GITBOOK-383: ACL allowed users vs location allowed users clarification

Author: defguard-community

enterprise/all-enteprise-features/access-control-list/README.md

@@ -106,6 +106,12 @@ In Defguard, sources can be defined as one of three object types:
 
 Each ACL rule in Defguard is intended to fully define access to a specific resource, you must therefore always include at least one allowed source.
 
+{% hint style="warning" %}
+This setting is independent from the default location-level [**Allowed groups**](../../../admin-and-features/features-and-configuration/wireguard/create-your-vpn-network.md#allowed-groups) configuration. 
+
+If you give a user access to some resource through an ACL rule, but they do not have access to a given location, they still won't be able to access it, because they'll be unable to establish a VPN connection with the gateway.
+{% endhint %}
+
 ### How to define your ACL ruleset
 
 Access Control List (ACL) rules in Defguard are used to manage **who can access specific resources** across your network. Think of each rule as a clear instruction that says: _“These users or devices are allowed to reach this resource - and optionally, these others are not.”_