and things worked fine.

OK.Thanks for the information.

i should either use allow or block, not both, right?

For the roles granted to the same user – Yes, quite right.
Primary role is always the 1st. It’s a way how WordPress defines a primary role – role with index 0 in a roles array.

Yes, user access model has a priority over a primary role access model.