You just allowed your user to view all the graphs that have been added to the default tree. The default policy defines the default access granted for a user. By adding the Default tree to the list, access to it is allowed. This is also reflected by the blue characters in front of the tree. If you change the default policy to Allow, your user will have access to all trees except the default tree and the characters will change their color to red.

Denying or allowing access to a tree does not automatically deny or allow access to the graphs configured under the tree. Although you denied access to the Customer A tree, your user will still be able to access the graphs from Customer A, as the default policy for the graphs is set to Allow. To prevent this behavior, you will need to change the default policy for the Graph Permissions (By Device) to Deny and add all the devices belonging to Customer A to the list, so your user is only able to access the graphs for these devices.

Graph Settings are user-specific preferences for the graph presentation. Preferences can be set for nearly every aspect of the graph frontend. Settings such as the thumbnail dimensions or number of graphs displayed on the tree view panel can be set. Even the font type and size for the RRDtool (not shown in the screenshot) can be changed by the user. This allows users in need of large font letters to change the font size used for printing the legend, graph title, and other data in the graph.