How to fix insufficient access rights error?

Question:

I am encountering the following error:

INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY, insufficient access rights on cross-reference id: []

The scenario involves inserting an Opportunity and its related Opportunity Line Item from a Visualforce page using an Apex controller. When logged in as a user with the “Authenticated Website” license, the error occurs. However, the same code works fine in another org where I log in as a user with the “Customer Portal Manager” license.

Both orgs have the following sharing settings:

• Opportunity: OWD is “Read Only”.
• Opportunity Line Item: OWD is “Controlled By Parent”.

To resolve this issue, I used the without sharing keyword on the class responsible for the insertion logic, and the operation worked successfully for the “Authenticated Website” user. However, I am concerned that this might create a security issue if I intend to list the app on the AppExchange.

Is there a more secure way to resolve this problem without compromising user access controls?

Answer:

This error occurs when attempting to perform an insert or update operation on a record that cannot be logically or explicitly processed. The error often appears to be related to permissions but can also result from logical issues with the data or the operation.

Join CRS Info Solutions in Pune for expert Salesforce training in Pune with real-world projects and a free demo to elevate your skills today!!!

Here are potential causes and solutions for this error:

1.Ensure the Record Exists

One common reason for this error is attempting to update a record that does not exist. For example, the record might have been deleted or was never created in the first place.

Verify that the parent Opportunity record exists before attempting to insert related Opportunity Line Items.

2.Avoid Updating Read-Only Fields

Salesforce has system-managed fields, such as CreatedById, CreatedDate, LastModifiedById, and LastModifiedDate, which cannot be explicitly updated. Ensure that your code does not attempt to modify such fields.

3.Verify User Permissions

Even if the user performing the operation is an admin or has elevated permissions, they might not have the necessary access to modify certain records.

Example:

• The user must have at least Read/Write access to the parent Opportunity to insert related Opportunity Line Items.
• Ensure that sharing rules or manual sharing provide sufficient access to the parent Opportunity record.

4.Consider Sharing Settings

When the class executes without the without sharing keyword, it runs in the context of the running user’s permissions. To resolve this issue securely:

• Create a utility Apex class that only uses without sharing for specific operations where elevated access is required.
• Limit its scope to only the insert operation.

Example:

public without sharing class OpportunityService {
    public static void insertOpportunityWithLineItem(Opportunity opp, OpportunityLineItem oli) {
        insert opp;
        oli.OpportunityId = opp.Id;
        insert oli;
    }
}

Then, call this method from your Visualforce controller with appropriate checks for user context and permissions.

5.Check Sharing Context for Related Records

If Opportunity Line Items are controlled by the parent Opportunity, ensure the user has access to the parent record before inserting related records. Use with sharing to respect the sharing settings and debug user access using:

System.debug('User Has Access: ' + [SELECT Id FROM Opportunity WHERE Id = :oppId LIMIT 1]);

6.Debug Access Rights

If the issue persists, enable debug logs for the user and analyze the permissions-related checks Salesforce performs during the operation.

By carefully reviewing these factors and adopting secure coding practices, you can resolve the issue without compromising the application’s security or user access controls.

Master Salesforce Skills with Expert Training in Pune

Elevate your career with top-notch Salesforce training in Pune! At CRS Info Solutions, we offer comprehensive courses tailored to help you excel in the Salesforce ecosystem. Whether you’re starting fresh or enhancing your existing skills, our programs cover Salesforce Admin, Developer, and AI modules with a real-time project-based approach.

Our industry-expert trainers provide hands-on learning and practical experience to prepare you for real-world challenges. Salesforce Course From personalized mentorship to detailed class materials, certification guidance, and interview preparation, we ensure you’re fully equipped to land your dream Salesforce role.

Take the first step toward a thriving Salesforce career. Enroll now and join our free demo session to begin your journey to success!!!