A TrueNAS dataset is a file system within a data storage pool. Datasets can contain files, directories, and child datasets, and have individual permissions or flags.

Datasets can also be encrypted. In TrueNAS 22.12.3 or later, the TrueNAS UI requires encryption for child datasets created in encrypted parent datasets, but you can change the encryption type from key to passphrase. You can create an encrypted dataset if the parent is not encrypted and set the type as either key or passphrase.

The Advanced Settings screen provides configuration options for the console, syslog, audit, kernel, sysctl, storage (system dataset pool), replication, WebSocket sessions, cron jobs, init/shutdown scripts, allowed IP addresses, isolated GPU device(s), self-encrypting drives, and global two-factor authentication.

The Capacity Settings screen allows users to set quotas for the selected dataset and for the selected dataset and any of the child datasets for the selected dataset apart from the dataset creation process.

The settings on the Capacity Settings screen are the same as those in the quota management section on the Add Dataset > Advanced Options screen.

The Datasets screen and widgets show information about datasets, provide access to data management functions, indicate the dataset roles, list the services using the dataset, show the encryption status, and list the permissions the dataset has in place. The screen focuses on managing data storage including user and group quotas, snapshots, and other data protection measures.

The Datasets screen shows No Datasets with a Create Pool button in the center of the screen until you add a pool and the first root dataset.

TrueNAS allows setting data or object quotas for user accounts and groups cached on, or connected to the system. You can use the quota settings on the Add Dataset or Edit Dataset configuration screens in the Advanced Options settings to set up alarms and set aside more space in a dataset. See Adding and Managing Datasets for more information.

To manage the dataset overall capacity, use Edit on the Dataset Space Management widget to open the Capacity Settings screen.

The Snapshots screen lists dataset snapshots on the system. It allows you to add new or manage existing snapshots.

Access to the Snapshots screen is available using the Manage Snapshots link on the Data Protection widget on the Datasets screen and by clicking Snapshots on the Periodic Snapshot Tasks widget on the Data Protection screen.

If the selected dataset does not have snapshots, the screen displays No Snapshots are Available.

TrueNAS allows setting data or object quotas for user accounts and groups cached on, or connected to the system.

Select Manage User Quotas on the Dataset Space Management widget to open the User Quotas screen. The User Quotas screen displays names and quota data of user accounts cached on or connected to the system. If no users exist, the screen displays No User Quotas in the center of the screen.

Datasets, root, non-root parent, and child, or zvols with encryption include the ZFS Encryption widget in the set of dataset widgets displayed on the Datasets screen.

The Datasets tree table includes lock icons and descriptions that indicate the encryption state of datasets.

Icon	State	Description
	Locked	Displays for locked encrypted root, non-root parent and child datasets.
	Unlocked	Displays for unlocked encrypted root, non-root parent and child datasets.
	Locked by ancestor	Displays for locked datasets that inherit encryption properties from the parent.
	Unlocked by ancestor	Displays for unlocked datasets that inherit encryption properties from the parent.

The Encryption option on the Pool Manager screen sets encryption for the pool and root dataset.

TrueNAS offers ZFS encryption for your sensitive data in datasets and zvols.

Data-at-rest encryption is available with:

• Self Encrypting Drives (SEDs) using OPAL or FIPS 140.2 (Both AES 256)
• Encryption of specific datasets (AES-256-GCM)

The local TrueNAS system manages keys for data-at-rest. Users are responsible for storing and securing their keys. TrueNAS includes the Key Management Interface Protocol (KMIP).

TrueNAS offers two Access Control List (ACL) types: POSIX (the TrueNAS default) and NFSv4. For a more in-depth explanation of ACLs and configurations in TrueNAS, see our ACL Primer.

The Dataset Preset option on the Add Dataset screen sets the ACL type applied for SMB shares, apps, multi-protocol shares, and general-use datasets.

The ACL Type setting in the Advanced Options on both the Add Dataset and Edit Dataset screens, determines the ACL presets available on the ACL Select a preset ACL window. It also determines which permissions editor screens you see after you click the edit edit icon on the Dataset Permissions widget.