Assets with public urls usually must be available as a publicly available system folder. This is problematic, if your website has a member only area and certain assets should only be available with respective permissions.
The internal assets plugin will allow restrict access to specific volumes. To do so, you need to activate publicUrls on the respective file system and prefix the url with /internal. The plugin will then check every access request for corresponding permissions. The respective system folder should be located outside of the web root.
Permissions can be set in the users permission settings. Read permissions on the volume need to be granted for the user to access the files.
Any feedback or issue reports for the plugin are highly appreciated.