win_acl – Set file/directory/registry permissions for a system user or group¶
New in version 2.0.
Synopsis¶
Add or remove rights/permissions for a given user or group for the specified file, folder, registry key or AppPool identifies.
Parameters¶
Parameter | Choices/Defaults | Comments |
---|---|---|
inherit
string
|
|
Inherit flags on the ACL rules.
Can be specified as a comma separated list, e.g.
ContainerInherit , ObjectInherit .For more information on the choices see MSDN InheritanceFlags enumeration at https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.inheritanceflags.aspx.
Defaults to
ContainerInherit, ObjectInherit for Directories. |
path
string
/ required
|
The path to the file or directory.
|
|
propagation
string
|
|
Propagation flag on the ACL rules.
For more information on the choices see MSDN PropagationFlags enumeration at https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.propagationflags.aspx.
|
rights
string
/ required
|
The rights/permissions that are to be allowed/denied for the specified user or group for the item at
path .If
path is a file or directory, rights can be any right under MSDN FileSystemRights https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.filesystemrights.aspx.If
path is a registry key, rights can be any right under MSDN RegistryRights https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.registryrights.aspx. |
|
state
string
|
|
Specify whether to add
present or remove absent the specified access rule. |
type
string
/ required
|
|
Specify whether to allow or deny the rights specified.
|
user
string
/ required
|
User or Group to add specified rights to act on src file/folder or registry key.
|
Notes¶
Note
If adding ACL’s for AppPool identities (available since 2.3), the Windows Feature “Web-Scripting-Tools” must be enabled.
See Also¶
See also
- win_acl_inheritance – Change ACL inheritance
The official documentation on the win_acl_inheritance module.
- win_file – Creates, touches or removes files or directories
The official documentation on the win_file module.
- win_owner – Set owner
The official documentation on the win_owner module.
- win_stat – Get information about Windows files
The official documentation on the win_stat module.
Examples¶
- name: Restrict write and execute access to User Fed-Phil
win_acl:
user: Fed-Phil
path: C:\Important\Executable.exe
type: deny
rights: ExecuteFile,Write
- name: Add IIS_IUSRS allow rights
win_acl:
path: C:\inetpub\wwwroot\MySite
user: IIS_IUSRS
rights: FullControl
type: allow
state: present
inherit: ContainerInherit, ObjectInherit
propagation: 'None'
- name: Set registry key right
win_acl:
path: HKCU:\Bovine\Key
user: BUILTIN\Users
rights: EnumerateSubKeys
type: allow
state: present
inherit: ContainerInherit, ObjectInherit
propagation: 'None'
- name: Remove FullControl AccessRule for IIS_IUSRS
win_acl:
path: C:\inetpub\wwwroot\MySite
user: IIS_IUSRS
rights: FullControl
type: allow
state: absent
inherit: ContainerInherit, ObjectInherit
propagation: 'None'
- name: Deny Intern
win_acl:
path: C:\Administrator\Documents
user: Intern
rights: Read,Write,Modify,FullControl,Delete
type: deny
state: present
Status¶
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Core Team. [core]
Red Hat Support¶
More information about Red Hat’s support of this module is available from this Red Hat Knowledge Base article.