It is frustrating how difficult it can be to trace down permission-related issues in Salesforce.  Without any clues from the debug log regarding the sharing rules or permissions that are applied when attempting to access/edit a record, the process of elimination in debugging user permissions can be time consuming.

Thank goodness for Google.

We want to allow our sales staff to take ownership of contact records that are created in Salesforce via an integration with our accounting software.  These records, by default, are owned by a system user account, which in our current implementation, does not have a role.

Based on my initial research, I found that there were a couple "nuclear" options:

1. Give the sales user profile, the permission Modify All for the Contact object
2. Give the sales user profile, the permission Transfer Records

Neither of these options were appealing to me so I kept searching and finally came across this Salesforce message board:

http://boards.developerforce.com/t5/General-Development/Insufficient-Priveleges-to-change-owner-of-an-account/td-p/189359

In one of the posts where a user has paraphrased (I suppose) some documentation somewhere, this blurb got my attention:

• "Standard Users can transfer ownership of any lead, contact, account, case or opportunity record that he/she owns or that is owned by a user below him/her in the role hierarchy (except campaigns). "

Through some testing, I've confirmed that this would potentially solve our problem, but I am still frustrated with how poor Salesforce's debugging and documentation is when it comes to permissions.  While verifying the statement above regarding the role hierarchy, I came across this official doc:

http://www.salesforce.com/us/developer/docs/apexcode/Content/apex_bulk_sharing_understanding.htm

And of course:

• "The role hierarchy is not maintained with sharing records. Instead, role hierarchy access is derived at runtime."