By default you can view all the ACLs inside the catalog.nsf however it is not accurate because if a user is part of a "group" and that "group" is assigned explicitly in the .nsf ACL it does not reflect in the catalog.nsf.
This can be reproducible:
-Create a new .nsf (any template).
-Create a new group and add a test user.
-Modify the ACL of the created .nsf and add explicitly the group where test user belongs. Make sure that test user is not listed explicitly in the ACL.
-send the cosole command "load catalog"
-Open the catalog.nsf and go to Access Control List > By Name.
-Under this view locate the test user, you will not see the .nsf.
In this view you will not see the applications/.nsf where the group of the user is explicitly listed.
Summary: In catalog.nsf > access control > By Name. you can only see the ACL of the user which he/she is explicitly added. You cannot see the ACL of the database where he/she is under a group and that group is explicitly listed.
This should be an enhancement request to also include in the view By Name all the applications where the user is part of a group.