So one of the projects I am working on is not open source (I know, I know)... that led me to realize I needed to provide both private AND anonymous access to my repositories -- depending on which repo.
A bit of googling and I came across this page. I mostly followed his instructions -- but here are a few sidenotes in case you go to try it.
In step #2, be careful about long names. When I got to step 3, I couldn't tell "Anonymous Public Snapshot Repository (read)" apart from "Anonymous Public Snapshot Repository (delete)" since they both looked like "Anonymous Public Snapshot Repositor".
I didn't do the last half of step #5 or step 6. Instead, I went into the user dialog and removed the permissions that the "anonymous" user originally had and added in mine instead.
Here's some screenshots...
This is the "Private Role"
You can test it by logging out then trying to look at the repositories. You click on the private ones and it says access denied. Public ones are still accessible.