function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
DavserDavser 

Sharing Rule: INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY

Hey,
Getting some strange behaviour. I have a trigger that creates sharing rules when an object is created, so that customer portal users can see the object in their portal. Basically the object setup is "User" - "Contact" - "Membership Card". So anytime a membership card is created for a contact, a sharing rule is created so the user can see it via the portal.

This works fine if the new membership card is created by a standard user in SFDC.

However, the portal user has the abilty to create a membership card from a VisualForce page in the portal, and when they do the sharing rule trigger throws up the error: "INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY" on the line where i insert the sharing rule

However I thought that triggers run under the system account?

 

Any help is greatly appreciated

Cool_DevloperCool_Devloper

Have you given the required CRED permissions on the objcect to the portal user profile?

Cool_D

DavserDavser

Yes, have given read and edit access, still with no luck.

 

The 2 entities I'm referencing with the sharing rule insert are membership card and user. Membership card has create and edit. It is not possible to set access for portal users to the user record.

 

Perhaps it isn't possible?

Cool_DevloperCool_Devloper

Yeah, seems to be that only:(

I think the issue is with the sharing rule creation. Even though triggers run in system mode, maybe this is an exceptional behaviour w.r.t Sites!

I don't think you can give more access permissions to the portal user apart from the simple CRED on custom objects!

Cool_D

GuyClairboisGuyClairbois

For anyone stumbling upon this post: pls check if the Portal user might already have access to the record (which is probably the case if the portal user himself creates the record). In that case creating an additional sharing rule will FAIL with above error message.

 

So in the trigger, you'd have to check if the insert is being done by a portal user. If so, don't create the extra sharing rule.