Thanks for your posting!
No Access would apply to all users and you would need to set the permissions for all users then. This is the whitelist approach that works well if you have many users and only a small(er) subset of your users should get access to select projects. A blacklist approach also works well in many cases and this means leaving the default access as
Global Role and then denying access to select users or groups (by overriding the access to
No Access for the user or groups).
In general, if you have many users and you can easily categorize them into groups (e.g. internal team, a client, etc.), I can also recommend using user groups for managing permissions. This makes it much more convenient to work with larger sets of users.