This is working as designed. The main use of auto-connect is for users to be able to access a target device without having to know the credentials. In general it is not desirable to give the user access to the password when auto-connect is configured and granted. Similarly, if there is a need for password view, the expectation is that this is done for a purpose other than connecting to a target device through PAM, and the approval is for that specific purpose.
The corresponding messages, which are documented e.g. at https://docops.ca.com/ca-privileged-access-manager/3-2/EN/reference/messages-and-log-formats/pam-cm-credential-manager-messages, are consistent with the design:
PAM-CM-1128 = Password request is only approved for View (not Auto-Connect).
PAM-CM-1129 = Password request is only approved for Auto-Connect (not View).
If you have a business need for approvals that cover both types of account password use, please raise an idea on the PAM community site https://communities.ca.com/community/ca-security/ca-privileged-access-management . As of June 6, 2018 we don't see an open idea specifically for the issue discussed here.