In TrueNAS Scale, new Datasets using the NFSv4 ACL system are created with permissions associated with an owner and the owner’s group.
They also include a third group, “builtin_administrators.”
But default, these are root and admin.
What are the security implications of leaving this group with Full Access? If I turn it off, will anything break?
I haven’t played with SCALE, but based on what you’re describing, it sounds like removing those would in theory make it impossible to change ACLs from the UI, since (if I remember correctly) you log in there as the admin user.
Oddly enough, blasting them out didn’t kill the UI’s ability to edit them, but it did make it impossible to, e.g., cd into the mounted dataset unless I was root.
So, leaving those alone for now. 
I only messed with them to begin with because I got confused and thought they meant I was giving SMB permissions to admin and root.