+ Start a Discussion
Biljana Miceva 7Biljana Miceva 7 

EmailMessage object permissions problem: the user does not see incoming emails


We have a custom EmailService for inbound messages written in apex, which is processing Inbound email messages and then showing them in a lightning component.
The type od the received email object is EmailMessage. On the production org, when the system administrator is logged in, he sees all the needed incoming emails (the component is showing them as it should be, querying also works). It all worked well in our sandbox though.
The problem is when the user is logged in. The component does not show any emails and they are not visible also by querying. The problem is I suppose with some permissions, but the EmailMessage object in our org is not customizable when it comes to permissions (everything is set to default and is not changeable). The user has a company community licence. Any help or suggestion would be greatly appreciated.
Best Answer chosen by Biljana Miceva 7
GauravGargGauravGarg
Hi Biljana,

As you written, Email's are creating from emailService i.e. from system level user. While all the components in lightnings are derived from Logged-in User permissions. 
  1. So, you need to modify controller and add "without sharing"  keyword. 
  2. Now, query EmailMessage's which are relevant for particular logged in user, based on filter criteria. 
  3. Display these in component. 

Hope this help!


Thanks,

Gaurav
skype: gaurav62990
 

All Answers

GauravGargGauravGarg
Hi Biljana,

As you written, Email's are creating from emailService i.e. from system level user. While all the components in lightnings are derived from Logged-in User permissions. 
  1. So, you need to modify controller and add "without sharing"  keyword. 
  2. Now, query EmailMessage's which are relevant for particular logged in user, based on filter criteria. 
  3. Display these in component. 

Hope this help!


Thanks,

Gaurav
skype: gaurav62990
 

This was selected as the best answer
Waqar Hussain SFWaqar Hussain SF
Are you using Email-to-Case or Enhanced Email functionality?
Actually EmailMessage is only available for organizations that use Email-to-Case or Enhanced Email, which is automatically enabled for most customers.


Regarding the Community user license. 
Community users have read access to EmailMessage if the value for the ParentID field is associated with a case. Otherwise, access is determined by sharing access of the associated task.
Biljana Miceva 7Biljana Miceva 7
Thank you so much for the effort. Yes, adding without sharing really solved the problem.
Now the email messages are appearing in the component. Another  issue was raised, because I have a button to custom delete the email and when I try to do that, debug log is giving me the following error: Delete failed. First exception on row 0 with id 02s5800000H2kFHAAZ; first error: INSUFFICIENT_ACCESS_OR_READONLY, insufficient access rights on object id: [].
GauravGargGauravGarg
Yes, Deleting a reord in salesforce require one of the following permissions:
  1. Record ownership
  2. Delete Permission on particular object
  3. Modify All access. 

While here, the user isn't having any one. To delete a particular record you need to run the class with "without sharing" or I say admin permissions. 

Thanks,

Gaurav
Skype: gaurav62990

Biljana Miceva 7Biljana Miceva 7
Yes Gaurav :), I changed also this class and added without sharing. Then I tried and the error still appears. Thanks a lot! 
GauravGargGauravGarg
can you show me your error. 
Biljana Miceva 7Biljana Miceva 7
This is the error:
Delete failed. First exception on row 0 with id 02s5800000H2kFHAAZ; first error: INSUFFICIENT_ACCESS_OR_READONLY, insufficient access rights on object id: []
And I am only trying to delete an EmailMessage object.
GauravGargGauravGarg
can you share the code?
Biljana Miceva 7Biljana Miceva 7
I am sorry I can not share the code. The method is really simple, it just receives a String in order to convert between email Message and JSON, then it creates an EmailMessage object by deserializing the received string and then it tries to delete that EmailMessage object. That is it. 
GauravGargGauravGarg
I got your point, and thanks for making it clear. 

As far I know, by adding "without sharing" keyword on a class should work for you. 

You can also, try using @future method but this is another thing. Just in-case it helps. 

THanks,
Gaurav
skype: gaurav62990
Biljana Miceva 7Biljana Miceva 7
Yes Gaurav, I have the without sharing in the class definition but it seems that does not help. The error is this: 
EXCEPTION_THROWN|[9]|System.DmlException: Delete failed. First exception on row 0 with id 02s5800000He3ktAAB; first error: INSUFFICIENT_ACCESS_OR_READONLY, insufficient access rights on object id: [] 
Thank you so much for your help. I appreciate it :)
Anna Proviz 16Anna Proviz 16
Hi Biljana Miceva 7,

Are you found a solution to your problem "INSUFFICIENT_ACCESS_OR_READONLY"? I have the same issue.

Thanks in advance.
Clemens Kappelhoff 11Clemens Kappelhoff 11
Hello,
I've run into the same issue: migrated email are visible for administrators, but not for normal users.

I've checked:
- EmailMessage.RelatedToId
- EmailMessageRelation.RelationId (with RelationTypes FromAddress and ToAddress)
- Task.WhoId
- Task.WhatId
- TaskRelation.RelationId
- TaskWhoRelation.RelationId

All of these values are equal to emails, sent via Salesforce, but the migrated emails are not visible for normal users, whereas emails send via Salesforce are visible.

Did you find a solution for your INSUFFICIENT_ACCESS_OR_READONLY error, or do you have ideas, what to check?

Thanks in advance.