Here is a better work around until VMware fixes 'CIM interaction' permission (which doesn't work at least since 4.0 and up to the recent 5.5):
1) Create a local user 'nagios' on a ESXi host
2) Add a cron job to check and update /etc/security/access.conf
user=nagios; access=/etc/security/access.conf; crontab=/var/spool/cron/crontabs/root; grep $access $crontab > /dev/null || cat << EOF >> $crontab */5 * * * * grep '^+:$user:sfcb$' $access > /dev/null || sed -i '2i +:$user:sfcb' $access EOF
Now you can use nagios user to check check_esxi_hardware.py, no special roles or permissions are needed.