Indeed that permission was set (I did check the role-permissions yesterday, but I did not find it because I did not know the specific permission) - I wonder who did that and why....
There is still one strange thing though, and I am not sure whether it is a bug or a feature:
There is a course with guest access where the accessibility to specific content is governed by group-membership. When students are member of a group, and their course-enrolment is suspended, they can still access the course and content of the group. Of course I would expect them to be able to access the regular content when logged in as a guest, but not to be able to access the group-content when logged into their account, as they would be suspended for - as I'd expect - all course content including group-content.
Or does the group-level permission overrule the course-level permission in this scenario?