You can double click in domain model in Note enity. Go to the Access rules tab. In this tab you can define what rights particular user role have. In that definition you can add XPath constraint (special tab for that).
If you will write there Xpath:
[Note/Note_xxxxxuser/xxxxxUser/xxxxUser_Account = '[%CurrentUser%]' or Note/Note_UsersGroup/UsersGroup/xxxxxUser/xxxxUser_Account = '[%CurrentUser%]']
then if you for example display for particular user overview table with all note records, he will be able to see only that one where note is connected to the user gorup he is connected, or notes that are connected to that user.
You will get the same result if you will retreive it by microflow retreive action, but then you need to set “apply entity access” option in Microflow set for “True”.
There is second option – to always retreive that data in MF action or table using that xpath.
But first option (defining rights in domain model) is more secure and protects your application against displaying all sensitive data to user who should not see it. But that’s longer story... You can read about it in Mendix Academy.