It can be done. I would not use and grant access to a generic entity that stores files that should not be accessed by an anonymous user. Consider creating a dedicated Entity for all files to be accessible by the anonymous user.
It can be configured similarly to giving logged-in users access to a file. If you encounter problems, let us know what specific problem you need to solve.
Also, have a look at https://gyde.ai/; it is an intelligent way over JS how to guide users in your app.
Go Make It