INSUFFICIENT_ACCESS_ON_ CROSS_REFERENCE_ENTITY APEX / SALESFORCE

NOTE: A common cause for this issue is the below scenario. Read on, if that's not the case for you.
 *If you are trying to share "Record X" with "User Y" and "User Y" already has access to "Record X" this error happens.

Even though i understood what this means and have dealt with it earlier, this time this error message sucked my brain for one week. Finally, i got it sorted out and i hope this post helps someone understand and solve as well.
 

When does this error happen?

This error normally happens when a DML operation is performed. Meaning that, whenever an Insert or Update is performed. You won't see this error when you save your APEX class or TRIGGER, because this error happens at RUNTIME.
 

What does this error mean?

This error means that you are trying to do an operation which is not supposed to be done, or the operation you are about to perform is not permitted according to the Sharing and Security settings defined. This error message does NOT always mean that you lack access to do the operation, even though it might be the case sometimes. So, even if you are an ADMINISTRATOR you may get this message.
 
Possible Causes:
Let's take some scenario's and analyze.
 

Scenario 1:  Creating a new record (Account/Contact/...) and setting the Owner. Applies to updating records as well.

So, in your code you create some records. By Default the creator of the record is the Owner. You want to change this and you modify the OwnerId column of the newly created records. You make "User X" as the Owner. Now when you run the code, you get the Error below:
System.DmlException: Insert failed. First exception on row 2; first error: INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY, insufficient access rights on cross-reference id: []
 
Things to check:
  *Check that the running user (in this case you) has access to the object being operated. Check that he has CREATE privileges on the object. This is optional, but is always better to start from here. 
  *Check that the Owner ie User X has CREATE permission on the object. Check that his profile has the CREATE permission on the particular object. He might not be having it, grant him permission and the issue is resolved.
 

Scenario 2: Creating or Updating an Opportunity (just for an example,  might be any object). Setting the related Account of the Opportunity.

So, let's say that you create 5 Opportunities and you set the Owner to "User X". You set the Account to "Account X". When your code tries to insert these 5 opportunities, it fails and you get the same error message.
System.DmlException: Insert failed. First exception on row 2; first error: INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY, insufficient access rights on cross-reference id: []
Reason:
This is because "User X" does not have access to "Account X". When you try to create an Opportunity for "Account X" that he does not have access to the code fails. Either grant access to "User X" for "Account X" manually or through code and then do the Insert.
 

Scenario 3: The Sharing Object.

This is a bit complex to get at. atleast for me. You might be aware that every object has its own Share object. So, Account has AccountShare and Customobj__c has Customobj__Share
When you insert or update records in this object you might receive the same error message. There are a number of reasons for this to happen. 
 
    *If you are trying to share "Record X" with "User Y" and you yourself do not have access to "Record x", this error happens.
    *If you are trying to share "Record X" with "User Y" and "User Y" does not have access to the object (the profile level permission, create read edit delete), this error happens.
    *If you are trying to share "Record X" with "User Y" and "User Y" already has access to "Record X" this error happens.
 
 
INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY, insufficient access rights on cross-reference id:[] is a common issue when you try to update or create data with insufficient access on a record.

Kindly check the user profile and check whether the user has access to insert/update that record. Even if the user has access, kindly check whether the user has access to update fields like record types, lookup field, master-detail field, etc.

Troubleshooting steps:

1. Make sure whether the user have access to record ids of the lookup fields and/or master-detail fields in the record.
2. Check the user Profile(CRUD Permissions).
3. Profile need to have access for the record types.
4. Record's OwnerId automatically gets share record when the record is inserted. If the apex code try to create the same(Share record for the owner) explicitly. This error occurs. 

Sample Code for this error:

Id usrId = UserInfo.getUserId();
Account objAccount = new Account( Name = 'Testing', OwnerId = usrId );
insert objAccount;
AccountShare objAccountShare = new AccountShare();
objAccountShare.AccountAccessLevel = 'Edit';
objAccountShare.AccountId = objAccount.Id;
objAccountShare.RowCause = 'Manual';
objAccountShare.UserOrGroupId = usrId;
objAccountShare.OpportunityAccessLevel = 'Read';
insert objAccountShare;

5. Check whether the apex code is trying to create share records to the record which the current user doesn't have access to it.
6. Check whether there are any hard-coded ids are miss matching the environments.

Note: Even though trigger runs in System Mode, Sharing Settings will be checked. Only CRUD and FLS will not be checked against the user.

相关推荐
©️2020 CSDN 皮肤主题: 编程工作室 设计师:CSDN官方博客 返回首页