I finally got back around to testing. I stripped the ACLs on my “Data Storage” dataset and set the permissions recursively to
- User: apps - Read / Write / Execute
- Group: apps - Read / Write / Execute
In the app config, User ID and GroupID are both set to 568 (which is the apps user / group).
Hopefully this works for you too!