diff --git a/packages/openneuro-app/src/scripts/datalad/dataset/dataset-query-fragments.js b/packages/openneuro-app/src/scripts/datalad/dataset/dataset-query-fragments.js
index 7c64060fe..7d249c3f3 100644
--- a/packages/openneuro-app/src/scripts/datalad/dataset/dataset-query-fragments.js
+++ b/packages/openneuro-app/src/scripts/datalad/dataset/dataset-query-fragments.js
@@ -74,6 +74,8 @@ export const PERMISSION_FRAGMENT = gql`
         user {
           id
           email
+          orcid
+          name
         }
         level
       }
diff --git a/packages/openneuro-app/src/scripts/datalad/mutations/remove-permissions.jsx b/packages/openneuro-app/src/scripts/datalad/mutations/remove-permissions.jsx
deleted file mode 100644
index 705eb4c19..000000000
--- a/packages/openneuro-app/src/scripts/datalad/mutations/remove-permissions.jsx
+++ /dev/null
@@ -1,42 +0,0 @@
-import React from "react"
-import PropTypes from "prop-types"
-import { gql } from "@apollo/client"
-import { Mutation } from "@apollo/client/react/components"
-import WarnButton from "../../common/forms/warn-button.jsx"
-
-const REMOVE_PERMISSION = gql`
-  mutation removePermissions($datasetId: ID!, $userId: String!) {
-    removePermissions(datasetId: $datasetId, userId: $userId)
-  }
-`
-
-/**
- * Remove any permissions matching the user
- * @param {object} userPermissions
- * @param {string} userId
- */
-export const userPermissionsFilter = (userPermissions, userId) =>
-  userPermissions.filter((permission) => permission.user.id !== userId)
-
-const RemovePermissions = ({ datasetId, userId }) => (
-  <Mutation mutation={REMOVE_PERMISSION}>
-    {(removePermissions) => (
-      <WarnButton
-        message="Remove Permission"
-        icon="fa-trash"
-        warn={true}
-        action={async (cb) => {
-          await removePermissions({ variables: { datasetId, userId } })
-          cb()
-        }}
-      />
-    )}
-  </Mutation>
-)
-
-RemovePermissions.propTypes = {
-  datasetId: PropTypes.string,
-  userId: PropTypes.string,
-}
-
-export default RemovePermissions
diff --git a/packages/openneuro-app/src/scripts/datalad/mutations/update-permissions.jsx b/packages/openneuro-app/src/scripts/datalad/mutations/update-permissions.jsx
deleted file mode 100644
index 5e660e86d..000000000
--- a/packages/openneuro-app/src/scripts/datalad/mutations/update-permissions.jsx
+++ /dev/null
@@ -1,86 +0,0 @@
-import React from "react"
-import PropTypes from "prop-types"
-import { gql } from "@apollo/client"
-import { Mutation } from "@apollo/client/react/components"
-import { toast } from "react-toastify"
-import ToastContent from "../../common/partials/toast-content.jsx"
-import { validate as isValidEmail } from "email-validator"
-
-const UPDATE_PERMISSIONS = gql`
-  mutation updatePermissions(
-    $datasetId: ID!
-    $userEmail: String!
-    $level: String!
-  ) {
-    updatePermissions(
-      datasetId: $datasetId
-      userEmail: $userEmail
-      level: $level
-    ) {
-      id
-      email
-    }
-  }
-`
-
-export const mergeNewPermission = (
-  datasetId,
-  oldPermissions,
-  userInfo,
-  metadata,
-) => {
-  return {
-    __typename: "Dataset",
-    id: datasetId,
-    permissions: {
-      ...oldPermissions,
-      userPermissions: [
-        ...oldPermissions.userPermissions,
-        {
-          __typename: "Permission",
-          user: { __typename: "User", ...userInfo },
-          level: metadata,
-        },
-      ],
-    },
-  }
-}
-
-const UpdateDatasetPermissions = ({ datasetId, userEmail, metadata, done }) => (
-  <Mutation mutation={UPDATE_PERMISSIONS}>
-    {(UpdateDatasetPermissions) => (
-      <button
-        className="btn-modal-action"
-        onClick={async () => {
-          if (isValidEmail(userEmail)) {
-            try {
-              await UpdateDatasetPermissions({
-                variables: { datasetId, userEmail, level: metadata },
-              })
-              done()
-            } catch (_err) {
-              toast.error(
-                <ToastContent body="A user with that email address does not exist" />,
-              )
-            }
-          } else {
-            toast.error(
-              <ToastContent body="Please enter a valid email address" />,
-            )
-          }
-        }}
-      >
-        Share
-      </button>
-    )}
-  </Mutation>
-)
-
-UpdateDatasetPermissions.propTypes = {
-  datasetId: PropTypes.string,
-  userEmail: PropTypes.string,
-  metadata: PropTypes.oneOf(["ro", "rw", "admin"]),
-  done: PropTypes.func,
-}
-
-export default UpdateDatasetPermissions
diff --git a/packages/openneuro-app/src/scripts/dataset/mutations/__tests__/__snapshots__/update-permissions.spec.jsx.snap b/packages/openneuro-app/src/scripts/dataset/mutations/__tests__/__snapshots__/update-permissions.spec.jsx.snap
index a7e905e71..5c4f721d1 100644
--- a/packages/openneuro-app/src/scripts/dataset/mutations/__tests__/__snapshots__/update-permissions.spec.jsx.snap
+++ b/packages/openneuro-app/src/scripts/dataset/mutations/__tests__/__snapshots__/update-permissions.spec.jsx.snap
@@ -1,6 +1,19 @@
 // Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
 
-exports[`UpdateDatasetPermissions mutation > renders with default props 1`] = `
+exports[`UpdateDatasetPermissions mutation > calls UPDATE_ORCID_PERMISSIONS when clicked with an ORCID 1`] = `
+<DocumentFragment>
+  <button
+    aria-label="Share"
+    class="on-button on-button--small on-button--primary  btn-modal-action"
+    role="button"
+    type="button"
+  >
+    Share
+  </button>
+</DocumentFragment>
+`;
+
+exports[`UpdateDatasetPermissions mutation > calls UPDATE_PERMISSIONS when clicked with an email address 1`] = `
 <DocumentFragment>
   <button
     aria-label="Share"
@@ -13,7 +26,7 @@ exports[`UpdateDatasetPermissions mutation > renders with default props 1`] = `
 </DocumentFragment>
 `;
 
-exports[`UpdateDatasetPermissions mutation > renders with typical props 1`] = `
+exports[`UpdateDatasetPermissions mutation > renders with default props 1`] = `
 <DocumentFragment>
   <button
     aria-label="Share"
diff --git a/packages/openneuro-app/src/scripts/dataset/mutations/__tests__/update-permissions.spec.jsx b/packages/openneuro-app/src/scripts/dataset/mutations/__tests__/update-permissions.spec.jsx
index ae9c10e94..b5d87c1e2 100644
--- a/packages/openneuro-app/src/scripts/dataset/mutations/__tests__/update-permissions.spec.jsx
+++ b/packages/openneuro-app/src/scripts/dataset/mutations/__tests__/update-permissions.spec.jsx
@@ -1,7 +1,44 @@
 import React from "react"
-import { render } from "@testing-library/react"
+import { fireEvent, render, screen, waitFor } from "@testing-library/react"
 import { MockedProvider } from "@apollo/client/testing"
-import { UpdateDatasetPermissions } from "../update-permissions"
+import {
+  isValidOrcid,
+  UPDATE_ORCID_PERMISSIONS,
+  UPDATE_PERMISSIONS,
+  UpdateDatasetPermissions,
+} from "../update-permissions"
+
+function permissionMocksFactory(
+  updatePermissionsCalled,
+  updateOrcidPermissionsCalled,
+) {
+  return [
+    {
+      request: {
+        query: UPDATE_PERMISSIONS,
+
+        variables: {
+          datasetId: "ds000005",
+          userEmail: "test@example.com",
+          level: "ro",
+        },
+      },
+      newData: updatePermissionsCalled,
+    },
+    {
+      request: {
+        query: UPDATE_ORCID_PERMISSIONS,
+
+        variables: {
+          datasetId: "ds000005",
+          userOrcid: "0000-0002-1694-233X",
+          level: "ro",
+        },
+      },
+      newData: updateOrcidPermissionsCalled,
+    },
+  ]
+}
 
 describe("UpdateDatasetPermissions mutation", () => {
   it("renders with default props", () => {
@@ -12,17 +49,76 @@ describe("UpdateDatasetPermissions mutation", () => {
     )
     expect(asFragment()).toMatchSnapshot()
   })
-  it("renders with typical props", () => {
+  it("calls UPDATE_PERMISSIONS when clicked with an email address", async () => {
+    const updatePermissionsCalled = vi.fn()
+    const updateOrcidPermissionsCalled = vi.fn()
+    const mocks = permissionMocksFactory(
+      updatePermissionsCalled,
+      updateOrcidPermissionsCalled,
+    )
+    const done = vi.fn()
     const { asFragment } = render(
-      <MockedProvider>
+      <MockedProvider mocks={mocks} addTypename={false}>
         <UpdateDatasetPermissions
           datasetId="ds000005"
-          userEmail="test@example.com"
-          access="ro"
-          done={vi.fn()}
+          userIdentifier="test@example.com"
+          metadata="ro"
+          done={done}
         />
       </MockedProvider>,
     )
-    expect(asFragment()).toMatchSnapshot()
+    const fragment = asFragment()
+    expect(fragment).toMatchSnapshot()
+    // Try clicking the button and make sure the right mutation runs
+    const button = screen.getByRole("button")
+    await fireEvent.click(button)
+    // Make sure it ran at all
+    await waitFor(() => expect(done).toHaveBeenCalled())
+    // Verify the expected query ran
+    await waitFor(() => expect(updatePermissionsCalled).toHaveBeenCalled())
+    await waitFor(() =>
+      expect(updateOrcidPermissionsCalled).not.toHaveBeenCalled()
+    )
+  })
+  it("calls UPDATE_ORCID_PERMISSIONS when clicked with an ORCID", async () => {
+    const updatePermissionsCalled = vi.fn()
+    const updateOrcidPermissionsCalled = vi.fn()
+    const mocks = permissionMocksFactory(
+      updatePermissionsCalled,
+      updateOrcidPermissionsCalled,
+    )
+    const done = vi.fn()
+    const { asFragment } = render(
+      <MockedProvider mocks={mocks} addTypename={false}>
+        <UpdateDatasetPermissions
+          datasetId="ds000005"
+          userIdentifier="0000-0002-1694-233X"
+          metadata="ro"
+          done={done}
+        />
+      </MockedProvider>,
+    )
+    const fragment = asFragment()
+    expect(fragment).toMatchSnapshot()
+    // Try clicking the button and make sure the right mutation runs
+    const button = screen.getByRole("button")
+    await fireEvent.click(button)
+    // Make sure it ran at all
+    await waitFor(() => expect(done).toHaveBeenCalled())
+    // Verify the expected query ran
+    await waitFor(() => expect(updatePermissionsCalled).not.toHaveBeenCalled())
+    await waitFor(() => expect(updateOrcidPermissionsCalled).toHaveBeenCalled())
+  })
+  describe("isValidOrcid", () => {
+    it("matches typical ORCID strings", () => {
+      expect(isValidOrcid("0000-0001-2345-678")).toBe(false)
+      expect(isValidOrcid("0000-0001-2345-678f")).toBe(false)
+      expect(isValidOrcid("19818c4d-1e60-4480-a317-6fcc1c1a88c6")).toBe(false)
+      expect(isValidOrcid("0000000123456789")).toBe(false)
+      // Check for a correct value
+      expect(isValidOrcid("0000-0001-2345-6789")).toBe(true)
+      // Test with the X checksum value
+      expect(isValidOrcid("0000-0002-1694-233X")).toBe(true)
+    })
   })
 })
diff --git a/packages/openneuro-app/src/scripts/dataset/mutations/update-permissions.tsx b/packages/openneuro-app/src/scripts/dataset/mutations/update-permissions.tsx
index 3430425cd..6279dfdfa 100644
--- a/packages/openneuro-app/src/scripts/dataset/mutations/update-permissions.tsx
+++ b/packages/openneuro-app/src/scripts/dataset/mutations/update-permissions.tsx
@@ -1,12 +1,23 @@
 import React from "react"
 import type { FC } from "react"
 import { gql, useMutation } from "@apollo/client"
+import type { ApolloError } from "@apollo/client"
 import { toast } from "react-toastify"
 import ToastContent from "../../common/partials/toast-content"
 import { validate as isValidEmail } from "email-validator"
 import { Button } from "@openneuro/components/button"
 
-const UPDATE_PERMISSIONS = gql`
+export function isValidOrcid(orcid: string) {
+  if (orcid) {
+    return /^[0-9]{4}-[0-9]{4}-[0-9]{4}-[0-9]{3}[0-9X]$/.test(orcid)
+      ? true
+      : false
+  } else {
+    return false
+  }
+}
+
+export const UPDATE_PERMISSIONS = gql`
   mutation updatePermissions(
     $datasetId: ID!
     $userEmail: String!
@@ -18,48 +29,79 @@ const UPDATE_PERMISSIONS = gql`
       level: $level
     ) {
       id
-      email
+      userPermissions {
+        datasetId
+        userId
+        level
+        user {
+          id
+          email
+          orcid
+          name
+        }
+      }
     }
   }
 `
 
-export const mergeNewPermission = (
-  datasetId,
-  oldPermissions,
-  userInfo,
-  metadata,
-) => {
-  return {
-    __typename: "Dataset",
-    id: datasetId,
-    permissions: {
-      ...oldPermissions,
-      userPermissions: [
-        ...oldPermissions.userPermissions,
-        {
-          __typename: "Permission",
-          user: { __typename: "User", ...userInfo },
-          level: metadata,
-        },
-      ],
-    },
+export const UPDATE_ORCID_PERMISSIONS = gql`
+  mutation updateOrcidPermissions(
+    $datasetId: ID!
+    $userOrcid: String!
+    $level: String!
+  ) {
+    updateOrcidPermissions(
+      datasetId: $datasetId
+      userOrcid: $userOrcid
+      level: $level
+    ) {
+      id
+      userPermissions {
+        datasetId
+        userId
+        level
+        user {
+          id
+          email
+          orcid
+          name
+        }
+      }
+    }
   }
-}
+`
 
 interface UpdateDatasetPermissionsProps {
   datasetId: string
-  userEmail: string
+  userIdentifier: string
   metadata: string
   done: () => void
 }
 
+function onError(err: ApolloError) {
+  toast.error(
+    <ToastContent body={err?.message} />,
+  )
+}
+
+/**
+ * Add permissions to a dataset based on a value provided
+ * userIdentifier is either an email or ORCID
+ */
 export const UpdateDatasetPermissions: FC<UpdateDatasetPermissionsProps> = ({
   datasetId,
-  userEmail,
+  userIdentifier,
   metadata,
   done,
 }) => {
-  const [UpdateDatasetPermissions] = useMutation(UPDATE_PERMISSIONS)
+  const [updateDatasetPermissions] = useMutation(
+    UPDATE_PERMISSIONS,
+    { onError },
+  )
+  const [updateDatasetPermissionsOrcid] = useMutation(
+    UPDATE_ORCID_PERMISSIONS,
+    { onError },
+  )
   return (
     <>
       <Button
@@ -68,10 +110,23 @@ export const UpdateDatasetPermissions: FC<UpdateDatasetPermissionsProps> = ({
         label="Share"
         size="small"
         onClick={async () => {
-          if (isValidEmail(userEmail)) {
+          if (isValidOrcid(userIdentifier)) {
+            await updateDatasetPermissionsOrcid({
+              variables: {
+                datasetId,
+                userOrcid: userIdentifier,
+                level: metadata,
+              },
+            })
+            done()
+          } else if (isValidEmail(userIdentifier)) {
             try {
-              await UpdateDatasetPermissions({
-                variables: { datasetId, userEmail, level: metadata },
+              await updateDatasetPermissions({
+                variables: {
+                  datasetId,
+                  userEmail: userIdentifier,
+                  level: metadata,
+                },
               })
               done()
             } catch (_err) {
@@ -81,7 +136,7 @@ export const UpdateDatasetPermissions: FC<UpdateDatasetPermissionsProps> = ({
             }
           } else {
             toast.error(
-              <ToastContent body="Please enter a valid email address" />,
+              <ToastContent body="Please enter a valid email address or ORCID" />,
             )
           }
         }}
diff --git a/packages/openneuro-app/src/scripts/dataset/routes/manage-permissions.jsx b/packages/openneuro-app/src/scripts/dataset/routes/manage-permissions.jsx
index 2d7122a82..def5996c9 100644
--- a/packages/openneuro-app/src/scripts/dataset/routes/manage-permissions.jsx
+++ b/packages/openneuro-app/src/scripts/dataset/routes/manage-permissions.jsx
@@ -14,12 +14,28 @@ const description = {
   ro: "View dataset",
 }
 
-export const PermissionRow = ({ datasetId, userId, userEmail, access }) => (
+export const PermissionRow = (
+  { datasetId, userId, userName, userEmail, userOrcid, access },
+) => (
   <div className="data-table-content">
     <span>
-      <label>Email:</label>
-      <a href={`mailto:${userEmail}`}>{userEmail}</a>
+      <label>User:</label>
+      {userName}
     </span>
+    {userOrcid
+      ? (
+        <span>
+          <label>ORCID:</label>
+          <a href={`https://orcid.org/${userOrcid}`}>{userOrcid}</a>
+        </span>
+      )
+      : (
+        <span>
+          <label>Email:</label>
+          <a href={`mailto:${userEmail}`}>{userEmail}</a>
+        </span>
+      )}
+
     <span>
       <label>Access:</label>
       {description[access]}
@@ -34,14 +50,17 @@ export const PermissionRow = ({ datasetId, userId, userEmail, access }) => (
 PermissionRow.propTypes = {
   datasetId: PropTypes.string,
   userId: PropTypes.string,
+  userName: PropTypes.string,
   userEmail: PropTypes.string,
+  userOrcid: PropTypes.string,
   access: PropTypes.oneOf(["ro", "rw", "admin"]),
 }
 
 export const ShareTable = ({ datasetId, permissions }) => (
   <>
     <div className="data-table-header">
-      <span>Email</span>
+      <span>Name</span>
+      <span>Reference</span>
       <span>Access</span>
       <span>Edit</span>
     </div>
@@ -50,7 +69,9 @@ export const ShareTable = ({ datasetId, permissions }) => (
       <PermissionRow
         datasetId={datasetId}
         userId={perm.user.id}
+        userName={perm.user.name}
         userEmail={perm.user.email}
+        userOrcid={perm.user.orcid}
         access={perm.level}
         key={index}
       />
@@ -64,7 +85,7 @@ ShareTable.propTypes = {
 }
 
 const Share = ({ datasetId, permissions, reviewers, hasSnapshot }) => {
-  const [userEmail, setUserEmail] = useState("")
+  const [userIdentifier, setUserIdentifier] = useState("")
   const [access, setAccess] = useState("ro")
 
   const readActive = access === "ro" && "active"
@@ -81,14 +102,15 @@ const Share = ({ datasetId, permissions, reviewers, hasSnapshot }) => {
           <div className="dataset-form-body">
             <ShareTable datasetId={datasetId} permissions={permissions} />
             <p>
-              Enter a user&#39;s email address and select access level to share
+              Enter a user&#39;s ORCID or email address and select access level
+              to share
             </p>
             <div className="share-input-group">
               <input
                 className="form-control"
                 type="email"
-                value={userEmail}
-                onChange={(e) => setUserEmail(e.target.value)}
+                value={userIdentifier}
+                onChange={(e) => setUserIdentifier(e.target.value)}
               />
               <div className="input-group-btn">
                 <Button
@@ -118,9 +140,9 @@ const Share = ({ datasetId, permissions, reviewers, hasSnapshot }) => {
           <div className="share-form-controls">
             <UpdateDatasetPermissions
               datasetId={datasetId}
-              userEmail={userEmail}
+              userIdentifier={userIdentifier}
               metadata={access}
-              done={() => setUserEmail("")}
+              done={() => setUserIdentifier("")}
             />
           </div>
         </div>
diff --git a/packages/openneuro-app/src/scripts/scss/dataset/dataset-tool.scss b/packages/openneuro-app/src/scripts/scss/dataset/dataset-tool.scss
index 9f222c3c7..6438da4de 100644
--- a/packages/openneuro-app/src/scripts/scss/dataset/dataset-tool.scss
+++ b/packages/openneuro-app/src/scripts/scss/dataset/dataset-tool.scss
@@ -54,7 +54,7 @@
     }
     > span {
       display: block;
-      min-width: 33.3333%;
+      min-width: 25%;
       margin-bottom: 11px;
       label {
         font-weight: bold;
diff --git a/packages/openneuro-server/src/graphql/resolvers/mutation.ts b/packages/openneuro-server/src/graphql/resolvers/mutation.ts
index 04cfdd7a6..1cc46d5a3 100644
--- a/packages/openneuro-server/src/graphql/resolvers/mutation.ts
+++ b/packages/openneuro-server/src/graphql/resolvers/mutation.ts
@@ -19,7 +19,11 @@ import {
 import { removeUser, setAdmin, setBlocked } from "./user.js"
 import { updateSummary } from "./summary"
 import { revalidate, updateValidation } from "./validation.js"
-import { removePermissions, updatePermissions } from "./permissions"
+import {
+  removePermissions,
+  updateOrcidPermissions,
+  updatePermissions,
+} from "./permissions"
 import { followDataset } from "./follow.js"
 import { starDataset } from "./stars.js"
 import { publishDataset } from "./publish.js"
@@ -54,6 +58,7 @@ const Mutation = {
   updateValidation,
   updatePublic,
   updatePermissions,
+  updateOrcidPermissions,
   removePermissions,
   removeUser,
   setAdmin,
diff --git a/packages/openneuro-server/src/graphql/resolvers/permissions.ts b/packages/openneuro-server/src/graphql/resolvers/permissions.ts
index a957501b9..4b6912e37 100644
--- a/packages/openneuro-server/src/graphql/resolvers/permissions.ts
+++ b/packages/openneuro-server/src/graphql/resolvers/permissions.ts
@@ -29,20 +29,35 @@ const publishPermissions = async (datasetId) => {
   const ds = { id: datasetId }
   const { id, userPermissions } = await permissions(ds)
   const permissionsUpdated = {
-    id: datasetId,
-    permissions: {
-      id,
-      userPermissions: await Promise.all(
-        userPermissions.map(async (userPermission) => ({
-          ...userPermission,
-          user: await user(ds, { id: userPermission.userId }),
-        })),
-      ),
-    },
+    id,
+    userPermissions: await Promise.all(
+      userPermissions.map(async (userPermission) => ({
+        ...userPermission,
+        user: await user(ds, { id: userPermission.userId }),
+      })),
+    ),
   }
   return permissionsUpdated
 }
 
+async function updateUsers(datasetId: string, level: string, users) {
+  for (const user of users) {
+    await Permission.updateOne(
+      {
+        datasetId: datasetId,
+        userId: user.id,
+      },
+      {
+        datasetId: datasetId,
+        userId: user.id,
+        level: level,
+      },
+      { upsert: true },
+    ).exec()
+  }
+  return publishPermissions(datasetId)
+}
+
 /**
  * Update user permissions on a dataset
  */
@@ -57,28 +72,29 @@ export const updatePermissions = async (obj, args, { user, userInfo }) => {
     throw new Error("A user with that email address does not exist")
   }
 
-  const userPromises = users.map((user) => {
-    return new Promise<void>((resolve, reject) => {
-      Permission.updateOne(
-        {
-          datasetId: args.datasetId,
-          userId: user.id,
-        },
-        {
-          datasetId: args.datasetId,
-          userId: user.id,
-          level: args.level,
-        },
-        { upsert: true },
-      )
-        .exec()
-        .then(() => resolve())
-        .catch((err) => reject(err))
-    })
+  return updateUsers(args.datasetId, args.level, users)
+}
+
+/**
+ * ORCID variant of updatePermissions
+ */
+export const updateOrcidPermissions = async (obj, args, { user, userInfo }) => {
+  await checkDatasetAdmin(args.datasetId, user, userInfo)
+  // Get all users associated with the ORCID provided
+  const users = await User.find({
+    "$or": [{ "orcid": args.userOrcid }, {
+      "providerId": args.userOrcid,
+      "provider": "orcid",
+    }],
   })
-  return Promise.all(userPromises).then(() =>
-    publishPermissions(args.datasetId)
-  )
+    .collation({ locale: "en", strength: 2 })
+    .exec()
+
+  if (!users.length) {
+    throw new Error("A user with that ORCID does not exist")
+  }
+
+  return updateUsers(args.datasetId, args.level, users)
 }
 
 /**
diff --git a/packages/openneuro-server/src/graphql/schema.ts b/packages/openneuro-server/src/graphql/schema.ts
index 787f13241..ee5078edc 100644
--- a/packages/openneuro-server/src/graphql/schema.ts
+++ b/packages/openneuro-server/src/graphql/schema.ts
@@ -121,7 +121,9 @@ export const typeDefs = `
     # Update a draft with validation results
     updateValidation(validation: ValidationInput!): Boolean
     # Update a users's permissions on a dataset
-    updatePermissions(datasetId: ID!, userEmail: String!, level: String): User
+    updatePermissions(datasetId: ID!, userEmail: String!, level: String!): DatasetPermissions
+    # Update a users's permissions for a given ORCID
+    updateOrcidPermissions(datasetId: ID!, userOrcid: String!, level: String!): DatasetPermissions
     # Remove a users's permissions on a dataset
     removePermissions(datasetId: ID!, userId: String!): Boolean
     # Remove a user