Is it possible to create a VM without datacenter permission?

[tdominguezm]

Describe the bug

When creating a VM with an script in the datacenter (DC from now on) of my organization, I get this error:

Traceback (most recent call last):
  File "c:\Users\\Documents\Python\Infra_Auto\script.py", line 77, in <module>
    run()
  File "c:\Users\run_script.py", line 63, in run
    print(future.result())
  File "C:\Users\\AppData\Local\Programs\Python\Python310\lib\concurrent\futures\_base.py", line 439, in result
    return self.__get_result()
  File "C:\Users\\AppData\Local\Programs\Python\Python310\lib\concurrent\futures\_base.py", line 391, in __get_result
    raise self._exception
  File "C:\Users\\AppData\Local\Programs\Python\Python310\lib\concurrent\futures\thread.py", line 58, in run
    result = self.fn(*self.args, **self.kwargs)
  File "c:\helpers.py", line 506, in makeMachine
    create_vm(content,target_vm_name,target_host,target_disk,target_CPU,target_RAM)
  File "c:\\helpers.py", line 129, in create_vm
    WaitForTask(vm_folder.CreateVm(config, pool=source_pool, host=destination_host))
  File "C:\Users\\AppData\Local\Programs\Python\Python310\lib\site-packages\pyVmomi\VmomiSupport.py", line 598, in <lambda>
    self.f(*(self.args + (obj,) + args), **kwargs)
  File "C:\Users\\AppData\Local\Programs\Python\Python310\lib\site-packages\pyVmomi\VmomiSupport.py", line 388, in _InvokeMethod
    return self._stub.InvokeMethod(self, info, args)
  File "C:\Users\\AppData\Local\Programs\Python\Python310\lib\site-packages\pyVmomi\SoapAdapter.py", line 1575, in InvokeMethod
    raise obj  # pylint: disable-msg=E0702
pyVmomi.VmomiSupport.vim.fault.NoPermission: (vim.fault.NoPermission) {
   dynamicType = <unset>,
   dynamicProperty = (vmodl.DynamicProperty) [],
   msg = 'Permission to perform this operation was denied.',
   faultCause = <unset>,
   faultMessage = (vmodl.LocalizableMessage) [],
   object = 'vim.Datacenter:datacenter-2',
   privilegeId = 'VirtualMachine.Inventory.Create',
   missingPrivileges = (vim.fault.NoPermission.EntityPrivileges) []
}

The function I use to create the VM is this one (very close to the one in samples I think):

def create_vm(content,target_vm_name,target_host,target_disk,target_CPU,target_RAM):
    print(f"[{target_vm_name}] Creating VM..")
    destination_host = pchelper.get_obj(content,[vim.HostSystem],target_host)
    datacenters = pchelper.get_all_obj(content,[vim.Datacenter])
    for dc in datacenters:
        datacenter_name = dc.name
    source_pool = destination_host.parent.resourcePool
    datastore_name = target_disk

    config = create_config_spec(datastore_name=datastore_name, name=target_vm_name, memory=target_RAM, cpus=target_CPU)
    for child in content.rootFolder.childEntity:
        if child.name == datacenter_name:
            vm_folder = child.vmFolder  # child is a datacenter
            break
    else:
        print("Datacenter %s not found!" % datacenter_name)
        sys.exit(1)

    try:
        WaitForTask(vm_folder.CreateVm(config, pool=source_pool, host=destination_host))
        print(f"[{target_vm_name}] VM created: %s" % target_vm_name)
    except vim.fault.DuplicateName:
        print("VM duplicate name: %s" % target_vm_name, file=sys.stderr)
    except vim.fault.AlreadyExists:
        print("VM name %s already exists." % target_vm_name, file=sys.stderr)

    return

I don't have permission to access the Datacenter, but I have the privilegeID VirtualMachine.Inventory.Create and can create the VMs at ESXi level of one of our ESXi. Can anyone help me figure out what I'm missing to deploy the machines there or if it's impossible without DC access? I use the same script in another DC in which I have DC access and it works fine

Reproduction steps

1. Run the function giving it parameters with a user that hasn't got DC access but can create VMs in cluster level.
2. It fails

Expected behavior

The VM gets created because I'm using an account where I should be able to create VMs, even though I don't have DC privilege.

Additional context

No response