Kong ACL Plugin - Service with more than one group whitelisted does not work as expected


We are using Oauth2.0 plugin along with ACL for authorisation & limiting access to only certain consumers for a given service. We were testing a scenario when service has two groups which need to be whitelisted. As per the documentation, you can whitelist multiple groups for a service,

It all works as expected when the config of service has whitelisted only single group, which then can be accessed by consumer having that group. The issue is when service has multiple groups whitelisted & consumer having one of the whitelisted groups try to access the service then we are getting 403 forbidden. Can someone explain this behaviour?