With the Credential Less Service Discovery feature in vRelize Operations Manager 8.5 you need to set some more permissions for the Service Account. Here is how I did it in PowerCLI
$PrincipalName = "DOMAIN\vROPSUser"
$vSphereRoleName = "vRealizeOperationsManager"
$Permissions = @("System.Anonymous","System.Read","System.View","VirtualMachine.Namespace.Management","VirtualMachine.Namespace.ModifyContent","VirtualMachine.Namespace.Query","VirtualMachine.Namespace.ReadContent")
$viRole = New-VIRole -name $vSphereRoleName -Privilege (Get-VIPrivilege -id $Permissions)
New-VIPermission -Role $viRole -Principal $PrincipalName -Propagate $true -Entity (get-folder -norecursion)
Just thinking of generating a library for different Products and their needed permissions, sadly this does not come with vCenter.