Tired of users seeing folders they can’t open? Here’s the simple fix for your TrueNAS SMB permissions to hide what they don’t need to see.

You’ve done it. You’ve set up your awesome TrueNAS server, you’ve created a bunch of datasets for things like photos, documents, and backups, and you’ve even set up individual user accounts for your family or teammates. You’re feeling pretty good about your new, organized digital life. But then you log in with one of those limited accounts and notice something… odd. They can see every single folder, even the ones they can’t open. It’s not a huge security flaw, but it’s messy and confusing. If this sounds familiar, you’re not alone. It’s a common hurdle when you first start dialing in your TrueNAS SMB permissions.

The good news is there’s a super simple fix that cleans this all up, hiding folders from anyone who doesn’t have the keys to open them.

Why Does TrueNAS Show Everything by Default?

First, don’t worry—your server isn’t broken. This is actually standard behavior for SMB (Server Message Block), the protocol Windows and other operating systems use for network file sharing. By default, it tells everyone what folders are available, and only when someone tries to open one does it check if they have permission.

For a home user or small business, this isn’t ideal. It creates visual clutter and can lead to questions like, “Hey, what’s in this ‘Admin_Backups’ folder and why can’t I open it?” It’s just… tidier to have people only see what they can actually access. Think of it as the difference between a building directory that lists every office, including the secret ones, versus one that only shows you the offices you have a keycard for.

The Magic Setting: Better TrueNAS SMB Permissions with ABE

The feature that fixes this is called Access Based Enumeration, or ABE. It sounds technical, but it’s just a fancy term for “if you can’t access it, you won’t even see it.” When you turn this on, TrueNAS will check a user’s permissions before showing them the contents of a share.

Here’s how to enable it. It takes less than a minute.

1. Log in to your TrueNAS web interface.
2. Navigate to Sharing on the left-hand menu, and then click on Windows Shares (SMB).
3. You’ll see a list of the shares you’ve created. Find the one you want to clean up, click the three dots on the far right, and select Edit.
4. A new screen will pop up with all the settings for that share. Click on Advanced Options at the bottom.
5. Scroll down until you find a checkbox labeled Access Based Share Enumeration. It’s usually about halfway down the advanced list.
6. Check the box!
7. Click Save.

That’s it. Seriously. Now, when a user connects to that network share, they will only see the folders and files that they have been granted permission to read or modify. The rest will be completely invisible.

Fine-Tuning Your TrueNAS SMB permissions

Enabling ABE is a share-level setting, but it works hand-in-hand with your dataset-level permissions. ABE decides what to show, while your ACLs (Access Control Lists) decide who can actually get in.

This is an important distinction. For ABE to work correctly, you still need to have your underlying permissions set up properly.

• Dataset Permissions: This is where you define the granular rules. On your Storage Pool, you can edit the permissions for each dataset, specifying which users or groups can read, write, or execute files within it. This is the foundation of your security.
• Share-Level ABE: This is the visibility layer on top. It simply respects the dataset permissions you’ve already configured and hides things accordingly.

If you’re new to setting up permissions, the official TrueNAS documentation on SMB Shares is an excellent resource. For a deeper dive into what ABE is doing under the hood, you can even check out the original Microsoft documentation on the feature.

After you enable ABE, always remember to test it. Log in from a computer using one of your restricted user accounts and browse the network share. The folders you wanted to hide should now be gone, leaving a much cleaner and less confusing experience for everyone. It’s a small change that makes your professional-grade server feel a little more user-friendly.