On macOS 11 and 12, audio plug-ins loaded into a Juce host can’t seem to be able to open their sound resources on external volumes. The host is not sandboxed, but is properly signed and has every entitlement enabled except debugging. The package that installs the host is also notarized.
My understanding is that security-scoped bookmarks and such are for sandboxed apps only, but I may be wrong.
Asking for full disk access is a bit harsh for a DAW-like app. Is there a way to proactively ask the user for permission to access external volumes and make that preference persistent?