I was able to reproduce this problem and have found the cause. I consider this to be a bug in Blue Ocean: It checks the Overall/Read permission no matter in which context (folder, job, etc.) the sidepanel link would be displayed.
Global permissions are expected to not matter in the context of a folder, so the combination of not being able to grant them on a folder level, and not inheriting them from the global ACL, results in this permission check to fail if and only if you're in such a folder (or job – the same applies to jobs that don't inherit permissions).
While an argument could be made that Matrix Auth should always inherit Overall/Read (the same way Overall/Administer is – since Matrix Auth 2.0 – always inherited) for compatibility with buggy plugins, this is ultimately, IMO, a Blue Ocean bug.