+ Start a Discussion

Authentication Portal User




I created an  Authenticated Website User License.

While creating  this User License I found in the profile that only 

Standard Object Permissions is to "Document" only.

There was no permission to other Standard Object like Contact,Account.


To test this I created a VF page called 'My Page' which inserts a record to the Contact.

The user after login 'My Page' is displayed and when the button in the 'My Page' is clicked

a new Contact record is created.


I am very much surprised that in profile there is no permission for Contact,

but Authenticated Website User was able to create a new record in the Contact....!








A custom controllers makes the code in your Visualforce page to run entirely in system mode, which does not enforce the profile-based permissions and field-level security of the current user.

You have said you were able to to create a "Contact" using your Visual Force Page , the above mentioned fact must have allowed you create it.

Did this answer your question? If not, let me know what didn't work, or if so, please mark it solved.




Thanks for your great time.


As you said the restrictions are allowed only in  CRM User Interface screens right ???

Yesterday I was able to Update the Account records,that's was success.

When I tired to create a new record/account in the Account Object got the following error


OP_WITH_INVALID_USER_TYPE_EXCEPTION, Operation not valid for this user type: []










I too am having this problem - is there a known solution to this issue?


2012, and this issue still exists. It's very confusing as it was my understanding that custom controllers that run "without sharing" run in the system context. It's unclear whether this is a bug or an intended restriction on this type of license.


It's helpful to know that updates and creation of contacts work. I've tried creating accounts several differernt ways from the customer portal, none seem to work. The only thing left  to try is a database trigger.


If any staff end up reading this, I want to make it clear that I'm not trying to usurp restrictions on a lower cost license. For my company's use case, we let prospective customers self-register, creating portal accounts to try our product, and lump all their contacts in an unconverted customers account, when they decide to become paying customers they each need their own account for billing. I don't want to create all those accounts at registration, or it's going to be a big mess for our CSRs to sort through.


Hey Carlz, How did you end up working around your problem?




I've got the same issue. Please someone help from force.com team.


It is impossible to create Accounts, from any context including trigger, with this user license type; however, the public/guest user can create Accounts.


If what you want is for each user to have their own Account instead of being linked to a single generic portal acount you can look at this http://wiki.developerforce.com/page/ExampleApexCustomerPortalUser to get a rough idea and incorporate it with the auto-generated SiteRegister.  It is awkward, to say the least.  You actually have to create the User asynchronously, so you don't get any feedback if it fails.  You won't be able to automatically log the user in, because of the asynchronous create. Instead, you can just display a message to them that they will be gettting an email.