Query access is mediated entirely by references and cryptographic keys. Having both of these is the definition of ”having access rights.”
Reference (e.g. content address)
Decryption key (e.g. AES-256 symmetric key)
The Web Native File System (AKA ”WNFS” — found in its own section of this whitepaper) is built on top of this style of read access, by using a technique known as “cryptrees“.
In the private section, each directory contains pointers and keys for all of its children. As such, granting access to a directory also grants access to all of its children. This is granted “merely” by the parent relation.