The purpose of a compound account is to have one and only one target account in PAM that represents accounts meant to have the same password on multiple target servers. An account must not be defined on each server. Only one target account is used to update the password on all servers. Defining a second target account in PAM is wrong.
The way this set up works is discussed in the documentation page
under section "Add a Compound Target Account (Optional)".
In the compound target account you define the list of servers that should have this account updated. There is no FIRST account, there is only ONE account. As will all groups of devices sharing credentials
The way to configure access is to define a device group, make the device that the compound account is defined for a credential source, and then define a policy for the device group.
PRIVILEGED ACCESS MANAGEMENT release 3.3 and above
Use a single target account for all servers according to documentation