The only reason I can imagine that happening is if the iframe is wrapped in a check to see if the user is logged in. As @s_ha_dum said, WordPress login isn’t tied to directory permissions in any way, so just make sure that when the iframe is displayed in the theme it isn’t inside any is_user_logged_in()
or current_user_can()
checks. Just a hunch. It’s impossible to know for sure without code.