Module security

When I updated a module security I noticed something that I could not explain and had not noticed before. Why are not all forms, microflows etc visible in the module security? What is used to decide which forms or microflows are visible here? Some forms where shown here but not all. What process influance this?
1 answers

Only the "starting points" of user interaction are visible in that overview, because those are the only ones where security needs to be specified. For example, a form used in the navigation menu needs its security to be specified, while a form opened from a microflow "inherits" the security from that microflow (i.e., if you're allowed to call the microflow, you can automatically view the form). The same applies for microflows calling other microflows, forms containing data source microflows, event microflows (e.g., before commit) on an entity, etc.

If this wasn't the case, you could create weird situations where a user is allowed to execute a microflow, but the microflow then fails with a security error when trying to open a certain form.