Symfony 2.3.1
PHP Version 5.3.15
Apache Server

i will explain the scenario

FIRST
y have tree routes.
1
users:
path: /users

2
users_table:
path: /users/table

3
users_new
path: /users/new

and a access_control for those on the security.yml file

/users/new: ROLE_SUPER_ADMIN
/users: ROLE_ADMIN
/users/table: ROLE_ADMIN

SECOND

when i go to /users logedin like ROLE_ADMIN

it renders a twig template that contains the next two routes.

// file : users.html.twig

{{ render(path('users_table')) }}
{{ render(path('users_new')) }}

and the final render show the users_new template, but this is ROLE_SUPER_ADMIN SECURED

it could be fixed adding security to twig template or the controller, but i dont think that is a good solution for that.

isn't it a bug?

Best Regards