Problem OAUTH credencial in Rest service

Hello good
I am developing a Rest Api, I have created a Flow service, a Rest Resource and I have created a RestDescriptor. This from the Designer works correctly

In the IS I have defined the OAuth2 server as you can see in the following images.

I have a registered client
I have defined a scope
I have also associated the client with the scope

I retrieve the token perfectly with the getToken service since I am using Client Credential Grant
But when I run the rest service http://localhost:5555/apirest/tirtItem/12344
The error occurs when executing outside the Designer. It always gives me the following error.

    "$errorDump": " [ISS.0084.9004] Access Denied\r\n\tat\r\n\tat\r\n\tat\r\n\tat\r\n\tat\r\n\tat\r\n\tat\r\n\tat\r\n\tat\r\n\tat\r\n\tat\r\n\tat\r\n\tat\r\n",
    "$errorInfo": {
        "$errorDump": " [ISS.0084.9004] Access Denied\r\n\tat\r\n\tat\r\n\tat\r\n\tat\r\n\tat\r\n\tat\r\n\tat\r\n\tat\r\n\tat\r\n\tat\r\n\tat\r\n\tat\r\n\tat\r\n",
        "$error": "[ISS.0084.9004] Access Denied",
        "$localizedError": "[ISS.0084.9004] Access Denied",
        "$errorType": "",
        "$service": "sicad.flow:getTirtItemByNiin",
        "$user": "713b03ec4d2f4483aa6f5fe7a3b308ea",
        "$time": "Wed Feb 24 13:57:13 CET 2021",
        "$details": null,
        "$errorMsgId": "ISS.0084.9004"
    "$error": "[ISS.0084.9004] Access Denied",
    "$errorType": ""

Can you tell me what I need to configure?

Likely need to change the permissions on the service(s) that you want to be callable from the client.

Where do you change the permissions of the services?
I am new to this by webmethods

You’ll want to review the documentation related to permissions, ACLs, groups and users.

Changing the properties of a service is via Designer. The Properties pane has a permissions setting. To select the right ACL to use for a given service, you’ll need to define one or more ACLs in IS Administrator.

Hopefully this is enough info to get you started.

Indeed, I have created an acl and I have added the user generated when creating the OAuth client and then in the Designer I have assigned the ACL that I have created to the package and it works correctly