Snippet and lay-out security

On my desktoplay-out I have two items: - a button referring to a microflow linked to module-role A; - a snippet containing a button referring to module-role A. I noticed that both buttons are visible for users that do not have a user-role which has module-role A in it. On top of that they can be used and perfectly execute the microflow. Where do I go wrong?
1 answers

Does the microflow button itself allow access even when roles deny it? Common for logon buttons, not the default.