Unexpected changes to the ACL on the contents of your SMB share may be caused by the following:

• On a Windows File System an end user may have the ability to alter the ACLs for a file or folder (or structure) removing ACLs for Administrative personnel, making administrative maintenance events (such as data-migration) difficult.   
• Likewise, MacOS can have an unexpected impact on ACLs via simply viewing (or deliberately modifying) ACLs via “Get Info”.

In either case, if the ACLs on the data structure are configured such that the user/group do not have “Full Control” or the ability to “Change Permissions,” the risk is reduced.

Technical managers of shares should never remove their own credentials from a share or folder.