Policy and operation modeling

Choose operation keys carefully

An operation key should describe the concrete business action being protected. Names should be stable across UI changes and meaningful to teams outside engineering.

• Good: invoice.export, customer.read_pii, bank_account.update.
• Weak: submit, save, api_v2_post, button_clicked.

Choose sensitivity

Use low for harmless reads, medium for operational writes, high for customer data and bulk actions, and critical for financial, permission, or account-control changes. Critical is shown as red in the control plane; high, medium, and low use distinct lower-urgency treatments so critical actions are never confused with warnings.

• Low: public or harmless reads where evidence is useful but user friction is not.
• Medium: normal operational writes or internal reads that should be monitored.
• High: customer data, bulk operations, destructive writes, exports, or sensitive record access.
• Critical: permissions, payment details, financial approval, account-control, or irreversible security actions.

Write policy thresholds

TxnShield calculates a 0-100 risk score for each protected transaction. Thresholds map that score into Low, Medium, and High risk bands. With Medium = 45 and High = 80, scores 0-44 are Low, 45-79 are Medium, and 80-100 are High.

Lower thresholds make a policy stricter because controls apply sooner. Higher thresholds reduce user friction, but allow more risk before step-up, redaction, throttling, or denial applies.

Start with conservative defaults in development. In staging, compare the decision log against expected user behavior. In production, rollout with alerts before making aggressive deny rules.

• Standard sensitive actions: Medium 45, High 80.
• PII reads or exports: Medium 35-45, High 75-80.
• Payment, permission, or irreversible changes: Medium 25-35, High 65-75.
• Low-risk internal actions: Medium 55-65, High 85-90.

Bind and publish

Publish a policy version, assign it to the protected operation, and verify decisions in the target environment. Environment-specific configuration lets production stay stable while development experiments.