Trouble creating key/CSR through iControl as user with Certificate Manager role

In my environment, a user with Certificate Manager role does not have any issue creating a key, so I would say the issue is not related to user's permission.

Perhaps the error is due to contradicting locations of the key. The line number #3 says that the key is located under /Common (because you did not add the path) but the partition in Line #5 is pointing to somewhere else. You do not need to specify "partition":partition in a key generation request (the tmsh equivalent command does not have that option). Just use the name: /Partition/keyname.key. For example,

curl -sku admin:<pass> https://<host>/mgmt/tm/sys/crypto/key \
  -X POST -H "Content-type: application/json" \
  -d '{"name":"/TestFolder/sat.key"}'

for generating the key 'sat.key' under /TestFolder.

Also, commonName (Line #4) is not necessary for key generation (and to my knowledge, the field key is spelled 'common-name').

Line #8 also is pointing to the key in /Common. You need to add its path if it is located elsewhere: e.g., /TestFolder/sat.key. For example,

curl -sku admin:<pass> https://<host>/mgmt/tm/sys/crypto/csr \
  -X POST -H "Content-type: application/json" \
  -d '{"name":"/TestFolder/sat.csr", \
        "common-name":"Foo Bar", \
        "organization":"Shocker", \
       "city":"Mitaka",\
       "state":"Tokyo", \
       "country":"JP", \
       "ou":"Development", \
       "key":"/TestFolder/sat.key" \
   }'