Entity Security is the process you are looking to enforce in your application, and it is extremely recommended by Mendix (if you consult them).
You can edit the Access Rules for each entity in its corresponding Domain Model. Select the XPath constraint tab. You can constrain entity objects to either the current user, or the owner (creator) of the object. You can use the "Path to user" button for easily setting these up.
This also works in tandem with using the "Apply entity access" flag on each Microflow. It is highly recommended that you flag all of you main microflows (not subflows or scheduled events).
Here's some more documentation for you.