Docs for core domain model & visibility/ACLs?

Are there any docs describing the user/organization/team/repository domain model, and how visibility and ACLs behave in all possible scenarios? So far I can’t find any, which leaves it to be guessed and investigated in a tedious and time-consuming fashion.