We can create a local user in ESXi and assign it only for accessing sfcb (CIM).
3. Now a remote client can access VMware CIM classes using this local user account. However ssh and other root permissions will not be available for this user.
I hope this is what we were looking for ? . However note that /etc/security/access.conf is recreated on every boot and hence whatever modifications done to this file manually may not be persistent (need to check though).
Thanks,
Krishnaprasad