Each post type has access controls for viewing and editing which provide more granular control than what is offered through the Permissions management page.
Edit the post type you would like to adjust the access control for, and navigate to the access control section as shown here with the default configuration:
It is important to note that view permissions set the defaults for posts of this type. Some posts may be overriding the defaults with different access settings. Changing these settings will not affect posts which have overridden access settings. However, if the defaults here are changed, all posts of this type which use the default access settings will be affected.
Editors, site admins, and system admins have full access to create and edit all types of posts. For other user roles, such as members or contributors, it's possible to configure which post types they have access to create. Some roles, such as the anonymous, authenticated, and member role by default, do not have the ability to create any type of post (as set on the Permissions page). Roles which cannot create posts cannot be configured here. Hovering over the question mark (or checkbox) for a few seconds will show a tooltip explaining this.
Here is an example of a post type configured with limited settings: by default only members will be able to view content of this type, and contributors will not be able to create this type of content: