What are you trying to achieve by preventing user from downloading a CAD file from dataset named reference. Is your end goal to prevent user from downloading and then carrying the file outside the controlled environment?
Well, whatever your end goal, it never enough to only prevent user from downloading a file from dataset named reference. If you really want to make it a secure environment, then only way to achieve that is to revoke READ access to the dataset itself. Otherwise user can always open a file in CAD tool and then do save-as/export outside the CAD environment.
You may get somewhere by using DRM solutions, but I am not an expert on those.
NX 11 | SW 2016 | Creo 4 | TcUA 11.4
Evaluating: AW 3.4