We can store permission levels (public/private) with each URL in the database. We can also create a separate table to store UserIDs that have permission to see a specific URL.

If a user does not have permission and tries to access an URL, we can send an error (HTTP 401) back.

Given that, we are storing our data in a NoSQL wide-column database like Cassandra, the key for the table storing permissions would be the Hash (or the KGS generated key), and the columns will store the UserIDs of those users that have permissions to see the URL.