Guess I've never taken this approach before. I've always just assigned permissions to users in roles. I don't believe you'll get to assign any permissions to a non-authenticated user or role because you can't really check that.
What I'd test is assign permissions to the "Public" user then check if the user is the public user OR not authenticated OR if the user is Public and assigned the role(s) you specify and then perform you actions. Not saying it will work but its worth a test.