Set up ACL Plugin

Im using Konga for monitor Kong. I setup ACL plugin like this:
Group consumer:


Credential consumer:

Setup ACL plugin for route:

After setup like this, Accessiable Routes tab of consumer already have my setted up route
But when I call API catch: “message”: “You cannot consume this service” response message with 403 Forbidden error code, apikey be setted in header or param is the same result
What did I do wrong?

You did not include your key auth plugin config on the service/route shown here yet either. ACL plugin by itself is not enough.

Your idea is to add the ACL plugin and the key auth plugin at the same time?
I did that but I see that doing so only has the key auth work and the ACL has no effect.
When I turn off or turn on ACL while turning on the route’s key auth plugin, the result is still the same.
I think ACL must take credential of consumer for authentication and authorization, right?