Terraform vsphere provider permissions required


I am investigating an issue at present when using the vsphere provider through terraform.

With a scenario where an account is full admin in vsphere to a resource pool and its content, we can spin up a VM from a template without issue. That is unless something is added to the customize declaration in terraform.

If the same is done using a user account which has full admin at the root vcenter level, customization works fine.

Following the post by vmware, the modify customization specification and read customization specification options have been set at root level without child propagation for the limited account (references Virtual Machine Provisioning Privileges and VMware Knowledge Base).

This now allows customization to be done via the vsphere GUI, however not via terraform.

If customization is declared, then the error 'cannot find OS family for guest ID xxxxxx : NoPermission is returned.

I can only assume that this is some permission required to the API which has to be set at a lower or root level, but I can find no references to this anywhere other than those I list above. If anyone has experienced this or has a pointer in the right direction it would be appreciated.