Any user that is logged in will have the 'Authenticated user' role in the system context.
I don't think things like Not set are terribly well explained in the docs, but see http://docs.moodle.org/21/en/Override_permissions. Not set only applies to role definitions, doesn't it? When overriding, it is called 'Inherit'.
When you are defining roles, things are basically either allowed, or not. So, Not set means that the role does not allow it (but perhaps another role will, or perhaps the role will be overridden in a sub-context to allow it).
The rules are roughly these:
- Look at all the roles the user has here (e.g. Authenicated user in the whole system, and Student in this course)
- Do any of the roles PROHIBIT this capability? If so, the final answer is No, otherwise ...
- do any of the role ALLOW this capability? If so, the final answer is Yes, otherwise ...
- the final answer is No.