Introduction
This article describes the access rules concept on the Trusted Twin platform.
The purpose of this article is to provide system architects and developers with conceptual knowledge required to design solutions on the Trusted Twin platform. In order to consult developer resources, please navigate to the Trusted Twin docs website.
5 min read
Concept
Overview
On the Trusted Twin platform, rules define visibility and access to data.
Rules are logical expressions (e.g., 'TWIN.kind == "cat" and entry_name in LEDGER.public'
). They are evaluated every time there is a request to access a Twin, an Identity, or a Ledger.
Rules can resolve either to True
or False
. If a rule resolves to True
, then access to a resource is granted. If a rule resolves to False
, then access to a resource is denied.
Objects and services using rules
Rules are used in:
- roles to limit access to Twins and Entries in a Ledger,
- Ledgers to define Entry visibility,
- Identities to define Identity visibility,
- Indexes to select Twins included in the index.
Rule variables
Contextual variables that you can use in rules include:
- resource or object names, UUID identifiers or descriptions (e.g., user, Twin),
- Entry names, Entry values, or timestamps (i.e., Ledger),
- user dictionaries provided in the request (i.e.,
X-TrustedTwin
custom header), - current time.
Developer resources
Rule syntax
Rule variables
Tips & tricks
- An Entry value or an object description can store any JSON serializable object. Rules allow for advanced addressing (e.g.,
"entry_value.user_list[2]"
or"entry_value.user_dict.name"
). - Include type Entries provide the ability to use global variables in rules.