+ Start a Discussion
JoAnn@JCIJoAnn@JCI 

Portal Users need to grant access to other portal accounts and contacts

Partner Portal users need to be able to create, read and update Accounts, grant them Portal Access and create contacts and grant them portal access and potentially delegated admin access to the contacts. 
 
  • Portal Users cannot grant portal access to other accounts. This is a limitation of Salesforce.com
  • When a Portal User creates a record, they are the owner
  • Portal Access cannot be granted if the account is owned by a portal user
  • If record ownership is transferred to an Internal user, the partner user no longer has CRU access 
The solution I came up with is the transfer ownership of the record to the internal JCI user that manages the Partner User Account record, grant portal access to the account, and create a manual share to the record for the Partner User.
 
I’ve verified this will work with clicks, however, that is not a practical solution. I wrote a trigger/handler that transfers the account ownership, assigns portal access and a manual share to the partner user.
 
It works great if I hard code the internal user, however, if I try to dynamically select the user, I’m unable to do it. I’ve narrowed down the issue to be related to the fact that the code is executed in the context of the partner user. Partner users do not have the rights to transfer record ownership and do not have access to the Ownerid’s for the account they belong to so I’m getting a System.QueryException: List has no rows for assignment to SObject error. 
 
I looked into the system.runAs() method, however, this method is restricted to test classes. 

Any ideas for this issue? 
James LoghryJames Loghry
Have you tried using a Communities sharing set to grant access to the Account for the portal user?  https://help.salesforce.com/apex/HTViewHelpDoc?id=customer_portal_sharing_set.htm&language=en_US

If that doesn't work, it sounds like an alternative to the system.runAs could be scheduling a reassingment batch job to get the proper ownership in place.  The batch jobs run in the context of whomever scheduled them, so you should be able to make that work.