Allowed roles define which module role the user must have to be able to execute the microflow.
Note that these roles are only checked when the microflow is executed from the client. A microflow is always allowed to call another microflow and these roles are not checked then.