Insufficient access rights on cross-reference id error Salesforce Exception

Insufficient access rights on cross-reference id error Salesforce Exception

INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY, insufficient access rights on cross-reference id:[] is a common issue when you try to update or create data with insufficient access on a record.

Kindly check the user profile and check whether the user has access to insert/update that record. Even if the user has access, kindly check whether the user has access to update fields like record types, lookup field, master-detail field, etc.

Troubleshooting steps:

1. Make sure whether the user have access to record ids of the lookup fields and/or master-detail fields in the record.

2. Check the user Profile(CRUD Permissions).

3. Profile need to have access for the Record Types.

4. Record’s OwnerId automatically gets share record when the record is inserted. If the apex code try to create the same(Share record for the owner) explicitly. This error occurs.

Sample Code for this error:

Id usrId = UserInfo.getUserId();
Account objAccount = new Account( Name = 'Testing', OwnerId = usrId );
insert objAccount;
AccountShare objAccountShare = new AccountShare();
objAccountShare.AccountAccessLevel = 'Edit';
objAccountShare.AccountId = objAccount.Id;
objAccountShare.RowCause = 'Manual';
objAccountShare.UserOrGroupId = usrId;
objAccountShare.OpportunityAccessLevel = 'Read';
insert objAccountShare;

5. Check whether the apex code is trying to create share records to the record which the current user doesn’t have access to it.

6. Check whether there are any hard-coded ids are miss matching the environments.

Note:

Even though trigger runs in System Mode, Sharing Settings will be checked. Only CRUD and FLS will not be checked against the user.

7. If you are facing this issue when inserting FeedItem, make sure the user in the ParentId have access to the Experience Cloud Site.

Network objNetwork = [ SELECT Id  FROM Network LIMIT 1 ];
FeedItem objFeedItem = new FeedItem();
objFeedItem.ParentId = '0053t00000AHC0Q';
objFeedItem.Body ='Testing Feed Item Insert';
objFeedItem.Visibility= 'AllUsers';
objFeedItem.NetworkScope = objNetwork.Id;
insert objFeedItem; 

1. Set the Organization-Wide default for the Case object to Private.

2. Create the following trigger.

trigger CaseTrigger on Case ( 
    before insert 
) {
    
    User objAdminUser = [
        SELECT Id
        FROM User
        WHERE IsActive = true
        AND Profile.Name = 'System Administrator'
        LIMIT 1
    ];
    
    for ( 
        Case objCase : trigger.new 
    ) {
    
        if ( 
            objCase.Subject == 'Testing'         
        ) {
        
            objCase.OwnerId = objAdminUser.Id;
        
        }
    
    }

}

    3. Create a Case with Subject as ‘Testing’. The user creating this Case shouldn’t have Modify All Data permission, Modify All permission on the Case object, Sharing Rules to give Read/Write to all the Case records, etc.

    The user will get “insufficient access rights on cross-reference id” error/exception since the Owner is set to a different user for the Case.

    Leave a Reply