Rights for API calls from Foreman 1.3 to VmWare

Hi,

we've been trying to figure out what minmum rights a user absolutely needs
to be able to create a host via Foreman (our security guys are having a
hissy fit), but have hit a slight bump in the road.

How do we make the API call to VmWare vSphere visible in Foreman? We have
tried enabling the debug feature of Foreman, but it will not show the
actual URL called.

Is there any way to make this possible, so we can actually iterativly test
and test quickly (without clicking the host together in the GUI every time).

I've tried wireshark (tcpdump) to get the API call, but have had no luck,
unfortunately the call is SSLed, and I don't have access to the VSphere SSL
keys.

Thanks in advance for any ideas.

Kind Regards,

Robert Campbell (The Netherlands).