"Read" permissions should not hide a document, it show show the document in AccessPoint. If you remove "Read" permission for the user in question, it will not show the document in AccessPoint.
Typically we will set up two NTFS groups - one for Users and the other for Developers. The Users group will have Read access on the documents, and the Developers group will have "full" access to the document so that they can edit it and redeploy it. This is a simplified explanation, but it's the basic gist of it.
Can you send more detailed information, including screen shots of the NTFS permisssion settings for the files you're trying to restrict access on?