LDAP group import using the Rest API, POST /cspm/ext/rest/ldap/userGroup, only appears to work if the API key used has global administrator privileges. The User/Group Manager role is not sufficient, although this role can be used to import the same LDAP user group interactively using the UI. We do not want to assign the global administrator role to the API key used for the LDAP user group imports, since it has too many privileges. We need the Rest API to work with the same privileges as the user interface.
Release : 3.4
Component : PRIVILEGED ACCESS MANAGEMENT
The Rest API checks Credential Management privileges as well, and the API key used did not have a CM group assignment.
With this role the API key will be able to import LDAP user group using the Rest API.