This article describes the access rules concept on the Trusted Twin platform. 

The purpose of this article is to provide system architects and developers with conceptual knowledge required to design solutions on the Trusted Twin platform. In order to consult developer resources, please navigate to the Trusted Twin docs website.

5 min read

Figure 1. Access rules on the Trusted Twin platform.



On the Trusted Twin platform, rules define visibility and access to data.

Rules are logical expressions (e.g., 'TWIN.kind == "cat" and entry_name in LEDGER.public'). They are evaluated every time there is a request to access a Twin, an Identity, or a Ledger.

Rules can resolve either to True or False. If a rule resolves to True, then access to a resource is granted. If a rule resolves to False, then access to a resource is denied.

Figure 2. Role rules define access of a user to a Twin and to Entries of a Ledge

Objects and services using rules

Rules are used in:

  • roles to limit access to Twins and Entries in a Ledger,
  • Ledgers to define Entry visibility,
  • Identities to define Identity visibility,
  • Indexes to select Twins included in the index.

Rule variables

Contextual variables that you can use in rules include:

  • resource or object names, UUID identifiers or descriptions (e.g., user, Twin),
  • Entry names, Entry values, or timestamps (i.e., Ledger),
  • user dictionaries provided in the request (i.e., X-TrustedTwin custom header),
  • current time.

Developer resources
Rule syntax
Rule variables

Figure 3. Visibility rules in Ledger Entries.

Tips & tricks

  • An Entry value or an object description can store any JSON serializable object. Rules allow for advanced addressing (e.g., "entry_value.user_list[2]" or "").
  • Include type Entries provide the ability to use global variables in rules.

For more information about how to use the Trusted Twin platform in your application’s architecture or technology stack, please contact or schedule a video consultation with us through Calendly.