ansible.windows.win_acl module – Set file/directory/registry permissions for a system user or group
Note
This module is part of the ansible.windows collection (version 1.12.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install ansible.windows
.
To use it in a playbook, specify: ansible.windows.win_acl
.
Synopsis
Add or remove rights/permissions for a given user or group for the specified file, folder, registry key or AppPool identifies.
Parameters
Parameter |
Comments |
---|---|
Follow the symlinks and junctions to apply the ACLs to the target instead of the link. Choices:
|
|
Inherit flags on the ACL rules. Can be specified as a comma separated list, e.g. For more information on the choices see MSDN InheritanceFlags enumeration at https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.inheritanceflags.aspx. Defaults to Choices:
|
|
The path to the file or directory. |
|
Propagation flag on the ACL rules. For more information on the choices see MSDN PropagationFlags enumeration at https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.propagationflags.aspx. Choices:
|
|
The rights/permissions that are to be allowed/denied for the specified user or group for the item at If If |
|
Specify whether to add Choices:
|
|
Specify whether to allow or deny the rights specified. Choices:
|
|
User or Group to add specified rights to act on src file/folder or registry key. |
Notes
Note
If adding ACL’s for AppPool identities, the Windows Feature “Web-Scripting-Tools” must be enabled.
See Also
See also
- ansible.windows.win_acl_inheritance
Change ACL inheritance.
- ansible.windows.win_file
Creates, touches or removes files or directories.
- ansible.windows.win_owner
Set owner.
- ansible.windows.win_stat
Get information about Windows files.
Examples
- name: Restrict write and execute access to User Fed-Phil
ansible.windows.win_acl:
user: Fed-Phil
path: C:\Important\Executable.exe
type: deny
rights: ExecuteFile,Write
- name: Add IIS_IUSRS allow rights
ansible.windows.win_acl:
path: C:\inetpub\wwwroot\MySite
user: IIS_IUSRS
rights: FullControl
type: allow
state: present
inherit: ContainerInherit, ObjectInherit
propagation: 'None'
- name: Set registry key right
ansible.windows.win_acl:
path: HKCU:\Bovine\Key
user: BUILTIN\Users
rights: EnumerateSubKeys
type: allow
state: present
inherit: ContainerInherit, ObjectInherit
propagation: 'None'
- name: Remove FullControl AccessRule for IIS_IUSRS
ansible.windows.win_acl:
path: C:\inetpub\wwwroot\MySite
user: IIS_IUSRS
rights: FullControl
type: allow
state: absent
inherit: ContainerInherit, ObjectInherit
propagation: 'None'
- name: Deny Intern
ansible.windows.win_acl:
path: C:\Administrator\Documents
user: Intern
rights: Read,Write,Modify,FullControl,Delete
type: deny
state: present