Loading

Net Zero Cloud: INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY when inserting VehicleAssetEnrgyUse or StnryAssetEnrgyUse via API

Publish Date: May 26, 2026
Description

This article explains why Net Zero Cloud energy use record inserts fail with "INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY: insufficient access rights on cross-reference id" for a subset of records and how to resolve it. The error is returned by the Composite API endpoint /services/data/vXX.X/composite/sobjects, by the Bulk API, by Data Loader, and by anonymous Apex when inserting VehicleAssetEnrgyUse [VehicleAssetEnrgyUse], StnryAssetEnrgyUse [StnryAssetEnrgyUse], or related Scope 3 energy use objects.

Customers describe this as "When ingesting certain records from the VehicleAssetEnrgyUse object, an INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY error occurs, but the same data is ingested into other records without issue." and "the integration is failing for some Vehicle Asset Energy Use records with cross-reference access error even though the same records can be inserted via Postman". 

The error indicates that the running user does not have Read sharing access to a parent record identified by an ID in the payload — typically VehicleAssetEmssnSrcId [VehicleAssetEmssnSrcId], StnryAssetEnvrSrcId [StnryAssetEnvrSrcId], a Fuel Type reference record (custom emissions factor), or a related carbon footprint record. Because the failure depends on per-record sharing of the referenced parent, the same payload structure can succeed for one row and fail for another, and tools that authenticate as a different user (such as a Postman session run as a System Administrator) appear to work while a middleware integration user fails. 

Affects Net Zero Cloud on Enterprise, Performance, Unlimited, and Developer Editions in Lightning Experience.

Resolution

Follow these steps in order. They apply to VehicleAssetEnrgyUse [VehicleAssetEnrgyUse], StnryAssetEnrgyUse [StnryAssetEnrgyUse], and other Net Zero Cloud energy use objects.

Cause 1: Integration user is missing object permissions on the parent reference object

  1. Identify the parent ID referenced in the failing payload. For VehicleAssetEnrgyUse this is VehicleAssetEmssnSrcId [VehicleAssetEmssnSrcId] (lookup to VehicleAssetEmssnSrc). For StnryAssetEnrgyUse this is StnryAssetEnvrSrcId [StnryAssetEnvrSrcId] (lookup to StnryAssetEnvrSrc). For custom fuel types it is the Fuel Type reference ID.
  2. Navigate to Setup > Users > Permission Sets > Net Zero Cloud Manager (or your custom integration permission set).
  3. Open Object Settings for VehicleAssetEmssnSrc [VehicleAssetEmssnSrc] and StnryAssetEnvrSrc [StnryAssetEnvrSrc]. Set Object Permissions to at least Read. Save.
  4. Assign the permission set to the integration user at Setup > Users > [Integration User] > Permission Set Assignments > Edit Assignments.

Cause 2: Integration user lacks record-level sharing access to the specific parent record

  1. Navigate to Setup > Security > Sharing Settings.
  2. Confirm the Organization-Wide Default for VehicleAssetEmssnSrc [VehicleAssetEmssnSrc] and StnryAssetEnvrSrc [StnryAssetEnvrSrc]. If set to Private or Public Read Only, the integration user must own or be shared the specific parent record.
  3. Open the failing parent record (for example, VehicleAssetEmssnSrc Id 3ivR7000000005tIAA) as a System Administrator.
  4. Click Sharing on the record. Add the integration user with Read/Write access, or change the record Owner to the integration user, or create a Sharing Rule at Setup > Security > Sharing Settings > VehicleAssetEmssnSrc Sharing Rules that grants the integration user's role or public group Read/Write access to all VehicleAssetEmssnSrc records.
  5. Repeat for any other parent reference object cited in the failing payload (VehicleAssetCrbnFtprnt [VehicleAssetCrbnFtprnt], StationaryAssetCarbonFtprnt, Scope3EmssnSrc [Scope3EmssnSrc], custom Fuel Type reference).

Cause 3: Required reference fields are missing from the payload


1. Inspect the failing payload. The required reference fields for StnryAssetEnrgyUse [StnryAssetEnrgyUse] are Name and StnryAssetEnvrSrcId [StnryAssetEnvrSrcId]. The required reference fields for VehicleAssetEnrgyUse [VehicleAssetEnrgyUse] are Name and VehicleAssetEmssnSrcId [VehicleAssetEmssnSrcId].
2. Add the missing reference IDs to every row in the integration payload. The IDs must be 18-character record IDs that exist in the target org and are accessible to the integration user.

Cause 4: Custom Fuel Type reference record is not shared with the user

  1. Navigate to the custom Fuel Type record (URL pattern /0wU...).
  2. Click Sharing on the record and add the integration user (or their role/group) with Read access. Custom fuel type reference records require explicit Read sharing — Net Zero Cloud Manager object permissions alone are not sufficient when the OWD is Private.
  3. If many users need the same access, create a Sharing Rule for the Fuel Type reference object granting Read access to the relevant role or public group.

Cause 5: External ID lookup matches more than one parent record

  1. If the payload uses an External ID field on the parent lookup and the response includes "more than one record found for external id field", the External ID is not unique. Navigate to Setup > Object Manager > [Parent Object] > Fields & Relationships > [External ID Field].
  2. Click Edit and select the Unique checkbox. Save.
  3. Run a SOQL query to find duplicates: SELECT Id, [ExtIdField__c] FROM [ParentObject] GROUP BY [ExtIdField__c] HAVING COUNT(Id) > 1. Merge or delete duplicates so each external ID maps to exactly one parent record.

Verification


Confirm the issue is resolved by re-running the original Composite API insert as the integration user against /services/data/v63.0/composite/sobjects with allOrNone=false and the same payload that previously failed, and confirming all VehicleAssetEnrgyUse [VehicleAssetEnrgyUse] or StnryAssetEnrgyUse [StnryAssetEnrgyUse] rows return success=true with no INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY entries.

Knowledge Article Number

005385199

 
Loading
Salesforce Help | Article