Hey Ricky,
Inside the BAdI Enhancement, I created an auth check method that was public so I could call it from wherever I wanted. It returned either true or false. For the client, it was based on the user logged in and their org id.
As for the post-exit, there was a bunch of code the client needed, but this is what you really need.
DATA: lo_ctrl TYPE REF TO cl_ehhss_inc_oif_cntrlr_new. FIELD-SYMBOLS: <wa> TYPE ehhsss_inc_person_involved_eso, <itab> TYPE table. lo_ctrl ?= me->core_object->mo_controller. *Call auth check routine* *hide injured person in list ASSIGN me->core_object->mt_data->* TO <itab>. LOOP AT <itab> ASSIGNING <wa> CASTING. IF auth_routine = abap_true. <wa>-per_group_desc = abap_false. <wa>-roles_desc = abap_false. <wa>-roles_short_desc = abap_false. <wa>-full_name_disp = if_ehfnd_auth_check_c=>sc_confidential. <wa>-role_sort_code = abap_false. ENDIF. ENDLOOP. *hide injured person in the tab strip IF auth_routine = abap_true. lo_ctrl->mo_ui_modifier->tab_set_tabstrip_visibility( iv_visible = abap_false iv_requires_own_event = abap_true ). me->core_object->gv_disable_delete = abap_true. me->core_object->gv_disable_sendinc = abap_true. ENDIF.
On the IF statements, you may want to add additional checks. All depends on your requirements.
Hope this helps.
Cheers,
Kevin