Failed to update an untouchable user error is received when the UID or GID of the user is out of the default range listed in seos.ini or pmd.ini file.
Edit the seos.ini file or the pmd.ini file to increase the range of UID/GID that CA Access Control can administrator. The following two tokens need to be updated. Example below will allow all possible users.
"AllowedUidRange = -1,999999"
"AllowedGidRange = -1,999999"