It would be great that when you create a OCH microflow/nanoflow the default module roles are taken over from the page where it is created. Limit this by the userroles which actually have read-write rights on the specific attribute
Maybe as an addition, when you create a new microflow directly from a button on a page (and you place the microflow in the same module), the module roles that have access to the page, also get access to the microflow.