ansible.windows.win_acl – Set file/directory/registry permissions for a system user or group
Note
This plugin is part of the ansible.windows collection (version 1.7.3).
You might already have this collection installed if you are using the ansible
package. It is not included in ansible-core
. To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_acl
.
Synopsis
- Add or remove rights/permissions for a given user or group for the specified file, folder, registry key or AppPool identifies.
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
inherit string |
| Inherit flags on the ACL rules. Can be specified as a comma separated list, e.g. ContainerInherit , ObjectInherit .For more information on the choices see MSDN InheritanceFlags enumeration at https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.inheritanceflags.aspx. Defaults to ContainerInherit, ObjectInherit for Directories. |
path string / required | The path to the file or directory. | |
propagation string |
| Propagation flag on the ACL rules. For more information on the choices see MSDN PropagationFlags enumeration at https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.propagationflags.aspx. |
rights string / required | The rights/permissions that are to be allowed/denied for the specified user or group for the item at path .If path is a file or directory, rights can be any right under MSDN FileSystemRights https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.filesystemrights.aspx.If path is a registry key, rights can be any right under MSDN RegistryRights https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.registryrights.aspx. | |
state string |
| Specify whether to add present or remove absent the specified access rule. |
type string / required |
| Specify whether to allow or deny the rights specified. |
user string / required | User or Group to add specified rights to act on src file/folder or registry key. |
Notes
Note
- If adding ACL’s for AppPool identities, the Windows Feature “Web-Scripting-Tools” must be enabled.
See Also
See also
- ansible.windows.win_acl_inheritance
-
The official documentation on the ansible.windows.win_acl_inheritance module.
- ansible.windows.win_file
-
The official documentation on the ansible.windows.win_file module.
- ansible.windows.win_owner
-
The official documentation on the ansible.windows.win_owner module.
- ansible.windows.win_stat
-
The official documentation on the ansible.windows.win_stat module.
Examples
- name: Restrict write and execute access to User Fed-Phil ansible.windows.win_acl: user: Fed-Phil path: C:\Important\Executable.exe type: deny rights: ExecuteFile,Write - name: Add IIS_IUSRS allow rights ansible.windows.win_acl: path: C:\inetpub\wwwroot\MySite user: IIS_IUSRS rights: FullControl type: allow state: present inherit: ContainerInherit, ObjectInherit propagation: 'None' - name: Set registry key right ansible.windows.win_acl: path: HKCU:\Bovine\Key user: BUILTIN\Users rights: EnumerateSubKeys type: allow state: present inherit: ContainerInherit, ObjectInherit propagation: 'None' - name: Remove FullControl AccessRule for IIS_IUSRS ansible.windows.win_acl: path: C:\inetpub\wwwroot\MySite user: IIS_IUSRS rights: FullControl type: allow state: absent inherit: ContainerInherit, ObjectInherit propagation: 'None' - name: Deny Intern ansible.windows.win_acl: path: C:\Administrator\Documents user: Intern rights: Read,Write,Modify,FullControl,Delete type: deny state: present
Authors
- Phil Schwartz (@schwartzmx)
- Trond Hindenes (@trondhindenes)
- Hans-Joachim Kliemeck (@h0nIg)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/ansible/windows/win_acl_module.html