Adding nagios user to the root group (popular work around in the Internet) is a big security hole. I suggest never doing this.
Here is a better work around until VMware fixes 'CIM interaction' permission (which doesn't work at least since 4.0 and up to the recent 5.5):
1) Create a local user 'nagios' on a ESXi host
2) Add a cron job to check and update /etc/security/access.conf
Now you can use nagios user to check check_esxi_hardware.py, no special roles or permissions are needed.