Special ACL with AD

[hassoon]

Hi, Im using the latest Core version with AD integration of 2016 Server Std.
I have rather a custom requirements to do here.
We have two Companies: CompA and CompB that has several depts inside each.
Example: CompA has: Sales / Acc / Operations same ofr CompB.
to reflect this setup I went on and made two Shares CompA and CompB, in Windows I made also Two groups CompA and CompB, then created Sales / Acc / Ops groups.
each group or depts must see his own folders but not the rest.
So far I cant manage to reflect this in TrueNas as I would need to change permission on some folders which seems to refuse due to inheritance from zfs.
and suggestions will be appreciated.

 

[Johnny Fartpants]

There are a couple of ways to do this. 1. Create datasets and sub-datasets for each dept and apply groups permissions to them. 2. Create a single dataset and divide it up using folders and permissions within Windows. I create ‘m’ (modify) and ‘t’ (traverse) groups in AD and nest them making the ‘m’ group a member of the parent ‘t’ group and then apply those groups to the given folders where ‘t’ gets read only for ‘this folder only’ and ‘m’ gets modify for ‘all folders and files’.