function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion


I created an escalation form and in it there is the ability to attach files it uses a custom controller and VF page. This works fine for all of our onsite users (users that don't need to authenticate / do the challenge user email), all profiles, they can attach files to the form/case without any issues.  But 2 of our user profiles, if they are offsite, get this error when trying to attach files:


System.DmlException: Insert failed. First exception on row 0; first error: INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY, insufficient access rights on cross-reference id: []


and i looked up the error:



    An operation affects an object that is cross-referenced by the specified object, but the logged-in user does not have sufficient permissions on the cross-referenced object. For example, if the logged-in user attempts to modify an account record, that user might not have permission to approve, reject, or reassign a ProcessInstanceWorkitem that is submitted after that action.


But like I said these same users/user profiles ARE able to attach files through my form when logging in 'onsite'.I tried to compare the the the difference between the profiles but since there is no easy way to do that its going to take me a while.


Does anyone know what permissions/security could be affecting this?



I'm suspicious of network location (onsite Vs. remote) having anything to do with this.  This seems like a profile issue.  If this only happens on two particular profiles, can you compare the profile permissions against a working profile and determine the difference?  I would also look at Sharing Rules and differences in the users' Roles.


If you turn on Apex debugging, you should get a stack trace with a more detailed error on exactly where the code is failing.


I agree it is a Profile issue, but it only occues when thouse 2 profile's are logging in from on off-site computer.When they log in on an on-site computer it works for them fine.


Since there is no easy way to 'diff' profiles i have been skimming though trying to find out why. I also open a ticket with our pamire support, and they looked into it and had to escalate to the next teir of support lol.


I will look at the sharing rules and try debugging agian in the mean time :-) thanks!