It seems like this issue was fixed in the 7.18.0 release.
Quoting the 7.18.0 release notes: "We fixed the issue causing the built-in admin user to retain old roles when a new role was selected in the Security configuration of the app project. (Ticket 65664)"
Hi Mohammed,
Never tried the situation myself but by looking at this documentation:
'This user is always created and has the System.Administrator role by default. This module role allows any user with this role to manage your users. On sandboxes the user that created the application automatically has this role by default as well so you can use it to administer your users in that environment. This role may be helpful in case for some reason you have exceeded your user license restriction in which case you can use any user that has this System.Administrator role to login to manage your users.'
From: https://docs.mendix.com/refguide/project-security
It might make sense that the MxAdmin user always keeps the Administrator role to login and manage the users.
For example, users with the Customer role can only view Orders that are associated to the customer this user is part of. While the data that ... If an access rule prohibits write access, your client will display it as non-editable. This way you are aware, as developer, about the (correct) working of an access rule .. Tutuapp 9apps Showbox