Assigning roles to microflows (and pages) must only be done for client accessible microflows.
Meaning;
Any other microflow mention by Praharaj Mahaprasad Tripathy should never have a role configured. Because then they would be directly accessible by a user, which should not be the case, since they are nested for a reason and thus require context.
Answering your question: no role configured = no role has access.
Sometimes microflows inherit the security of previous microflows (for example sub microflows usually do). Mendix handle these automatically as far as I know.
Hello Haiji Du,
Setting up “Allowed roles” to empty means no users have the priviledge/access to run this microflow. As a best practice and to keep our application opened only to authorized users, it is always advisable to set up “Allowed Roles” of a microflow correctly.
However there are certain instances where setting up an “Allowed roles” to none would still run the microflow successfully. Few of them are mentioned below:
Hello Haiji Du,
Yes Indeed what you are saying is correct, any one can run that microflow. If no allowed rules are selected it will be displayed as none.
we usually do not select roles for Sub Microflows, since they are used a generic one which can be triggered from multiple microflows having different set of Allowed roles.