What Cisco user permissions are required for ECC to discover a switch?

When discovering Cisco switches running firmware versions earlier than 5.2.1, I was able to use a user account that was part of the network-operator group.  Even though ControlCenter warned that the account did not have write privileges, it was not an issue since I used ControlCenter mainly for monitoring and reporting -- not to make any changes.  However, for switches running version 5.2.x, this no longer works because Cisco apparently changed the underlying permissions for the network-operator group (see Primus article emc292977: After upgrade to NX-OS 5.2.x network-operator role cannot execute show run or show start commands.)  In the Primus article, they provide an example of creating a new role that allows access to the show running-config and show startup-config that should have provided the same permissions as the older network-operator group.  Note that the commands described in the article are not correct since NX-OS 5.2.x requires the use of the keyword feature after "permit " and some of the features like the copy command cannot be restricted to a specific source.  In my case, I added all the roles from the Primus article with the exception of the "permit exec copy" command since I did not think that would be necessary for discovery.  ControlCenter still failed to connect to the switch even with a new user created as a member of this group.  I tried this with different user accounts and verified that using an administrative account allowed the switch to be discovered.  So my question is, does anyone know what specific permissions ControlCenter needs on the Cisco switches in order to perform a read-only discovery of the switch?  Or is there a document which lists the specific permissions required?