All Products
Document Center

:Create a policy

Last Updated:Mar 15, 2023

This topic describes how to create a policy in the decision engine.

Background information

  • Description: A policy defines the computing logic that you orchestrate to check requests in your business. When a request is received, the decision engine checks the request based on the preset policies. If a policy is hit, the preset tags of the policy are returned.

  • Scenario: If complex computing logic is required, you can configure a policy with a set of rules. For example, if you need to recognize high-risk borrowers during loan approval, you can check whether the mobile numbers, email addresses, and accounts of borrowers are in the blacklist. If the mobile number, email address, or account of a borrower is in the blacklist, the borrower is considered high-risk. You can configure a policy to implement the preceding logic.


  1. Log on to the Fraud Detection console.

  2. In the left-side navigation pane, choose Decision Engine > Policies.

  3. On the Policies page, click Create Policy.

  4. Set the parameters for the policy.

    1. Configure the basic information for the policy.

      Select the associated event and enter the policy name and policy description. image


      Variables are associated with events. Misoperations on events may cause variables to become unavailable, which affects policy computing. To prevent this, the system does not allow you to modify the associated event of a policy after the policy is created.

    2. Configure the computing logic of the policy.

      Enter the rule name and configure the variable information. The rule name is optional. We recommend that you set a name that can reflect the logic to help you understand the rule. Configure the variable information based on the following instructions:

      • Left variable: You can select an event field, a device variable, a custom variable, a system variable, or an intermediate variable. If you select an event field, you can select a function to compute the event field.

      • Operator: Select an operator to check the value of the left variable. The system provides applicable operators based on the data type of the left variable. For example, if the left variable is a string, operators including >, <, and = are unavailable.

      • Right variable: After you select the left variable and operator, you can enter a constant or variable as the right variable.image

        • If you select an event field, you can select a function to compute the event field. For example, you can select a function to convert the values of the email field to lowercase.

        • To configure more rules, click Add Rule. You can also copy and modify a rule as required to create a rule with similar logic.

    3. Preview the computing logic of the policy.

      You can use the sequence numbers of rules and logical operators to orchestrate the logic. Available logical operators are |, &, and (). | indicates OR and & indicates AND. After you complete the orchestration, click View Rules Tree to preview the computing logic. The system displays the names of rules based on their sequence numbers. If you have not set a name for a rule, the system displays the sequence number of the rule.image


      To prevent logic chaos caused by multiple negation, the NOT operator ! is not supported. To perform the NOT operation, change the operator to the opposite one for the rule. For example, change NULL to IS NOT NULL.

    4. Configure the output and status for the policy.

      The policy output specifies the content returned by the decision engine when the policy is hit. The policy output includes the tags, score, intermediate variables, and output variables.

    • Tags: We recommend that you set an output tag that is easy to understand, such as highRisk or pass. Separate multiple tags with commas (,). If multiple policies that are associated with an event use the same output tag, the decision engine returns unique tags by removing the duplicate ones.

    • Score: The score is an integer that ranges from -1000 to 1000. After the policy is hit, the policy score is added to the event score. The event score is the sum of the scores of all hit policies that are associated with the event.

    • Intermediate variables: Intermediate variables are process variables that are used during policy computing. When a policy that has intermediate variables is hit, the intermediate variables are computed or returned based on the specified logic. Intermediate variables can be used in other policies that are associated with the same event.

    • Output variables: In addition to the score and tags, you can customize output variables. For example, you can specify the input parameters of an event and intermediate variables as output variables. When the policy is hit, the custom output variables are returned in the policy output. image











  5. Click Submit.

    After submitting, the default state of this policy is Draft. We recommend that you set a policy to the Test state to ensure that the policy can properly run before you set it to the Run state. This can reduce risks caused by misoperations. The following table describes the status of a policy.

    After you reset the status of the policy, the policy takes effect in 2 minutes. To continue to create another policy after you submit the current one, click Save and Create Another Policy.image


You can configure priorities for policies. A smaller value indicates a higher priority. Policies that are associated with the same event are run based on the priority from high to low.

  1. Obtain the computing result of the policy.

After you create an event, add the event to the decision engine, and associate a policy with the event, you can send a request to the API endpoint of the decision engine. If the request hits the policy, the decision engine returns the output tags of the policy, as shown in the following figure. image