function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Biljana Miceva 7Biljana Miceva 7 

EmailMessage object permissions problem: the user does not see incoming emails


We have a custom EmailService for inbound messages written in apex, which is processing Inbound email messages and then showing them in a lightning component.
The type od the received email object is EmailMessage. On the production org, when the system administrator is logged in, he sees all the needed incoming emails (the component is showing them as it should be, querying also works). It all worked well in our sandbox though.
The problem is when the user is logged in. The component does not show any emails and they are not visible also by querying. The problem is I suppose with some permissions, but the EmailMessage object in our org is not customizable when it comes to permissions (everything is set to default and is not changeable). The user has a company community licence. Any help or suggestion would be greatly appreciated.
Best Answer chosen by Biljana Miceva 7
GauravGargGauravGarg
Hi Biljana,

As you written, Email's are creating from emailService i.e. from system level user. While all the components in lightnings are derived from Logged-in User permissions. 
  1. So, you need to modify controller and add "without sharing"  keyword. 
  2. Now, query EmailMessage's which are relevant for particular logged in user, based on filter criteria. 
  3. Display these in component. 

Hope this help!


Thanks,

Gaurav
skype: gaurav62990
 

All Answers

GauravGargGauravGarg
Hi Biljana,

As you written, Email's are creating from emailService i.e. from system level user. While all the components in lightnings are derived from Logged-in User permissions. 
  1. So, you need to modify controller and add "without sharing"  keyword. 
  2. Now, query EmailMessage's which are relevant for particular logged in user, based on filter criteria. 
  3. Display these in component. 

Hope this help!


Thanks,

Gaurav
skype: gaurav62990
 

This was selected as the best answer
Waqar Hussain SFWaqar Hussain SF
Are you using Email-to-Case or Enhanced Email functionality?
Actually EmailMessage is only available for organizations that use Email-to-Case or Enhanced Email, which is automatically enabled for most customers.


Regarding the Community user license. 
Community users have read access to EmailMessage if the value for the ParentID field is associated with a case. Otherwise, access is determined by sharing access of the associated task.
Biljana Miceva 7Biljana Miceva 7
Thank you so much for the effort. Yes, adding without sharing really solved the problem.
Now the email messages are appearing in the component. Another  issue was raised, because I have a button to custom delete the email and when I try to do that, debug log is giving me the following error: Delete failed. First exception on row 0 with id 02s5800000H2kFHAAZ; first error: INSUFFICIENT_ACCESS_OR_READONLY, insufficient access rights on object id: [].
GauravGargGauravGarg
Yes, Deleting a reord in salesforce require one of the following permissions:
  1. Record ownership
  2. Delete Permission on particular object
  3. Modify All access. 

While here, the user isn't having any one. To delete a particular record you need to run the class with "without sharing" or I say admin permissions. 

Thanks,

Gaurav
Skype: gaurav62990

Biljana Miceva 7Biljana Miceva 7
Yes Gaurav :), I changed also this class and added without sharing. Then I tried and the error still appears. Thanks a lot! 
GauravGargGauravGarg
can you show me your error. 
Biljana Miceva 7Biljana Miceva 7
This is the error:
Delete failed. First exception on row 0 with id 02s5800000H2kFHAAZ; first error: INSUFFICIENT_ACCESS_OR_READONLY, insufficient access rights on object id: []
And I am only trying to delete an EmailMessage object.
GauravGargGauravGarg
can you share the code?
Biljana Miceva 7Biljana Miceva 7
I am sorry I can not share the code. The method is really simple, it just receives a String in order to convert between email Message and JSON, then it creates an EmailMessage object by deserializing the received string and then it tries to delete that EmailMessage object. That is it. 
GauravGargGauravGarg
I got your point, and thanks for making it clear. 

As far I know, by adding "without sharing" keyword on a class should work for you. 

You can also, try using @future method but this is another thing. Just in-case it helps. 

THanks,
Gaurav
skype: gaurav62990
Biljana Miceva 7Biljana Miceva 7
Yes Gaurav, I have the without sharing in the class definition but it seems that does not help. The error is this: 
EXCEPTION_THROWN|[9]|System.DmlException: Delete failed. First exception on row 0 with id 02s5800000He3ktAAB; first error: INSUFFICIENT_ACCESS_OR_READONLY, insufficient access rights on object id: [] 
Thank you so much for your help. I appreciate it :)
Anna Proviz 16Anna Proviz 16
Hi Biljana Miceva 7,

Are you found a solution to your problem "INSUFFICIENT_ACCESS_OR_READONLY"? I have the same issue.

Thanks in advance.
Clemens Kappelhoff 11Clemens Kappelhoff 11
Hello,
I've run into the same issue: migrated email are visible for administrators, but not for normal users.

I've checked:
- EmailMessage.RelatedToId
- EmailMessageRelation.RelationId (with RelationTypes FromAddress and ToAddress)
- Task.WhoId
- Task.WhatId
- TaskRelation.RelationId
- TaskWhoRelation.RelationId

All of these values are equal to emails, sent via Salesforce, but the migrated emails are not visible for normal users, whereas emails send via Salesforce are visible.

Did you find a solution for your INSUFFICIENT_ACCESS_OR_READONLY error, or do you have ideas, what to check?

Thanks in advance.
Tracie Wood 15Tracie Wood 15
Hello Clemens,

Have you found an answer to this question of access?  I can read the email fine as it is associated with an account and shows up in the Activity timeline but other users cannot open the email even though they see it there.  I would love to know how to allow other users read access (at least) to this email.  

I loaded all of the historical emails via DataLoader into the EmailMessage object.

Thank you in advance for your answer. 
SabrentSabrent

Did anyone find an answer to this ? 

Just as mentioned above users can read the email fine as it is associated with an account and shows up in the Activity timeline but users cannot open the email even though they see it there.  I would love to know how to allow other users read access (at least) to this email if they are not the opwner of the record.   

 

 

 

Akash Jadhav 31Akash Jadhav 31

Hi 
Did you find any solution to your problem in my case I have an automated email trigger to client on Account which will run in system context I have written a trigger on Task to change the owner to user who is supposed to view the email message record.

But facing the same issue user is able to view the email on activity tab but user is unable to open the record.

Thank you in advance for the answer

Usuario MigraciónUsuario Migración
Hi, you have to create with Status = 3 (Send) and everybody will see it