Alternate homepage for specific userrole references to a page with visible for other user roles throws no error
I have a user role (1), I have a page which has security settings inside the module, and is set to be visible for other user roles (2 & 3). User role (1) in my project does not have security roles 2 or 3 in the project security settings The homepage for user role (1) is set to go to this page with visibility for other users. This user can view this page. Why does mendix ignore the security settings in the module in this case? Shouldn't it throw a 403 forbidden?
From your description this seems to work exactly the same as when opening a page from a microflow. You could make a project without any access expoicitly given to any page, as long as you open every page from a microflow.
In a way this makes sense, as a page can never contain anything that you would want to really block any user from anyway. If your security relies on a user not having access to a page, it's broken anyway.
edit: Just checked; the setting specifially says "visible for", not "accesible by" or anything like that.