I have tried restricting access by disabling an organisation's ability to invoke chaincode through: peer/Propose: /Channel/Application/MyPolicy where
MyPolicy: Type: Signature Rule: "OR('Org1MSP.admin')"
But this prevents Org2 from querying as well. Is it possible for Org2 to just query without being able to invoke?
You could achieve this goal by restricting access to functions in the chaincode itself. With CID Lib you can identify the calling peers (e.g. by their msp) and manage the access based on those information. With that and the concept of AttributeBasedAccessControl you can manage all the access to queries/invokes perfectly on chain and seperate it on peer and organisation level