| UI or UX | UI + UX - Reporter-facing safety submission flow for harmful, abusive, illegal, spam, impersonation, or policy-violating content and behavior | UI + UX - Actionable queue for triaging many items that need human review | UI + UX - Object-attached comment composer and comment list with authorship, replies, state, permissions, and moderation | UI + UX - Security-risk warning and safe interruption before unsafe navigation, download, submission, preview, or sensitive action | UI + UX - Authorization and access-boundary state | UI + UX - Durable user-opened notification history and action drawer |
| UI guidance | Render report abuse as a scoped safety flow that identifies the reported object, selected reason, affected person, evidence or context, privacy handling, submit action, confirmation ID, review expectation, and immediate safety actions. | Render review queue as an actionable worklist with queue scope, counts, filters, sort order, row reason, owner, priority, age or SLA, status, preview context, selection, and row actions. | Render comments as anchored contributions with author identity, timestamp, body, optional attachment or selection context, edited state, reply target, and state labels such as open, resolved, hidden, deleted, or assigned. | Render a security warning as a high-clarity interruption that names the detected risk, identifies the destination or object, explains the concrete threat, presents the safest action as the primary path, and separates any override behind deliberate risk detail. | Show the blocked object or action, current account, permission level, required role, owner, and request path when revealing that information is allowed. | Provide a persistent notification entry point, usually a bell or inbox control, with a count that represents new unseen notifications rather than every unread item forever. |
| UX guidance | Use report abuse when a user needs to flag harmful content or behavior for review, not when they only want to hide someone, request access, resolve a comment, or read a security warning. | Use review queue when a team repeatedly processes a changing set of tickets, comments, pull requests, content items, cases, requests, or records that require human inspection and action. | Use comments when users need to discuss, question, annotate, review, or leave follow-up notes on a specific object, selection, file line, record, document, or task without changing the primary content directly. | Use security warning when a product, browser, operating system, or service has evidence that proceeding could expose credentials, install harmful software, leak sensitive data, bypass trust, or weaken account protection. | Use permission denied state when the system knows the user is authenticated but their role, group, share, license, policy, or approval status blocks a specific object or action. | Use a notification center when users receive enough asynchronous system or collaboration updates that they need a durable place to review, triage, and act later. |
| Good UI | A comment menu opens Report abuse with the comment snapshot, author, timestamp, reason choices, affected-person choice, optional context, submit, and confirmation with Block user and View report history actions. | A support queue shows New triage, SLA at risk, owner, customer, status, priority, age, preview text, assignment, and next actions without opening every ticket. | A document margin comment shows the selected paragraph, author, timestamp, body text, Reply, Resolve, Assign, and Copy link actions with the composer focused on that selection. | A browser interstitial says Deceptive site ahead, shows the suspicious domain, explains that attackers may steal passwords, and makes Back to safety the primary action while placing Visit unsafe site behind Details. | A report page says Quarterly revenue report requires Finance viewer access, shows the current account, names the report owner, and offers Request access and Switch account. | A bell opens a drawer with Unread and All filters, showing comment mentions, approval requests, export results, and background-job failures in newest-first order. |
| Bad UI | A red Report button immediately submits with no reason, no content snapshot, no confirmation, and no path to protect the reporter. | A review queue shows a flat list of titles with no reason, age, owner, status, priority, or action controls. | A Notes textarea sits under a record and calls itself comments even though every user overwrites the same field. | A red page says Security issue with Continue as the only visible action. | A denial page says Something went wrong and shows Retry even though the user lacks a required group. | A red badge says 42 forever because opening the drawer, reading items, and viewing related work never update the count. |
| Good UX | A user reports a threatening message, selects violent threat, includes two related messages for context, receives a report receipt, gets guidance to contact local emergency services if in immediate danger, and can save a copy for authorities. | A reviewer claims the oldest SLA-at-risk ticket, opens a preview, assigns it to Billing, returns to the queue with the row removed, and lands on the next oldest item. | A reviewer comments on a selected line, adds an action item for Dana, receives a reply, resolves the comment, and can reopen it from the resolved filter. | A user clicks a payroll link that visually resembles the company domain, sees the suspicious-domain warning, returns to the trusted site, and reports the link to security. | A user opens a restricted report, sees which account is signed in, requests viewer access with a reason, then sees that the request is pending with the owner. | Opening the notification drawer clears the new-notification badge while unread items remain available for later triage. |
| Bad UX | A user reports spam and sees the reported account instantly marked banned even though the item has only entered review. | Two reviewers open the same unclaimed item, both act, and the second decision overwrites the first with no stale-row warning. | A user writes a long comment, loses network connection, and the draft disappears when the page reloads. | A user sees a vague warning, assumes it is routine maintenance, proceeds, and enters credentials into a phishing page. | The app returns a blank screen for a restricted file, so the user cannot tell whether the file is gone, private, or opened with the wrong account. | A payment failure that blocks the current checkout is only stored in the notification center and never appears in the task. |
| Best fit | Users need to flag content, behavior, an account, conversation, listing, repository, ad, or message for policy, abuse, spam, privacy, legal, or safety review. | A team or individual repeatedly reviews many independently queued items. | Users need object-attached discussion without changing the primary object content directly. | A threat signal indicates phishing, malware, deceptive site, unsafe download, invalid certificate, insecure connection, mixed-content submission, suspicious redirect, file preview risk, or account-security danger. | A signed-in user lacks permission to view, edit, publish, export, delete, approve, share, administer, or configure a resource. | Users receive multiple asynchronous updates across objects, jobs, collaborators, approvals, or reminders. |
| Avoid when | The user only wants to stop seeing a person or thread; use block, mute, hide, or notification controls instead. | The task is a single request moving through a governed approval route. | The user is simply entering a long answer into a form field. | The message is only a general severe consequence before a product action; use warning text. | The user is not signed in and the next step is authentication rather than authorization. | The product has only occasional current-action feedback that a toast or inline status can handle. |
| Required state | Report entry point near a post, comment, profile, message, conversation, repository, ad, live chat item, or listing. | Queue loading and count state | Empty comment list and first-comment composer. | Safe path state with primary Back to safety, Cancel, Remove, Use trusted route, or Contact admin action. | Whole-object access denied state. | Closed entry-point state with zero, new-unseen, and unread-but-seen counts. |
| Accessibility burden | Give Report controls object-specific labels such as Report comment by Maya, Report profile, or Report message in conversation. | Use labelled queue name, count, filters, sort, group, row status, selection, preview, and action controls. | Label the comments region with the object or selection being discussed. | Use a heading and text that name the risk before the destination or details, so screen reader users hear the warning context first. | Use a heading that identifies the access boundary and a text description that does not rely on lock icons or red color alone. | Give the entry-point control an accessible name that includes new or unread count without relying only on a red dot. |
| Common misuse | Treating Report as an instant takedown or ban action. | Using an ordinary table with no review reason, urgency, ownership, or decision actions. | Using one shared Notes field as a comment system and overwriting prior contributors. | Using vague warning copy that does not say phishing, malware, certificate, insecure connection, dangerous download, or suspicious redirect. | Treating authorization denial as a generic retryable error. | Treating the badge count, unread count, and total notification count as one number. |