win_acl – Set file/directory/registry permissions for a system user or group
win_acl – Set file/directory/registry permissions for a system user or group
New in version 2.0.
Synopsis
- Add or remove rights/permissions for a given user or group for the specified file, folder, registry key or AppPool identifies.
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
inherit string |
|
Inherit flags on the ACL rules. Can be specified as a comma separated list, e.g. For more information on the choices see MSDN InheritanceFlags enumeration at https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.inheritanceflags.aspx. Defaults to |
path string / required |
The path to the file or directory. | |
propagation string |
|
Propagation flag on the ACL rules. For more information on the choices see MSDN PropagationFlags enumeration at https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.propagationflags.aspx. |
rights string / required |
The rights/permissions that are to be allowed/denied for the specified user or group for the item at If If | |
state string |
|
Specify whether to add |
type string / required |
|
Specify whether to allow or deny the rights specified. |
user string / required |
User or Group to add specified rights to act on src file/folder or registry key. |
Notes
Note
- If adding ACL’s for AppPool identities (available since 2.3), the Windows Feature “Web-Scripting-Tools” must be enabled.
See Also
See also
- win_acl_inheritance – Change ACL inheritance
- The official documentation on the win_acl_inheritance module.
- win_file – Creates, touches or removes files or directories
- The official documentation on the win_file module.
- win_owner – Set owner
- The official documentation on the win_owner module.
- win_stat – Get information about Windows files
- The official documentation on the win_stat module.
Examples
- name: Restrict write and execute access to User Fed-Phil
win_acl:
user: Fed-Phil
path: C:\Important\Executable.exe
type: deny
rights: ExecuteFile,Write
- name: Add IIS_IUSRS allow rights
win_acl:
path: C:\inetpub\wwwroot\MySite
user: IIS_IUSRS
rights: FullControl
type: allow
state: present
inherit: ContainerInherit, ObjectInherit
propagation: 'None'
- name: Set registry key right
win_acl:
path: HKCU:\Bovine\Key
user: BUILTIN\Users
rights: EnumerateSubKeys
type: allow
state: present
inherit: ContainerInherit, ObjectInherit
propagation: 'None'
- name: Remove FullControl AccessRule for IIS_IUSRS
win_acl:
path: C:\inetpub\wwwroot\MySite
user: IIS_IUSRS
rights: FullControl
type: allow
state: absent
inherit: ContainerInherit, ObjectInherit
propagation: 'None'
- name: Deny Intern
win_acl:
path: C:\Administrator\Documents
user: Intern
rights: Read,Write,Modify,FullControl,Delete
type: deny
state: present
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Core Team. [core]
Red Hat Support
More information about Red Hat’s support of this module is available from this Red Hat Knowledge Base article.
Authors
- Phil Schwartz (@schwartzmx)
- Trond Hindenes (@trondhindenes)
- Hans-Joachim Kliemeck (@h0nIg)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/win_acl_module.html