| UI or UX | UI + UX - Object-level sharing control for recipients, link scope, roles, delivery, copy-link, native share, and access management | UI + UX - Invitation lifecycle for granting another person access | UI + UX - Existing-entity lookup and selected-object confirmation | UI + UX - Focused modal task layer | UI + UX - Small anchored contextual overlay | UI + UX - Authorization and access-boundary state | UI + UX - Final editable answer summary before committing a transaction | UI + UX - Consequential alert decision | UI + UX - Durable user-opened notification history and action drawer | UI + UX - Curated onward links connected to the current content |
| UI guidance | Render share dialog as an object-specific access panel that names the shared object, current access, recipient entry, link scope, role, notification and message choices, copy-link state, external-domain warnings, expiration, download controls, and revoke or manage-access actions. | Render invite user as an access-granting workflow with recipient identity, role or permission, team or channel scope, optional message, delivery method, expiry, pending status, resend, edit, cancel, and acceptance outcome. | Render a labelled lookup field with search text, scoped result list, active result, selected object chip or preview, object type, stable ID or equivalent key, secondary metadata, clear action, no-result state, loading state, and validation text. | Render a titled layer above a dimmed or otherwise unavailable page, with clear task content, named actions, visible close or cancel affordance, and stable scroll boundaries. | Render a popover as a compact surface visually tied to the trigger, field, selection, or object that opened it, with a clear title or labelled content when the body is more than a short sentence. | Show the blocked object or action, current account, permission level, required role, owner, and request path when revealing that information is allowed. | Render a single review page immediately before commit with a clear title, grouped answer sections, readable key/value rows, per-answer or per-section Change actions, skipped optional answers when meaningful, and a primary button whose label names the committed action. | Render an alert-style modal decision with a specific title, consequence description, safe cancellation, and a destructive action label that names the object or scope. | Provide a persistent notification entry point, usually a bell or inbox control, with a count that represents new unseen notifications rather than every unread item forever. | Render a short, labelled collection of links whose destinations are closely related to the current content, using destination-specific link text and optional relation labels such as service, guidance, external, or PDF. |
| UX guidance | Use share dialog when a user is granting, narrowing, distributing, or reviewing access to a concrete object such as a file, folder, document, dashboard, board, recording, report, calendar item, or media asset. | Use invite user when an authorized person needs to bring another person into a workspace, organization, project, channel, repository, team, tenant, or shared object. | Use an object picker when the user must choose an existing entity whose identity matters beyond the displayed label, such as a record, person, group, account, file, team, project, or workspace. | Use the modal interruption only for compact tasks that genuinely need temporary focus before the user returns to the page. | Use a popover when users need local context, clarification, or a small edit without losing their place in the page. | Use permission denied state when the system knows the user is authenticated but their role, group, share, license, policy, or approval status blocks a specific object or action. | Use review before submit to give users one final chance to verify and correct captured answers before a transaction is sent, paid, published, applied, or otherwise committed. | Interrupt users only when the action has a meaningful consequence that cannot be safely recovered afterward. | Use a notification center when users receive enough asynchronous system or collaboration updates that they need a durable place to review, triage, and act later. | Use related links to support users who have finished or understood the current content and need a relevant next page, adjacent service, reference, or follow-up resource. |
| Good UI | A report share dialog shows the report title, current viewers and editors, a recipient field, role dropdown, Notify people checkbox, message field, link set to Restricted, Copy link, and Manage access. | A workspace invite form accepts maya@example.com, labels the invite as Workspace member, shows default channels, explains billing impact, lets the inviter add a message, and shows the pending invite with resend and cancel actions. | A Related account field shows two Acme Retail records with account ID, region, status, and owner, then displays a selected-object preview card before saving. | Account settings opens in a titled dialog with one display-name field, Save, Cancel, close control, and dimmed inactive page context. | A Due date button in a task row opens a small popover beside the field with Today, Tomorrow, Friday, a custom date field, and a visible close control. | A report page says Quarterly revenue report requires Finance viewer access, shows the current account, names the report owner, and offers Request access and Switch account. | A claim review page has Applicant, Contact details, Evidence, and Declaration sections; each row shows the captured answer and a Change link with hidden context such as Change email address. | Delete Research archive? explains that 14 notes and shared links will be permanently removed, offers Keep archive, and labels the danger action Delete archive. | A bell opens a drawer with Unread and All filters, showing comment mentions, approval requests, export results, and background-job failures in newest-first order. | A benefits guidance page ends with Related links: Check eligibility for support, Upload evidence for your claim, and Appeal a support decision, each with a concise relation label. |
| Bad UI | A Share button instantly copies an Anyone with the link can edit URL without showing the current access level or role. | An Invite button immediately emails every typed address with Admin access and no review of workspace, channel, or billing scope. | A text field accepts Acme Retail as free text even though the backend needs a record ID. | A vague popup titled Popup floats over active page controls and offers only OK. | A large floating panel appears in the middle of the screen with no arrow, no title, no trigger relationship, and hidden controls below the fold. | A denial page says Something went wrong and shows Retry even though the user lacks a required group. | A final page says Check your answers but shows only a paragraph and a Continue button with no answers, section headings, or change links. | A popup says Are you sure? with OK and Cancel but does not name the project, notes, or irreversible outcome. | A red badge says 42 forever because opening the drawer, reading items, and viewing related work never update the count. | A page ends with More information containing Home, Contact us, Apply now, Old 2018 guidance, Help, and an unrelated account settings link. |
| Good UX | A manager adds finance@example.com as Viewer, keeps the link restricted, writes a notification note, copies the link, and sees that the file can be unshared from Manage access. | An admin invites an external contractor as a single-channel guest, sees the one-channel limit, adds a note, sends the invite, then extends it when it is still pending after 30 days. | A user searches Acme, compares two same-named records by region and status, selects the active EMEA account, and reviews the selected account ID before saving. | Opening moves focus to the display-name field, Tab remains inside the layer, Escape cancels, and closing returns focus to Open dialog. | Opening the due-date popover moves focus to the first date option, choosing Tomorrow updates the field, closes the layer, and returns focus to the Due date trigger. | A user opens a restricted report, sees which account is signed in, requests viewer access with a reason, then sees that the request is pending with the owner. | A user changes their phone number from review, lands on the phone page with the old value pre-filled, saves, and returns directly to review with other answers preserved. | Cancel, Escape, and Keep archive leave the archive unchanged and return focus to Delete archive. | Opening the notification drawer clears the new-notification badge while unread items remain available for later triage. | A user reads claim renewal guidance, chooses Upload evidence for your claim, and sees why that destination is the next useful service page. |
| Bad UX | A native share sheet sends a private file URL to a chat app, but the recipient cannot open it because the product never granted access. | A member tries to invite a contractor but learns after send that guests require admin approval and no request status is shown. | A user types a person name and presses Save, but no actual user account was selected. | Users can click background Delete or Navigate controls while the modal is still open. | The user scrolls and the popover stays in the old position, so it appears to describe the wrong field. | The app returns a blank screen for a restricted file, so the user cannot tell whether the file is gone, private, or opened with the wrong account. | A user selects Change address, edits one field, then has to repeat every later page before finding the review page again. | Every archive, filter, and dismiss action opens the same confirmation until users click through automatically. | A payment failure that blocks the current checkout is only stored in the notification center and never appears in the task. | Users follow a generic More information link and land on an unrelated policy collection. |
| Best fit | A user needs to share one object or a small set of selected objects with people, groups, domains, links, or device targets. | An authorized user needs to bring another person into a workspace, organization, project, channel, repository, team, tenant, or shared object. | Users assign, link, reference, invite, route, or attach an existing entity. | A short task must interrupt normal page interaction but should return users to the same context afterward. | A local control needs brief explanatory content or light editing while page context remains visible. | A signed-in user lacks permission to view, edit, publish, export, delete, approve, share, administer, or configure a resource. | A user has provided multiple answers and should verify them before a consequential submit action. | The action is destructive, irreversible, costly, security-sensitive, privacy-affecting, or externally visible. | Users receive multiple asynchronous updates across objects, jobs, collaborators, approvals, or reminders. | The current page has a few genuinely adjacent pages, services, programs, or resources users often need next. |
| Avoid when | The task is inviting a person to become a workspace, organization, or team member rather than sharing a specific object. | The current user is creating their own account or profile. | Any arbitrary text is valid. | The content is only informational and does not require blocking the page. | The content is essential instruction that must remain visible for task completion. | The user is not signed in and the next step is authentication rather than authorization. | The task is a single low-risk field with clear inline validation and an obvious submit action. | The action is routine and easily reversible. | The product has only occasional current-action feedback that a toast or inline status can handle. | Links are only loosely associated by topic tags or organizational ownership. |
| Required state | Object identity and current access summary state | Recipient entry or directory lookup state | Empty object lookup field with label, helper text, and current search scope. | Closed page state with an obvious invoking control. | Closed trigger state with visible label, icon name, or field relationship. | Whole-object access denied state. | Initial review state with grouped captured answers, relevant sections, and explicit submit action. | Pre-action state with an explicit consequential trigger. | Closed entry-point state with zero, new-unseen, and unread-but-seen counts. | Default state with a labelled, curated related-links block and descriptive link text. |
| Accessibility burden | Use labelled fields for recipient entry, role, link scope, notification toggle, message, expiration, password, download controls, copy-link, send, revoke, and stop-sharing actions. | Use labelled fields for recipient, role, scope, team, channel, message, and expiry. | Give the lookup field a persistent label and helper text that explains the expected object type. | Use dialog semantics with an accessible name from the visible title. | Use a real button or equivalent control as the trigger whenever possible. | Use a heading that identifies the access boundary and a text description that does not rely on lock icons or red color alone. | Use headings that make the review task explicit, such as Check your answers before sending your application. | Use alertdialog semantics or platform equivalent when the decision is urgent and requires a response. | Give the entry-point control an accessible name that includes new or unread count without relying only on a red dot. | Use descriptive link text that makes sense out of context. |
| Common misuse | Using Share as a one-click public-link generator without showing the link scope. | Treating invitation sent as if the user is already a member. | Treating the picker as a free text field when the system requires an existing object ID. | Using a modal as a generic container for routine information that could stay inline. | Using a popover as a hidden modal, drawer, sheet, command menu, or full workflow. | Treating authorization denial as a generic retryable error. | Using a review page that contains no captured answers. | Asking users to confirm every routine action until they stop reading. | Treating the badge count, unread count, and total notification count as one number. | Using related links as a catch-all further-reading dump. |