After reading this tidbit, it would seem that the current user’s permission would be irrelevant. However when calling this method as anyone but a user with the Administrator profile, it throws an INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY exception:
global without sharing class OpportunityTeamSales {
WebService static void AssignToSalesTeam(string userId, string opportunityId)
{
OpportunityTeamMember tm = new OpportunityTeamMember();
tm.OpportunityId = opportunityId;
tm.UserId = userId;
tm.TeamMemberRole = 'Sales Engineer';
insert tm;
}
}
Event with the explicit without sharing keywords, it appears to be enforcing field-level security/permissions to the object/child object. Opportunity and OpportunityTeamMember being system objects, we can’t edit the relationship.
UPDATE:
The user profile that is encountering the error has read/write/modify permissions on the Opportunity object and the OpportunityTeamMember object does not appear to have a specific permission set. We’re simply trying to create an OpportunityTeamMember, the lookup target of which the user has full permissions to with the exception of “delete.”
without sharingmeans that the class doesn’t respect sharing rules, the rules which govern visibility of records within the system when the privacy setting for an object is set toprivate. As far as I’m aware it does not mean that object-level permissions are overridden, and so you can still not access a lookup field which joins to an object the user does not have access to, hence the error you’re seeing here. You’ll need to assign the user to a different user profile which does have access to these objects.EDIT
Assuming your users do have the required access to the objects, I believe you also need the “Customize Application” permission checked on the user’s profile for them to be able to modify sales teams.