+ Start a Discussion


Getting some strange behaviour. I have a trigger that creates sharing rules when an object is created, so that customer portal users can see the object in their portal. Basically the object setup is "User" - "Contact" - "Membership Card". So anytime a membership card is created for a contact, a sharing rule is created so the user can see it via the portal.

This works fine if the new membership card is created by a standard user in SFDC.

However, the portal user has the abilty to create a membership card from a VisualForce page in the portal, and when they do the sharing rule trigger throws up the error: "INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY" on the line where i insert the sharing rule

However I thought that triggers run under the system account?


Any help is greatly appreciated


Have you given the required CRED permissions on the objcect to the portal user profile?



Yes, have given read and edit access, still with no luck.


The 2 entities I'm referencing with the sharing rule insert are membership card and user. Membership card has create and edit. It is not possible to set access for portal users to the user record.


Perhaps it isn't possible?


Yeah, seems to be that only:(

I think the issue is with the sharing rule creation. Even though triggers run in system mode, maybe this is an exceptional behaviour w.r.t Sites!

I don't think you can give more access permissions to the portal user apart from the simple CRED on custom objects!



For anyone stumbling upon this post: pls check if the Portal user might already have access to the record (which is probably the case if the portal user himself creates the record). In that case creating an additional sharing rule will FAIL with above error message.


So in the trigger, you'd have to check if the insert is being done by a portal user. If so, don't create the extra sharing rule.