function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
piyush parmarpiyush parmar 

INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY, insufficient access rights on cross-reference id:[]

HI,

I need ur help !!

I am getting error INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY, insufficient access rights on cross-reference id:[] Trigger.ShareOperatingUnits:  when test code covereag.

 

Test class ::

private class TestNewWorkOrder {

    static testMethod void myUnitTest() {
        User usr1 = [select id, Name, ProfileId  from User where Profile.Name = 'System Administrator' limit 1 ];
        System.runAs(usr1) {  
        Object__c ou = new Object__c();
        ou.Branch_Manager__c = UserInfo.getUserId();
        ou.Name = 'Test';
        insert ou;
     }

}

 

After insert Trigger::

trigger ShareOperatingUnits on Object__c (after insert, after update) {
    List<Object__Share> ouShareList = new List<Object__Share>();

    for(Object__c ou: Trigger.New) {
        Object__Share ouShare = new Object__Share();
        ouShare.ParentId  = ou.Id;
        ouShare.UserOrGroupId = ou.Branch_Manager__c;
        ouShare.AccessLevel = 'Read';
        ouShareList.add(ouShare);
        allOUids.add(ou.id);
    }

   insert ouShareList;   // HERE I M GETTING ERROR

}

 

Please tell me what i done wrong .

I think i need to make some changes on object side my trigger is working fine but getting prblm for test coverage .

Please help me !!

 

Many Thnks In Advance

 

Piyush

Best Answer chosen by Admin (Salesforce Developers) 
Imran MohammedImran Mohammed

The error is basically coming due to sharing the inserted record back with the owner of the record who has full permissions on it.

 

If you see while creating the record, the logged in user is the owner as well as Branch Manager of the record. Then in the trigger its again shared back with the Branch Manager who is the owner of the record.

Basically, you cannot restrict the access to the owner of a record.

 

I will suggest you to create a user and assign it to Branch Manager and then insert it. In the trigger share it with UserInfo.getUserId().

Let me know if you have  any questions.

All Answers

_Prasu__Prasu_

Its due to insufficent rights on the specific record which getting fetched.

 

Did you tried adding Test.Start() and Test.Stop() in the test method?

piyush parmarpiyush parmar

Thnx    eprasu

 

Yes, u r right  but i am using System.runAs(System Administor) and System Administor has all rights .

 

_Prasu__Prasu_

Is that package marked as deployed after instalation? I think this may be the case its not giving the dml rights.

piyush parmarpiyush parmar

Hi Prasanna,

 

Thanx for ur reply,

I am not getting ur solution.

I am simply create class and on trigger for sharing and i writting test class .

My trigger work perfect .

 

Thnx

Piyush

_Prasu__Prasu_

Opps! My bad I was posting that in another thread.

 

 

piyush parmarpiyush parmar

Hi Prasanna,

 

No problem :smileyhappy:

 

Thx

Piyush

dmchengdmcheng

You can also get this error if you assign an ID value of a different object type.  For example, if you try to assign a contact ID value to an account lookup field.

Shashikant SharmaShashikant Sharma

Hi,

 

INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY, insufficient access rights on cross-reference id:[] this error comes when you action ( like insert , update ) any record having a reference to some other record of refeenced object. and If you do not have right to perform that action on the referenced Object . Please check such reference first and assign Modify All right once for testing. If it does not work please ask.

Imran MohammedImran Mohammed

The error is basically coming due to sharing the inserted record back with the owner of the record who has full permissions on it.

 

If you see while creating the record, the logged in user is the owner as well as Branch Manager of the record. Then in the trigger its again shared back with the Branch Manager who is the owner of the record.

Basically, you cannot restrict the access to the owner of a record.

 

I will suggest you to create a user and assign it to Branch Manager and then insert it. In the trigger share it with UserInfo.getUserId().

Let me know if you have  any questions.

This was selected as the best answer
Imran MohammedImran Mohammed

One more question, Are you testing  this in developer edition?

Roger WickiRoger Wicki
I receive the same error.
I create a Sys Admin user and a standard user. For every user I run through the process of creating every object: From Account over Contact, Opportunity and Attachment. The Attachment is the one I want to test on and it is also the one throwing the error.

Generally the idea is that if an opportunity is in certain stages, certain profiles should no longer be able to:
  • edit fields (controlled by Page Layout & record type)
  • insert / update / delete (/ undelete) Attachments, Line Items and records of a custom object.
This is my test class. I use Constructor-like classes for my most used Objects in SF ("%Creator") which return a list<sObject> each.
Over a custom permission I grant the right to bypass the restriction I'm testing (and trying to catch with the "FIELD_CUSTOM_VALIDATION_EXCEPTION"). Accounts, Opportunities, Contacts, etc. have OWD private:
static testMethod void attTestInsert()
{
	System.assert(UserCreator.setProfile('System Administrator'));
	list<User> users = UserCreator.getUsers(1, 'admin');
	System.assert(UserCreator.setProfile('Personal'));
	users.addAll(UserCreator.getUsers(1, 'personal'));
	System.assert(UserCreator.setProfile('Kundenbetreuung'));
	users.addAll(UserCreator.getUsers(1, 'clientconsultant'));
	System.assert(UserCreator.setProfile('Sales'));
	users.addAll(UserCreator.getUsers(1, 'sales'));
	
	PermissionSet oppStagePerm = [ SELECT Id FROM PermissionSet WHERE Name = 'Opportunity_Stage_Permission' LIMIT 1 ];
	list<PermissionSetAssignment> oppStagePermAss = new list<PermissionSetAssignment>();
	set<Id> assignees = new set<Id>();
	
	System.runAs(new User(Id = UserInfo.getUserId()))
	{
		insert users;
		for ( User u : users )
		{
			if ( u.UserName.contains('personal') || u.UserName.contains('admin') )
			{
				oppStagePermAss.add(new PermissionSetAssignment(AssigneeId = u.Id, PermissionSetId = oppStagePerm.Id));
				assignees.add(u.Id);
			}
		}
		insert oppStagePermAss;
	}
	
	map<String, Id> recTypeMap = ArcUtil.getRecTypeMap('Opportunity');
	
	for ( User u : users )
	{
		System.runAs(u)
		{
			Account acc = AccCreator.getAccs(1, 'oppStageProtection_Acc').get(0);
			System.assert(AccCreator.setRecType('Event'));
			Account aFair = AccCreator.getAccs(1, 'oppStageProtection_Fair').get(0);
			insert new list<Account>{ acc, aFair };
			
			Contact con = ContactCreator.getContacts(1, 'Cave', new set<Id>{ acc.Id }).get(0);
			insert con;
			
			OppCreator.setOwner(u.Id);
			list<Opportunity> opps = OppCreator.getOpps(5, 'oppStageProtection_goOpp', new set<Id>{ acc.Id } );
			OppCreator.setConditional(true);
			OppCreator.setBarterContact(con.Id);
			OppCreator.setForTheAttentionOf(con.Id);
			OppCreator.setPartner(aFair.Id);
			OppCreator.setRecType('yes Opportunity');
			OppCreator.setStage('yes new');
			opps.addAll(OppCreator.getOpps(5, 'oppStageProtection_yesOpp', new set<Id>{ acc.Id }));
			insert opps;
			set<Id> oppIds = new set<Id>();
			for ( Opportunity opp : opps )
			{
				oppIds.add(opp.Id);
			}
			
			list<Attachment> atts = AttCreator.getAtts(2, 'oppStageProtection_Att', oppIds);
			
			if ( !assignees.contains(u.Id) )
			{
				try
				{
					insert atts;
				}
				catch(System.dmlException e)
				{
					System.assert(e.getDmlType(0) == StatusCode.FIELD_CUSTOM_VALIDATION_EXCEPTION);
				}
				finally
				{
					for ( Opportunity opp : opps )
					{
						opp.RecordTypeId = recTypeMap.get('go Opportunity');
						opp.StageName = 'go to be contacted';
						opp.OwnerId = u.Id;   // Does not have influence on the error appearing.
					}

                    // Does not have influence on the error appearing.
					System.runAs(users.get(0)) // users.get(0) is a System Administrator
					{
						System.assert(users.get(0).UserName.contains('admin'));
						update opps;
					}
					
					insert atts;
				}
			}
			else
			{
				insert atts;
			}
		}
	}
}
The error is thrown in the "finally" block with the "insert atts" statement. This block I only have to make a test that should succeed because the prerequisites are present.

The idea of the if-else block around the try block is, if the user has the custom permission, he can safely insert the attachments without fearing any errors (does work), while users without the permission should receive the error message (works as well). After that error message I want to adjust the conditions under which the user inserts the attachments by setting it to a "go Opportunity" and a go-stage.

Any hints appreciated.
Rajesh Kumar 257Rajesh Kumar 257
Hi Every one I have fatched same problem in flow.
Rajesh Kumar 257Rajesh Kumar 257
How to fixed System Error: UPDATE --- UPDATE FAILED --- ERRORS : (INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY) insufficient access rights on cross-reference id,User-added imageUser-added image

please provide me solution 
Rajesh Kumar 257Rajesh Kumar 257
I have checked and assign permission user profile and this flow is working fine on sandbox but problem is that portal.
Santosh Boms 5Santosh Boms 5
hi @rajesh : Can you please elaborate how you've fixed this, I can't make out which permission you've assigned in the profile. 
NickCANickCA

For others looking for an answer to a similar problem that throws this error, I realized that when I was in my Sanbox environment, somehow some Lookup IDs from our Production instance had been copied over, but obviously you're not allowed to refer to something in Production from the Sandbox since there has to be a unique record in the Sandbox. 

That said, ensure that you're not using IDs for records from your Production instance anywhere in your process or that none of the Objects you're attempting to insert or update have any IDs that refer to or lookup something in your Production instance.

Calin Constantin BostanCalin Constantin Bostan
Hi all,
I have the same problem on a custom object "Minutes', the error appears is the status is set on "Final version", and afterward you change it back to "Draft" and try to add attendees & distribution. If you add them from the begining there is no problem/error.
The user has rights to create this type of record, he created it before.
User-added image
In the error message there are 2 classes mentionated:
1. "ClsManageMinutesUtil" - line 375:
User-added image
2. "ExtManageMinutes" - line 1190
User-added image

Do you have any idea how to correct this, so an user is able to change the status from final version back to draft and be able to add attendees & distribution.

Thank You,
Calin B.