TrustedTwin Homepage


Figure 1. Rules on the Trusted Twin platform are used in Identities, Ledger Entries, roles, and Indexes.

Access rules concept


This article describes the access rules concept on the Trusted Twin platform. 

The purpose of this article is to provide system architects and developers with conceptual knowledge required to design solutions on the Trusted Twin platform. For developer resources, please consult the Trusted Twin docs website.

5 min read.



Data visibility and access on the Trusted Twin platform are based on rules. 

Rules are logical expressions (e.g., ‘TWIN.kind == “cat” and entry_name in LEDGER.public’) which are evaluated every time access to a Twin, an Identity, or a Ledger is requested. They can resolve either to True (access granted) or False (access denied). 

Figure 2. Role rules define access of a user to a Twin and to Entries of a Ledger.

Rules use contextual variables including:

  • resource or object names, UUID4 identifiers or descriptions (e.g., user, Twin),
  • entry names, values, or timestamps (i.e., Ledger),
  • user dictionary provided in the request (i.e., “X-TrustedTwin” header),
  • current time.

Developer resources
Rules syntax
Rules variables

Rules are used in:

  • User roles to limit access to Twins and Entries in a Ledger
  • Ledgers to define Entry visibility
  • Identities to define Identity visibility
  • Indexes to select Twins included in the index
Figure 3. Visibility rules in Ledger Entries.

Tips & tricks

  • Entry value or object description can store any JSON serializable object. Rules allow for advanced addressing (e.g., entry_value.user_list[2] or
  • Include type Entries provide the ability to use global variables in rules.

Up next/ Next step

Related articles

For more information about how to use the Trusted Twin platform in your application’s architecture or technology stack, please contact