Share via

UpdateDocumentSharingInfo REST endpoint returns success but per-recipient status fails with "Attempted to perform an unauthorized operation"

Prakash Verma 60 Reputation points
2026-04-27T14:13:16.29+00:00

We are observing a regression with the SharePoint REST endpoint used to assign permissions on list items. The HTTP call itself succeeds (200 OK), but the per-recipient status in the response indicates failure for every user. This started intermittently across tenants over the past week, suggesting a phased service-side change.

Endpoint:

POST {siteUrl}/_api/web/lists(guid'{listId}')/items('{itemId}')UpdateDocumentSharingInfo

Observed behavior:

The top-level response is successful, but each entry in the value array returns:

AllowedRoles: [0],
CurrentRole: 0,
DisplayName: "<DISPLAY_NAME>",
Email: null,
ExpirationDateTimeOnACE: null,
InvitationLink: null,
IsUserKnown: true,
Message: "DocumentSharing: Permission granting failed for recipient: 'i:0#.f|membership|<user>@<tenant>' for an unknown reason.: Attempted to perform an unauthorized operation.",
OtherMails: null,
Status: false,
User: "<USER_NAME>"

Expected behavior:

Each recipient in the value array should be granted the requested permission level on the list item, and Status should be true.

Timeline:

  • Last week — first reported on one tenant (others unaffected).
  • This week — reproducing on additional tenants.
  • The staggered onset suggests a server-side rollout rather than a client/code change on our side. We have not changed our request payload or app permissions.

Context:

  • Same payload that worked previously now fails.
  • Tested on multiple sites and lists across affected tenants — same result.

Diagnostic headers from a representative failed call:

date: Tue, 28 Apr 2026 04:34:00 GMT
microsoftsharepointteamservices: 16.0.0.27208
request-id: [Moderator note: personal info removed]
sprequestguid: [Moderator note: personal info removed]
splogid: [Moderator note: personal info removed]
x-sharepointhealthscore: 3
spclientservicerequestduration: 892
content-type: application/json;odata=minimalmetadata;streaming=true;charset=utf-8

Questions:

  1. Has there been a recent service-side change to UpdateDocumentSharingInfo or to the permission model it relies on (e.g., a tightening around App-Only contexts or sharing capabilities)?
  2. Is this endpoint still supported, or is there a recommended replacement (Graph API equivalent) we should migrate to?
  3. Is there a known issue / Service Health advisory tracking this? If so, could someone point to the ID?

Any guidance or pointers to a roadmap/release note would be appreciated.

Microsoft 365 and Office | SharePoint | Development
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jayden-P 20,415 Reputation points Microsoft External Staff Moderator
    2026-04-27T15:00:06.89+00:00

    Please note that our forum is a public platform, and we will modify your question to hide your personal information in the description. Kindly ensure that you hide any personal or organizational information the next time you post an error or other details to protect personal data.

    Hi @Prakash Verma

    First, I have not found any document that stated this changes. This behavior could indicate a server-side or a temporary issue.

    This UpdateDocumentSharingInfo is still supported, there is no documentation mentioned about this being deprecated or retired.

    You can try this to see if it works for you.

    POST /_api/web/lists(guid'{listId}')/items({itemId})/breakroleinheritance(false,true)
POST /_api/web/roleassignments/addroleassignment(
  principalid={principalId},
  roledefid={roleDefId}
)

    As for now, there is no official documents report this unexpected behavior, therefore, no known issue or Service Health report are documenting this. If this is affecting multiple tenants, you can consider opening a support ticket via Admin Center.

    User's image

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.