When creating an access policy with a group of LDAP devices, the number of devices in the group or LDAP is not equal to the number of devices associated in the access policy with the same LDAP group.

Less servers appear in the access policy than in the LDAP group.

What is the reason for this???

Release: 3.2.4 

Component: CA Privileged Access Manager

Working as Designed

When using Device Groups, unless otherwise specified, the concept of deny takes precedence.

The service or access method is available at the group level only if it is available at the device level.

The most restrictive policy is used when a conflict arises. It's working as designed but you can open a idea in our community suggesting to include this different behavior that you need in the product for future releases.