Experimental Design: 403 page #3741
Assignees
Labels
Comments
sterkenburgsara
added
experimental_design
|
// cc @kfink24 |
10 tasks
|
@sterkenburgsara , There is a DSC meeting on Thursday, Jan 30 at 11am. There are already 2 agenda items. I can add you but we may not get to this. What is the urgency on this? |
|
Not urgent whatsoever! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What
In the authenticated experience, we have an emerging need for a standardized 403 page to express to users when they do not have access to view a certain page or resource.
Purpose
This page is a slightly different content need than a 404 page not found or a failed API call. In this scenario, we see a user's credentials and everything is working, the page may exist, but the user does not have authorization to view it.
Usage
Scenario: A healthcare user is in the medical records tool and views a details page for an x-ray they had done on their left leg. The URL for this page has a randomized ID in the details page segment. The user manipulates their URL and tries to access a different page, or maybe types in the URL for their spouse's records into their browser. In these scenarios, they do not have authorization to view URLs that do not belong to their own medical record.
Behavior
No interactions, but we are considering keeping the My HealtheVet secondary navigation exposed when users encounter 403 errors within the
/my-healthnamespace.Examples
Figma file here.
Accessibility
N/A
Guidance
This is an authenticated pattern only. It has no relevance to the unauthenticated experience. It very closely mimics the 404 design, which my team has previously brought to the Design System Council. (Figma file for that is here)
Collaboration Cycle Ticket
N/A
Your team
Cartography Team
#mhv-on-va-gov-cartography
Research (optional)
This pattern will improve current state inconsistencies, where most teams in the health portal are reusing 500 error alerts in the front-end in this situation. Those alerts suggest there is a system error & it is the VA's fault, instead of more accurately letting the user know they do not have access.
There is no 403 design in USWDS or on UK.gov design system, but Jeana Clark pointed me to this UK page + discussion, which felt helpful & informative. In general, we followed much of the guidance in there & tried to mimic our 404 design (linked above).
Note: pointing users to a clear recovery step ("contact us" resource) feels challenging though. Helpdesks are unlikely to be able to help with this problem. Curious if DST has thoughts there.
Code (optional)
N/A
Note: since this is not a pattern needed in unauthenticated spaces, will not need it to exist in Drupal.
Next steps
You may present your work to the Design System Council at an upcoming meeting. If you do not or cannot attend the Design Council Meeting, you can opt to get an asynchronous approval.
Submit requests to join an upcoming Design System Council meeting in #platform-design-system.
During the meeting, the Design System Council Working Group will evaluate the request and make a decision.
If your request is approved, you can add your component or pattern to the system. If you have any questions on how to add your component or pattern to the system, please reach out to the Design System Team at #platform-design-system.
The text was updated successfully, but these errors were encountered: