.. _ansible.windows.win_acl_module: *********************** ansible.windows.win_acl *********************** **Set file/directory/registry permissions for a system user or group** .. contents:: :local: :depth: 1 Synopsis -------- - Add or remove rights/permissions for a given user or group for the specified file, folder, registry key or AppPool identifies. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
inherit
string
    Choices:
  • ContainerInherit
  • ObjectInherit
Inherit flags on the ACL rules.
Can be specified as a comma separated list, e.g. ContainerInherit, ObjectInherit.
For more information on the choices see MSDN InheritanceFlags enumeration at https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.inheritanceflags.aspx.
Defaults to ContainerInherit, ObjectInherit for Directories.
path
string / required
The path to the file or directory.
propagation
string
    Choices:
  • InheritOnly
  • None ←
  • NoPropagateInherit
Propagation flag on the ACL rules.
For more information on the choices see MSDN PropagationFlags enumeration at https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.propagationflags.aspx.
rights
string / required
The rights/permissions that are to be allowed/denied for the specified user or group for the item at path.
If path is a file or directory, rights can be any right under MSDN FileSystemRights https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.filesystemrights.aspx.
If path is a registry key, rights can be any right under MSDN RegistryRights https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.registryrights.aspx.
state
string
    Choices:
  • absent
  • present ←
Specify whether to add present or remove absent the specified access rule.
type
string / required
    Choices:
  • allow
  • deny
Specify whether to allow or deny the rights specified.
user
string / required
User or Group to add specified rights to act on src file/folder or registry key.

Notes ----- .. note:: - If adding ACL's for AppPool identities, the Windows Feature "Web-Scripting-Tools" must be enabled. See Also -------- .. seealso:: :ref:`ansible.windows.win_acl_inheritance_module` The official documentation on the **ansible.windows.win_acl_inheritance** module. :ref:`ansible.windows.win_file_module` The official documentation on the **ansible.windows.win_file** module. :ref:`ansible.windows.win_owner_module` The official documentation on the **ansible.windows.win_owner** module. :ref:`ansible.windows.win_stat_module` The official documentation on the **ansible.windows.win_stat** module. Examples -------- .. code-block:: yaml - name: Restrict write and execute access to User Fed-Phil ansible.windows.win_acl: user: Fed-Phil path: C:\Important\Executable.exe type: deny rights: ExecuteFile,Write - name: Add IIS_IUSRS allow rights ansible.windows.win_acl: path: C:\inetpub\wwwroot\MySite user: IIS_IUSRS rights: FullControl type: allow state: present inherit: ContainerInherit, ObjectInherit propagation: 'None' - name: Set registry key right ansible.windows.win_acl: path: HKCU:\Bovine\Key user: BUILTIN\Users rights: EnumerateSubKeys type: allow state: present inherit: ContainerInherit, ObjectInherit propagation: 'None' - name: Remove FullControl AccessRule for IIS_IUSRS ansible.windows.win_acl: path: C:\inetpub\wwwroot\MySite user: IIS_IUSRS rights: FullControl type: allow state: absent inherit: ContainerInherit, ObjectInherit propagation: 'None' - name: Deny Intern ansible.windows.win_acl: path: C:\Administrator\Documents user: Intern rights: Read,Write,Modify,FullControl,Delete type: deny state: present Status ------ Authors ~~~~~~~ - Phil Schwartz (@schwartzmx) - Trond Hindenes (@trondhindenes) - Hans-Joachim Kliemeck (@h0nIg)