Are you on Portal Engine or MVC? Looks like Portal Engine
If on Portal Engine, if your file is in the media library, you can only use permissions on the ENTIRE media library via role.
If you use the CMS.File (where you visit the file's url to retrieve the file) then you can add ACL permissions on the File node itself in the content tree.
If this is MVC, you can still do a "CMS.File" type of scenario, and use my Kentico Authorization module to add permissions to those who can access the Controller+action that would serve up this file.