Pages

Thursday, June 12, 2014

Salesforce: Unable to save when lookup to a record - Insufficient Privileges

Background: a user complain that she get error when edit a record to a lookup record, the same error she got when try to create a new record from related list, both objects are custom object.

We request user to send the screenshot with error message: Insufficient Privileges - You do not have the level of access necessary to perform the operation you requested. Please contact the owner of the record or your administrator if access is necessary.  



From a quick discussion with user, here are few items we notice:  
  • Error is not happen to all lookup record, some of the lookup record do not throw error
  • User profile has Create permission in both objects, and user able to create new record
  • Relationship between this two objects is Master-Detail, and Sharing Setting Organization-Wide Defaults for master object is Read-Only
Further check, we conclude this error only happen to lookup records not editable by user, so this is related to the role hierarchy, but why it not allow user to just link a child record to that parent, where the sharing setting for the parent/lookup object is Read-Only.

A quick thought, is there any Roll-Up summary field in parent to that child? If yes, this lookup will do 'edit' activity to parent -- negative, no Roll-Up summary field in parent to that child.

Finally: we found the issue: this is because Master-Detail field in the child object to parent is set to Sharing Setting = Read/Write: Allows users with at least Read/Write access to the Master record to create, edit, or delete related Detail records.



Once, we change this to Read Only, everything is working well.