Volume access is always checked first and if access to the volume is not allowed the access will fail. But here is the "catch".... Volumes are not passed that often so therefore there are minimal times Volume checking is done and consequently minimal messages seen referring to Volume access.
The bottom line is that if a volume is passed then access to that volume needs to be granted. If no volume is passed on the call then it will go to data set checking.
Details regarding Dataset and Volume Level Access can be found in section
"Data Set and Volume Level Security".
Many sites do not deal with volume checking. They use data set permits to protect data sets. If a volume is passed and the allowed volume access is CREATE, then it will always defer to data set checking.
A common practice is for sites to put the following permit in the ALL Record:
TSS PERMIT(ALL) VOLUME(*ALL*(G)) ACCESS(CREATE)
The above permit will force data set checking and never allow access on volume access alone. Other volume access levels can be granted in acid records or profiles but the above permit will make sure if a call sends a volume the call will not fail if the acid has access to the data set.