With z/OS v2.5 on a system running Top Secret  STGADMIN.SMS.ALLOW.DATASET.ENCRYPT ACCESS(NONE) really means no encrypting now.  

Under v2.4 of z/OS adding that  STGADMIN resource defined with ACCESS(NONE).  

Under v2.5, users are receiving the following: 

TSS7250E 151 J=xxxxxx A=xxxxTYPE=IBMFAC RESOURCE=STGADMIN.SMS.ALLOW.DATASET.ENCRYPT      
TSS7257E Unauthorized Access Level for IBMFAC <STGADMIN.SMS.ALLOW.DATASET.ENCRYPT>          

Need to give  ACCESS(READ) to a specific ACID and it works correctly for them now.  Did something change.

Release : 16.0

With z/OS 2.5 release IBM has enhanced Catalog and IDCAMS.  
Enhancement include "The IDCAMS DEFINE MODEL parameter support is enhanced to model the KEYLABEL parameter."

If the job does not specify the encryption KEYLABEL in the DEFINE of your new dataset, it will inherit 
the KEYLABEL of the MODELed dataset. 
So you are still creating an encrypted dataset, and will need READ access to STGADMIN.SMS.ALLOW.DATASET.ENCRYPT.