After upgrading from version 3.4.0 to 4.0.1 or 4.0.2, users who previously saw in the "Access" and "Target Accounts" option only users who were in the scope of their Role, are now seeing all devices and all the target accounts.
Although they are not allowed to Access devices or see passwords, this is considered a risk for them to see these target accounts.
After 4.0.1 and 4.0.2 there was a change in the implementation to handle conflicting privileges that have caused this issue. Now to have more clear privileges specified will resolve this.
Release : 4.0.1, 4.0.2
Component : PRIVILEGED ACCESS MANAGEMENT
Include the "List Target Accounts" privilege to the Credential Manage Role that resolved the issue.