Yes, you will need to assign each of those users individually to a role. Only users can be a assigned roles, though the role can be assigned in different contexts.
It could be a system level role, or it could be a category level role, which might work better if you have those hidden courses in certain limited categories and you want to control the anonymous so they can see some hidden courses but not all hidden courses.
Using a system level role would mean they could see all hidden courses everywhere in the system without any limit to which categories those courses are in. Which may or may not be what you want.