Drupal references in ACL settings
In the ACL settings, Drupal is still referenced:
IMPORTANT: The Drupal permissions for 'access all custom data' and 'profile listings and forms' override and disable specific ACL settings for custom field groups and profiles respectively. Do not enable those Drupal permissions for a Drupal role if you want to use CiviCRM ACL's to control access.
Also on the main ACL page:
ACLs (Access Control Lists) allow you control access to CiviCRM data. An ACL consists of an Operation (e.g. 'View' or 'Edit'), a set of Data that the operation can be performed on (e.g. a group of contacts), and a Role that has permission to do this operation. Refer to the Access Control Documentation for more info. Note that a CiviCRM ACL Role is not related to the Drupal Role.