Asset lookup returning results that end user does not have access to when Asset Sharing is enabled
Trailblazer Community

Known Issues · Fixed

Asset lookup returning results that end user does not have access to when Asset Sharing is enabled

Search , Sharing

Last updated 2017-04-14 ·Reference W-2811596 ·Reported By 5 users

Fixed - Winter '17

Summary
Some customers have observed there end users are able to see results they aren’t supposed to when using the Asset lookup on a given entity, this happens when the OWD for Assets is set to Private & when the org has Asset Sharing Enabled.

Users, despite having the ability to search for these Asset Records, get the following error when attempting to save :

Insufficient Privileges
You do not have the level of access necessary to perform the operation you requested. Please contact the owner of the record or your administrator if access is necessary. For more information, see Insufficient Privileges Errors.

Click here to return to the previous page.

Note that the same Asset record does not come up via any other means, such as:

1. Global Search/
2. SOSL
3. SOQL
4. Accessing the URL of the record.

Repro
1) Enable Asset Sharing
2) Create a custom object.
3) On the object create two fields which are Master-Detail to Asset and Opportunity respectively
4) Create a new user profile by cloning standard user and give the profile Read/Create/Edit permissions to this custom object
5) Create a Public Group and put this new user in the group
6) Change Sharing Settings as follows - Organization Wide Defaults for Account and Contract are Private. Opportunity is Private. Asset is Private.
8) Create an Account Sharing Rule to share with the group you created in Step 5, granting Read Only based on Criteria that the account name does not contain 'XYZ'
9) Create an Opportunity Sharing Rule to share with the group, granting Read/Write based on Criteria that opp name doesn't contain 'XYZ'
10) Create an Asset Sharing Rule to share with the group, granting Read/Write based on Criteria that Serial Number contains '5'
11) Create a few assets, with the following Account and Serial Number combinations and call them something like "Asset 1/2/3/etc"
(no account) / 5
(no account) / 6
(Acme) / 5
(Acme) / 6
(XYZ) / 5
(XYZ / 6

12) Add the custom object from step 2 in the opportunity page layout related lists section
13) Open an opportunity and create a new custom object from the related list
14) Using the magnifying glass icon next to Asset field, search for "Asset*"

We expect to only see results with Serial Number 5 based on the sharing rule we created. However, we will see all assets which have an Account associated with them, as long as that account is also visible to the user performing the lookup. You can still select these faulty results and attempt to save them as part of the custom object, but it will fail at that point due to sharing restrictions.

Workaround
- None at this time

Reported By (5)

Chris Uttley Caitlin Pfeiffer Julian Moraes Shannon Grimm Amanda Ream

Is it Fixed?

AP0 AP3 AP4 AP5 AP6 AP7 AP8 AP9 AP10 AP11 AP12 AP13 AP14 AP15 AP16 AP17 AP18 AP19 AP20 AP21 AP22 AP24 AP25 AP26 AP27 AP28 AUS14S AUS18S AUS16S AUS13 AUS11 AUS1 AUS28S AUS20S AUS27 AUS26S AUS25 AUS24S AUS23 AUS22S AUS2S AUS36S AUS38S AUS3 AUS4S AUS47 AUS43 AUS5 AUS58 AUS6S AUS64 AUS62 AUS60 AUS7 AUS77 AUS75 AUS9 BRA1 BRA2S BRA3 BRA4S BRA5 BRA6S BRA8S CAN1 CAN17 CAN11 CAN25 CAN2S CAN20S CAN29 CAN28 CAN27 CAN26 CAN34 CAN4S CAN6S CAN8S CS1 CS2 CS4 CS5 CS6 CS100 CS109 CS108 CS107 CS106 CS105 CS102 CS101 CS115 CS119 CS110 CS117 CS114 CS113 CS112 CS111 CS116 CS123 CS122 CS121 CS126 CS127 CS129 CS128 CS125 CS124 CS137 CS138 CS133 CS132 CS14 CS148 CS142 CS159 CS152 CS151 CS15 CS162 CS167 CS166 CS169 CS165 CS160 CS173 CS17 CS172 CS170 CS171 CS174 CS189 CS194 CS192 CS193 CS190 CS191 CS199 CS197 CS198 CS196 CS195 CS203 CS209 CS200 CS202 CS201 CS210 CS219 CS218 CS217 CS216 CS215 CS214 CS213 CS212 CS211 CS22 CS220 CS226 CS224 CS222 CS225 CS223 CS221 CS237 CS234 CS238 CS239 CS236 CS24 CS242 CS248 CS247 CS241 CS245 CS244 CS243 CS249 CS246 CS240 CS252 CS259 CS257 CS256 CS255 CS254 CS250 CS258 CS253 CS251 CS263 CS265 CS268 CS267 CS266 CS269 CS262 CS261 CS260 CS264 CS27 CS271 CS270 CS28 CS29 CS308 CS31 CS32 CS33 CS34 CS35 CS364 CS36 CS365 CS37 CS40 CS41 CS42 CS43 CS44 CS45 CS57 CS58 CS59 CS60 CS61 CS62 CS63 CS67 CS72 CS73 CS74 CS75 CS76 CS77 CS80 CS81 CS84 CS86 CS87 CS88 CS89 CS98 CS99 DEU10S DEU13 DEU11 DEU1 DEU16S DEU14S DEU12S DEU2S DEU20S DEU25 DEU36 DEU3 DEU38 DEU46 DEU4S DEU48S DEU5 DEU52 DEU50S DEU6S DEU8S EU16 EU17 EU18 EU19 EU25 EU26 EU27 EU28 EU29 EU30 EU31 EU32 EU33 EU34 EU35 EU36 EU37 EU38 EU39 EU40 EU41 EU42 EU43 EU44 EU45 EU46 EU47 EU48 FRA12S FRA19 FRA1 FRA11 FRA24S FRA2S FRA32 FRA36 FRA34 FRA4S FRA5 FRA6S FRA7 FRA8S FRA9 GBR1 GBR2S GBR4S IND14S IND17 IND19 IND18S IND16S IND15 IND13 IND11 IND1 IND12S IND10S IND20S IND27 IND25 IND21 IND23 IND2S IND28S IND26S IND24S IND22S IND37 IND3S IND39 IND41 IND47 IND4S IND43 IND54S IND5 IND6S IND7 IND8S IND9 JPN18S JPN12S JPN10S JPN1 JPN19 JPN17 JPN20S JPN2S JPN21 JPN28S JPN24S JPN22S JPN3 JPN4S JPN5 JPN6S JPN7 JPN8S KOR1 KOR2S KOR4S NA104 NA107 NA109 NA100 NA101 NA103 NA102 NA105 NA119 NA116 NA110 NA118 NA112 NA111 NA115 NA114 NA113 NA117 NA125 NA124 NA122 NA120 NA126 NA127 NA123 NA129 NA121 NA128 NA138 NA134 NA133 NA136 NA135 NA132 NA131 NA130 NA137 NA139 NA140 NA142 NA141 NA149 NA146 NA147 NA148 NA154 NA158 NA159 NA153 NA151 NA155 NA152 NA150 NA156 NA161 NA163 NA167 NA160 NA166 NA165 NA169 NA164 NA168 NA162 NA172 NA170 NA174 NA171 NA173 NA196 NA207 NA204 NA206 NA208 NA209 NA21 NA218 NA214 NA217 NA215 NA211 NA212 NA213 NA210 NA223 NA226 NA224 NA225 NA70 NA71 NA75 NA80 NA81 NA82 NA83 NA84 NA85 NA89 NA90 NA91 NA92 NA93 NA94 NA95 NA96 NA97 NA98 NA99 SGP10 SGP1 SGP2S SGP3 SGP4S SGP6S SGP8S SWE1 SWE2S SWE4S UM1 UM2 UM3 UM4 UM5 UM6 UM7 UM8 UM9 USA194S USA13 USA198S USA196S USA1 USA19 USA17 USA15 USA20S USA26 USA28S USA2S USA222S USA220 USA22S USA3S USA32S USA30S USA36 USA34 USA59 USA60S USA61 USA62S USA7 USA8S

Any unreleased services, features, statuses, or dates referenced in this or other public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make their purchase decisions based upon features that are currently available.