diff --git a/deploy/deploy-gateway/src/main/resources/assembly.xml b/deploy/deploy-gateway/src/main/resources/assembly.xml
index b28d5436..09a964df 100644
--- a/deploy/deploy-gateway/src/main/resources/assembly.xml
+++ b/deploy/deploy-gateway/src/main/resources/assembly.xml
@@ -20,7 +20,7 @@
unix
- src/main/resources/docs
+ ../../docs
docs
unix
diff --git a/deploy/deploy-peer/src/main/resources/assembly.xml b/deploy/deploy-peer/src/main/resources/assembly.xml
index 4c2d4f82..2594ae14 100644
--- a/deploy/deploy-peer/src/main/resources/assembly.xml
+++ b/deploy/deploy-peer/src/main/resources/assembly.xml
@@ -20,7 +20,7 @@
unix
- src/main/resources/docs
+ ../../docs
docs
unix
diff --git a/docs/ca.md b/docs/ca.md
index 75ac8f97..9da00075 100644
--- a/docs/ca.md
+++ b/docs/ca.md
@@ -129,7 +129,7 @@ TransactionTemplate txTemp = blockchainService.newTransaction(ledger);
txTemp.metaInfo().ca(X509Utils.resolveCertificate("*.crt"));
```
-命令行方式:[更新账本证书](tx.md#更新账本证书)
+命令行方式:[更新账本根证书](cli/tx.md#更新账本根证书)
2. 节点/网关/普通用户证书
@@ -141,7 +141,7 @@ txTemp.metaInfo().ca(X509Utils.resolveCertificate("*.crt"));
txTemp.user("user address").ca(X509Utils.resolveCertificate("*.crt"));
```
-命令行方式:[更新用户证书](tx.md#更新用户证书)
+命令行方式:[更新用户证书](cli/tx.md#更新用户证书)
### 证书生成
diff --git a/docs/cli/tx.md b/docs/cli/tx.md
index 21d9c7e0..e253542b 100644
--- a/docs/cli/tx.md
+++ b/docs/cli/tx.md
@@ -16,7 +16,7 @@ Build, sign or send transaction.
--pretty Pretty json print
-V, --version Print version information and exit.
Commands:
- root-ca Update ledger certificates.
+ root-ca Update ledger root certificates.
user-register Register new user.
user-ca Update user certificate.
user-state Update user(certificate) state.
@@ -46,10 +46,10 @@ Commands:
- `home`,指定密钥存储相关目录,`${home}/config/keys`
命令:
-- `ledger-ca-update`,[更新账本证书](#更新账本证书)
+- `root-ca`,[更新账本根证书](#更新账本根证书)
- `user-register`,[注册用户](#注册用户)
-- `user-ca-update`,[更新用户证书](#更新用户证书)
-- `user-state-update`,[更新用户(证书)状态](#更新用户(证书)状态)
+- `user-ca`,[更新用户证书](#更新用户证书)
+- `user-state`,[更新用户(证书)状态](#更新用户(证书)状态)
- `role`,[角色管理](#角色管理)
- `authorization`,[权限配置](#权限配置)
- `data-account-register`,[注册数据账户](#注册数据账户)
@@ -62,15 +62,15 @@ Commands:
- `contract-deploy`,[部署合约](#部署合约)
- `contract-permission`,[修改合约权限](#修改合约权限)
- `contract`,[合约调用](#合约调用)
-- `contract-state-update`,[更新合约状态](#更新合约状态)
+- `contract-state`,[更新合约状态](#更新合约状态)
- `sign`,[离线交易签名](#离线交易签名)
- `send`,[离线交易发送](#离线交易发送)
-#### 更新账本证书
+#### 更新账本根证书
```bash
-:bin$ ./jdchain-cli.sh tx ledger-ca-update -h
-Update ledger certificates.
+:bin$ ./jdchain-cli.sh tx root-ca -h
+Update ledger root certificates.
Usage: jdchain-cli tx ledger-ca-update [-hV] [--pretty] --crt=
[--export=] [--gw-host=]
[--gw-port=] [--home=]
@@ -89,7 +89,7 @@ Usage: jdchain-cli tx ledger-ca-update [-hV] [--pretty] --crt=
如:
```bash
-:bin$ $ ./jdchain-cli.sh tx ledger-ca-update --crt /home/imuge/jd/nodes/peer0/config/keys/ledger.crt --operation UPDATE
+:bin$ $ ./jdchain-cli.sh tx root-ca --crt /home/imuge/jd/nodes/peer0/config/keys/ledger.crt --operation UPDATE
select ledger, input the index:
INDEX LEDGER
0 j5pFrMigE47t6TobQJXsztnoeA29H31v1vHHF1wqCp4rzi
@@ -161,9 +161,9 @@ register user: [LdeNwQWabrf6WSjZ35saFo52MfQFhVKvm11aC]
#### 更新用户证书
```bash
-:bin$ ./jdchain-cli.sh tx ledger-ca-update -h
+:bin$ ./jdchain-cli.sh tx user-ca -h
Update user certificate.
-Usage: jdchain-cli tx user-ca-update [-hV] [--pretty] [--crt=]
+Usage: jdchain-cli tx user-ca [-hV] [--pretty] [--crt=]
[--export=] [--gw-host=]
[--gw-port=] [--home=]
--crt= File of the X509 certificate
@@ -179,7 +179,7 @@ Usage: jdchain-cli tx user-ca-update [-hV] [--pretty] [--crt=]
如:
```bash
-:bin$ $ ./jdchain-cli.sh tx user-ca-update --crt /home/imuge/jd/nodes/peer0/config/keys/peer0.crt
+:bin$ $ ./jdchain-cli.sh tx user-ca --crt /home/imuge/jd/nodes/peer0/config/keys/peer0.crt
select ledger, input the index:
INDEX LEDGER
0 j5pFrMigE47t6TobQJXsztnoeA29H31v1vHHF1wqCp4rzi
@@ -200,9 +200,9 @@ user: [LdeNpEmyh5DMwbAwamxNaiJgMVGn6aTtQDA5W] ca updated
#### 更新用户(证书)状态
```bash
-:bin$ ./jdchain-cli.sh tx user-state-update -h
+:bin$ ./jdchain-cli.sh tx user-state -h
Update user(certificate) state.
-Usage: jdchain-cli tx user-state-update [-hV] [--pretty] --address=
+Usage: jdchain-cli tx user-state [-hV] [--pretty] --address=
[--export=]
[--gw-host=]
[--gw-port=] [--home=]
@@ -222,7 +222,7 @@ Usage: jdchain-cli tx user-state-update [-hV] [--pretty] --address=
如冻结用户`LdeNpEmyh5DMwbAwamxNaiJgMVGn6aTtQDA5W`:
```bash
-:bin$ $ ./jdchain-cli.sh tx user-state-update --address LdeNpEmyh5DMwbAwamxNaiJgMVGn6aTtQDA5W --state FREEZE
+:bin$ $ ./jdchain-cli.sh tx user-state --address LdeNpEmyh5DMwbAwamxNaiJgMVGn6aTtQDA5W --state FREEZE
select ledger, input the index:
INDEX LEDGER
0 j5pFrMigE47t6TobQJXsztnoeA29H31v1vHHF1wqCp4rzi
@@ -752,9 +752,9 @@ return string: LdeNqvSjL4izfpMNsGpQiBpTBse4g6qLxZ6j5
#### 更新合约状态
```bash
-:bin$ ./jdchain-cli.sh tx contract-state-update -h
+:bin$ ./jdchain-cli.sh tx contract-state -h
Update contract state.
-Usage: jdchain-cli tx contract-state-update [-hV] [--pretty]
+Usage: jdchain-cli tx contract-state [-hV] [--pretty]
--address= [--export=] [--gw-host=]
[--gw-port=] [--home=] --state=
--address= Contract address
@@ -773,7 +773,7 @@ Usage: jdchain-cli tx contract-state-update [-hV] [--pretty]
如冻结合约`LdeNpEmyh5DMwbAwamxNaiJgMVGn6aTtQDA5W`:
```bash
-:bin$ $ ./jdchain-cli.sh tx contract-state-update --address LdeNpEmyh5DMwbAwamxNaiJgMVGn6aTtQDA5W --state FREEZE
+:bin$ $ ./jdchain-cli.sh tx contract-state --address LdeNpEmyh5DMwbAwamxNaiJgMVGn6aTtQDA5W --state FREEZE
select ledger, input the index:
INDEX LEDGER
0 j5pFrMigE47t6TobQJXsztnoeA29H31v1vHHF1wqCp4rzi
diff --git a/docs/data_permission.md b/docs/data_permission.md
new file mode 100644
index 00000000..04701652
--- /dev/null
+++ b/docs/data_permission.md
@@ -0,0 +1,94 @@
+## 账户级别权限
+
+数据账户,事件账户以及合约账户数据权限设计。
+
+**数据读取完全开放**,本文档讨论全新变更仅对数据写入和合约调用生效。
+
+### 权限定义
+
+类似`linux`文件权限,使用用10位数据表示账户数据权限信息:
+`0 123 456 789`
+
+- `0`: 数据集或者合约, `-`或`c`
+- `123`: 所有者列表, `read(-/r)`, `write(-/w)` 以及 `execute(-/x)`
+- `456`: 所属角色, `read(-/r)`, `write(-/w)` 以及 `execute(-/x)`
+- `789`: 其他用户, `read(-/r)`, `write(-/w)` 以及 `execute(-/x)`
+
+> 当前实现数据账户仅对`write`权限更新有效;事件账户仅对`write`权限更新有效;合约仅对`execute`权限更新有效。
+
+### 实现
+
+权限数据存储与数据集头信息中,`SecurityPolicy`中增加:
+```java
+// 查询/写入/执行 权限校验
+void checkDataPermission(DataPermission permission, DataPermissionType permissionType) throws LedgerSecurityException;
+
+// 账户创建者校验,只有创建者才能修改数据权限
+void checkDataOwners(DataPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException;
+```
+
+在数据写入/合约方法调用前进行权限校验
+
+
+
+数据账户,事件账户,合约账户均实现`PermissionAccount`接口:
+```java
+public interface PermissionAccount {
+
+DataPermission getPermission();
+
+void setPermission(DataPermission permission);
+
+void setModeBits(AccountModeBits modeBits);
+
+void setRole(String role);
+}
+```
+
+增加`AccountPermissionSetOperation`账户数据权限设置操作及其处理逻辑
+
+### SDK
+
+统一使用风格
+
+#### 数据账户
+
+```java
+txTemp.dataAccount("LdeNrUrMGxkG1R5mDNwrUvkFdRdD91xH1Pcvd")
+.permission() // 创建权限修改操作构造器
+.mode(777) // 设置权限值,与 linux chmod 操作类似
+.role("ADMIN"); // 设置账户数据所属角色
+```
+
+#### 事件账户
+
+```java
+txTemp.eventAccount("LdeNrUrMGxkG1R5mDNwrUvkFdRdD91xH1Pcvd")
+.permission() // 创建权限修改操作构造器
+.mode(777) // 设置权限值,与 linux chmod 操作类似
+.role("ADMIN"); // 设置账户数据所属角色
+```
+
+#### 合约账户
+
+```java
+txTemp.contract("LdeNrUrMGxkG1R5mDNwrUvkFdRdD91xH1Pcvd")
+.permission() // 创建权限修改操作构造器
+.mode(777) // 设置权限值,与 linux chmod 操作类似
+.role("ADMIN"); // 设置账户数据所属角色
+```
+
+### JD Chain Cli
+
+
+#### 数据账户
+
+[更新数据账户权限](cli/tx.md#修改数据账户权限)
+
+#### 事件账户
+
+[更新数据账户权限](cli/tx.md#修改事件账户权限)
+
+#### 合约账户
+
+[更新合约权限](cli/tx.md#修改合约权限)
diff --git a/docs/user.md b/docs/user.md
index 26ebae95..56570247 100644
--- a/docs/user.md
+++ b/docs/user.md
@@ -36,12 +36,8 @@ public enum RolesPolicy {
- `CONFIGURE_ROLES`配置角色
- `AUTHORIZE_USER_ROLES`授权用户角色
-- SET_CONSENSUS 设置共识协议
-- SET_CRYPTO 设置密码体系
- `APPROVE_TX`参与方核准交易,如果不具备此项权限,则无法作为节点签署由终端提交的交易
-- `CONSENSUS_TX`参与方共识交易
- `REGISTER_PARTICIPANT`注册参与方
-- SET_USER_ATTRIBUTES 设置用户属性
- `REGISTER_USER`注册用户
- `REGISTER_EVENT_ACCOUNT`注册事件账户
- `WRITE_EVENT_ACCOUNT`发布事件
@@ -49,6 +45,10 @@ public enum RolesPolicy {
- `WRITE_DATA_ACCOUNT`写入数据账户
- `REGISTER_CONTRACT`注册合约
- `UPGRADE_CONTRACT`升级合约
+- `UPDATE_USER_STATE`更新用户(证书)状态
+- `UPDATE_ROOT_CA`更新账本根证书
+- `UPDATE_USER_CA`更新用户(证书)状态
+- `UPDATE_CONTRACT_STATE`更新合约状态
#### 3.2 交易权限