I have a usecase where

1) almost all of the og group content (nodes) need to be visible only within the group.

and

2) some (having an assigned taxonomy term) of the nodes need to be public
3) users cannot be relied on or permitted to make this determination

I am imagining that I will need to use the Taxonomy Access Control module and I understand that there are some important/significant configuration steps that need to be accomplished to get it to play well with OG.

If I choose this path, will TAC simply hijack and override the OG access node visibility settings or will I have to actually permit the nodes to be visible and then limit their visibility with TAC?

Since I am only guessing at the approach, I'm not sure if the question even makes sense. Does it?

Is this even the right approach? If not, does anyone know the appropriate approach for the usecase above?

Thanks