracle Identity Cloud Service opens on the Details tab. Detailsabout the application associated with your Oracle Blockchain Platform instance isdisplayed in Oracle Identity Cloud Service. From here, you can add users andgroups, and assign them various permissions (application roles) in the OracleBlockchain Platform instance.
The IDCS console has the following tabs used by the Oracle Blockchain Platforminstance:
• Details - Displays information about the Oracle Blockchain Platform instance,including the application ID, name, display name, and description.
• Application Roles - Displays roles. Use this tab to assign users to roles in OracleBlockchain Platform.
• Groups - Displays user groups. You use this tab to create groups and then addone or more users or applications to the group.
• Users - Displays users. You use this tab to add users and assign them to one ormore groups or applications.
Add Oracle Identity Cloud Service UsersTo access a Oracle Blockchain Platform instance that uses Oracle Identity CloudService for authentication, Oracle Blockchain Platform users must first have validOracle Identity Cloud Service credentials. Administrators manage the provisioning ofusers in Oracle Identity Cloud Service and perform the task of adding users.
To add users and provide them access to Oracle Blockchain Platform:
1. Open the security application associated with the Oracle Blockchain Platforminstance in Oracle Identity Cloud Service.
2. Click the Identity Cloud Service Users tab at the top of the page (not the Users tabfor the Oracle Blockchain Platform instance).
3. Click Add and provide user details, then click Finish.
Chapter 4Use Oracle Identity Cloud Service for Authentication
4-2
The Details page is displayed for the user. An email will be sent to the user withlogin information.
Add Hyperledger Fabric Enrollments to a REST ProxyTo use the REST proxy API you can use the default enrollments or create a newenrollment by mapping an Oracle Identity Cloud Service user to a Hyperledger Fabricenrollment.
Prerequisite: you must have added the enrollment to the REST node in the OracleBlockchain Platform console as described in Add Enrollments to a REST Proxy inUsing Oracle Blockchain Platform
1. Open the Oracle Identity Cloud Service console for your Oracle BlockchainPlatform instance. The application you’re looking for is named:OABCSINST_<instance_name>
2. On the Application Roles tab, search for the REST proxy user you created theenrollment for using the Oracle Blockchain Platform console. This role will benamed: RESTPROXY_USER_${enrollment_name}
3. Click the Action menu for this role, and select Assign Users.
4. Select a user registered with Oracle Identity Cloud Service, and click OK.
Some important things to note about how Oracle Blockchain Platform handles RESTproxy user roles:
• The REST proxy will accept the request if the Oracle Identity Cloud Service userhas only one RESTPROXY_USER_${enrollment_name} role in the Oracle IdentityCloud Service application.
• The REST proxy will reject the request if the Oracle Identity Cloud Service userhas multiple RESTPROXY_USER_$ {enrollment_name} roles in the Oracle IdentityCloud Service application.
– If the Oracle Identity Cloud Service user doesn't have a RESTPROXY_USER_${enrollment_name} role, but has one or more roles such asRESTPROXY${1-4}_USER, the REST proxy will map this Oracle Identity CloudService user to the default enrollment.
– The REST proxy will reject the request if the Oracle Identity Cloud Serviceuser doesn't have a RESTPROXY_USER_${enrollment_name} orRESTPROXY${1-4} _USER role in the Oracle Identity Cloud Service application.
• The REST proxy will cache the Oracle Identity Cloud Service application rolestates each 120 seconds for better performance, so assigning and revoking usersto an Oracle Identity Cloud Service role may take 120 seconds to take effect.
Use a Third Party Identity ProviderBy default Oracle Blockchain Platform uses Oracle Identity Cloud Service as itsidentity provider. However it is possible to use another identity provider and map it toOracle Blockchain Platform user roles.
Oracle Cloud Infrastructure supports federation withOracle Identity Cloud Service andMicrosoft Active Directory (via Active Directory Federation Services), and any identityprovider that supports the Security Assertion Markup Language (SAML) 2.0 protocol.
Chapter 4Use Oracle Identity Cloud Service for Authentication
4-3
For detailed information about how to configure this federation, refer to IdentityProviders and Federation.
To use a third party identity provider with Oracle Blockchain Platform:
1. Configure federation and single sign-on between Oracle Identity Cloud Serviceand the third-party identity provider.
2. Grant Oracle Blockchain Platform roles to the identity provider user IDs.
3. Generate an access token for each identity provider user ID which uses REST tointeract with Oracle Blockchain Platform.
Configure the Single Sign-on
The instructions in this section provide a very brief overview of the general processrequired to associate your third-party identity provider with Oracle Identity CloudService and configure single sign-on. Refer to the documentation of both products formore comprehensive information on how to complete this process.
In your third-party identity provider, create an integration between it and Oracle IdentityCloud Service. Ensure that you configure it to use SAML-based sign-on using SAML2.0. Export your identity provider's metadata for SAML federation (the SAML signingcertificate).
Create users in your identity provider and assign them access to Oracle Identity CloudService. Create matching users in Oracle Identity Cloud Service. You can then add aSAML identity provider in Oracle Identity Cloud Service and map it to your identityprovider by importing the identity provider metadata.
Grant User Roles
In order for the users registered in your identity provider to access Oracle BlockchainPlatform, you will need to grant them the appropriate user roles in Oracle IdentityCloud Service.
• In order to access the Oracle Blockchain Platform console, they need to be eitherBCS Administrator or BCS User.
• In order to use the REST proxy they need to be either RESTPROXY#_ADMIN orRESTPROXY#_USER.
• In order to run chaincode transactions or perform Fabric certificate authorityfunctions they need to be Administrator or Client.
For detailed information on user roles in Oracle Blockchain Platform, see AssigningRoles in Oracle Identity Cloud Service.
Generate Access Tokens
Any user accessing Oracle Blockchain Platform through the REST APIs requires anaccess token.
1. Create a confidential application using a cURL command. Below is an example:
curl -X POST -H "Content-Type:application/scim+json" -H "Authorization: Bearer $ACCESS_TOKEN" ${IDCS_URL}/admin/v1/Apps -d '{"displayName": "'${appDisplay}'","realmName": "'${appDisplay}'",
Chapter 4Use Oracle Identity Cloud Service for Authentication
4-4
"isKerberosRealm": false,"description": "App desc '${appDisplay}'","basedOnTemplate": {"value": "CustomWebAppTemplateId"},"isOAuthClient": true,"clientType": "confidential","allowedGrants": ["client_credentials", "urn:ietf:params:oauth:grant-type:jwt-bearer", "urn:ietf:params:oauth:grant-type:saml2-bearer", "refresh_token"], "allowedScopes": [{ "idOfDefiningApp": "d55b5f55b5ec55555ef55555b5cb55d5", "fqs": "https://URL.com:443/external" }, { "idOfDefiningApp": "d55b5f55b5ec55555ef55555b5cb55d5", "fqs": "https://URL.com:443/internal" }, { "idOfDefiningApp": "d55b5f55b5ec55555ef55555b5cb55d5", "fqs": "https://URL.com:443/restproxy" }],
"schemas": ["urn:ietf:params:scim:schemas:oracle:idcs:App"],"isUnmanagedApp": true,"urn:ietf:params:scim:schemas:oracle:idcs:extension:kerberosRealm:App": {"realmName": "'${appDisplay}'realmName","masterKey": "hello_world","defaultEncryptionSaltType": "defaultSalt","supportedEncryptionSaltTypes": ["supportedTypes"],"ticketFlags": 1,"maxTicketLife": 100,"maxRenewableAge": 100}}'
2. To make the confidential application visible to a user in the third-party identityprovider, create a role:
curl -X POST -H "Content-Type:application/scim+json" -H "Authorization: Bearer $ACCESS_TOKEN"${IDCS_URL}/admin/v1/AppRoles -d '{"displayName": "'${NEW_APP_ROLE}'", "adminRole": true, "description": "test role for userX", "public": false, "availableToClients": true, "app": {"value": "'${APP_ID}'"},"schemas": ["urn:ietf:params:scim:schemas:oracle:idcs:AppRole"]}'
3. Grant the role to the third-party identity provider user:
curl -X POST -H "Content-Type:application/scim+json" -H "Authorization: Bearer $ACCESS_TOKEN" "$IDCS_URL/admin/v1/Grants" -d '{"app":{"value":"'${APP_ID}'"},
Chapter 4Use Oracle Identity Cloud Service for Authentication
4-5
"entitlement":{"attributeName":"appRoles","attributeValue":"'${ROLE_ID}'"},"grantMechanism":"ADMINISTRATOR_TO_USER","grantee":{"value":"'${USER_ID}'","type":"User"},"schemas":["urn:ietf:params:scim:schemas:oracle:idcs:Grant"]}'
4. Sign on to Oracle Identity Cloud Service using the user ID from the third-partyidentity provider. You should now see the Oracle Blockchain Platform applicationas well as the confidential application you just created. Open the confidentialapplication by double-clicking it.
5. On the Details tab there is a Generate Access Token button. Click it to generatethe access token you need to access the REST proxy.
Once you have the access token it can be added to the Oracle Blockchain PlatformREST API cURL command headers as described in REST API for Oracle BlockchainPlatform: Authentication.
Assigning Roles in Oracle Identity Cloud ServiceThis overview describes the roles that are relevant to Oracle Blockchain Platform.Anyone who uses or administers Oracle Blockchain Platform must be added in OracleIdentity Cloud Service and granted the correct user role.
Below are the roles that are available for Oracle Blockchain Platform.
User Role GrantedAutomatically toInstance Creator?
Description
Administrator Yes The CA Admin role is the overalladministrator for the Oracle BlockchainPlatform cloud application.
BCS Administrator Yes See the table in Access Control List forConsole Function by User Roles for acomplete list of console functionsavailable for this user role.
BCS User See the table in Access Control List forConsole Function by User Roles for acomplete list of console functionsavailable for this user role.
Client Yes This user role is assigned to OracleBlockchain Platform participants to runtransactions using the chaincode.
ORDERER Yes This role is assigned to the Fabric orderernode.
PEER Yes This role is assigned to a Fabric peernode.
RESTPROXY#_ADMIN Yes Grants user access to call administrativeREST proxy endpoints.
RESTPROXY#_USER Yes Grants user access to call all REST proxyendpoints available on the REST proxynode with the same number.
Chapter 4Use Oracle Identity Cloud Service for Authentication
4-6
Access Control List for Console Function by User Roles
The following table lists which console features are available to the BCS Administratorand BCS User roles.
Feature BCS Administrator BCS User
Dashboard Yes Yes
Network: list orgs Yes Yes
Network: add orgs Yes No
Network: Ordering servicesetting
Yes No
Network: Export certificates Yes Yes
Network: Export orderersettings
Yes Yes
Node: list Yes Yes
Node: start/stop/restart Yes No
Node: add/remove Yes No
Node: view attributes Yes Yes
Node: edit attributes Yes No
Node: view metrics Yes Yes
Node: view logs Yes Yes
Node: Export/Import Peers Yes No
Peer Node: list channels Yes Yes
Peer Node: join channel Yes No
Peer Node: list chaincode Yes Yes
Channel: list Yes Yes
Channel: create Yes No
Channel: add org to channel Yes No
Channel: Update orderingservice settings
Yes No
Channel: view/query ledger Yes Yes
Channel: list instantiatedchaincode
Yes Yes
Channel: list joined peers Yes Yes
Channel: set anchor peer Yes No
Channel: upgrade chaincode Yes No
Chaincode: list Yes Yes
Chaincode: install Yes No
Chaincode: instantiate Yes No
Sample chaincode: install Yes No
Sample chaincode: instantiate Yes No
Sample chaincode: invoke Yes Yes
CRL Yes No
Chapter 4Use Oracle Identity Cloud Service for Authentication
4-7
5Top FAQs for Administration andConfiguration
The top FAQs for Oracle Blockchain Platform administration and configuration areidentified in this topic.
How do I get support for Oracle Blockchain Platform?
You create a service request in the same way as for on-premises software.
How do I access my service once it’s created?
It’s accessible from the Cloud Infrastructure Console. Navigate to Oracle BlockchainPlatform, select the Instances tab and look for the service you want to access. Fromthe Manage Instance menu associated with this instance, select Console URL.
How do I patch or upgrade my service?
You don’t need to patch or upgrade your service. Oracle takes care of patching foryou.
How do I backup or restore my service?
You can’t create a backup and restore an instance yourself.
How do I start and stop my instance?
You can’t start and stop your instance. Once it’s created it runs continuously until youdelete it.
Can I reuse instance names?
You won’t be able to create a new instance with a name used previously, even if theinstance has been deleted. Oracle is required to preserve data from the deletedinstance for 60 days which would cause conflicts if the name were reused.
Do I have direct access to the file system associated with my service?
No. You can’t access the file system for your service. Your service is managed byOracle.
5-1