As advised in the docs related to the Request Types restrictions feature here, this feature works in such a way where you need to add the users, groups, customer accounts or organizations you wish to give access to the Restrictions section of the specific Request type.

But in the cases where an instance has many groups, organizations, etc. it'll be useful to simply add such customers that you don't want to have access to that particular request type to a Blocklist.

If this Feature is allowed to work both as an Allowlist and a Blocklist it'd allow such granularity so that you can really define complex security/permissions scenarios in instances involving many groups and organizations.