Request:
Implement consistent permission enforcement for the Clarifications feature across all access points at the individual question level, specifically aligning the behavior of the right-side docked panel with the existing restrictions applied via the 3-dot menu.
Current Limitations:
- When a Veeva Team Member user is NOT assigned as an Author or Reviewer for a specific question, the 3-dot menu at the question level is correctly hidden, restricting access to certain actions such as editing questions and managing tasks.
- However, the same user is still able to access the Clarifications tab from the right-side docked panel and submit clarification questions at the individual question level — even without being assigned.
- This inconsistency creates a "back door" for unassigned users, allowing them to perform question-level actions through an alternate path that bypasses the intended permission controls.
- Multiple rounds of testing by the Veeva team (with adjusted user profile permissions to simulate the scenario) have consistently reproduced this behavior, confirming it is not an isolated occurrence.
- While the current behavior is technically by design, it causes confusion and does not align with the client's expectation of uniform permission handling across all access paths.
Proposed Solution:
- Enforce the same question-level permission logic on the right-side docked panel's Clarifications tab as is currently applied to the 3-dot menu.
- Ensure that users who are not assigned as an Author or Reviewer on a specific question are restricted from submitting clarification questions at the individual question level, regardless of the access path used (3-dot menu or docked panel).
- Alternatively, provide org-level or project-level configuration options to allow admins to define consistent permission behavior across all access points for the Clarifications feature.
Benefits to Veeva Systems:
- Eliminates unintended access to question-level clarifications for unassigned users, ensuring permission settings are respected uniformly.
- Reduces confusion for project administrators and end users caused by inconsistent behavior across different UI paths.
- Improves trust and reliability in the platform's permission and access control framework.
- Aligns system behavior with client expectations, reducing the need for workaround documentation or additional user training.
@Mike Schenone for visibility
