Hello,
Currently the permissions field relies completely on who created contact/company and marks that as an owner of the record.
You can edit the code to make it possible to share records with only subset of contacts, but I can tell you it's a lot of work to get this right. This is the bad news I guess.
The good news is - it's something we have on the table right now. We're reworking the way permissions are handled and will allow administrators to modify and create their own rules the determine who has access to what records. For instance, you can allow users in particular group to see records marked with private or belonging to some other group, denying access to everyone else.
The system is currently in beta testing, you can expect this feature to be available in the next release.
If you feel it's critical to have such option right now, please tell us and we can provide some hints how to build similar feature on existing permissions engine. It will require some work, depending on complexity with which you want permissions to be handled.
Kind regards,
Arek