Seems strange that Roles doesn't have a built-in setting to configure a redirect/default page if authorization fails.
In other words, a user can authenticate (Forms), but since the user isn't authorized to view a resource because of a role restriction (ex. Admin role only), the default behavior is to go back to the login page with absolutely no feedback.
Yes, programmatically handling this is the recourse, just seems odd. Not even sure if it's safe to keep redirecting to the login page (re: multiple logins).