Secure downloads and non staff users

[GCA Black]

I've implemented the secure downloads setting. If I log in with a user that has staff or admin privileges all is fine, but logging in with a user account that has neither gives a 403 error, is there a best practice for allowing logged in or regular users to view secured files w/o giving them staff or admin access? Thanks!