Assets with public urls usually must be available as a publicly available system folder. This is problematic, if your website has a member only area and certain assets should only be available with respective permissions.
The internal assets plugin will add an additional volume type, that will prefix the public path with /internal and check every access request for corresponding permissions. The respective system folder should be located outside of the web root.
Permissions can be set in the users permission settings. Read permissions on the volume need to be granted for the user to access the files.
Please note that this plugin is currently in beta and some edge cases might not work yet. Any feedback is highly appreciated.