Great to see you post out in the community space! Thanks for your question.
The Grandfathering capability is intended for onboarding existing applications with known vulnerabilities (e.g. legacy applications) to aid in the onboarding process. The capability was designed from the use case where customers may have a large number of applications (i.e. typically legacy), and they need to onboard quickly to be able to go forward with their initiatives. Here is a link that will explain more: IQ Server Grandfathering - Sonatype Guides
For your specific question, I’d like to understand more about what you’re trying to do, so that I can offer best practice guidance. Typically, we will not want anyone to build applications using known bad components. Yes, you can technically do what you are suggesting, and you will want to understand the consequence of those actions and potential disruption to other builds.
The intersection with Nexus Repository and Firewall occurs for newly downloaded components. Normally your existing proxied components wouldn’t be quarantined (blocked) since you don’t want to cause disruption for builds that are working. Firewall will audit your existing repository and identify violations, then in Lifecycle you’d see similar violations per application, and when using grandfathering those violations would be grandfathered, since they represent existing issues.
I hope that helps to some degree.