From 2.5 onward, the modeler makes distinction between application/user and module roles. For each module, you should create new roles (under the module and then security) which match the different user roles inside that module. For example a email send module might have the module roles 'Email.EmailSender' and 'Email.EmailAdminstrator' (for smtp settings and such), while the HRM module in the same app has many more roles, such as Hrm.HRMManager, Hrm.Manager, Hrm.Employee, Hrm.BoardMember etcetera.
In the end, you can set up the globally available user roles under project > security. Here you can assign for every user role a set of module roles. For example the global CompanyEmployee role might consist of the module roles Hrm.Employee and Email.EmailSender, while the CompanyManager role exists of Hrm.Manager and the same Email.EmailSender.
So it is a bit different model, but in the end you end up managing less roles since module roles do not interfere with other module roles.
The 'undefined module' error means you have a reference left. Often such references remain in Dataview.Remove from Context property, the Visible for property of a form or the global security settings. From the error description i guess its one of the latter two.
I think I can now answer my own question.
When adding a new module, you need to create a new module role in the module security form (e.g. 'Admin'), then open the project security form and edit the user role 'Admin', select Add module role and select the corresponding module role from the new module.
When deleting a module, you need to open the project security form and Remove the module roles for that module from the user role.
Could someone confirm if this is the best way to do this. It seems a little tortuous & leaves potential for errors. Are there any plans to make this more automated, e.g. to enable user roles to be selected & imported into the module security (or is there aleready some way of doing this)? Thanks.