Sometimes SMGR permissions can work in mysterious ways and the user might need to be given permission to tasks / objects, that are indirectly associated with the action carried out.
This was the case with this problem, too.
Two additional items needed to be added to the permission mapping to make the endpoint administration properly work for the said object:
• The permission to View Communication Manager Templates; explanation: There are templates linked to each endpoint and when an endpoint is changed a query is run on the template as well, the user requires the ability to view the templates in order to the query to complete successfully. (This was why SMGR displayed the error.)
• The permission to schedule on Demand Scheduled Jobs; explanation: Necessary to be able to delete stations. The removal of stations is being done through scheduler jobs, that user has to have permissions to create.
With the current configuration of this custom role "Test-CM-Only-Change" it is now possible to create, change and delete endpoints as well.
See attached screen shot of the role.