Extended permissions doesn’t limit the user from accessing the attachments uploaded to a post/page. This plugin does have ‘Media File Permissions’, as you have already seen, however it doesn’t limit anyone from accessing that resource directly by typing the URL to that attachment. That functionality requires URL rewrite, and has nothing to do with WordPress. Its a web server feature and will have to be implemented separately against each server type. Apache, Nginx, etc. So its not as straight forward as limiting posts or pages. I do have a to do item for this feature, but its feasibility needs to be tested. ‘Media File Permissions’ is more useful in the backend, like if you don’t want users to edit or delete other users attachments/files.