Visual Workflow – Handling INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY with System Context Without Sharing Subflow

Bottom line up front: If the running user is internal, we have no issues. If the running user is a Customer user, we get the INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY, despite calling a sub-flow with System Context Without Sharing. I expected using this context on a Sub-Flow would eliminate the running user from consideration, but it does not.

Why does the initiating user matter with this Flow context?

Scenario:

• A Customer Community/Experience User creates a new Case from the Experience site.
• A Record Triggered Flow (Before-Save) assigns the Case (based on type of Case) to a Partner Community/Experience User as the Case Owner.
• I need to also Share the Case using Manual Sharing with a group of Partner Community/Experience Users who are already part of a Public Group.

When I launch a record-triggered Flow (After-Save), the Customer user lacks permission to create a new Case Share record, so I am now running a sub-flow with "System Context Without Sharing–Access All Data" context. The sub-flow looks up the Public Group Id and the Case Id and creates a Manual Share record.

However, I get a failure with INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY error even though it should be in System Context. The debug email indicates the "Current User" is the Customer User.

If I test using an internal Salesforce User to create the Case or manually trigger the sub-flow, I don't get the error and the Share is created properly, so I assume this has to do with Customer User permissions.

More Details:

• The Case is shared with the Customer user using the Experience Settings >Sharing Sets (Where User:Contact = Case:Contact)
• We look up the Public Group that the Case will be shared with using a Related Custom Object (Property__c)
• The Sub-Flow gets the IDs passed to it without issue, but fails to insert the Share record.

Debug Email Log (IDs are obfuscated):

Flow Details

Flow API Name: OBJ_Support_Ticket_Case_Created
Type: Autolaunched Flow
Version: 8
Status: Active
Org: Suite Management Franchising (00D1I___________)
Flow Interview Details
Interview Label: OBJ Support Ticket (Case) Created 3/2/2022, 5:52 PM
Interview GUID: 5252d9db503c16737537159a0ce17_________-542b
Current User: Betty Rubble (0051I00000_____)
Start time: 3/2/2022, 5:52 PM
Duration: 0 seconds
How the Interview Started
Scheduled Path: Wait_1_Minute
Betty Rubble (0051I00000_____) started the flow interview.
API Version for Running the Flow: 54
Some of this flow's variables were set when the interview started.
$Record = Case (5008W00000________)
SUBFLOW: Share Case w Property Group
Enter flow Share_Case_with_Property_Group version 6.
API Version for Running the Flow: 54
Inputs:
caseID = {!$Record.Id} (5008W00000________)
propertyID = {!$Record.Property__c} (a021I000006_______)
GET RECORDS: Find Group ID
Find one Group record where:
DeveloperName Equals {!propertyID} (a021I000006_______)
Result
Successfully found record.
{!groupID} = 00G1I000002Z______
ASSIGNMENT: Add Group to Manual Share
{!caseSharePublicGroup.UserOrGroupId} Equals {!groupID}
{!caseSharePublicGroup.RowCause} Equals Manual
{!caseSharePublicGroup.CaseId} Equals {!caseID}
{!caseSharePublicGroup.CaseAccessLevel} Equals Edit
Result
{!caseSharePublicGroup.CaseAccessLevel} = "Edit"
{!caseSharePublicGroup.RowCause} = "Manual"
{!caseSharePublicGroup.UserOrGroupId} = "00G1I000002Z______"
{!caseSharePublicGroup.CaseId} = "5008W00000________"
CREATE RECORDS: Create Share Record
Create CaseShare records using the values that are stored in {!caseSharePublicGroup}.
Variable Values
[UserOrGroupId=00G1I000002Z______,RowCause=Manual,CaseId=5008W00000________,CaseAccessLevel=Edit]
Result
Failed to create records.
Error Occurred: This error occurred when the flow tried to create records: INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY: insufficient access rights on cross-reference id. You can look up ExceptionCode values in the SOAP API Developer Guide.
Salesforce Error ID: 277280955-1855814 (175474861)