Here, let me help you visualize the issue:
This is what we mean when we say "inheritance branching"- all of your groups are not connected in a single line. The ULX targeting system does not work well with these kind of setups, unfortunately. It's a known limitation we plan on addressing in ULX 4.
The reason why this doesn't work is, well, let's focus on your can_target for 'dtrialmoderator'. Currently, you have it set to '!%moderator', which means that 'dtrailmoderators' can't target anyone in the group moderator, or any group that inherits from moderator (this is what !% does, the ! just inverts it). So in your terms, it's saying "dtrialmoderator can't target moderator and dmoderator". However, this says nothing about operator, noaccess, or any of your other groups.
Now, you would think you could just specify '!%moderator,!%admin' so that 'dtrialmoderator' can't target moderators or above AND admins and above, but the comma is a SET UNION operator (in terms of players you can target), and the end result is that they cancel each other out, and they'll be able to target anyone.
So, the first (less messy) solution would be to line up all of your groups so they inherit in a single line. This obviously puts some restrictions on which levels you give access to for certain commands (e.g., if you were trying to put operator between donator and trialmoderator, but you wanted operator to have a specific command that you don't want trialmoderator or higher to have, and you don't want operator to have all of the commands that trialmoderator has).
But, you can work around that problem by using groupdeny: In my example, you would give operator the command you want, then groupdeny that command at the trialmoderator level. EDIT: groupdeny only removes existing access to a group, not inherited. I should be slapped for forgetting that. This functionality exists on a per-user level though.
The other solution which allows you to keep this branching inheritance requires you to manually specify and maintain a list of groups each group can target.
It's a bit tedious to set up, and even more tedious to maintain if you change your group structure, but it is fairly straightforward. Basically, for each group, you just keep a list of all of the groups you want to target using the # operator. To get you started:
This will let user and noaccess (if you want) to only target themselves.
... and so on.