win_acl - Set file/directory/registry permissions for a system user or group
New in version 2.0.
Synopsis
- Add or remove rights/permissions for a given user or group for the specified file, folder, registry key or AppPool identifies.
- If adding ACL’s for AppPool identities (available since 2.3), the Windows Feature “Web-Scripting-Tools” must be enabled.
Options
parameter | required | default | choices | comments |
---|---|---|---|---|
inherit |
no | For Leaf File, 'None'; For Directory, 'ContainerInherit, ObjectInherit'; |
|
Inherit flags on the ACL rules.
Can be specified as a comma separated list, e.g.
ContainerInherit ,
ObjectInherit .
For more information on the choices see MSDN InheritanceFlags enumeration at
https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.inheritanceflags.aspx.
|
path |
yes |
The path to the file or directory.
|
||
propagation |
no | None |
|
Propagation flag on the ACL rules.
For more information on the choices see MSDN PropagationFlags enumeration at
https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.propagationflags.aspx.
|
rights |
yes |
The rights/permissions that are to be allowed/denied for the specified user or group for the item at
path .
If
path is a file or directory, rights can be any right under MSDN FileSystemRights
https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.filesystemrights=.aspx.
If
path is a registry key, rights can be any right under MSDN RegistryRights
https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.registryrights.aspx.
|
||
state |
no | present |
|
Specify whether to add
present or remove
absent the specified access rule.
|
type |
yes |
|
Specify whether to allow or deny the rights specified.
|
|
user |
yes |
User or Group to add specified rights to act on src file/folder or registry key.
|
Examples
- name: Restrict write and execute access to User Fed-Phil win_acl: user: Fed-Phil path: C:\Important\Executable.exe type: deny rights: ExecuteFile,Write - name: Add IIS_IUSRS allow rights win_acl: path: C:\inetpub\wwwroot\MySite user: IIS_IUSRS rights: FullControl type: allow state: present inherit: ContainerInherit, ObjectInherit propagation: 'None' - name: set registry key right win_acl: path: HKCU:\Bovine\Key user: BUILTIN\Users rights: EnumerateSubKeys type: allow state: present inherit: ContainerInherit, ObjectInherit propagation: 'None' - name: Remove FullControl AccessRule for IIS_IUSRS win_acl: path: C:\inetpub\wwwroot\MySite user: IIS_IUSRS rights: FullControl type: allow state: absent inherit: ContainerInherit, ObjectInherit propagation: 'None' - name: Deny Intern win_acl: path: C:\Administrator\Documents user: Intern rights: Read,Write,Modify,FullControl,Delete type: deny state: present
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
Maintenance Info
For more information about Red Hat’s this support of this module, please refer to this knowledge base article<https://access.redhat.com/articles/rhel-top-support-policies>
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/win_acl_module.html