diff --git a/src/documents/permissions.py b/src/documents/permissions.py
index 802cb8798..ac6d3f9ca 100644
--- a/src/documents/permissions.py
+++ b/src/documents/permissions.py
@@ -61,21 +61,22 @@ def get_groups_with_only_permission(obj, codename):
     return Group.objects.filter(id__in=group_object_perm_group_ids).distinct()
 
 
-def set_permissions_for_object(permissions: list[str], object, *, merge: bool = False):
+def set_permissions_for_object(permissions: dict, object, *, merge: bool = False):
     """
-    Set permissions for an object. The permissions are given as a list of strings
-    in the format "action_modelname", e.g. "view_document".
+    Set permissions for an object. The permissions are given as a mapping of actions
+    to a dict of user / group id lists, e.g.
+    {"view": {"users": [1], "groups": [2]}, "change": {"users": [], "groups": []}}.
 
     If merge is True, the permissions are merged with the existing permissions and
     no users or groups are removed. If False, the permissions are set to exactly
     the given list of users and groups.
     """
 
-    for action in permissions:
+    for action, entry in permissions.items():
         permission = f"{action}_{object.__class__.__name__.lower()}"
-        if "users" in permissions[action]:
+        if "users" in entry:
             # users
-            users_to_add = User.objects.filter(id__in=permissions[action]["users"])
+            users_to_add = User.objects.filter(id__in=entry["users"])
             users_to_remove = (
                 get_users_with_perms(
                     object,
@@ -100,9 +101,9 @@ def set_permissions_for_object(permissions: list[str], object, *, merge: bool =
                             user,
                             object,
                         )
-        if "groups" in permissions[action]:
+        if "groups" in entry:
             # groups
-            groups_to_add = Group.objects.filter(id__in=permissions[action]["groups"])
+            groups_to_add = Group.objects.filter(id__in=entry["groups"])
             groups_to_remove = (
                 get_groups_with_only_permission(
                     object,
diff --git a/src/documents/tests/test_api_search.py b/src/documents/tests/test_api_search.py
index 5a2fc9b52..191381721 100644
--- a/src/documents/tests/test_api_search.py
+++ b/src/documents/tests/test_api_search.py
@@ -1289,7 +1289,7 @@ class TestDocumentSearchApi(DirectoriesMixin, APITestCase):
                 content_type__app_label="admin",
             ),
         )
-        set_permissions([4, 5], set_permissions=[], owner=user2, merge=False)
+        set_permissions([4, 5], set_permissions={}, owner=user2, merge=False)
 
         with index.open_index_writer() as writer:
             index.update_document(writer, d1)