newbie for sawtooth here. Currently I am working on a POC for supply chain by using sawtooth as their record storage and there is one use case that i am still trying to sort it out. Here is the usecase, let say there is company A and company B, both companies will upload document to the supply chain system and the file url will store into sawtooth. In this case, may i know what is the best design for the permission control? As those documents able to view by all company A and company B staff. thanks!
Once the file URL is stored in the chain, anyone with access to the node will be able to view it. Only allowing certain people to read from the sawtooth chain can be done, similar to how traditional access restriction is given for APIs or servers. You can put the sawtooth system, behind a proxy and an API and give permissions for the access. That is one way to do it.