Where are entity access restrictions primarily enforced in the Mendix platform?

Entity access restrictions in the Mendix platform are primarily enforced on relevant database retrieves. This means that when data is fetched from the database, the access permissions defined for each entity dictate what data can be accessed and by whom.

When a user attempts to retrieve data, the platform checks the user's role permissions against the access rules configured for the entities involved. If a user does not have the appropriate permissions, the system ensures that either no data is returned or that the data returned adheres to those restrictions. This layer of security is crucial for maintaining data privacy and integrity, ensuring that only authorized users have access to sensitive information.

While other options pertain to different aspects of user interactions with the application, they do not primarily manage the enforcement of entity access restrictions. Access restrictions are specifically tied to how data is queried and which records are visible based on user permissions within the database layer. This design allows for centralized and consistent enforcement of security rules across the application.