I am trying to let a guest user from our Salesforce site create a ContentDelivery record in order to create a public available link for a signature he just posted in the website.
I cannot give him the permission to create ContentDelivery records; I tried by creating a custom permission set but the guest license doesn't let me assign it to him. Then I tried with an Apex class without sharing, but I still get this error message :
CANNOT_INSERT_UPDATE_ACTIVATE_ENTITY, ContentDocumentLinkTrigger:
execution of AfterInsert\n\ncaused by: System.DmlException: Insert
failed. First exception on row 0; first error:
INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY, insufficient access
rights on cross-reference id:
Do you guys have any idea how to bypass this? I either need to somehow create the ContentDelivery record from another user as soon as it is needed, or give this permission to the guest user.
Best Answer
From my own experience and trials, there now is no ways to allow guest users to have the permission to do this.
The workaround I made is calling our-self with a technical admin user on the standard create record api to make the creation. Think of it as an right elevation during the process to make it working. To use with caution as the rights of the user will be admin (see all / modify all data). There are several situations where we ended up using this and report it works great.
I hope this suits your needs.
Some more implementation details :
test.for prod)test.for prod)Now you can make api calls to your own org with other permissions.
Edit 01/dec/2022
Here are some links: