1.9 KiB
1.9 KiB
UI-012 Finding Exceptions Queue
| Field | Value |
|---|---|
| Route | /admin/finding-exceptions/queue |
| Source | FindingExceptionsQueue |
| Area / scope | Governance / workspace |
| Archetype | Exceptions / Accepted Risk |
| Design depth | Strategic Surface |
| Repo truth | repo-verified |
| Screenshot | ../screenshots/desktop/ui-012-finding-exceptions-queue.png |
| Browser status | Reached through workspace route. |
First Five Seconds
The page is an accepted-risk queue. It needs to make risk ownership, expiry, evidence basis, and approval/rejection consequences immediately clear.
Productization Review
- Decision-first: strong candidate.
- Evidence-first: exception evidence and linked findings should be visible.
- Context: workspace hub with environment-filter possibilities.
- Customer/auditor safety: high, because accepted risk is customer-relevant.
- Diagnostics: raw finding/provider evidence should be secondary.
Information Inventory
Default content should show exception state, requester/owner, affected environment, expiration, evidence links, decision history, and required action.
Dangerous Actions
Approve exception, reject renewal, revoke exception, and accept risk are high impact. They require explicit confirmation, authorization, audit, and customer-safe explanation.
Scores
| IA | Density | User Clarity | Sellability | Disclosure | Hierarchy | DS Fit | A11y | Responsive | Components | UX Writing | Perf |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 3 | 3 | 3 | 4 | 3 | 3 | 4 | 3 | 3 | 4 | 3 | 4 |
Top Issues
- Risk decision language needs product-target treatment.
- Evidence basis and expiry must be visible before approval.
- Customer-safe accepted-risk wording requires review.
Target Direction
P0/P1 individual target depending on customer-review sequencing. Treat as the accepted-risk decision pattern.