Type-level access control restriction "no access" is working for some roles, such as the default defined "cataloguer." But the "administrator" role (that has "is administrator" checked) can see the "no access" type.
Administrators can see everything. Those restrictions are ignored when is_admin is set.
When is_admin is unchecked the "no access" type is still visible.
The issue was Admin being in additional groups that had privileges to the types.