You can specify which users have access to files, folders, and custom objects as well as the access level by assigning members to the Access Control List (ACL) for that Vault object. Once any members are assigned to the ACL, any users requiring access to that file, folder, or custom object must be assigned to ACL for that Vault object.
Whether a Vault object has role-based security (no ACL defined) or object-based security, the security can be overridden. An override of security means that the system ACL still exists on the object but is being overriden by a newly defined ACL. This is an Override Access Control List or an Override ACL. As long as an override ACL exists, the system ACL will be ignored. If the user removes the Override ACL then the system ACL will become the new security.
Both the system ACL and the override ACL can be modified using the same dialog, regardless of whether an override exists on the selected object or not. For example, the user may choose to edit the system ACL while an override ACL already exists. This way the new system ACL is respected if the Override ACL is ever removed.