ansible.windows.win_acl_inheritance – Change ACL inheritance

Note

This plugin is part of the ansible.windows collection (version 1.8.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install ansible.windows.

To use it in a playbook, specify: ansible.windows.win_acl_inheritance.

Synopsis

  • Change ACL (Access Control List) inheritance and optionally copy inherited ACE’s (Access Control Entry) to dedicated ACE’s or vice versa.

Parameters

Parameter

Comments

path

path / required

Path to be used for changing inheritance

reorganize

boolean

For P(state) = absent, indicates if the inherited ACE’s should be copied from the parent directory. This is necessary (in combination with removal) for a simple ACL instead of using multiple ACE deny entries.

For P(state) = present, indicates if the inherited ACE’s should be deduplicated compared to the parent directory. This removes complexity of the ACL structure.

Choices:

  • no ← (default)

  • yes

state

string

Specify whether to enable present or disable absent ACL inheritance.

Choices:

  • absent ← (default)

  • present

See Also

See also

ansible.windows.win_acl

The official documentation on the ansible.windows.win_acl module.

ansible.windows.win_file

The official documentation on the ansible.windows.win_file module.

ansible.windows.win_stat

The official documentation on the ansible.windows.win_stat module.

Examples

- name: Disable inherited ACE's
  ansible.windows.win_acl_inheritance:
    path: C:\apache
    state: absent

- name: Disable and copy inherited ACE's
  ansible.windows.win_acl_inheritance:
    path: C:\apache
    state: absent
    reorganize: yes

- name: Enable and remove dedicated ACE's
  ansible.windows.win_acl_inheritance:
    path: C:\apache
    state: present
    reorganize: yes

Authors

  • Hans-Joachim Kliemeck (@h0nIg)