I am totally confused by the behavior of the auto fulfillment of Business Roles in IG 2.5.1. It looks like it only works for removal of permission?!

I have an IDM with 200 Users and an LDAP driver called "LDAP IG" (with entitlement packages).

What I have done prior in IDM:
- created 2 Roles in IDM: "LDAP IG Role 001" and "LDAP IG Role 002"
- assigned "Andrew Contreras" and "Andrew Maxwell" to "LDAP IG Role 001"
- assigned "Andrea Johnson" to "LDAP IG Role 002"

Then I imported the IDM permissions by adding an Identity Manager AE Permission collector. I set auto fulfillment informations everywhere and collected and published the application collector. The result was expected: the Andrews had "LDAP IG Role 001" and Andrea had "LDAP IG Role 002" permission.

After that I tested Business Roles and auto fulfillment by doing the following:
- added Business Role "IG BRole 004", added permission "LDAP IG Role 001" and application "LDAP IG", included users "Andrea Johnson"
- published "IG BRole 004" -> manual fulfillment task to add "Andrea Johnson"
- removed "Andrea Johnson" from "IG BRole 004" and added "Andrew Contreras"
- published "IG BRole 004" -> nothing happend
- removed "Andrew Contreras" from "IG BRole 004" and added "Andrea Johnson"
- published "IG BRole 004" -> "Andrew Contreras" is removed from "LDAP IG Role 001" by auto fulfillment
- collected and published the Identity Manager AE Permission collector
- added "Andrew Contreras" to "IG BRole 004"
- published "IG BRole 004" -> manual fulfillment task to add "Andrew Contreras"

So, auto fulfillment is only working for removal? I am confused. Can anyone explain what happens? I cannot find any errors in the log files.