No this wouldn’t be it.
I think the documentation may need some changes. grub2-mkconfig is unnecessary when adding a grub password using grub2-setpassword.
When you want protection in modifying and booting menu entries, you need to make one more change.
% grub2-editenv - set grub_users="root"
You can then verify that grub_users are in /boot/loader/entries/*.conf