Receiving a Marketo Sync Error of INSUFFICIENT_ACCESS_OR_READONLY: insufficient access rights on object id in your Smart Campaigns?

Robb_Barrett
Marketo Employee
Marketo Employee

Recently, I was working with a client on their sync failure issues. We were seeing one with INSUFFICIENT_ACCESS_OR_READONLY: insufficient access rights on object id. 

 

It may present itself in several ways: 

 

Robb_Barrett_0-1690986260256.png

Robb_Barrett_1-1690986260258.png

Robb_Barrett_2-1690986260259.png

 

This error is caused by a few things, and where to look is not always obvious.  

 

What INSUFFICIENT_ACCESS_OR_READONLY: insufficient access rights on object id means in Adobe Marketo Engage: 

 

Look, I’ll be honest, I’m not a Salesforce guru enough to get into the technical nitty-gritty, but I have Googled and read numerous results. It’s used all over the place for a lot of reasons. Basically Salesforce is rejecting a command because the requestor (Marketo) doesn’t have permission to request what’s being asked. 

 

So what do we do in this situation? 

 

Turns out, there are a few reasons you’re receiving a INSUFFICIENT_ACCESS_OR_READONLY: insufficient access rights on object id error when trying to sync records in Marketo. Here’s what’s in the official Marketo documentation 

 

This is a very valid solution for one of the use cases that throws this error. It solves for what happens when the record types get out of sync and how to remediate by clearing the value (Record Type ID) prior to re-running the sync. 

 

But what does a marketing automation manager do when clearing the Record Type ID doesn’t solve the issue?  Look for other clues. Look for signs that there may be an invalid value or something else that Salesforce didn’t like.  

 

For example, here’s a real example of how Adobe Professional Services assisted a client experiencing this sync failure. 

 

  • Client was seeing repeat sync failures on valid lead records in Marketo 
  • Errors seemed to point to a Job Level field synched to a Salesforce picklist 
  • Salesforce Marketo User had Read / Write access to that field 
  • Value initially populated in Marketo via Salesforce Sync 
  • Values were confirmed to match in both systems 
  • Words were tested for invisible characters 
  • When trying to sync back to Salesforce, the INSUFFICIENT_ACCESS_OR_READONLY error was thrown 

 

A lot of different angles were investigated and then a quite old Marketo Nation reply written by a Marketo Nation citizen provided a clue worth pursuing. 

 

Found in a 2016 Marketo Nation Community thread that was started in 2014, Gregoire Miche (@Grégoire_Miche2), wrote this line:  

 

“…the interface renders the same error if you try to set a SFDC picklist field to a value
that is not in the record type you have selected” 

 

With this information, we checked deeper into the Salesforce Marketo User permissions. 

 

Robb_Barrett_3-1690986260261.png

 

  

The screen shot above shows the AFTER. (We had a Eureka moment, everyone was too excited to take a picture). The Selected Values originally only contained C-Level and CEO with the rest in the “Available Values” list.  

 

Only the Selected Values are allowed to pass back from Marketo to Salesforce. Anything not in the Selected Values (and exactly as-is in that list) will cause a sync failure for that record. 

 

This created a sort of one-way valve where Salesforce could pass “Director” to Marketo, but Marketo couldn’t pass that value back 

 

Example: 

  • Contact with Job Level = Director syncs to Marketo 
  • Marketo Attempts an automated sync back to Salesforce 
  • Marketo User doesn’t have access to the “Director” value in Job Level 
  • Salesforce rejects the row 

 After adding “Director” (and other values) to the permissions set and saving the Marketo User, the sync from Marketo to Salesforce was successful. 

 
Why does INSUFFICIENT_ACCESS_OR_READONLY: insufficient access rights on object id appear in the activity log? While most evidence points to it being a “Sharing” issue, it seems to mean that the Marketo User is lacking a specific permission, which could be for a variety of reasons. Perhaps the Record ID doesn’t match. Perhaps a forbidden value is attempting to pass over. Whatever the reason, it’s important to understand the cause and resolve the issue to ensure healthy Marketing Operations. 

1519
1
1 Comment