Currently the Edit access control window doesn't accurately represent the stack up of ACL policies that actually apply to an object.It does not accurately show denies. It also doesn't take into account users within orgs/groups/roles and how that all applies.
It also should show all the ACL selection options.
Our use case. We've set a deny to non-team members to establish "private" or restricted products but still allow for use of shared teams. The "Edit access control" window shows that people have access when in reality they do not. Shows a false positive making it more difficult to prove access is restricted.