The most secure way for this is to govern this through entity access.
I assume your data model has two objects for this, Agent and Client, with a 1-n reference from Client to Agent, and with Agent being a specialization of System.User.
In this case, you could limit entity access to Client objects for the Agent role (I assume this is a role) using an xpath. In the entity access setup for users with the Agent role (which I assume you have for this), you can use an xpath like the one below:
[ModuleName.Client_Agent = '[%CurrentUser%]']
Where ModuleName is the name of your module, and Client_Agent is the reference name.
With this xpath, users with the Agent role will only have access to Clients for whom they are acting as agent.
As a minor addition, you'll find entity access as a tab when you double click on an entity, however it will only appear if the security level at project level is set to 'Production' .
Have you set your security constraints in your domain model? You'll have to configure security, it won't automatically know how to constrain your data.