So I tried using API version 11 and it still didn't work, but Customer
Support (Thanks Russel!!) had a second solution which did work on our
instance of Workfront. The accessorID, accessorObjCode, and coreAction
fields are in the accessRules collection, and can be updated on the
object instead of the share endpoint. URL = OPTASK/?fields=accessRules Method = PUT Body =
{"accessRules":[{"accessorID":"","accessorObjCode":"USER","coreAction":"VIEW"}]}
Possible values for coreAction turned out to be ...