Skip to content

How to Resolve Insufficient Access Rights on Cross-Reference Id Error in Salesforce?

How to resolve Insufficient Access Rights on Cross-Reference Id error in Salesforce?

INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY, insufficient access rights on cross-reference id:[] error is one of the most frequently encountered errors in Salesforce. It is also one of the most annoying as it may not provide you with the details of the entity or record which may be causing this error, making it challenging to fix it. Below is a list of some of the common scenarios you may encounter this error.

How to Resolve Insufficient Access Rights on Cross-Reference Id Error in Salesforce?

Scenario 1. When creating a record and attempting to assign it to a new user in the same call

Possible Cause: Create a record first, and in a separate call update the record with a new OwnerId.

Scenario 2. The record type Id is not a valid record type id for the object that is being manipulating

Possible Cause: Correct the Record Type Id. 

Scenario 3. Assign a record to a user who does not have profile access to the record type

Possible Cause: Add profile access to the used record type.

Read More: Assign Record Types and Page Layouts in the Enhanced Profile User Interface 

Business AnalystSalesforce Certified Strategy Designer Badge LogoSalesforce Certified User Experience Designer BadgeSalesforce Certified Associate BadgeSalesforce Certified Administrator LogoSalesforce Certified Sales Representative Badge
Popular Salesforce Certification Guides

Scenario 4. Assign a record to another user but assigning user’s profile does not have access to the record type

Possible Cause: Add Record Type to your user profile.

Scenario 5. Assign a record to a Partner Portal user and the user does not have access to Internal Salesforce

Possible Cause: Add a NetworkScope column including the ID for the Community you are working with.  

Scenario 6. A lead submission invokes an auto-response e-mail notification, but the e-mail template used in the response is contained in a folder to which the user does not have access

Possible Cause: Find which e-mail template is invoked in the auto-response rule; check the folder permissions for the folder that contains this e-mail template; ensure that the user making the API call has permissions to access this folder.

If none of the above scenarios apply to you, then consider any possibility whereby any record associated with your action, referenced directly in the API call or by any resulting trigger / workflow / autoresponse, is accessible by the user making that API call.

Recommended Articles

Share this article...

Please Leave a Comment

error: Content is protected !!

Discover more from DYDC

Subscribe now to keep reading and get access to the full archive.

Continue reading