According to mine you could also allow the access to /report/ via just one account, f.e.
- user "report" with password "report_345_xy/6G"
In this case you would grant access to everybody to /public/ and additionally access to /report/ to all people who logged in with user "report" and password "report_345_xy/6G". So, compared to your requirement, people additionally need to type in a user name.
But I am not sure whether unlimited login of people with same credentials is possible.