If you are trying to control access to the actual URL where the Rights Managed PDF you would need to set up a way to authenticate users to allow them access ot the URL. This would be done on the web\app server, not using Rights Management ES.
You would use Rights Management ES to apply a policy to the PDF itself. A policy controls who can view (open) the document, and once the user authenticates to the RM server to open the document, RM controls the permissions that that user has for the document (i.e. can the PDF be printed, can content be copied etc...) RM cannot be used to control who can download a PDF form a URL. Policies can also control if the user must be online and connected to the RM server to open the PDF, or you can allow "Offline" access for a set period of time where the user does not need a connection to view the PDF, however the user still needs to be authenticated to view the document offline.
Regards
Steve