User rights required to connect with VMware vCenter

Global permissions must be set to Read Only role

Users with the Read Only role for an object are allowed to view the state of the object and details about the object. For example, users with this role can view virtual machine, host, and resource pool attributes, but cannot view the remote console for a host. All actions through the menus and toolbars are not allowed.

Propagate to children must be selected

You can assign a global permission at the root object level with Propagate to children selected in the vCenter identity management.