Whitelisting approach was used to make sure developers do not forget to add resource to allow store admin manage access to section. But I agree that there are inconsistencies:
resource attribute might be obligatory or
non-existing section should be forbidden by default
@mage2pro
Could you please add the description of steps, actual result and expected result to this ticket?
It will help other community members to find this problem when they use GitHub, which is, unfortunately, impossible when the full description is placed on the external resource.