The behavior you're observing suggests that the "Available For" and "Not Available For" settings for catalog items in ServiceNow might not be working as expected. Generally, the "Available For" field should restrict access to the catalog item to only those users who meet the specified user criteria. If a user does not meet any of the user criteria listed in the "Available For" field, they should not see or be able to use the catalog item.

Possible Reasons and Solutions:

1. User Criteria Configuration:
- Ensure that the user criteria conditions are correctly defined. Verify that the criteria accurately reflect the users who should have access to the catalog item.
- Check for any overlapping conditions that might unintentionally grant access.

2. Caching Issues:
- Even though you mentioned clearing cookies, there might still be caching issues at play. Clear your browser cache and also clear the ServiceNow cache by navigating to `System Diagnostics > Cache > Clear All`.

3. Service Portal Settings:
- Sometimes, Service Portal settings might override catalog item restrictions. Verify the configuration of your Service Portal to ensure it respects the user criteria settings.

4. Roles and Permissions:
- While you mentioned that the "itil" role is not used, ensure that there are no other roles assigned to the test user that might grant access inadvertently. Double-check all roles and permissions assigned to the test user.

5. Catalog Item Settings:
- Review the catalog item settings to ensure there are no misconfigurations. Double-check the "Available For" and "Not Available For" fields for accuracy.

6. Scripted Access:
- There might be custom scripts or business rules affecting access. Review any customizations that could impact the visibility of the catalog item.

Verification Steps:

1. User Criteria Test:
- Create a new test user with no roles and ensure this user does not meet any of the user criteria specified in the "Available For" field. Verify if this user can access the catalog item.

2. Catalog Item Conditions:
- Temporarily remove all user criteria from the "Available For" field and add the test user's criteria to the "Not Available For" field. Check if this works as expected, and then revert the changes.

3. Logs and Debugging:
- Enable debug logging for the `com.glideapp.servicecatalog` module to capture detailed information about the access checks being performed. This can help identify any issues with the user criteria evaluation.

Example Troubleshooting:

1. Clear Cache:
- Navigate to `System Diagnostics > Cache > Clear All` and then clear your browser cache again.

2. Simplify Criteria:
- Simplify the user criteria temporarily to a very basic condition, like a specific user attribute, and test with a user who does not meet this condition.

3. Portal Restrictions:
- Check the settings in `Service Portal > Service Portal Configuration` to ensure there are no global settings overriding individual catalog item restrictions.

4. Review User Criteria:
- Go to `User Criteria` (`sc_user_criteria`) and review the criteria definitions. Make sure there are no unintended matches for the test user.