I now count three competing visibility control mechanisms:
- Putting an activity or resource into a grouping enables you to control its visibility on the course page based on the group membership of the user viewing the page, with moodle/site:accessallgroups providing an escape from this restriction.
- Permissions like mod/quiz:view control what a user can see and do once inside the activity/resource, but not its visibility on the course page.
- Blocks have moodle/block:view, which controls their visibility on the course page. If a user does not have have moodle/block:view = Allow in the Block context, the user simply does not see the Block on the course page