Personally I’d use a different user than truenas_admin if you’re going to this effort.
You shouldn’t need anything other than zfs allow.
Depending on if you are using PULL or PUSH replication will depend on if you need to allow send or receive to your user. I prefer PULL creating the replication user on the source machine and allowing them send permissions. This also means the user only needs zfs allow send as snapshot pruning happens on the destination end.
Your new user will need a home directory to store keys and a shell. Make sure this user has password disabled and has no other privileges.
This way giving user access to /sbin/zfs is not required and when prompted for “Use Sudo For ZFS Commands” just click cancel.