[SalesForce] How to fix insufficient access rights on cross-reference id

I am getting the error:

INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY, insufficient access rights on cross-reference id: []

Scenario is, I am inserting an Opportunity and then Opportunity Line Item from a VisualForce page using controller. When I am doing this I am logged in as user whose profile license is "Authenticated Website".

Strange thing is, when on another org logged in as user whose user profile license is Customer Portal Manager the same code work fine. Both orgs have Opportunity OWD "Read Only" and Opportunity line item "Controlled By Parent".

To resolve this problem I've used "without sharing" on class which executes the insertion code, and it works fine from "Authenticated Website" user. As this may be a security issue when we try to list the app on AppExchange, is there any other way to resolve this problem?

Best Answer

The error happens when you're trying to insert/update the record which can't be logically inserted/updated.

So basically make sure that:

  • you don't insert/update a record that does not exist,
  • you don't update object field that is build-in/read-only,
  • you perform the action using the user who has not the right access to modify the object

More detailed explanation:

This error was causing a lot of pain in a Salesforce integration that we have. It seems like a permissions issue on first look. But it's sort of misleading. Even a System Administrator can get this error.

So after researching a lot, this was what I found:

The error is throw when you try to insert/update something that logically cannot be inserted/updated.

Some examples:

  • You try to update a record that does not exist. Maybe the record was never there or it was deleted.

  • You try to update an object field that cannot be set explicitly. These fields can only be updated by the implicitly. e.g.: object owner, CreatedById, CreatedDate, LastActivityDate, LastModifiedById, LastModifiedDate. You cannot explicitly update these fields.

  • You are trying to give permission to someone but you yourself do not have permission for this.

  • If you are trying to share "Record X" with "User Y" and you yourself do not have access to "Record x", this error happens Or if the "User Y" already has access to it.

These are just a few reasons you can get the salesforce error INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY; I am sure there are others.

Related Topic