diff --git a/changelog/unreleased/ocs-share-update-consider-role.md b/changelog/unreleased/ocs-share-update-consider-role.md
new file mode 100644
index 00000000000..5d93d90fb78
--- /dev/null
+++ b/changelog/unreleased/ocs-share-update-consider-role.md
@@ -0,0 +1,6 @@
+Bugfix: Fix role consideration when updating a share
+
+Previously when updating a share the endpoint only considered the permissions, now this also respects a given role.
+
+https://github.com/cs3org/reva/pull/2883
+
diff --git a/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go b/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go
index aee01197931..04f86422922 100644
--- a/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go
+++ b/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go
@@ -581,26 +581,36 @@ func (h *Handler) UpdateShare(w http.ResponseWriter, r *http.Request) {
 func (h *Handler) updateShare(w http.ResponseWriter, r *http.Request, shareID string) {
 	ctx := r.Context()
 
-	pval := r.FormValue("permissions")
-	if pval == "" {
-		response.WriteOCSError(w, r, response.MetaBadRequest.StatusCode, "permissions missing", nil)
+	client, err := pool.GetGatewayServiceClient(h.gatewayAddr)
+	if err != nil {
+		response.WriteOCSError(w, r, response.MetaServerError.StatusCode, "error getting grpc gateway client", err)
 		return
 	}
 
-	pint, err := strconv.Atoi(pval)
+	shareR, err := client.GetShare(r.Context(), &collaboration.GetShareRequest{
+		Ref: &collaboration.ShareReference{
+			Spec: &collaboration.ShareReference_Id{
+				Id: &collaboration.ShareId{
+					OpaqueId: shareID,
+				},
+			},
+		},
+	})
+
 	if err != nil {
-		response.WriteOCSError(w, r, response.MetaBadRequest.StatusCode, "permissions must be an integer", nil)
+		response.WriteOCSError(w, r, response.MetaServerError.StatusCode, "error sending a grpc update share request", err)
 		return
 	}
-	permissions, err := conversions.NewPermissions(pint)
-	if err != nil {
-		response.WriteOCSError(w, r, response.MetaBadRequest.StatusCode, err.Error(), nil)
+
+	info, status, err := h.getResourceInfoByID(ctx, client, shareR.Share.ResourceId)
+	if err != nil || status.Code != rpc.Code_CODE_OK {
+		response.WriteOCSError(w, r, response.MetaServerError.StatusCode, "error mapping share data", err)
 		return
 	}
 
-	client, err := pool.GetGatewayServiceClient(h.gatewayAddr)
-	if err != nil {
-		response.WriteOCSError(w, r, response.MetaServerError.StatusCode, "error getting grpc gateway client", err)
+	role, _, ocsErr := h.extractPermissions(w, r, info, conversions.NewManagerRole())
+	if ocsErr != nil {
+		response.WriteOCSError(w, r, ocsErr.Code, ocsErr.Message, ocsErr.Error)
 		return
 	}
 
@@ -616,7 +626,7 @@ func (h *Handler) updateShare(w http.ResponseWriter, r *http.Request, shareID st
 			Field: &collaboration.UpdateShareRequest_UpdateField_Permissions{
 				Permissions: &collaboration.SharePermissions{
 					// this completely overwrites the permissions for this user
-					Permissions: conversions.RoleFromOCSPermissions(permissions).CS3ResourcePermissions(),
+					Permissions: role.CS3ResourcePermissions(),
 				},
 			},
 		},