Self Service Allow/Block

I want to know if we allow users to create there own allow/block lists, if they allow an address does that bypass all the checks in the same way that the admin allow list does? We are reluctant to allow users to add allow entries if they bypass malicious url or attachment checking.