How to secure a document in the file system

I have PDF document in the folder system with a link from a node.
I would like that only user with a CERN account can access this PDF.

Of course I can restrict the node access, but not the PDF file itself. Should anyone know the URL to the PDF would get access to it.

I have seen other Topic about this: Cannot access file which is placed in the file system, but again, the file itself is not protected.

Is there a way to restrict the access to a specific folder (e.g. “files/secure”) to CERN account holders only?

I cannot set access authorizations from my webdav mapping under Windows not from web interface.

Thanks for any idea about this.


Drupal doesn’t allow to protect files by folder basis.
Instead it has the concept of Public files and Private files,

Basically during the Content Structure definition, when you have a File field instance, you can choose if you want to store those files on the public file structure or in the private file structure. (normally public by default).

If private option is selected, then the file will follow the same permissions as the content it’s attached to, and even accessing the url won’t work.

Please note that uploading the files directly on the private directory using webdav doesn’t have the same effect, it needs always to be uploaded using Drupal and with the Upload destination as Private.

Hope that clarifies your questions.


Dear François

Take a look at the following module:

provided “two useful features which Drupal itself is missing: a simple permission to allow downloading of private files by role, plus the ability to combine both public and private downloads”.

Compatible 7,8,9, Stable releases and covered by the security advisory policy.

We use this module with roles and work well, I never test for a single user.

Best regards