Keycloak: resource rolebased acccess management issue

Input data:

• eureka (localhost:8761)
• spring boot cloud gateway service with keycloak (localhost:8765)
• developer resource service (localhost:8082)
• kecloak (localhost:8080)

Keycloak:

• created realm
• created client with auth ON
• created 2 users with 2 different roles: developer and manager
• created 1 resource for path /developer/** (it’s a prefix for my developer-service endpoint)
• created role based policy for role=developer (required!)
• created resource permission based on policy above

Case:
in browser making request

http://localhost:8765/developer/developers

logging in as manager !!!

EXPECTED:
access denied

ACTUAL:
200 with response = list of developers

QUESTION:
have i missed something ? Is this role permission filtration inside of keacloak already? Have already watched several videos and posts, some of them are based on front-end keycloak-js lib and filtration, backend @RolesAllowed. I’m just curious if it’s possible to block the request just using the keycloak admin console?