The access control is being based on the container, which appears to have an access control of "Everyone". Thus, in essence, the document has "Everyone" set for it's access controls. Everyone meaning any person that has the ability to view, update, modify record access, destroy rights, and contribute contents, based on their profile.
IF you were to change the access controls on the container, you would see the document access controls change also.
Understand the concept and rationale but why misuse the word everyone if it is caveated based on profile and other configuration settings. If Update Record Metadata is based on container and limited to 'everyone' in the Owner Location, why doesn't TRIM simply update the access control to reflect the Owner Location name rather than the misleading term on 'everyone'. Is this a bug or an enhancement request?