ansible.windows.win_acl – Set file/directory/registry permissions for a system user or group

Note

This plugin is part of the ansible.windows collection (version 1.7.3).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install ansible.windows.

To use it in a playbook, specify: ansible.windows.win_acl.

Synopsis

  • Add or remove rights/permissions for a given user or group for the specified file, folder, registry key or AppPool identifies.

Parameters

Parameter Choices/Defaults Comments
inherit
string
    Choices:
  • ContainerInherit
  • ObjectInherit
Inherit flags on the ACL rules.
Can be specified as a comma separated list, e.g. ContainerInherit, ObjectInherit.
For more information on the choices see MSDN InheritanceFlags enumeration at https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.inheritanceflags.aspx.
Defaults to ContainerInherit, ObjectInherit for Directories.
path
string / required
The path to the file or directory.
propagation
string
    Choices:
  • InheritOnly
  • None
  • NoPropagateInherit
Propagation flag on the ACL rules.
For more information on the choices see MSDN PropagationFlags enumeration at https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.propagationflags.aspx.
rights
string / required
The rights/permissions that are to be allowed/denied for the specified user or group for the item at path.
If path is a file or directory, rights can be any right under MSDN FileSystemRights https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.filesystemrights.aspx.
If path is a registry key, rights can be any right under MSDN RegistryRights https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.registryrights.aspx.
state
string
    Choices:
  • absent
  • present
Specify whether to add present or remove absent the specified access rule.
type
string / required
    Choices:
  • allow
  • deny
Specify whether to allow or deny the rights specified.
user
string / required
User or Group to add specified rights to act on src file/folder or registry key.

Notes

Note

  • If adding ACL’s for AppPool identities, the Windows Feature “Web-Scripting-Tools” must be enabled.

See Also

See also

ansible.windows.win_acl_inheritance

The official documentation on the ansible.windows.win_acl_inheritance module.

ansible.windows.win_file

The official documentation on the ansible.windows.win_file module.

ansible.windows.win_owner

The official documentation on the ansible.windows.win_owner module.

ansible.windows.win_stat

The official documentation on the ansible.windows.win_stat module.

Examples

- name: Restrict write and execute access to User Fed-Phil
  ansible.windows.win_acl:
    user: Fed-Phil
    path: C:\Important\Executable.exe
    type: deny
    rights: ExecuteFile,Write

- name: Add IIS_IUSRS allow rights
  ansible.windows.win_acl:
    path: C:\inetpub\wwwroot\MySite
    user: IIS_IUSRS
    rights: FullControl
    type: allow
    state: present
    inherit: ContainerInherit, ObjectInherit
    propagation: 'None'

- name: Set registry key right
  ansible.windows.win_acl:
    path: HKCU:\Bovine\Key
    user: BUILTIN\Users
    rights: EnumerateSubKeys
    type: allow
    state: present
    inherit: ContainerInherit, ObjectInherit
    propagation: 'None'

- name: Remove FullControl AccessRule for IIS_IUSRS
  ansible.windows.win_acl:
    path: C:\inetpub\wwwroot\MySite
    user: IIS_IUSRS
    rights: FullControl
    type: allow
    state: absent
    inherit: ContainerInherit, ObjectInherit
    propagation: 'None'

- name: Deny Intern
  ansible.windows.win_acl:
    path: C:\Administrator\Documents
    user: Intern
    rights: Read,Write,Modify,FullControl,Delete
    type: deny
    state: present

Authors

  • Phil Schwartz (@schwartzmx)
  • Trond Hindenes (@trondhindenes)
  • Hans-Joachim Kliemeck (@h0nIg)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/ansible/windows/win_acl_module.html