+ Start a Discussion
skausskaus 

Insufficient privilege error when updating case owner through apex Trigger

I am facing kind of a similar problem.

 

I have a profile : AFA Help Desk with following features :

1. Manage Cases - check

2. Transfer cases - check

3. Sharing rule based on case record type that grants Read/Write access to the concerned role.

 

Use Case : AFA Help Desk profile user updates a case with a particular status , based on status value , case owner is changed to a different profile.

Error :

You do not have the level of access necessary to perform the operation you requested. Please contact the owner of the record or your administrator if access is necessary.
 
Following points to be noted :
Error comes only when  trying to update via trigger. This user can update owner manually.
Even if trigger code is changed so that case.owner is set to the current owner himself. , it gives the same error.
The class refrenced in trigger is not using with sharing keyword.
Case has private sharing model but has been shared with this users' role via sharing settings.
 
This  issue has left me clueless. Any replies appreciated.
MartinHaagenMartinHaagen

Hi skaus,

 

do you really mean that the case owners profile is changed? If that is the case you need to add rights to modify users to the AFA Help Desk profile as well. 

 

If not, could you post some code so that we can see what you are doing?

skausskaus

Hi Martin,

 

Thanks for your reply. Here is the code :

 

 for(Case newCase:Trigger.new ){
                       
                if(newCase.Status == 'Help Desk - Resolved'){
                    
                    Account caseAccount = [Select id, Finance_Advisor__c,Acct_Status__c from Account where Id = :newCase.AccountId ];
                    System.debug('in help desk resolved status '+caseAccount.Finance_Advisor__c);
 if(caseAccount.Finance_Advisor__c != null)
                    {
                                                                            newCase.OwnerId = caseAccount.Finance_Advisor__c; 
                                                                    
     String recordType;              
       if(caseAccount.Acct_Status__c.contains('FINAID')){
                            
         RecordType rType = [Select id from RecordType where name = 'FA FinAid Case'];
               newCase.RecordTypeId = rType.id;
                        
        }
          else
          {
             RecordType rType = [Select id from RecordType where name = 'FA Non-FinAid Case'];
                           newCase.RecordTypeId = rType.id;
                        }
                    }
                    
                }

 

The main culprit here is this line of code :

newCase.OwnerId = caseAccount.Finance_Advisor__c;

 

Finance Advisor field has a reference to a user whose role and profile is different than case current owner(called help desk user).

Now, really interesting thing is this , when I tested having Finance Advisor  same as current owner , still it gave me this error !!

I tried manage users option as well but no luck.

 

Help desk user has been provided access to all records through sharing rules as well.But not sure if it matters because even when setting the owner to the same user , its giving me same error.

 

MartinHaagenMartinHaagen

Hi skaus,

 

have you checked the field level security of the fields Case.OwnerId and Account.Finance_Advisor__c ?

skausskaus

Yes, I checked them both. They are visible to this profile.

MartinHaagenMartinHaagen

Hi,

 

just make sure that you have given Write access to the OwnerId field (and not only read). 

 

If this is ok, then the issue might be with a linked object (I don't know how you org is setup) but my thought is that when you change the owner of the Case some process will kick in and also try chaning ownership of some other, realted, object. And this is when it failes. Potentially this could be done by a workflow (but may also happend by some other process). 

 

If I where to troubleshoot this I would first.

 

1. Enable debugging and see if I can get anything out of the logs (if it is a WF action you will see it in the logs, but not allways if it is a Salesforce process).

2. Look at all the linked and realted objects. Is any of these changed when you change the case owner in the UI? (Tip: check last modified timestamp).

 

I hope this will bring you closer to the issue!

 

Best regards

skausskaus

thanks a lot Martin for your reply. Your suggestion make a lot of sense. I am still working on this issue.

I am def going to use your suggestion. Will post if I get any success.