Manually editing QAS configuration files controlled by VGP (4288188)

Can QAS configuration files (e.g. users.allow, users.deny, user-override, etc...) which are being populated by VGP have additional entries that are added manually?

Yes, the configuration files can be edited manually even when entries are being pushed down from a global policy. The VGP component will not overwrite your configuration when updated, instead the entries from the policy that have been changed will  be added or removed from your configuration file and the other entries will not be touched.