I am unable to successfully delete a file from Salesforce with Apex when executed as a web service call from an external service. Running the following code behaves differently depending on whether it is executed anonymously via dev console or from the external service via the SOAP API. I've simplified the code to keep it succinct, but this captures the essence of what I'm trying to do.
 

global with sharing class CRMDocumentIntakeService{

    // CRM Document Metadata elements
    global class CRMDocMetadata{
        webservice String filenetGUID;
        webservice String documentID;
        webservice String docTitle;
        webservice String docDescription;
        webservice String docType;
        webservice Date   docReceivedDate;
        webservice String source;
        webservice String channel;
        webservice String workflowSubscription;
        webservice String indicator1;
        webservice String objectType;
        webservice String recordID;
    }    
}

global with sharing class CRMSFDCDocumentService{

    WebService static void processCRMDocument(CRMDocumentIntakeService.CRMDocMetadata filenetDoc,String messageID) {
        System.debug('Running user: ' + UserInfo.getUserName());
        CRMSFDCDocumentServiceHelper.processCRMDocument('0691g000000GkaNAAS');
    }
    
}

public with sharing class CRMSFDCDocumentServiceHelper {
  public static void processCRMDocument(Id documentId) {
      ContentDocument objContentDoc;
     
      objContentDoc = [SELECT Id FROM ContentDocument WHERE Id = :documentId];

      delete objContentDoc;

  }
}

I created a file by uploading a PDF to a Case record with my own user account. I have the Salesforce Files setting enabled to automatically use the "set by record" sharing option.

When I execute the code via the external service (triggered by outbound message), then I receive the following error message: Delete failed. First exception on row 0 with id 0691g000000GkaNAAS; first error: INSUFFICIENT_ACCESS_OR_READONLY, insufficient access rights on object id: []
If I log in as the same service account user and execute the code via developer console, then no error occurs and the file is successfully deleted. Here's the anonymous apex block I'm running:

CRMDocumentIntakeService.CRMDocMetadata filenetDoc = new CRMDocumentIntakeService.CRMDocMetadata();
filenetDoc.source = 'P8';
filenetDoc.indicator1 = 'CRM-a0g1g000000mT9p';
filenetDoc.filenetGUID = '{70949B73-0000-C210-9788-ECC0F8579CCE}';
filenetDoc.documentID = 'a0g1g000000mT9p';
filenetDoc.channel = 'WEB';

CRMSFDCDocumentService.processCRMDocument(filenetDoc, '6bc2316ed1bf13eaaef8');

I am aware that permissions around Salesforce Files work much differently than the old attachments object, but the fact that the service account user is able to delete the file from the Files tab in the UI and through Anonymous Apex leads me to believe that this difference may be due to how the web service call runs within system context.

I tried changing the classes to be "without sharing", but that did not make any difference. I also updated the API version to current (49.0) for all 3 classes to no avail. I also confirmed that the user has a CRM Content feature license and that the profile has the "Manage Salesforce CRM Content" permission enabled.

Any help would be most appreciated.

Thanks!