The only thing about this way, is that you cannot give access to individual files afterwards.
Think of this as a one lock, and the individual file access as another lock.
If you give someone the "key" to the individual file access lock, they would still not have the "key" to the all dataverse-wide file lock. They would need to have that key, as well, but then of course, they'd have access to all dataverse files that do not have individual locks.
I hope this is not too confusing; basically the two locking systems were designed to work independently - either you lock all files OR you lock individual files. We have yet to include a way to lock all files, and then give individual access to some of those locked files.
Clearly, this would be useful and something we need to consider for a future release.
Gustavo