Unable to update child event record when encryption is enabled
Last updated 2021-06-28 ·Reference W-9317502 ·Reported By 3 users
Users are unable to update child event IsReminderSet attribute with Apex code when encryption is enabled on Contact or Lead Email field
Login to org with the System Admin user (we’ll refer to this user as User1).
1) Create a new user: User2 (standard user profile and license is ok)
2)Create a new permission set and assign to User1 with the following permissions:
>> System Permissions -> Manage Encryption Keys
>> System Permissions -> View Encrypted Data
3) Generate tenant secrets and enable encryption for the org:
>> Setup -> Platform Encryption -> Key Management: click Generate Tenant Secret
>> Setup -> Platform Encryption -> Advanced Settings: enable Deterministic Encryption
>> Setup -> Platform Encryption -> Encryption Policy -> Encrypt Fields -> Edit: scroll to Lead, check Email to enable
4) Create a new Contact (to later associate to Event):
>> Name: Person Contact1
>> Email: email@example.com
5) Create a new Event and invite User2 (this creates the child event) - Must do this via Calendar in Classic UI:
>> (switch to Classic)
>> In Sales app Home page, click New Event
>> Event details:
Assigned To: (current user - default)
Subject: Testing Failed Diff Check
Start/End DateTimes: anything in the future
Name: Contact, search for Person Contact1
Add Invitees (button): search and add User2
Save and Send Update
6) Now try to update the isReminderSet field on the child event created for User2. Note that per https://developer.salesforce.com/docs/atlas.en-us.object_reference.meta/object_reference/sforce_api_objects_event.htm, only IsReminderSet and ReminderDateTime fields are allowed to be updated directly on child event record.
>> Open an execute anonymous apex window.
>> Execute the following code:
Event evts = [SELECT id, ReminderDateTime, isReminderSet FROM Event WHERE isChild=true];
Event e = evts;
e.isReminderSet = true;
7) At this point you will receive the INSUFFICIENT_ACCESS_OR_READONLY DML Exception message pointing to Email field. Note that email field was left unchanged.
The customer needs to disable encryption on all four fields for Lead and Contact, Email AND Phone in order to have this operation of updating the child event be successful.
Is it Fixed?
Any unreleased services, features, statuses, or dates referenced in this or other public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make their purchase decisions based upon features that are currently available.