Bit of a strange one. We have a user who has a db_owner role but still wasnt able to perform an insert. We found that a group had denydatawriter and that if we changed this, evrythign was fine.
Here is the strange thing, the user is not in this specific group. He is in a group of the same name but coming from a different domain so is SQL only looking at the latter part?
'Only he who wanders finds new paths'