The credentials used for the Enterprise Reporter Server service do not need any specific AD rights. That account needs to be a member of the Reporter_Discovery_Admins, Reporter_Reporting_Admins, Reporter_Reporting_Operators and Reporter_Exploring_Operators AD security groups. This account also needs to be a member of the local Administrators group on the Enterprise Reporter server.
The credentials used for the Enterprise Reporter Node service needs to be a local Administrator on each node. The account also needs to have sufficient rights to the Enterprise Reporter database. Adding the service account to the Reporter_Discovery_Admins group or to the db_owner database role should provide the needed rights.
The node credentials may or may not need rights to the targets of the discovery, depending on how you configure the discovery. You have the option to have the discovery run as the node credentials or to provide alternate credentials.