AD authenticated SMB share POSIX owner

Another day, another question

Rather special scenario in our install environment:

Our two clusters are initialized in Compliance mode and apparently this still gives the option to create Enterprise mode SmartLock directories, so thats cool and would come in handy helpful in a few of our scenarios since not all our WORM data needs Compliance Mode. But here's the problem:

According to documentation and own testing, privileged delete only works for root (which is not available in Compliance mode), or, for the POSIX owner of the object (if given worm priv delete). 

Now if I create an object inside an Enterprise Mode SmartLocked, AD authenticated SMB share structure, the POSIX owner always represents the curent AD account creating the object via SMB. Which totally makes sense from a permission point of view. BUT: Only this user can actually be "enabled" to priv delete the file, since he is the POSIX owner that is required to run isi worm files delete. And normally such users shall not be given access to the cluster in an administrative way... And, this could be everybody from our AD organization with write permissions in said structures.

Is there any way to circumvent this? SMB share properties around user mapping to always have an ISILON local admin with priv delete account be POSIX owner of said objects? POSIX hackery of some sort?

A simple chown obviously won't work since the object is WORMed/read only (tested and would put SmartLock functionality seriously in question if it worked)...

Thanks in advance for any input!