@cdpinc, this stuff is confusing at first!
There are two different content protection methods being discussed here:
1. Standard WordPress password-protected posts and pages:
This is what would work for the OP's situation. In this case, there are no changes needed to the WP user record in the admin. Instead, a password is assigned to the post/page, and then you would give that password to the users who are supposed to have access. WP governs who gets to see what. Users need to enter the password on a per-post (or -page) basis.
2. PMPro-protected posts (and categories)
With the PMPro plugin, users will get access to the protected content if they are members of the corresponding PMPro membership level. Users enter their own password (set when they create their WP account) when signing in to your site from the frontend, and then they have access to all posts for that membership level. With PMPro, there are several ways that a user can be granted access to that membership level, including what you described: the WP admin can assign the membership to the user's record in the backend screen. Admin users also need to have access to the membership level in order to view protected content. Remember that at the moment, PMPro only allows each user to belong to one membership level at a time, though there are some workarounds for this and changes are coming in the future to remove this limitation.
Basically though, it sounds like you are understanding things correctly!