RE: Security task to view asset metadata only

Ok thanks for the explanation.

I had already tried that, but it just gives the message "Anonymous is not permitted to perform the Feeds_DownloadPackage task for the current scope.". This when trying to hit the URL like "https://mypackages.corp.com/endpoints/server-isos/metadata/gold-master.iso" I thought it was curious it says 'DownloadPackage' specifically when I wasn't trying to download. After granting the download permissions I then see the expected metadata response, copied below, using the above URL.

{
"name": "gold-master.iso",
"size": 5536286720,
"type": "application/octet-stream",
"content": "https://mypackages.corp.com/endpoints/server-isos/metadata/gold-master.iso",
"md5": "583fa95fa343bf17d9900292001a3bda",
"sha1": "9e569930948b38b46f63518f6399af700c034095",
"sha256": "9976b3e125050542ca50de3c7347d132113834edc151c64c55f9e30bc4d2160f",
"sha512": "8962ccd82d4898a84d11cb218b6a9b1d8aa6c96712a87cc1965aebd4a7534e09daeec29cbee8f097bebf423e136b2384e87dcd2089d2ca4bf361afbb98b4168b",
"created": "2023-03-27T20:18:33.697Z",
"modified": "2023-03-27T20:18:33.697Z",
"cacheHeader": {
"type": "Inherit"
}
}

Is this possible? It seems the 'Download package' task grants permission to view metadata. I would like to allow anonymous users to view metadata of the files in a particular asset directory, without them being able to download the files.