How to find the reason for Insufficient Privileges?
I am going through the "Development with the Force.com Platform" book and have run into an issue when implementing the sample application from the book.
The example is to demonstrate manual sharing:
- Two employees from the example organisation have separate roles: West and Central
- The employee with the West role has owner ship of a Resource record and creates a manual share with Read Only permissions so that anyone with the Central role can read the record.
- The employee with the Central role then has to create an Assignment record which involves using the shared Resource record and a Project record which he is the owner of.
Unfortunately when I try to do this (logged in as the Central user). I get the following message:
Insufficient Privileges. You do not have the level of access necessary to perform the operation you requested
What I have checked:
- That there is a manual sharing rule for that Resource which shares with Central role.
- That the when logged in as the Central user, I can read the record. Which I can.
- I have tried setting the Central users role to West (the same as the Resource owners') and the Assignment can then be created OK.
- I have checked that the user is indeed set as having the Central role.
I really don't see what else it could be. Does anyone have any suggestions?
Rather than just suggestions, though, is there a way that I can find out exactly which security settings are denying this operation? Some debugging perhaps?
When exactly are you receiving this error message? Can Central view West's Resource record? Can Central open a new Assignment record screen? Can Central save the new Assignment record?
Maybe try checking the Central user's access to whatever record type your unable to create. Check at the profile and object level.
Also when you try to create a
sharewhen the resource (object privacy) is already 'public read only' -- the DML throws an
arbitrary exception- so also check the record is set to
Hi. Sorry for the delay in getting back to this, but thanks for your reply. When you say check the access "at the profile and object level", what do you mean? I have checked the profile and confirmed that it has access to the object. Is there another part of object-level security that I'm not thinking about here? The sharing rule is in place. The organization-wide default is *private*. The *Central* user definitely has access to the Resource object - it can read it. I'm sure that this is something stupid but I'm not sure what. Shame there isn't a sys admin function to say why the user's denied