Deeplink ignoring microflow allowed roles

Hi   I stumbled across this issue where a deeplink has the setting to NOT allow guest users and only certain user roles were allowed to execute this deeplink. I set these user roles via the allowed roles in the microflow settings.  But now I found out that the allowed roles setting is completely ignored and every user that can login, is able to execute the microflow behind the deeplink.   I know I can fix this by making custom logic in the microflow behind the deeplink, but I’m curious as to how this is possible.  
1 answers

This is possible because the user roles defined on a Microflow are only used to determine the users that are allowed to trigger that microflow. If the microflow is used as a sub microflow (or triggered from a Java action like in case of a deeplink), the user roles are not taken into account.

You could try and see if it helps if you enable "Apply entity access” on the microflows that are triggered as a deeplink.