A TrueNAS dataset is a file system within a data storage pool. Datasets can contain files, directories, and child datasets, and have individual permissions or flags.

Datasets can also be encrypted. In TrueNAS 22.12.3 or later, the TrueNAS UI requires encryption for child datasets created in encrypted parent datasets, but you can change the encryption type from key to passphrase. You can create an encrypted dataset if the parent is not encrypted and set the type as either key or passphrase.

The Advanced Settings screen provides configuration options for the console, syslog, audit, kernel, sysctl, storage (system dataset pool), replication, WebSocket sessions, cron jobs, init/shutdown scripts, NTP servers, allowed IP addresses, isolated GPU device(s), self-encrypting drives, and global two-factor authentication.

The Capacity Settings screen allows users to set quotas for the selected dataset and for the selected dataset and any of the child datasets for the selected dataset apart from the dataset creation process.

The settings on the Capacity Settings screen are the same as those in the quota management section on the Add Dataset > Advanced Options screen.

The Datasets screen and widgets show information about datasets and zvols, provide access to data management functions, indicate the dataset roles, list the services using the dataset, show encryption status, and list permissions for datasets. The screen focuses on managing data storage, including user and group quotas, snapshots, and other data protection measures.

The Datasets screen shows No Datasets and a Create Pool button until you add a pool and the first root dataset.

TrueNAS allows setting data or object quotas for user accounts and groups cached on, or connected to the system. You can use the quota settings on the Add Dataset or Edit Dataset configuration screens in the Advanced Options settings to set up alarms and set aside more space in a dataset. See Adding and Managing Datasets for more information.

To manage the dataset overall capacity, use Edit on the Dataset Space Management widget to open the Capacity Settings screen.

The Snapshots screen lists dataset snapshots on the system. It allows you to add new or manage existing snapshots.

Access to the Snapshots screen is available using the Manage Snapshots link on the Data Protection widget on the Datasets screen and by clicking Snapshots on the Periodic Snapshot Tasks widget on the Data Protection screen.

If the selected dataset does not have snapshots, the screen displays No Snapshots are Available.

TrueNAS allows setting data or object quotas for user accounts and groups cached on, or connected to the system.

Select Manage User Quotas on the Dataset Space Management widget to open the User Quotas screen. The User Quotas screen displays names and quota data of user accounts cached on or connected to the system. If no users exist, the screen displays No User Quotas in the center of the screen.

Datasets, root, non-root parent, and child, or zvols with encryption include the Encryption widget in the set of dataset widgets shown on the Datasets screen.

The Datasets tree table includes lock icons and descriptions that indicate the encryption state of datasets.

Icon	State	Description
	Locked	Displays for locked encrypted root, non-root parent and child datasets.
	Unlocked	Displays for unlocked encrypted root, non-root parent and child datasets.
	Locked by ancestor	Displays for locked datasets that inherit encryption properties from the parent.
	Unlocked by ancestor	Displays for unlocked datasets that inherit encryption properties from the parent.

The Encryption option on the Pool Manager screen sets encryption for the pool and root dataset.

TrueNAS offers ZFS encryption for your sensitive data in datasets and zvols.

Data-at-rest encryption is available with:

• Self Encrypting Drives (SEDs) using OPAL or FIPS 140.2 (Both AES 256)
• Encryption of specific datasets (AES-256-GCM)

The local TrueNAS system manages keys for data-at-rest. Users are responsible for storing and securing their keys. TrueNAS includes the Key Management Interface Protocol (KMIP).

TrueNAS provides basic permissions settings and an access control list (ACL) editor to define dataset permissions. ACL permissions control the actions users can perform on dataset contents and shares.

An Access Control List (ACL) is a set of account permissions associated with a dataset that applies to directories or files within that dataset. TrueNAS uses ACLs to manage user interactions with shared datasets. When you create a dataset, TrueNAS sets the ACL type based on the dataset preset, but you must configure the ACL before it becomes active.

TrueNAS offers two ACL types: POSIX and NFSv4. The Dataset Preset setting on the Add Dataset screen determines the type of ACL for the dataset. Datasets created with the Generic dataset preset have the ACL type set to a POSIX (Unix) ACL. Datasets created with the SMB dataset preset have the ACL type set to an NFSv4 ACL. SMB shares require the more robust configurations in an NFSv4 ACL. For most cases, a POSIX ACL is all you need. If you want the more granular ACL controls in the NFSv4 ACL, you can create a dataset using the SMB dataset preset without creating an SMB share, or you can use the ACL Type option on the Add Dataset > Advanced Options screen to change a dataset using the Generic preset from a POSIX to NFSv4 ACL. For a more in-depth explanation of ACLs and configurations in TrueNAS, see our ACL Primer.