- to ensure users don’t get to see data they don’t have access to. For example if you have a button calling a microflow retrieving all orders without entity access and export them to an excel/csv/pdf, customers will see all orders instead of only their own.
- to ensure users can’t manipulate data they don’t have access to. If you provide a button calling a microflow that retrieves all orders and changes an attribute / association without entity access, Mendix won’t complain.
- to prevent errors. If you retrieve an object without entity access and a user doesn’t have access rights, the user will end up with an empty context object if you pass that object to a page with a dataview, while the microflow does retrieve an object so you can’t show an error message depending on an object being found or not.
- performance maybe: if you retrieve without entity access you could end up with large lists slowing a process down, while with entity access you retrieve the subset a user has access to.
There’s probably more, but this should already demonstrate the valid use of entity access in a microflow. In microflows behind buttons that retrieve and manipulate data, and in data source microflows, the question should be when it’s valid not to enable entity access.