That’s a good question. As Groot is part of the ACL and ACL is enterprise. In theory it shouldn’t be possible to log in. In fact, we should understand and document what happens after expiration.
I think that maybe it just disables ACL and all data is directly accessible.