function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
Carrie SchoenvogelCarrie Schoenvogel 

Trigger Assigns Case Owner but sales roles receive Insufficient Privileges when creating a case

Hello,

 

I am hoping someone can help me with 2 issues I am having with the trigger below.  Any help or guidance would be greatly appreciated. 

 

1)       Help with code coverage – I’m a System Admin.  I know I need to have code coverage and mine is showing 0% in the sandbox.  I am not sure what to do and am hoping for some guidance on this.   

2)       A way around sharing rules due to a “Private: Grant Access Using Hierarchies” model (details below).

 

We have a custom field on accounts called "Account Manager" ( Account_Manager__r.Id ).  This is the Client Services Account Manager who handles an account in addition to the Account Owner (account owner is usually the Sales Rep).  The custom field called "Account Manager" is a Lookup to User object field and could be EITHER a USER, a QUEUE or it could also be BLANK.  I am creating a client services cases model (which is the record type '012R00000004tyC' you see below). 

 

The trigger assigns a case according to the following logic:

  • IF THE ACCOUNT MANAGER CUSTOM FIELD ON ACCOUNT OBJECT IS NOT NULL > THEN ASSIGN CASE TO ACCOUNT MANAGER (this might be a USER or a QUEUE)
  • IF THE ACCOUNT MANAGER CUSTOM FIELD ON ACCOUNT OBJECT IS NULL > THEN ASSIGN CASE TO THE CASE CREATOR

 

Sharing rules issue – Cases are on a “Private: Grant Access Using Hierarchies” model.  The issue falls specifically around our sales users.  If a sales user tries to create a case, they receive the Insufficient Privileges system error. 

After testing, I found:

  • The sales user CANNOT create a case if they are NOT the account manager (client services custom field) but they ARE the account owner AND contact owner.  The reason it is NOT allowing them to create the case in this situation is because the trigger is assigning the case to the Account Manager (that is not the current user/sales rep) right before the final SAVE happens and then telling them that they don’t have sufficient privileges due to the sharing rules.  For accounts with account managers, the trigger logic is to assign the case to the account manager (client services) – the account manager field will NEVER be the sales rep.
  • The sales user CAN create a case if I assign them as the account manager (client services custom field) – However, in our everyday process, this would never happen because they are the sales rep (account owner)… not the Account Manager (client services).  The reason it is allowing them to create the case in this situation is because the trigger is assigning the case to the sales rep as the owner and giving them the rights to the case.
  • In addition, the sales user CAN also create a case if the Account Manager field is blank.  The reason it is allowing them to create the case in this situation is because the trigger is assigning the case to the sales rep as the owner and giving them the rights to the case (because the logic is to assign BLANK account managers to the case creator).

 

Since our model is private, we can usually get around this on cases by setting up sharing rules.  Most of our other case models assign newly created cases to a QUEUE.  Unfortunately, in this case model, it is assigning the case to multiple possibilities: either the account manager (might be user or queue) or the case creator.  I am not able to setup a sharing rule to cover all of the possibilities needed without completely opening up the sharing model and this is not the desired solution. Is there some kind of tweak I can make to the trigger that will alleviate this issue?   Also WITHOUT using CASE TEAMS?

 

 

 

trigger caseToAM on Case (before insert) {

   Set<ID> accountIDs = new Set<ID>();

  

   for (Case c : trigger.new) {

      //build a set of unique account ids associated to the case(s) being created

      if (c.AccountId != null && c.RecordTypeId == '012R00000004tyC') {

         accountIDs.add(c.AccountId);

      }

     

   }

   //get the account manager id for all accounts affected

   List<Account> lAccounts = [SELECT Id, Name, Account_Manager__r.Id FROM Account WHERE Id in :accountIDs];

  

   //loop through the cases again and assign the account manager to the case

   for (Case c : trigger.new) {

      //change the owner to the account manager

          for (Account a : lAccounts) {

            if (c.AccountId == a.Id) {

        if(a.Account_Manager__r.Id != NULL)

                 c.OwnerId = a.Account_Manager__r.Id;

        else

                 c.OwnerId = UserInfo.getUserId();

            break;

          }

      }

     

   }  

  

}