No the framework doens't look to what happen in the microflow, only to the allowed roles property.
If a user has rights to a microflow behind a invoke button, and the microflow tries to create a object while the user isn't allowed to create that one*, then it's rather a design error. You won't let decide the framework that behaviour for you.
N.b.: For the default new and delete button the framework will check the entity access.
*Microflows are default executed with 'apply entity access' to false. So when you let that property false, you will never get a error...