Moodle 2.9.1 -- Any web service function gives 'access control exception'

Following various guides, I have managed to accomplish the following: - Set up an external service using the REST API which includes the "core_user_create_users" function, - Set up a user account and assigned it to be allowed to use the REST API service I set up, - Defined a role for web service users, archetype 'authenticated user', context of 'system', - Set role to allow "moodle/user:create", and - Manually generated a token for the web service user with no expiration. Now, when I go to the built-in web service test client, select to use token-based authentication on the REST API, select the "moodle_user_create_users" function and put in the token and details, I get this: REST protocol: moodle_user_create_users URL: [...] '<?xml version="1.0" encoding="UTF-8" ?> <EXCEPTION class="webservice_access_exception"> <ERRORCODE>accessexception</ERRORCODE> <MESSAGE>Access control exception</MESSAGE> <DEBUGINFO>Access to the function moodle_user_create_users() is not allowed. There could be multiple reasons for this: 1. The service linked to the user token does not contain the function. 2. The service is user-restricted and the user is not listed. 3. The service is IP-restricted and the user IP is not listed. 4. The service is time-restricted and the time has expired. 5. The token is time-restricted and the time has expired. 6. The service requires a specific capability which the user does not have. 7. The function is called with username/password (no user token is sent) and none of the services has the function to allow the user. These settings can be found in Administration > Site administration > Plugins > Web services > External services and Manage tokens.</DEBUGINFO> </EXCEPTION> What am I missing?