+ Start a Discussion
Julio HenriquezJulio Henriquez 

insufficient access rights on cross-reference id



I'm trying to create a couple share records for a custom object we have. To be more especific, I'm using a trigger (after insert) to take CustomObject being created, execute some logic to get a list of User objects and give access to those users using CustomObject__Share.


For instance:


User[] users /* = Execute logic to get a list of users. */


for(User user : users) {
                insert new CustomObject__Share(ParentId = Trigger.new[0].Id,
                                                    UserOrGroupId = user.Id,
                                                    AccessLevel = 'Read'


But everything runs smoothly until it yeilds "insufficient access rights on cross-reference id" when I'm about to insert my new CustomObject__Share instance. I've been searching for information regarding this exception, but every effor until now has been fruitless, this error is not very much self-describing.


Could somebody help me by explaining the meaning of this exception in this context?

Where should I looks about where to solve this issue?

Rajesh SriramuluRajesh Sriramulu



This error is mainly that the user which having profile is not having the sufficient  rights so change the user's profile and role which having the rights to insert records.


Just FYI...I wrote a custom controller for our Customer Portal to enable portal users to create a custom objects (let's call it Foo__c) and I needed to add sharing rules (Foo_Share) programatically to these objects (primarily so customer portal users could download attachments from the Foo__c records). However, I was getting the error originally because my controller was defaulting the Owner to the Customer Portal user that was triggering the custom object creation.


Even though the Customer Portal user profile had read, create, and edit permissions on the Foo__c object - and even with explicitly setting my controller and supporting classes to "without sharing" -  a Foo_Share could not be created with a Customer Portal user as the Owner. I was able to get around this by setting the Owner of the custom object to an "integration user" (a standard Salesforce user w/the appropriate permissions).


It would be helpful if the default behavior was that if a profile has create rights on an object, that it also gets create rights on the object_share (regardless of user license type), IMHO. 


Maybe I missed some other trick?