diff --git a/changelog/unreleased/fix-internallink-permission-check.md b/changelog/unreleased/fix-internallink-permission-check.md
new file mode 100644
index 0000000000..f2fa1efcd7
--- /dev/null
+++ b/changelog/unreleased/fix-internallink-permission-check.md
@@ -0,0 +1,7 @@
+Bugfix: Internal link creation
+
+We fix the permission checks for creating and updating public share so that it is
+possible again to create internal links for received shares.
+
+https://github.com/cs3org/reva/pull/4429
+https://github.com/owncloud/ocis/issues/8039
diff --git a/internal/grpc/services/publicshareprovider/publicshareprovider.go b/internal/grpc/services/publicshareprovider/publicshareprovider.go
index 4cfd98cb26..201b2c0f97 100644
--- a/internal/grpc/services/publicshareprovider/publicshareprovider.go
+++ b/internal/grpc/services/publicshareprovider/publicshareprovider.go
@@ -241,8 +241,10 @@ func (s *service) CreatePublicShare(ctx context.Context, req *link.CreatePublicS
 		}, nil
 	}
 
-	// check if the user can share with the desired permissions
-	if !conversions.SufficientCS3Permissions(sRes.GetInfo().GetPermissionSet(), req.GetGrant().GetPermissions().GetPermissions()) {
+	// check if the user can share with the desired permissions. For internal links this is skipped,
+	// users can always create internal links provided they have the AddGrant permission, which was already
+	// checked above
+	if !isInternalLink && !conversions.SufficientCS3Permissions(sRes.GetInfo().GetPermissionSet(), req.GetGrant().GetPermissions().GetPermissions()) {
 		return &link.CreatePublicShareResponse{
 			Status: status.NewInvalidArg(ctx, "insufficient permissions to create that kind of share"),
 		}, nil
@@ -512,6 +514,7 @@ func (s *service) UpdatePublicShare(ctx context.Context, req *link.UpdatePublicS
 	// check if the user can change the permissions to the desired permissions
 	updatePermissions := req.GetUpdate().GetType() == link.UpdatePublicShareRequest_Update_TYPE_PERMISSIONS
 	if updatePermissions &&
+		!isInternalLink &&
 		!conversions.SufficientCS3Permissions(
 			sRes.GetInfo().GetPermissionSet(),
 			req.GetUpdate().GetGrant().GetPermissions().GetPermissions(),