Is that exactly what you got from setting permissions with the Access Control Manager, settings called 'read' and 'upload' and which do not indicate which namespaces are affected? Or is this what you have set manually, by modifying the acl.auth.conf yourself?
If those are just a short-hand for
* @ALL 1
* @USER 8
then make sure your directories have the correct permissions--they must be readable and writable by the web server.