While configuring a new policy for a user, trying to save it results in error

PAM-CMS-073: Attempt to add a target account XXX to a policy that does not have access to it

and the account is not added

CA PAM multiple releases

Usually this error is caused by some inconsistency in the assignment of the policy.

For instance when a policy is assigned to an individual user to access a device to which it has already access via a device group. It is also possible that through different group memberships and device assignment, a target account is assigned to a target device to which it is not properly associated.

But there may be other situations in which this is happening. 

It is recommended to delete target account, target device and policy and carry out the assignment from scratch. If the assignment is made directly to a device belonging to a device group, it is recommended that it is made assigning the policy to the device group, not the device.