How can resolve the error - insufficient access rights on cross reference id
I am getting the error:
INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY, insufficient access rights on cross-reference id: []Scenario is, I am inserting an Opportunity and then Opportunity Line Item from a Visual Force page using a controller. When I am doing this I am logged in as a user whose profile license is "Authenticated Website".
Strange thing is, when on another org logged in as a user whose user profile license is Customer Portal Manager the same code works fine. Both orgs have Opportunity OWD "Read Only" and Opportunity line item "Controlled By Parent".
To resolve this problem I've used "without sharing" in the class which executes the insertion code, and it works fine from the "Authenticated Website" user. As this may be a security issue when we try to list the app on AppExchange, is there any other way to resolve this problem?
The error - insufficient access rights on cross reference id happens when you're trying to insert/update the record which can't be logically inserted/updated.
So basically make sure that:
you don't insert/update a record that does not exist,
you don't update object field that is build-in/read-only,
you perform the action using the user who has not the right access to modify the object
More detailed explanation:
This error was causing a lot of pain in a Salesforce integration that we have. It seems like a permissions issue on first look. But it's sort of misleading. Even a System Administrator can get this error.
So after researching a lot, this was what I found:
The error is thrown when you try to insert/update something that logically cannot be inserted/updated.
Some examples:
You try to update a record that does not exist. Maybe the record was never there or it was deleted.
You try to update an object field that cannot be set explicitly. These fields can only be updated implicitly. e.g.: object owner, Created ById, Created Date, Last Activity Date, Last Modified ById, Last Modified Date. You cannot explicitly update these fields.
You are trying to give permission to someone but you yourself do not have permission for this.
If you are trying to share "Record X" with "User Y" and you yourself do not have access to "Record x", this error happens Or if the "User Y" already has access to it.
These are just a few reasons you can get the salesforce error INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY; I am sure there are others.
Answer (1)
The "Insufficient Access Rights on Cross Reference Id" error often occurs in Salesforce and typically indicates that the user doesn't have the necessary permissions to perform an action related to a specific record or object. This can happen in various scenarios, such as when attempting to insert, update, or delete records.
Here are some steps to resolve this error:
1. Check User Permissions
Profile Permissions: Ensure that the user's profile has the necessary permissions for the object in question. This includes Read, Create, Edit, and Delete permissions.
Field-Level Security: Ensure that the user has the appropriate field-level security settings for the fields being accessed or modified.
Record-Level Access: Verify that the user has the necessary access to the specific record. This includes sharing rules, role hierarchy, and manual sharing settings.
2. Check Sharing Settings
Organization-Wide Defaults (OWD): Review the organization-wide defaults to ensure they are not overly restrictive.
Sharing Rules: Ensure that there are appropriate sharing rules in place to grant the necessary access.
Manual Sharing: Check if the record is shared manually with the user.
3. Verify Object Relationships
Parent Records: Ensure that the user has access to parent records when dealing with child records.
Cross-Object Access: Ensure that the user has access to related records if the action involves multiple objects.
4. Check Apex Code and Triggers
Apex Classes and Triggers: If the error occurs within custom code, review the Apex classes and triggers to ensure they are running with the appropriate context and user permissions.
Without Sharing: Consider running the code in system context using the without sharing keyword if appropriate, but be cautious as this can bypass security settings.
5. Check Validation Rules and Workflows
Validation Rules: Ensure that validation rules are not preventing the action from being completed.
Workflow Rules: Review workflow rules and field updates to ensure they are not causing issues with permissions.
6. Run in System Mode
System Mode: Certain operations might need to run in system mode. Check if the Apex code or process is running with system privileges.
7. Debug Logs
Enable Debug Logs: Use debug logs to trace the issue. This can help identify the exact point of failure and provide more details on the permissions being checked.
Example Scenario and Solution
Let's say you have a trigger on the Opportunity object that creates a related CustomObject__c record. The trigger runs fine for most users but fails with the "Insufficient Access Rights on Cross Reference Id" error for some.Steps to Resolve:
Check User Profile:
Ensure the user's profile has Create and Edit permissions on CustomObject__c.
Record Access:Verify that the user has read access to the parent Opportunity record and write access to CustomObject__c.
Apex Trigger:
Review the trigger code to ensure it doesn’t inadvertently restrict access. For example, ensure the trigger runs in the appropriate context.
public without sharing class OpportunityTriggerHandler { public static void onAfterInsert(List opportunities) { List customObjects = new List(); for (Opportunity opp : opportunities) { customObjects.add(new CustomObject__c(Name = opp.Name, Opportunity__c = opp.Id)); } insert customObjects; }}By following these steps and carefully checking permissions, sharing settings, and code context, you should be able to resolve the "Insufficient Access Rights on Cross Reference Id" error.
If you need more specific guidance or examples, feel free to provide details about your scenario.