Administration user management show users that are not managed
When I User management for a User Role and I select roles to be managed by a manager role – on the Account_Overview page in the Administration module I see users that are not in the roles being managed. I expected that once I set roles to be managed then users with the management role would only see users with the roles that they manage. Do I need to add a constraint somewhere to enforce that or is it expected that I will create a custom page for the manager role? The documentation for the Administration module does not indicate whether or not it is supposed to handle roles with user management specified.
If I understand your question, I think you can see those users but not edit or make changes to them. If you want a different mechanism (perhaps managers can only see employees that they manage) you'll need to build that in you app. Best practice for that is to create a specialization for administration.account in one of your modules and then build the security structure you need. When doing this, the user role level restrictions still apply, so you'll have a couple of layers of security.