diff --git a/pillar/devserver/datacubes.sls b/pillar/devserver/datacubes.sls
index 7c91347..b01bb1b 100644
--- a/pillar/devserver/datacubes.sls
+++ b/pillar/devserver/datacubes.sls
@@ -1,16 +1,21 @@
 #   -------------------------------------------------------------
 #   Salt configuration for Nasqueron servers
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 #   Project:        Nasqueron
 #   License:        Trivial work, not eligible to copyright
 #   -------------------------------------------------------------
 
 #   -------------------------------------------------------------
 #   Datacubes
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
 datacubes:
 
   bak: &default {}
   git: *default
   t: *default
+
+  xcombelle:
+    user: xcombelle
+    zfs_user: xcombelle
+    zfs_auto_snapshot: True
diff --git a/roles/devserver/datacube/init.sls b/roles/devserver/datacube/init.sls
index 2937aab..e9d51c6 100644
--- a/roles/devserver/datacube/init.sls
+++ b/roles/devserver/datacube/init.sls
@@ -1,38 +1,65 @@
 #   -------------------------------------------------------------
 #   Salt — Provision dev software
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 #   Project:        Nasqueron
 #   License:        Trivial work, not eligible to copyright
 #   -------------------------------------------------------------
 
 #   -------------------------------------------------------------
 #   Directory
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
 /datacube:
   file.directory:
     - mode: 711
 
 #   -------------------------------------------------------------
 #   ZFS
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
 {% if salt['node.has']('zfs:pool') %}
 
 {% set tank = salt['node.get']("zfs:pool") %}
 
 {{ tank }}/datacube:
   zfs.filesystem_present:
     - properties:
         mountpoint: /datacube
         compression: zstd
 
 {% for subdir, args in pillar.get("datacubes", {}).items() %}
-{{ tank }}/datacube/{{ subdir }}:
+
+{% set datacube_dataset = tank + "/datacube/" + subdir %}
+
+{% if "user" in args %}
+/datacube/{{ subdir }}:
+  file.directory:
+    - mode: 711
+    - user: {{ args["user"] }}
+{% endif %}
+
+{{ datacube_dataset }}:
   zfs.filesystem_present:
     - properties:
         mountpoint: /datacube/{{ subdir }}
         compression: zstd
-{% endfor %}
+        {% if "zfs_auto_snapshot" in args %}
+        "com.sun:auto-snapshot": "true"
+        {% endif %}
+
+{% if "zfs_user" in args %}
+zfs_permissions_datacube_{{ subdir }}:
+  cmd.run:
+    - name: zfs allow -lu {{ args["zfs_user"] }} @local {{ datacube_dataset }}
+    - onchanges:
+        - zfs: {{ datacube_dataset }}
 
+zfs_permissions_datacube_descendent_{{ subdir }}:
+  cmd.run:
+    - name: zfs allow -du {{ args["zfs_user"] }} @descendent {{ datacube_dataset }}
+    - onchanges:
+        - zfs: {{ datacube_dataset }}
+{% endif %}
+
+{% endfor %}
 {% endif %}