# Overview
Below you can see an example response for a role with the name "Read only":
- The role has the role UUID
"3d4c3ec0-6c5f-4d32-ab23-4df8c69f142c". This id was generated by the system. - The role exists in the account with the account UUID
"9891264d-4a77-4fa2-ae7f-84c9af14ae3b". - We add an access rule for the Twin. If it evaluates to
True, it allows to access the resource. In our example, the"company"in the description field of the Twin must be equal to the company in the description field of the user ("twin": "TWIN.company == USER.company") in order to access the Twin. - We allow (
"effect": "allow") the following"actions":"get_twin_ledger_entry","get_twin_identities","get_user_role","get_twin_identity","get_user", and"get_twin". These actions are held in the"statement"attribute of the role.
| Attribute | Type | Description | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| uuid | string | Role UUID. | ||||||||||||
| name | string | Name of the role. It must match the regular expression(opens new window) ^[0-9A-Za-z][0-9A-Za-z_ \-]{0,30}[0-9A-Za-z]$. It does not need to be unique in the context of the account. | ||||||||||||
| account | string | Account UUID. | ||||||||||||
| rules | dictionary | Access rules that control access to a "twin", an "entry" or an "identity". If a rule evaluates to True, it allows to access the given resource. | ||||||||||||
| statement | dictionary | Statement that lists |
| Attribute | Type | In | Description |
|---|---|---|---|
| effect required | string, value is "allow" or "deny" | body | Permission to perform an "action" applied at the level of the account. |
| actions required | list | body | List of "actions" that we grant the user with the role the permission to perform. For a list of available actions, please consult the Available actions section. |
Was this article helpful?