What Is INSUFFICIENT_ACCESS_OR_READONLY in Salesforce?
The INSUFFICIENT_ACCESS_OR_READONLY error occurs when a user tries to create, update, or delete a record without the required access.
Salesforce blocks the action to enforce:
- Object-level security
- Field-level security
- Record-level sharing
This is one of the most common permission-related errors faced by Salesforce Admins.
Common Error Messages
You may see one of the following:
INSUFFICIENT_ACCESS_OR_READONLY
or
You do not have the appropriate permissions to perform this action
or during automation:
Update failed. First exception on row 0; first error: INSUFFICIENT_ACCESS_OR_READONLY
Where This Error Commonly Occurs
- While editing or deleting records in the UI
- During record-triggered flows
- While running data imports
- During Apex-triggered updates
- During integrations using a limited-access user
Why INSUFFICIENT_ACCESS_OR_READONLY Happens
1. Missing Object Permissions
The user does not have Create, Read, Edit, or Delete access on the object.
2. Field-Level Security Restrictions
Even if the user can edit the record, a restricted field can block the save.
3. Record Ownership or Sharing Issues
The user may:
- Not own the record
- Lack role hierarchy access
- Be blocked by sharing rules
4. Automation Running in User Context
Flows and Apex sometimes run in user context, meaning user permissions still apply.
5. Read-Only Records
Some records are locked due to:
- Approval processes
- Closed status
- Managed package restrictions
How to Fix INSUFFICIENT_ACCESS_OR_READONLY (Admin Steps)
✅ Step 1: Identify the Affected User
Check:
- Who is getting the error
- Whether it’s a UI user, flow user, or integration user
✅ Step 2: Verify Object Permissions
Go to:
Setup → Profiles / Permission Sets → Object Settings
Ensure the user has the required access.
✅ Step 3: Review Field-Level Security
Confirm that all fields being updated are editable for the user.
✅ Step 4: Check Record Ownership & Sharing
Verify:
- Record owner
- Role hierarchy
- Sharing rules
- Manual shares
✅ Step 5: Review Automation Context
For flows:
- Confirm “Run in system context” settings
- Check which user is executing the automation
For integrations:
- Ensure the integration user has full required access
How to Prevent This Error
- Use permission sets instead of profile changes
- Create dedicated integration users
- Document automation execution context
- Test flows using real user profiles
- Avoid hard dependencies on record ownership
Who Should Handle This Error?
Primary Role
- 👩💼 Salesforce Admin
Admins control:
- Profiles
- Permission sets
- Sharing rules
- Automation access
Secondary Role
- 🧠 Salesforce Architect (for org-wide security design)
Admin Quick Checklist
- ✔ Confirm user permissions
- ✔ Review field-level security
- ✔ Validate sharing settings
- ✔ Check automation execution context