If you take a look at the source code of the iwconfig (wireless_tools), you’ll see this line:

iwconfig.c:639: if(iw_get_ext(skfd, ifname, SIOCGIWESSID, &wrq) < 0)

This line is responsible for the get of ESSID (wireless.h). And i think that only root have permissions (out of the box) to do this, so the function iw_get_ext (defined in iwlib.h from wireless_tools package) which call ioctl will return EPERM (Operation not permitted).

/*------------------------------------------------------------------*/
/*
 * Wrapper to extract some Wireless Parameter out of the driver
 */
static inline int
iw_get_ext(int                  skfd,           /* Socket to the kernel */
           const char *         ifname,         /* Device name */
           int                  request,        /* WE ID */
           struct iwreq *       pwrq)           /* Fixed part of the request */
{
  /* Set device name */
  strncpy(pwrq->ifr_name, ifname, IFNAMSIZ);
  /* Do the request */
  return(ioctl(skfd, request, pwrq));
}

You have 2 solutions:

1. Use the setuid to allow the user to use iwconfig command:

   sudo chmod u+s /sbin/iwconfig

2. You can also try to do some hacking with the CAP_NET_ADMIN capability which allow some specific capabilities to a specific user. Here some links about CAP_NET_ADMIN:

http://packetlife.net/blog/2010/mar/19/sniffing-wireshark-non-root-user/

http://peternixon.net/news/2012/01/28/configure-tcpdump-work-non-root-user-opensuse-using-file-system-capabilities/

http://www.lids.org/lids-howto/node48.html

http://lwn.net/Articles/430462/

Finally you can use strace to trace all system calls and to confirm that ioctl call is the responsible for this:

as root do this:

#strace /sbin/iwconfig your_interface_name > strace_iwconfig_root.log

And the same as normal user:

$strace /sbin/iwconfig your_interface_name > strace_iwconfig_normal.log

And compare the results.