Loading

Vlocity Insurance: InsuranceQuote AfterInsert trigger fails with CANNOT_INSERT_UPDATE_ACTIVATE_ENTITY after OmniStudio security enforcement

Publish Date: May 27, 2026
Description

When you create or upsert an InsuranceQuote [vlocity_ins__InsuranceQuote__c] record in Salesforce Vlocity Insurance, the operation fails with:

"Insert failed. First exception on row 0; first error: CANNOT_INSERT_UPDATE_ACTIVATE_ENTITY, vlocity_ins.InsuranceQuote: execution of AfterInsert caused by: System.AuraHandledException: Script-thrown exception (System Code): []"

The same pattern also surfaces on the vlocity_ins.User AfterUpdate trigger and vlocity_ins.InsuranceApplication AfterInsert.

Root cause: After the OmniStudio security enforcement is enabled (settings AdvancedOmniStudioAccessCheck and ApexClassCheckForIP in OmniStudio Configuration, introduced in Spring '26), the InsuranceQuote trigger handler calls vlocity_ins.ApplicationUtilities.checkCustomSettingSecurity and vlocity_ins.CardCanvasController, which evaluate Read access to the Card Framework Configuration [vlocity_ins__CardFrameworkConfiguration__c] and Trigger Setup [vlocity_ins__TriggerSetup__c] Custom Setting Definitions. Users who lack access to these settings cause the trigger to throw an AuraHandledException, failing the entire DML operation.

Affected entry points:

  • Creating a Quote from an Opportunity
  • Calling vlocity_ins.InsQuoteService (cloneQuote, RA_createBSFQuote)
  • Running OmniScripts and Integration Procedures that create InsuranceQuote records
  • Direct Apex or API upserts
  • Experience Cloud guest user flows

Affected configuration:

  • Vlocity Insurance (vlocity_ins) managed package, Spring '26 aligned version or later
  • All user types: standard internal, custom profile, partner, and Experience Cloud guest users
Prerequisite(s)
  • Vlocity Insurance (vlocity_ins) managed package installed
  • OmniStudio security enforcement enabled (AdvancedOmniStudioAccessCheck and ApexClassCheckForIP in OmniStudio Configuration)
  • Spring '26 or later release
  • System Administrator access to Setup, Permission Sets, and (if applicable) Digital Experiences
Resolution

Resolve the failure by granting the running user Read access to the two Vlocity Insurance Custom Setting Definitions referenced by the InsuranceQuote trigger handler.

Cause 1: Missing access to vlocity_ins Custom Setting Definitions

  1. Navigate to Setup > Permission Sets.
  2. Click New, set Label to "Vlocity Insurance Trigger Access", and click Save.
  3. On the new permission set, click Custom Setting Definitions.
  4. Click Edit and add the following with Read access:
    • Card Framework Configuration [vlocity_ins__CardFrameworkConfiguration__c]
    • Trigger Setup [vlocity_ins__TriggerSetup__c]
  5. Click Save.
  6. Navigate to Setup > Permission Sets > Vlocity Insurance Trigger Access > Manage Assignments > Add Assignments.
  7. Select every user that creates or updates InsuranceQuote records, including integration users, and click Assign.
  8. For Experience Cloud guest users, navigate to Setup > Digital Experiences > All Sites > [Your Site] > Builder > Settings > General > Guest User Profile. Assign the same permission set to the guest user profile, or grant Read access to the two Custom Setting Definitions directly on the guest user profile under Enabled Custom Setting Definitions Access.

Cause 2: Standard Quote creation from an Opportunity also triggers vlocity_ins.InsuranceQuote

  1. Apply the permission set from Cause 1 to the affected internal profile (for example, Sales – Renewal). Do not disable the vlocity_ins.InsuranceQuote trigger — it is required for Vlocity Insurance functionality.

Cause 3: Related RemoteAction also fails — missing Apex class access

  1. If the error additionally references "User does not have permission to access ApexClass: InsProductService", navigate to the same permission set and click Apex Class Access > Edit.
  2. Add vlocity_ins.InsProductService to the enabled list and click Save.

Confirm the fix: Log in as an affected user (or as the Experience Cloud guest user) and re-run the original failing action — for example, create a new Quote from an Opportunity or re-run the OmniScript. The InsuranceQuote record must save without the CANNOT_INSERT_UPDATE_ACTIVATE_ENTITY error.

Knowledge Article Number

005385067

 
Loading
Salesforce Help | Article