Looking at the WordPress source code, I’d say that wp_ajax_nopriv_* fires only if you’re not logged in, and wp_ajax_* fires otherwise.
Here’s the relevant bit, in admin-ajax.php, lines 85-115 in version 5.0.3:
if ( is_user_logged_in() ) {
// If no action is registered, return a Bad Request response.
if ( ! has_action( 'wp_ajax_' . $_REQUEST['action'] ) ) {
wp_die( '0', 400 );
}
/**
* Fires authenticated Ajax actions for logged-in users.
*
* The dynamic portion of the hook name, `$_REQUEST['action']`,
* refers to the name of the Ajax action callback being fired.
*
* @since 2.1.0
*/
do_action( 'wp_ajax_' . $_REQUEST['action'] );
} else {
// If no action is registered, return a Bad Request response.
if ( ! has_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] ) ) {
wp_die( '0', 400 );
}
/**
* Fires non-authenticated Ajax actions for logged-out users.
*
* The dynamic portion of the hook name, `$_REQUEST['action']`,
* refers to the name of the Ajax action callback being fired.
*
* @since 2.8.0
*/
do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] );
}
So, if you’re logged in (ie, is_user_logged_in() is true), it runs the wp_ajax_* action(s), otherwise it runs the wp_ajax_nopriv_* actions.
If you want the same action run regardless whether your user is logged in or not, I’d recommend you hook to both wp_ajax_* and wp_ajax_nopriv_*.