How to fix INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY in Salesforce deployments
The user running the deployment lacks field or object access to a record referenced during an Apex test or automation.
Surfaces during: runtime DML, most often Apex test executionWhat it means
INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY fires when the profile or permission set running the deployment, usually while executing Apex tests, cannot see or edit a field or object that a trigger, flow, or approval process touches along the way. Salesforce is enforcing Field-Level Security or sharing rules exactly as configured; the deployment user simply does not have the access the automation assumes.
The "cross-reference" in the name is the tell: it's not about the object you're directly inserting or updating, it's about a related object or field that automation reaches out to touch on the side, a lookup's parent record, a related list, or a field the running user's profile restricts.
Common causes
The fix
- Grant the missing permissionsAdd Field-Level Security and object permissions to the profile or permission set assigned to the deploying user.
- Review 'run as' settingsCheck any flow or approval process configured to run as a specific user, and confirm that user's permissions cover the objects involved.
- Adjust sharing for test contextUse 'without sharing' Apex classes for test setup where appropriate, or extend sharing rules to cover the automated test path.
How Serpent prevents this
Serpent AI runs a preflight validation against the real target org before the actual deployment executes, so a permission gap surfaces as a readable review comment instead of a mid-deploy failure. See the Salesforce deployment error library.

Prevention
Related errors
INSUFFICIENT_ACCESS_ON_CROSS_REFERENCE_ENTITY, answered
Start free. No credit card, no install, no commitment.
Set up in under 15 minutes. No DevOps hire needed.
