Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt

Use this file to discover all available pages before exploring further.

The Internal Controls page at /pm/internal-controls provides a date-filtered view of override and approval events drawn from the pm_audit_log table, supporting separation-of-duties review.

Overview

The page queries pm_audit_log for the current organization within a user-selected date range, then filters the results to rows that represent override or approval events: entries where action equals "approve" or "override", or where the new_values JSON object contains override: true or approved: true. Matching rows are displayed in a table with columns for Timestamp, Action, Entity (table name), Record ID (truncated), and User ID (truncated). Users without pm.audit.view see an access-denied alert; the page does not render the table at all. The default date range is the 30 days prior to today.

Who it’s for

Requires pm.audit.view (PM_PERMISSIONS.AUDIT_VIEW). The permission is checked both at the route level (RequirePermission) and in the component itself via useHasPermission.

Before you start

  • Your role must include pm.audit.view.
  • Override and approval events must have been generated within the selected date range for the table to show data.

Steps

1

Open the Internal Controls page

Navigate to /pm/internal-controls. The page loads with the default date range (last 30 days).
2

Adjust the date range

Use the From and To date inputs to change the window. The table reloads automatically when either date changes.
3

Review override and approval events

The table lists every matching audit event with timestamp, action type, affected table, truncated record ID, and truncated user ID.

Key concepts

Override event — An audit log row where action = "override" or new_values.override === true. Approval event — An audit log row where action = "approve" or new_values.approved === true. Separation of duties — The principle that the person who initiates a transaction should not be the same person who approves it. This page surfaces approvals and overrides to allow a reviewer to identify whether the same user both created and approved/overrode a record.
When no override or approval events exist in the selected range, an empty state is shown with the message “No override or approval events in this range. Try a different date range.”
A destructive alert with a sanitized error message appears above the table if the audit log query fails.

Practice Management

Overview of the Practice Management core.

Governance & parity

Documentation coverage and governance.
This page documents shipped product behavior. It is not medical, legal, or billing advice. Verify against your organization’s policies and applicable regulations before using it for clinical, compliance, or billing decisions. Protected health information (PHI) shown in the product is governed by your tenant’s access controls and is never exposed in this documentation.
  • src/routes/pm.tsx
  • src/cores/pm/pages/InternalControlsPage.tsx
  • src/cores/pm/hooks/useInternalControls.ts
  • src/platform/permissions/constants.ts