802.1x means that both user and machine auth has passed.
802.1x-User means that the user authetnication passed, but the controller did not see a valid machine auth within the machine auth cache timeout.
802.1x-Machine means that machine auth has passed, but a user has not yet logged in (notice the "host/" in front of the user name... that means the machine has logged into the WLAN).
Typically, the machine and user only roles would be more restrictive than the role assigned if both pass. That way, a non-domain computer can't access all of the resources that a domain computer can. You have to balance that, however, with your need to support non-Windows machines, since they either cant or at least are more difficult to join the domain.