When a folder or document is uploaded on root level Vault Admins and Project Admin will have the choice to apply Vault permissions or No permissions.
When the option Apply set permissions is chosen:
-Roles with All content permissions will have access to these items based on their current permissions.
-Roles with Custom permissions will have no access to these items until permissions have been granted manually by a Vault Admin or Project Admin at later stage.
When the option No permissions is chosen:
-All roles have no access to these items and will get Custom permissions.
Click here to read what happens when Content Admins add items on root level.