[SalesForce] why is the value in [] for insufficient access rights on cross-reference id: [] always/usually empty

OK, I know how to debug this error and there are plenty of web resources to assist so please don't answer with those techniques.

What I'm more after is why the ID value in [] is typically null for this error when you know that the cross-reference ID has a value and if the error message just emitted the ID, you would know what SObject was the root cause, gaining valuable minutes/hours for your life.

Here's an example:

  • OWD private on Account
  • Order is controlled by parent
  • running user profile has Modify All, View All on Account and View All on Order. Running user can view the Order via the UI. Modify All does not cascade down to Order even with Controlled by parent.
  • Apex code attempts to insert a custom object Order_Detail__c underneath (not Master-detail) Order, providing a value for lookup field Order_Detail__c.Order__c

Now because there's no sharing rule extending r/w to the Order's Account in question, there's no r/w access to the Order and hence the INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY, insufficient access rights on cross-reference id: [] error occurs when attempting to assign the child record to the parent Order.

What I don't understand is why the ID value of the field Order_Detail__c.Order__c lookup field is not emitted in the error message within the []. Why are the brackets even there?

I suppose this is a security item and not exposing the ID value avoids telling the malefactor even what SObject can't be accessed. I'd be happy if the error message just displayed the first three chars – or converted to an sobjectType. The implication of [] is an empty array . but that is not what is going on in your code.

Is this hypothesis correct?

It sure makes life hard for the sysad who captures a debug log for the running user and then has to go through feats of deductive logic to figure out which related sobject (there could be several lookup fields on the object in question) is the problem one, let alone why.

Best Answer

Since you didn't post your entire error I will assume that you have something like this:

Error: Update failed. First Exception on Row 0 With id b1P70000000oxxxxxx; First Error: INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY, Insufficient Access Rights on Cross-Reference Id: b4a60000000xxxx: [].

This error is shown with the Id before of the empty brackets. In case you get an empty Id, that happens when you didn't provide an Id, like in a case of a Master-Detail relationship.

Related Topic