It seems you might be using class level security settings, in which case your error could just be that you aren't passing the current user details correctly. You need to get the current user session token and pass it with -H "X-Parse-Session-Token: instead of trying to pass the details with --data-urlencode.
For the ACL, that applies to already created objects being editable, not to the ability to create new objects. So it has no bearing on the rest of the question. It isn't clear where you've set this ACL, but it would seem to be limiting access to an existing user that exists.
What you're doing is signing up a new user. For that you shouldn't be using --data-urlencode because you're POSTing. It appears that you're trying to do that to authenticate as one user while creating another user, but you can't. One user would need to be logged in already so you have a session token and then you would use -H "X-Parse-Session-Token: to pass it with the request.
So it seems your goal is to limit user creation to users in a specific role. To do that you should create your own function in cloud code, send the token for the currently logged in user, which is used in the cloud code to get the user and check they are a member of the role. Also send the new user username and password so once the verification is complete you can signup the new user (and return the user details).
