Page still visible for user with incorrect role

I created a new app to test some things and noticed that when selecting the “Administrator” role and deselecting the “User” role for the home page that the user can still access/view the page.  After logging in as MxAdmin, I just use the widget to select “demo_user”.  I expected the page to be blank (again, just testing), or give an error, but nothing happens.  Why are “Visible for” roles ignored in this context? Is that because the roles only affect data on the page and not the page itself?  Or perhaps the widget is bypassing role-based visibility security?
1 answers

the default home page will be accessed by all user roles until a rolebased homepage is defined.

Not limited to security settings.

Although, the moment you add data to the homepage, all userroles using the default homepage, must have at least read access to data shown.