Hello. I will try to describe whole story in detail. At first i was searching for a way to set user's permissions to shared SMB shares on folder level. So let's have User A, B and C. User A is meant to be admin / owner of the dataset so i want to have set full control on that user. Next, User B should have access to only one subfolder within the folder in root path. And finally, User C should have same permissions as User B but on different subfolder.
So i found it can be done via Windows, specifically right click on folder -> Properties -> Security. So i went there additionally clicked on Edit button and saw something i didn't want to. In following screenshot you could see (a mess) weird naming and even more weird permissions.
The user "Syncek" or "TRUENAS\pheggask" is owner of whole dataset so this folder's properties too. I instantly noticed that there is shown not only the owner user but also it's group (at the top, "pheggas (Unix Group\pheggas)"). I have couple of questions right here.
1. Why do owner's group has different domain than owner itself? (Unix Group and TRUENAS)
2. Why there are users / groups CREATOR OWNER and CREATOR GROUP?
3. Where could i set what is the name of that domain TRUENAS?
Now the even more weird part.
On this screenshot you can see that owner "Syncek" has no permissions what so ever. However it does have the "Special permissions" checked and grayed out so can't be changed. Shown here:
The same permission set is on pheggas group and also CREATOR OWNER and CREATOR GROUP. When it comes to "Tatino (TRUENAS\toto)" and "Mamina (TRUENAS\momo)", they both have same permissions and looks like this:
Note that Special permissions is also checked and grayed out. The weirdness on this is, i see the same permission set (like i described above) via every user (so pheggask, Tatino and Mamina users). So technically i could edit owner's all permissions to Deny and basically deny whole access to that dataset by normal user. The same way, i'm unable to uncheck Allow permissions on users from owner's perspective.
TLDR; Owner can't restrict anything but standard user can restrict owner's permissions.
I'm sure you would need to see my TrueNAS settings. I have no problem with that, just write down which screens i should screenshot you.
Thanx everyone that will help and i hope that this will get resolved ASAP as this is really big security concern from my view (as the admin).
So i found it can be done via Windows, specifically right click on folder -> Properties -> Security. So i went there additionally clicked on Edit button and saw something i didn't want to. In following screenshot you could see (a mess) weird naming and even more weird permissions.
The user "Syncek" or "TRUENAS\pheggask" is owner of whole dataset so this folder's properties too. I instantly noticed that there is shown not only the owner user but also it's group (at the top, "pheggas (Unix Group\pheggas)"). I have couple of questions right here.
1. Why do owner's group has different domain than owner itself? (Unix Group and TRUENAS)
2. Why there are users / groups CREATOR OWNER and CREATOR GROUP?
3. Where could i set what is the name of that domain TRUENAS?
Now the even more weird part.
On this screenshot you can see that owner "Syncek" has no permissions what so ever. However it does have the "Special permissions" checked and grayed out so can't be changed. Shown here:
The same permission set is on pheggas group and also CREATOR OWNER and CREATOR GROUP. When it comes to "Tatino (TRUENAS\toto)" and "Mamina (TRUENAS\momo)", they both have same permissions and looks like this:
Note that Special permissions is also checked and grayed out. The weirdness on this is, i see the same permission set (like i described above) via every user (so pheggask, Tatino and Mamina users). So technically i could edit owner's all permissions to Deny and basically deny whole access to that dataset by normal user. The same way, i'm unable to uncheck Allow permissions on users from owner's perspective.
TLDR; Owner can't restrict anything but standard user can restrict owner's permissions.
I'm sure you would need to see my TrueNAS settings. I have no problem with that, just write down which screens i should screenshot you.
Thanx everyone that will help and i hope that this will get resolved ASAP as this is really big security concern from my view (as the admin).