[SalesForce] CaseShare – INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY

Trying to add Users with Customer Community to CaseShare. Getting first error: INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY, insufficient access rights on cross-reference id. I have my assumptions but I need confirmation before I go back to the client. I am adding users that associated to Contacts for the same Account that the User(Contact) is associated to in a Trigger on Insert… The following is the code.

Controller has without sharing set.

List conList = new List();
List contList = new List();
List accList = new List();
List accntList = new List();
List caseList = new List();
Map uList = new Map();

    //Getting Account Ids from the triggered Case
     for(Case c : newObjectList) {
        accList.add(c.accountId);
    }

    // Getting the Accounts that have Record Type DC

    for(Account a : [SELECT id, RecordType.Name FROM Account WHERE id = :accList  AND RecordType.Name = 'DC']) {
        accntList.add(a.id);
    }

    // Processing only if there is any account with DC Record type

    if(accntList.size() > 0) {

        // Getting all the contacts that belong to the above accounts

        for(Contact c : [SELECT id, accountid, User_Id__c from Contact WHERE accountId = :accntList ]) {
            contList.add(c);
            uList.put(c.Id,c.User_Id__c);
        }

        // Removing the contact id who had created the case

        for(case c : newObjectList) {
            for(Integer i = 0; i < contList.size();i++) {

                if(!contlist[i].id.equals(c.contactid)) {
                    conList.add(contList[i]);

                }
            }

        }

        // Getting the UserId for the contacts with whom the case has to be shared
        // only if there is any contact

        if(conList.size()>0){

            // Sharing the case with the contacts of respective accounts

            for(Case c : newObjectList) {

                for(Integer i =0; i < conList.size(); i++) {
                    if(c.accountid.equals(conList[i].accountid) && uList.containsKey(conList[i].Id)) {


                        if(uList.get(conList[i].Id) != UserInfo.getUserId() || string.valueOf(c.CreatedBy) != string.valueOf(uList.get(conList[i].Id ))){
                            CaseShare cs = new CaseShare();
                            cs.CaseAccessLevel = 'Edit';
                            cs.CaseId = c.Id;
                            cs.UserOrGroupId =  uList.get(conList[i].Id);
                            caseList.add(cs);

                        }
                    }
                }

            }

            if (!caseList.isEmpty())
                insert caseList;

        }
    }

Best Answer

I have a similar problem getting the same error message as described above, first let me explain my case:

I have a visual force page with an extension "without sharing" that list cases that the current logged in customer community user has not access to.

I use a apex:dataTable with this column:

<apex:column>
  <apex:commandLink value="{!c.CaseNumber}" action="{!SetCaseSharing}">
    <apex:param name="setCaseSharing" value="{!c.Id}" assignTo="{!caseIdSelected}"/>
  </apex:commandLink>
</apex:column>

When the user selects a case clicking on the commandLink this method runs (a bit simplified):

public Id caseIdSelected {get; set;}

public SetCaseSharing()
{
  Case c = [SELECT Id FROM Case WHERE Id = :caseIdSelected];
  CaseShare caseShare = new CaseShare();
  caseShare.CaseId = c.Id;
  caseShare.UserOrGroupId = UserInfo.getUserId();
  caseShare.RowCause = 'Manual';
  caseShare.CaseAccessLevel = 'Edit';
  upsert(caseShare);
}

I know about the limitation that the current record owner cannot be added using manual apex sharing, and you cannot limit the access granted using sharing rules only add permission. These issues are not the problem in my case.

When logging in as a customer commmunity user using "Manage External Users" and then select a case from the list the problem occurs.

My code worked perfectly however when logging into the community as an administrator or "normal" user (instead of customer community user) and then adding a "normal" user (not a customer community user) to the manual sharing.

PROBLEM 1

I was not allowed to set manual sharing to a customer community user, even logged in as administrator, returning:

Upsert failed. First exception on row 0; first error: FIELD_INTEGRITY_EXCEPTION, field integrity exception: unknown (invalid user or group: 00511000002Hgs3): [unknown]

I guess the first problem might be solved using the more expensive "partner community license" or "customer community plus license" instead of "customer community license".

PROBLEM 2

I was not allowed to set manual sharing to a "normal" user when logged in as a customer community user, returning:

Upsert failed. First exception on row 0; first error: INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY, insufficient access rights on cross-reference id: []

Not sure if it is possible to add sharing rules from the community when the logged in user is a customer community user not having access to the case in the first place. Moving this to a trigger or a scheduled job running separate from the community might solve it.

Related Solutions

[SalesForce] How to create Account,Contact records based on the web-case data if contact email not existed in system

Record is read-only in after trigger context.

So, you need to fetch case records again and update those cases.

Here is the approach:

trigger CaseTrigger on Case (after insert) 
{
    Set<Id> caseIds = new Set<Id>();
    if(Trigger.isAfter && Trigger.isInsert)
    {
        for(Case caseObj: Trigger.new)
        {
            if(/* put necessary conditions */)
            {
                caseIds.add(caseObj.Id);
            }
        }

        List<Case> lstCase = [SELECT Id, AccountId, ContactId, ..... FROM Case WHERE Id IN:caseIds];

        CaseAutoFill ca = new CaseAutoFill(lstCase);
        DateTime nextRun = system.now().addMinutes(1);
        String cron = nextRun.second()+' '+nextRun.minute()+' '+nextRun.hour()+' ? '+nextRun.month()+' * '+nextRun.year();
        String jobID = system.schedule('ca-'+system.now(), cron, ca); 
    }
}

this way, without SOQL query

trigger CaseTrigger on Case (after insert) 
{
    List<Case> lstCase = new List<Case>();
    if(Trigger.isAfter && Trigger.isInsert)
    {
        for(Case caseObj: Trigger.new)
        {
            if(/* put necessary conditions */)
            {
                Case newCase = new Case (Id=caseObj.Id);
                lstCase.add(newCase);
            }
        }

        CaseAutoFill ca = new CaseAutoFill(lstCase);
        DateTime nextRun = system.now().addMinutes(1);
        String cron = nextRun.second()+' '+nextRun.minute()+' '+nextRun.hour()+' ? '+nextRun.month()+' * '+nextRun.year();
        String jobID = system.schedule('ca-'+system.now(), cron, ca); 
    }
}

[SalesForce] Get values of the records from Trigger.NewMap in Before Update Triggers

You absolutely must fire an update on the related Contact records. If you just update fields in memory, the only way those changes will persist to the database is if you are setting fields on the records in trigger.new. It won't work for related records which you have queried.

Any cross-object logic should always occur in after triggers. See, for example:

Triggers

There are two types of triggers:

Before triggers are used to update or validate record values before they’re saved to the database.

After triggers are used to access field values that are set by the system (such as a record's Id or LastModifiedDate field), and to affect changes in other records, such as logging into an audit table or firing asynchronous events with a queue. The records that fire the after trigger are read-only.

Best Answer

Related Solutions

[SalesForce] How to create Account,Contact records based on the web-case data if contact email not existed in system

[SalesForce] Get values of the records from Trigger.NewMap in Before Update Triggers

Triggers

Related Topic