In a scenario where you give access to a microflow to your administrator but not your user, for example, if you place a button calling that microflow on a page, your administrator will see the button and your user will not.
If you do not give any access to a microflow which you use within your pages Mendix validation will trigger and won’t allow you to build it.
If the microflow is used on events being triggered and you do not have access to the microflow when you trigger the event, a security error gets displayed.
The access is further extended to any calls via the client API, but I assume you are not asking in regards to the API.
Hope this helps