My guess is that the users have access granted lower down the volume structure that allows them to see the root of the volume.
I would suggest that you spend some time reviewing NW security, as it has changed significantly since the 3.x days. First off, make sure that you allow only administrator staff to have supervisor access anywhere in the tree. Even if you want someone to have full rights, do not take the easy way and grant (S) rights. Grant everything but (S)where necessary to non administrative staff.
Second, be very careful with IRFs. You can lose your entire tree if you are not careful. Do not block (S) rights.
Third, related to your original question: don't grant rights to the ROOT of a volume. Those rights will flow down the entire directory structure.
Fourth, use groups and containers to assign rights anywhere except a user's home directory. This saves a lot of administration down the road. Grant access with a container if you want everyone in that container to have those rights. Use group or role objects if there are only a few that you want to grant those rights. Create an admin role object, and assign your administrators to it. Then grant that object rights to the root. That way, when someone changes job descriptions, you take them out of certain groups and add them to others, and you do not have to chase rights all over the tree. Take the admin object, write down the password and keep it in a safe place and never use it except in emergency.
Finally, be sure you understand the consequences of any change before you make it. I had a client once who killed most of his tree because he added an IRF where he shouldn't have. Fortunately, there was an object we had created for testing that he did not block and we were able to fix it.
Good luck
Steve
