A participant using transaction to update/add another participant

Question

Suppose I create two Participant type A and B respectively, and a transaction X which can only be executed by participant type B or admin.
Moreover, I added some permission rule that Participant A can be created/updated only by the admin or other Participant of type A.
Now, my logic in transaction X requires creation/updating of Participant A. So, If I execute the transaction X using one of the Participant B registry ID, will it be able to create/update the participant A?
If not, then is there any way to do so?

Answer 1

If I have understood your requirement correctly, then these rules should work for the core of what you want: (This example uses the default Basic Sample Network)

rule BforX {
 description: "Allow B access to transaction X"
 participant: "org.example.basic.SampleParticipantB"
 operation: READ, CREATE, UPDATE
 resource: "org.example.basic.SampleTransactionX"
 action: ALLOW
}

rule BforAinX {
 description: "Allow B access to A whilst in X"
 participant: "org.example.basic.SampleParticipantB"
 operation: READ, CREATE, UPDATE
 resource: "org.example.basic.SampleParticipantA"
 transaction: "org.example.basic.SampleTransactionX"
 action: ALLOW
}

rule NotAforX {
 description: "Deny A access to transaction X"
 participant: "org.example.basic.SampleParticipantA"
 operation: ALL
 resource: "org.example.basic.SampleTransactionX"
 action: DENY
}

rule AforA {
 description: "Allow A access to Participant_A"
 participant: "org.example.basic.SampleParticipantA"
 operation: READ, CREATE, UPDATE
 resource: "org.example.basic.SampleParticipantA"
 action: ALLOW
}