The 4Suite repository's access control list (ACL) quirks can be confusing. ACL is just a list (a dictionary, rather) of permissions that apply to a certain resource. You can say that a resource is readable, writable, etc. only by certain users, or members of certain groups, or everyone.
Each resource in the repository may or may not have an ACL. If it does have an ACL, then only the permissions set in that list apply to the resource. If it does not have an ACL, then it inherits the permissions of its parent.
In this message in Nov 2002, Mike Brown complained about how unintuitive the behavior of the '4ss set acl' command was. Mike Olson responded with this helpful explanation, which includes some examples of how it's still confusing, even if you know what's happening. Since then, the command's output has been updated to show which permissions were inherited.