NSFv4 ACL compatible with a scripted/containerized environment?

I have a folder on my TrueNAS system (“shares”), which hold a variety of subfolders with different owner/groups permissions set in POSIX system. This folder “shares” is shared via samba (SMB protocol).

One of the subfolders in this folder “shares” is a special folder which is not really meant to be shared (it is inaccessible due to permissions for users), which contains system scripts, docker-compose-files, sub-directories with configuration which are then mapped as volumes into containers, etc. I’m not using the “Apps” System provided by TrueNAS.

Everything works fine like that for years. Now I have the idea to move from POSIX ACLs to NFSv4 ACLs for the permission settings of the Samba shares for simplicity reasons.

I don’t want to interfere with the workings of the container subsystem. Is it a good idea to switch to NSFv4 ACLs for the shares-folder? If it then also effects the special folder with the container stuff? Or should I try to leave that on POSIX (which would then mean to move it to another position completely, as a child folder cannot be POSIX if the parent is NSFv4).

Thanks for any advice/insight.

Idmap namespaces for containers are evaluated properly in NFSV4 ACL type.