function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

Apex Sharing Problem - Please Help!

Hello All,


Following is the scenario in question:


1. Account A1 and Custom Object C1 are Master-Detail relationship
2. Organization wide Default setting on A1 is Private
3. Custom Object C1 is controlled by A1
4. There was existing record R1 of type C1 that referenced A1 (relationship id). Record owner is User U1
5. User U2 was required to update record C1 including associated referenced field
6. Trigger T1 (before update) on Custom Object C1 created AccountShare A1 with EDIT privilege granted to User U2
7. User U2 updated record R1 in step 2 including associated relationship field (A1) Id
8. Received below error


Update failed. First exception on row 0 with id a1LV00000007KIaMAM; first error: INSUFFICIENT_ACCESS_OR_READONLY, insufficient access rights on object id: []"


Please note that it was not possible to share record R1 in step 4 at creation time (after insert) because at the time User U2 did not exists on the system. Therefore the trigger in Step 6 was created after the fact and designed to share record C1 with User U2 just before the latter updates the record. Though not sure if this is the correct solution since an error was encountered.


Can someone please let me know what is wrong with this solution and how to resolve the issue.


Thanks in advance,





You are getting this error because you don’t have right to change the Account Id since it is private. Hence you have to make the sharing rule for Account in which you have to share either all account which user2 or specific account with user2 using criteria based sharing or based on group shairing. So try to make the sharing rule for Account so that user2 have rights on user1 Accounts then you will be able to do this.


Did this answer your question? If not, let me know what didn't work, or if so, please mark it solved. 

Thank you S Jain for your reply. I did create a trigger-based sharing rule on Account for user U2 in step 6 of my original post. The trigger was designed to fire before update of record R1. However, it appears the error prevented successful execution of the trigger. I'm not sure this is the correct approach or not for dynamically sharing Account record with Apex. Any thoughts?


Why you don’t use criteria based sharing for Account Sharing instead of Trigger. For example just take a hidden field with type Checkbox. So whenever that’s value is true share that record with user2, the simplest approach.


Did this answer your question? If not, let me know what didn't work, or if so, please mark it solved.