permissioned DLT (Blockchain, Hash-Graph, ...)

I would like to understand the concept behind a permissioned (only certain entities can participate) Distributed Ledger Technology (Blockchain, Hash-Graph,...) a little bit better.

So my question is: How do you realize the "feature" "permissioned"?

e.g. On-Chain, Off-Chain,...? I have no idea. I read something about an access control layer which is used to grant certain permission but that didn't really satisfy me.

I hope for a theoretic and possibly detailed answer


  • Anyone can become a member of a public blockchain network whereas permissioned block chain network is created using closed group of known entities. All or subset of these members act as Owners of the network. Any new entity needs permission to become a member of the Permissioned blockchain network. This permission will be granted by the owners of the permissioned blockchain network.

    Also when they are allowed to become a member of the network, they will be granted privileges that decide the following

    1. Whether they can pariticipate in the consensus mechanism or validate transactions
    2. Can they write data on the ledger or only read data etc.

    For example in Hyperledger, members need to get enrolled using Membership services. These membership services will provide the necessary privileges.

    Response to the followup question:
    Genesis Block is applicable only for Ethereum. Hyperledger does not use the concept of Genesis Block. Ethereum does not support permissioning out of the box. If needed, we have to build permissioning features by coding access rights inside smart contracts. Please check the link:

    Ethereum Quorum which is a fork of ethereum support private transactions. Quorum achieves by using another layer on top of ethereum.Using Quorum, private contracts can be created between certain parties and those contracts/transactions will not be visible to other parties.But still specific permissions to data might need still need to be explicitly coded.

    In Hyperledger fabric, this can be done using Membership services. The Membership services will be granting to new users access to the network i.e. user enrollment. During user enrollment, additional attributes can be added. whenever user tries to execute chain code (smart contract), these attributes can be used inside the chain code to make access control decisions like only reading but not writing. Please check the link: