The short answer is: use the simplest, most maintainable, and most secure option that meets your need. Let’s break it down:
1. Start with Entity Access (Security Layer) : If the data itself should always be filtered (e.g., per account, role, or tenant), then the best practice is to apply constraints directly at the entity level via access rules. It makes your app more secure and prevents “accidental” exposure when someone forgets to add a constraint on a specific page
(Note : make sure to enable apply entity access in microflows)
2. Use XPath constraints in page data sources for most dropdowns : Great for simple to medium constraints (active = true, belongs to current user, etc.). XPath is database-level, so usually more performant
3. Use Microflows when logic is complex or dynamic : Use when the filtering is complex or dynamic, since they’re easier to debug but a bit heavier than XPath.
Check Mendix docs on Enitty Access Rules and Data Sources Best Practices.
If you’re debugging constraints, microflows give visibility, while XPath remains the most efficient for direct filtering.
🔑 Think of it as a ladder: Entity > XPath > Microflow.
Hope this helps !!
If you can do it with an XPath use the XPath option. The advantage of a microflow is that you can model stuff out and use a decisions for instance to return either one list or another list. For performance it makes no difference.
Regards,
Ronald