When a non-admin user runs a SOQL query on the EntitySubscription object without applying a LIMIT clause directly on the EntitySubscription query, the following error is thrown:
MALFORMED_QUERY: Implementation restriction: EntitySubscription only allows security evaluation for non-admin users when LIMIT is specified and at most 1000
This error occurs because the EntitySubscription object requires a LIMIT of at most 1000 when queried by a non-admin user. The LIMIT must be placed directly on the EntitySubscription query itself — applying LIMIT to an outer query or attempting to use LIMIT in a subquery does not satisfy this requirement.
The EntitySubscription object enforces a security evaluation restriction for non-admin users. Specifically, the LIMIT of 1000 must be applied to the EntitySubscription object directly.
MALFORMED_QUERY: Implementation restriction: EntitySubscription only allows security evaluation for non-admin users when LIMIT is specified and at most 1000
Two common incorrect approaches are:
Incorrect Approach 1: Placing the LIMIT on an outer query (e.g., SELECT Id, Name FROM Account WHERE Id IN (SELECT ParentId FROM EntitySubscription WHERE SubscriberId = '005A0000001vU2gIAE') LIMIT 1000). This does not satisfy the EntitySubscription security requirement because the LIMIT is on the Account object, not on EntitySubscription.
Incorrect Approach 2: Attempting to add LIMIT inside the subquery (e.g., SELECT ParentId FROM EntitySubscription WHERE SubscriberId = '...' LIMIT 1000 inside parentheses). This is not permitted because LIMIT cannot be used inside a SOQL subquery — Salesforce will return a parse error: "expecting a right parentheses, found 'LIMIT'."
Use EntitySubscription as the outer query with the LIMIT of 1000 applied directly to it, and use a subquery on the related object in the WHERE clause. For example:
SELECT ParentId, Parent.Name FROM EntitySubscription WHERE SubscriberId = '005A0000001vU2gIAE' AND ParentId IN (SELECT Id FROM Account) LIMIT 1000
This structure applies the LIMIT directly on EntitySubscription (satisfying the security restriction) and retrieves the related Account names via a subquery.
000386211

We use three kinds of cookies on our websites: required, functional, and advertising. You can choose whether functional and advertising cookies apply. Click on the different cookie categories to find out more about each category and to change the default settings.
Privacy Statement
Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.
Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
Advertising cookies track activity across websites in order to understand a viewer’s interests, and direct them specific marketing. Some examples include: cookies used for remarketing, or interest-based advertising.