Privileged Access Management (PAM) Admin is trying to setup a new Active Directory login user to also have API access as well.  They are attempting to create a simple Target Application to test the permissions:

{
    "applicationName":"<Target App>",
    "applicationType":"Generic",
    "attributes":null,
    "description1":null,
    "description2":null,
    "overrideDnsType":null,
    "passwordCompositionPolicyId":null,
    "sshCertificatePolicyId":null,
    "sshKeyPairPolicyId":null
}

and they are getting the following error:

Bad Request: PAM-CMN-0417: Target Application <Target App> was not added or updated due to Password Authority authorization errors."

PAM Admin was running into an inheritance issue.  They defined the correct Credential Management Group/Roles necessary to perform this action.  However were only giving these permissions at the Active Directory User Group level.

They applied the Credential Management Group/Roles at the local user level, which resolved the error message above.