If you do a retrieve action within a microflow(without the ‘Apply entity access’ option off) it will retrieve all the objects from the database without applying entity access.
However, if you then would display the retrieved list on a page, access rules will again be applied on that list
Is there any reason why you can’t give read rights to the user? You want to display tha data to the user, so the user HAS read rights, even if you don’t grant them in the domain model.
To me, this sounds like a possible security issue, because looking at the domain model, it looks like your user is not allowed to see something, but due to some dirty tricks, the user is still seeing it.
By the way, you can use xpath to only give access rights on a limited set of objects. You can also create your own custom security flags on the object or helper objects so that you can build your security logic in a microflow. It all sounds better to me than ignoring the access rights in the domain model.
Create a duplicate non persistent object. Then in the microflow retrieve the object copy it over to the non persistent and then show that one to the user.