P5 - How to Set Department TrueNas SMB Permission
🚀 TrueNAS – P5 How to Set Department Folder Permissions (SMB Access Control Guide)
Correctly configuring TrueNAS SMB permission is critical when building a secure departmental file server.
In this guide, you will learn how to structure department datasets and configure SMB ACLs properly so that:
Each department only sees its own folder
Unauthorized folders are hidden
Cross-department access is prevented
Permission inheritance works correctly
Access-denied errors are avoided
This tutorial works for both TrueNAS SCALE and CORE using modern ACL management.
Whether you’re deploying an enterprise file server or a small office NAS, these best practices will keep your storage secure and organized.
🧪 Lab Scenario
We will build a structured dataset called:
Rules:
Users of each department can fully access their own folder
Each department can only see its own folder
Public folder is readable by all company users
IT group has edit rights on Public
Departments:
• HR → users belong to HR group
• Admin → users belong to Admin group
• Sale → users belong to Sale group
• Public → company-wide read, IT edit
Groups:
⚠ Important Note:
With permissions assigned by AD Group, remember:
Dataset is different from traditional folders.
When used as a File Server, to access a child Dataset, the Group of that department must also have rights on the parent Dataset.
This is one of the most common mistakes in TrueNAS SMB permission configuration.
🛠️ Step 1: Create Dataset Structure
Go to:
Create Parent Dataset
Name:
Select:
Create Children Datasets
Under Department:
Select:
Do NOT share SMB at this stage.
This structure ensures clean ACL separation.
🔐 Step 2: Assign Permissions
Now configure ACL correctly.
Parent Dataset (Department)
Add 3 groups:
Permission:
This allows departments to access the parent container.
Children Dataset (HR / Sale / Admin)
For each child dataset:
Add corresponding group only.
Example:
Permission: appropriate full control as needed.
Public Dataset
Add 3 groups:
Set:
Company users → Read
IT group → Edit
Check Permission:
Correct inheritance ensures stable TrueNAS SMB permission behavior.
⚙ Step 3: Edit SMB Share
Go to:
Open your SMB Share → Advanced
Set:
This prevents unwanted automatic ACL overrides.
🔑 Step 4: Enable SSH for Admin User
Before proceeding:
Verify root user password
Enable SSH for admin user
Go to:
Enable SSH access.
🖥️ Step 5: SSH Configuration (Hide Unauthorized Folders)
This step enables Access-Based Enumeration (ABE).
Purpose:
Hide datasets from users who do not have permission.
Check Dataset Share ID
Run:
Identify the dataset ID.
Example:
Team ID = 4
Update SMB Configuration
Run:
This enables:
Hide unreadable folders
Access-based share enumeration
Critical for professional TrueNAS SMB permission setup.
Restart SMB Service
Run:
Authenticate with root password when prompted.
Now users will only see folders they are allowed to access.
No more cross-department visibility.
🎯 Common Mistakes That Break Permissions
❌ Not assigning parent dataset rights
❌ Broken inheritance
❌ Mixing presets with manual ACL
❌ Forgetting Access-Based Enumeration
❌ Not restarting SMB after config change
These issues cause:
Access Denied errors
Permission conflicts
Folder visibility problems
🧠 Why TrueNAS SMB Permission Must Be Done Properly
If configured incorrectly:
Departments can see other folders
Data leakage risk increases
Auditing becomes difficult
ACL inheritance becomes inconsistent
If configured properly:
✅ Clean departmental isolation
✅ Secure access control
✅ Professional file server structure
✅ Enterprise-ready storage security
🔥 Final Thoughts
Mastering TrueNAS SMB permission is one of the most important skills when deploying TrueNAS in business environments.
Dataset structure + correct ACL + Access-Based Enumeration creates:
Secure
Scalable
Organized
Professional file server architecture
Follow this guide carefully and your TrueNAS system will behave exactly like a properly designed enterprise file server.
In the next part, we will explore advanced SMB hardening and performance tuning techniques.
See also related articles
P21 – Effortless WordPress TrueNAS Setup Guide
P21 – Effortless WordPress TrueNAS Setup Guide 🚀 TrueNAS P21 – WordPress TrueNAS Apps Demo Deploy WordPress Easily (No Docker Skills Needed) Deploying WordPress on a NAS no longer requires deep Docker knowledge or complex manual configurations. With WordPress TrueNAS Apps, you can launch a fully functional WordPress instance directly...
Read MoreP20 – Essential ZFS Disk Scrubbing Best Practices Guide
P20 – Essential ZFS Disk Scrubbing Best Practices Guide 🚀 TrueNAS – P20: ZFS Disk Scrubbing – Step-by-Step Configuration & Best Practices Maintaining data integrity is one of the most important responsibilities of any storage administrator. Even enterprise-grade disks can develop silent data corruption over time. This is where ZFS...
Read MoreP18 – Ultimate MFA TrueNAS Security Setup Guide
P18 – Ultimate MFA TrueNAS Security Setup Guide 🚀 TrueNAS – P18: Secure TrueNAS with MFA (Google Authenticator) – Full Configuration Tutorial Security is critical for any production storage system. A strong password alone is no longer enough. If credentials are leaked, brute-forced, or reused elsewhere, your entire NAS infrastructure...
Read More