How to resolve Insufficient Access Rights on Cross-Reference Id error in Salesforce?
- Scenario 1. When creating a record and attempting to assign it to a new user in the same call
- Scenario 2. The record type Id is not a valid record type id for the object that is being manipulating
- Scenario 3. Assign a record to a user who does not have profile access to the record type
- Scenario 4. Assign a record to another user but assigning user’s profile does not have access to the record type
- Scenario 5. Assign a record to a Partner Portal user and the user does not have access to Internal Salesforce
- Scenario 6. A lead submission invokes an auto-response e-mail notification, but the e-mail template used in the response is contained in a folder to which the user does not have access
INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY, insufficient access rights on cross-reference id:[] error is one of the most frequently encountered errors in Salesforce. It is also one of the most annoying as it may not provide you with the details of the entity or record which may be causing this error, making it challenging to fix it. Below is a list of some of the common scenarios you may encounter this error.
Scenario 1. When creating a record and attempting to assign it to a new user in the same call
Possible Cause: Create a record first, and in a separate call update the record with a new OwnerId.
Scenario 2. The record type Id is not a valid record type id for the object that is being manipulating
Possible Cause: Correct the Record Type Id.
Scenario 3. Assign a record to a user who does not have profile access to the record type
Possible Cause: Add profile access to the used record type.
Read More: Assign Record Types and Page Layouts in the Enhanced Profile User Interface
 |  |  |  |  |  |
Scenario 4. Assign a record to another user but assigning user’s profile does not have access to the record type
Possible Cause: Add Record Type to your user profile.
Scenario 5. Assign a record to a Partner Portal user and the user does not have access to Internal Salesforce
Possible Cause: Add a NetworkScope column including the ID for the Community you are working with.
Scenario 6. A lead submission invokes an auto-response e-mail notification, but the e-mail template used in the response is contained in a folder to which the user does not have access
Possible Cause: Find which e-mail template is invoked in the auto-response rule; check the folder permissions for the folder that contains this e-mail template; ensure that the user making the API call has permissions to access this folder.
If none of the above scenarios apply to you, then consider any possibility whereby any record associated with your action, referenced directly in the API call or by any resulting trigger / workflow / autoresponse, is accessible by the user making that API call.
Recommended Articles
