Anonymous user is assigned one role with only the following:
There is a difference in behaviour between Nexus 3.0.2 and 3.1.0.
In Nexus 3.0.2 you only see maven-central in Browse Assets/Components.
In Nexus 3.1.0 you see all the repos in Browse Assets/Components. You do not see artifacts under repositories that you do not permissions for, but the issue is that the repository should not displayed
NOTE: This does not allow users to see the repository content, just the repository names.