PAM-CMN-1599 When Attempting to Create a Device Via the API
search cancel

PAM-CMN-1599 When Attempting to Create a Device Via the API

book

Article ID: 206168

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM) CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

When using the API to create a device with the Password Management device type, the API returns PAM-CMN-1599. The device can be created without the Password Management device type set. Changing the user and API key's role to Global Administrator does not fix the issue.

Response Body:
{ "error": { "code": 400, "message": "Bad Request: PAM-CMN-1599: User Support via SupportAPI tried to add target server SupportDevice without authorization" } }

Environment

Privileged Access Management 3.3 and above

Cause

The error will occur when the user to which the API key is associated is a member of a Credential Manager group with improper privileges. In this case, the user was a member of the "Base Users" Credential Manager group, which has minimal permissions.

Resolution

To allow the user to manage target devices, add them to a Credential Manager group with the proper role. For more information about the Credential Manager role needed, please refer to the documentation.

Additional Information

Add Credential Manager Credential Groups: https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/3-4-2/implementing/protect-privileged-account-credentials/delegate-password-management-tasks-to-groups/add-credential-manager-credential-groups.html

Add or Modify Credential Manager Roles: 
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/3-4-2/implementing/protect-privileged-account-credentials/delegate-password-management-tasks-to-groups/add-or-modify-credential-manager-roles.html