Implement SID S-1-3-4 in TrueNAS Scale's ACL editor

Problem/Justification
I am attempting to assign privileges to the Owner Rights group/user which has an SID of S-1-3-4 according to microsoft. This is a useful SID for controlling what the owner of a file on an SMB share can do when you don’t want the owner to have the default permissions of everything. It seems this feature is not implemented within the UI of truenas scale as I have manually added this permission to a share using the windows security UI on the shared folder and when going to the Edit ACL within truenas scale it is a little broken, plus there is no way that I have found to create an ACE for Owner Rights using the UI.


Impact
This will allow users who wish to limit what the owner of a file/folder can do to said file/folder on an SMB share and will allow for more flexibility in how they handle their security on ACLs on their shares.

User Story
Users can create an ACE for the Owner Rights group/user so that the owner of a file/folder will not have the default permissions of everything and this will bring about more flexibility in what an SMB share’s permissions can accomplish using the truenas scale UI.

No strong opinion here but I’m not sure why you’d want the owner of the file to not have the expected/standard practice control of the files they own.

It might make more sense to have the file owned by someone else instead, and just have an ACE entry for whoever this user is.

The main use for this, at least for me, is that windows/SMB/NFS4 as far as I know has no way to inherit owners of created files. So, when a user that has write/create files/folders makes a file or folder they become the owner of said file/folder automatically and the only way to prevent that is to manually change it or have a script that periodically runs to change it recursively.

The troublesome permission that I am specifically trying to prevent the owner from having is editing permissions which gets accomplished by modifying the default owner permissions since I do not know of a way to “inherit” owners instead.