If authenticated can access, then you donāt need to have the admins on the class permissions. They would be getting through that layer and then the permissions on the single items are what prevents them from accessing it.
See securing with roles:
...
ACL: {
"role:admins" : {
"write": true,
"read": true
}
}