Hello,
Yes the way to proceed when removing a permission is to push the updated permissions using the share endpoint. It is not possible to just drop a permission on a resource at the moment. We are open to adding a DELETE /permissions/uuid.json to the api if more people are interested.
The constraints for the permissions at the moment are as follow:
- All the users must be active (and obviously exists)
- There must be at least one owner
- All the secrets must be made available (either because they were already available, or because they are pushed with the request).
@antonio.rodriguez if you post more information about the POST simulation and response we can help you sort it out.