403 Error When Fetching Data from the Settings Rest Route for Non-Admin Users

I am using the /settings/ rest route to check plugin’s options and display data based on these options in the Block Editor’s sidebar (inside WordPress admin only). The code is working fine for admin users, however, for other user roles (editors, subscribers, etc.), i get the following response from the rest api:

{ "code": "rest_forbidden", "message": "Sorry, you are not allowed to do that.", "data": { "status": 403 } }

Here is the code I am using:

data.js

/* Get all the plugin Options */ export const pluginOptions = () => {   const [ data, setData ] = useState({});   useEffect(() => {     api.loadPromise.then(() => {       const settings = new api.models.Settings();       if (!data.isAPILoaded) {         settings.fetch().then((response) => {           setData({             isShowPost: response['my_options']['is_show_post'] ? response['my_options']['is_show_post'] : '',             isShowPage: response['my_options']['is_show_page'] ? response['my_options']['is_show_page'] : '',             isShowCPT: response['my_options']['is_show_cpt'] ? response['my_options']['is_show_cpt'] : '',             isAPILoaded: true,           })         });       }     });   }, []); 

index.js

const { PluginDocumentSettingPanel } = wp.editPost; import { registerPlugin } from "@wordpress/plugins"; import MyComponent from './templates/mycomponent'; import { pluginOptions } from './data'   function showPanel() {    const isPostEditor = document.body.className.indexOf('post-type-post') > -1;    const isPаgeEditor = document.body.className.indexOf('post-type-page') > -1;    const isCPTEditor = !isPostEditor && !isPаgeEditor;    const { isShowPost, isShowPage, isShowCPT} = pluginOptions();        if (isPostEditor && isShowPost) {      return true    }    else if (isPаgeEditor && isShowPage) {      return true    }    else if (isCPTEditor && isShowCPT) {      return true    }    else {      return false    }  }  const PluginDocumentSettingPanelDemo = () => (     <>     {showPanel &&      <PluginDocumentSettingPanel         name="custom-panel"         title="Custom Panel"         className="custom-panel"     >         <MyComponent/>     </PluginDocumentSettingPanel>}     </> ) registerPlugin('plugin-document-setting-panel-demo', {     render: PluginDocumentSettingPanelDemo }) 

I need to display the panel and its data for non-admin users too. I guess I can just change "manage_options" => true for editors and subscribers but that would probably expose the plugin to security vulnerabilities. So, what should be the correct way to approach this?

Please note I only want to allow users to get the data from the wp-options table, not to post or update it.