While configuring a new policy for a user, trying to save it results in error
PAM-CMS-073: Attempt to add a target account XXX to a policy that does not have access to it
and the account is not added
CA PAM multiple releases
Usually this error is caused by some inconsistency in the assignment of the policy.
For instance when a policy is assigned to an individual user to access a device to which it has already access via a device group. It is also possible that through different group memberships and device assignment, a target account is assigned to a target device to which it is not properly associated.
But there may be other situations in which this is happening.
It is recommended to delete target account, target device and policy and carry out the assignment from scratch. If the assignment is made directly to a device belonging to a device group, it is recommended that it is made assigning the policy to the device group, not the device.