As of now (version 3.1.5), CiviCRM limits finding and merging of duplicate records to users with the "Administer CiviCRM" permission. A recent thread on the forums points out that some organizations will want to allow that privilege to non-administrative users. Having a need for this myself, I'm looking for the best way to do it. If a reasonable solution can be found, I'm hoping the changes will make it into core at some point in the future.
From what I can tell, the heart of the matter is controlling access to two CiviCRM paths: civicrm/admin/deduperules and civicrm/admin/dedupefind. Since these are under civicrm/admin, they require "Administer CiviCRM" privileges.
My basic proposal for moving these into their own permission would include steps along these lines:
I hope readers of this post will point out any flaws you see in this idea. For example, I suspect there may be some issues with ACLs: up to now this feature has belonged only to admin, so the code for merging duplicates probably doesn't bother checking ACLs; however if we give this feature to non-admin users, ACLs will surely come into play. I would think that dupes would not be found outside of the contacts that are visible to the current user, and duplicates could not be merged unless both are deletable.
If there are other potential headaches I've not foreseen, please mention them in the comments, along with any ideas you have on implementation or any other thoughts on the topic.