Team Permissions

I am trying to control the creation of work items and the associated trigger a workflow action:

Scenario

users are added to the project configuration Overview tab under members - these are users that open a work item or need to view a work item, are not part of the teams that process the work items

Timelines created -

Parent Team Created holds all QA and Management role users

Child Team Created for each Application Developer role users

Work Item Categories are mapped by Timeline to the corresponding Child Team for developers

The parent Team is not mapped to a work item category

The requirement is to restrict the creation of work items for the members to a specific type only

example member can create a Help Request Only

For the Parent Team=QA Role

The requirement for the child teams is to restrict Child Team=Developers and the Parent Team=QA role from specific trigger a workflow action

Implementation:

Select the everyone role and disable all values under create work item type and trigger a workflow action

Select the developer role and enable values for creating specific work item type and the associated trigger a workflow action

Select the qa role and enable values for creating specific work item type and the associated trigger a workflow action

The result is not consistent:

If I apply these modifications at the top Team Configuration level. The permissions don't apply to any team that is not specifically mapped to a work item category and it does not apply to any user added to the Members area in the process configuration overview tab

If I apply these modifications at the Timelines level the permissions don't behave properly on the Main Development timeline which doesn't contain any teams as it only contains the overall default Product_backlog which is the default for any workitem created in the project.

I can get the permissions to work on the other timelines defined as long as I don't change any permissions for the everyone role in either the Team Configuration permissions level or the Main Development Timeline.

It doesn't seem to allow permission modifications for any team not directly associated with a work item category in a timeline. Or does it seem to control the users that are added in the members area of the overview tab for the project?

It also seems that when you apply any permission changes on specific timelines they inherit any changes that are Applied to the Main Development Project Timeline and then you need to customize each timeline

I have opened a PMR and reviewed all the documentation I could find. Is there something I am missing on how these work. We need to be able to restrict users from creating some work item types based on their roles and restrict certain workflow for users that are not part of their role.