If I understand you correctly I think you can leverage the access right system to get your desired behavior. As long as "Security role" is checked for a visitor group it's avaible when setting access rights.
So if you configure your content items to only have read access to the appropriate visitor groups, would that achive what you want? Depending on what kind of list you are using to display the result, you may need to do a manual access right filtering.
While the personalization inside WYSIWYG editor is great, we have a case where we have content items that are being referenced in a list, e.g. homepage has a lost of banners, whereby each banner is a content item in the CMS tree.
When you assign the banner item to the list field, is there a way to personalize by the items in the list, or something similar?