User Level Views for App Functions

Hello,    I am looking to build a function where external users can bid on projects for a client. My question becomes is how  should these users profiles and details at a domain level be built to ensure that there is no accidental sharing of information across users, for example seeing what another users bid price is.    I know I can do an XPath to user for this, but is there any additional steps that should be taken at a user or domain level.    Any recommendations are appreciated. 
1 answers

Entity access should indeed be set so that the user only can see the data where he or she is the owner of. And do make use of the Bizzomate devtools module:

With that component you can easily see if you have made security mistakes.