function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Glenn WeinsteinGlenn Weinstein 

S2S Connection Owner cannot insert share records via Apex trigger

Ran into an interesting Salesforce-to-Salesforce (S2S) problem I thought I'd share - it appears the S2S Connection Owner cannot insert share records via Apex trigger.

 

We have S2S configured in our org to receive Case records from another org.  Separately, we have a Case trigger to insert a custom "Performance Rating" object record anytime a Case is closed (to rate the owner).  This, in turn, fires a Performance Rating trigger to share the newly inserted record with the Case owner.

 

It all works fine normally.  But when a Case is closed via S2S connection, the Performance Rating trigger is failing with an INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY exception.  Apparently, the S2S Connection User isn't being allowed to insert  the new Performance_Rating__Share record.  The error occurs on the last line in the trigger below:

 

Trigger shareWithRelatedRecordOwner on Performance_Rating__c (after insert, after update) {
  List<Performance_Rating__Share> prShareList = new List<Performance_Rating__Share>();
  for (Performance_Rating__c pr : Trigger.new) {
    if(pr.Related_Record_Owner__c != null) {
      Performance_Rating__Share prShare = new Performance_Rating__Share();
      prShare.ParentId = pr.Id;
      prShare.UserOrGroupId = pr.Related_Record_Owner__c;
      prShare.AccessLevel = 'read';
      prShare.RowCause = Schema.Performance_Rating__Share.RowCause.Related_Record_Owner__c;
      prShareList.add(prShare);
    }
  }
  insert prShareList;
}

 Note that "with sharing" isn't coming into play here, so I believe the trigger should be running in system (aka "god") mode, and it really shouldn't matter who the running user is.

 

My theory is that we're hitting some odd bug related to the S2S Connection User.  In my view, this trigger should always work - it shouldn't fail just because it's being invoked as the result of an update made to a record via S2S.

 

Our quick & dirty workaround was to simply put a try/catch around the insert, and eat the error.  But wow, that is an unsatisfying resolution (and it results in the new record NOT being shared with the original Case owner, per the intent of the trigger).

 

I'd welcome any alternate theories.

 

 

 

 

Ashish_SFDCAshish_SFDC
Hi Glenn,

See the blog post on S2S and apex in the below link, 

http://dimmys.blogspot.in/2012/10/work-with-salesforce-to-salesforce-s2s.html

Regards,
Ashish
Glenn WeinsteinGlenn Weinstein
Thanks Ashish, but I'm afraid I fail to see the connection.  I read through that blog, and I don't see how it addresses the issue I've outlined in my post.  Maybe I'm missing it?  Would you be so kind as to explain a bit further?
Ashish_SFDCAshish_SFDC
Hi Glenn, 

As per my research, this is not possible to use S2S in Apex, for such scenarios the best practice is using a Webservice. 

You can also post an Idea for allowing S2S in API: https://success.salesforce.com/ideaPost

Regards,
Ashish
Glenn WeinsteinGlenn Weinstein
Hi Ashish - to be honest, I don't understand your post.  What, exactly, is "not possible?"  How does "using a Webservice" relate to the issue I've described here?  The issue I've described is that a trigger, when executed as the result of a record update by the S2S connection owner, is unable to insert a sharing record.  What "Webservice" are you proposing that I write?  What "research" are you referring to?
Ashish_SFDCAshish_SFDC
Hi Glenn, 

See the below, states why God mode isnt working, can help. 

http://www.tgerm.com/2011/03/trigger-insufficient-access-cross.html

Regards,
Ashish
Glenn WeinsteinGlenn Weinstein
Hi Ashish - I appreciate your well-meaning attempts to contribute to this conversation, but at this point you are just throwing out links.  I'm quite familiar with the blog post from Abhinav Gupta that you referenced, but unfortunately it doesn't apply to the issue I've laid out.  At this point, I think I'll decline to respond further unless you (or someone) can provide some specific suggestions that directly address the issue I've carefully outlined.  Thanks.
AneeshaAneesha
S2S Connection user has access to only those objects/fields that have been defined in the connection. Is Performance Rating object added to connection? 
Try running the insert part of your code as a system admin user and see if that works.
T4S DemoT4S Demo

We have run into the exact same issue.

Has anyone seen a work around besides a try / catch?