ansible.windows.win_acl_inheritance module – Change ACL inheritance

Note

This module is part of the ansible.windows collection (version 1.11.1).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install ansible.windows.

To use it in a playbook, specify: ansible.windows.win_acl_inheritance.

Synopsis

  • Change ACL (Access Control List) inheritance and optionally copy inherited ACE’s (Access Control Entry) to dedicated ACE’s or vice versa.

Parameters

Parameter

Comments

path

string / required

Path to be used for changing inheritance

Support for registry keys have been added in ansible.windows>=1.11.0

reorganize

boolean

For P(state) = absent, indicates if the inherited ACE’s should be copied from the parent. This is necessary (in combination with removal) for a simple ACL instead of using multiple ACE deny entries.

For P(state) = present, indicates if the inherited ACE’s should be deduplicated compared to the parent. This removes complexity of the ACL structure.

Choices:

  • no ← (default)

  • yes

state

string

Specify whether to enable present or disable absent ACL inheritance.

Choices:

  • absent ← (default)

  • present

See Also

See also

ansible.windows.win_acl

The official documentation on the ansible.windows.win_acl module.

ansible.windows.win_file

The official documentation on the ansible.windows.win_file module.

ansible.windows.win_stat

The official documentation on the ansible.windows.win_stat module.

Examples

- name: Disable inherited ACE's
  ansible.windows.win_acl_inheritance:
    path: C:\apache
    state: absent

- name: Disable and copy inherited ACE's
  ansible.windows.win_acl_inheritance:
    path: C:\apache
    state: absent
    reorganize: true

- name: Enable and remove dedicated ACE's
  ansible.windows.win_acl_inheritance:
    path: C:\apache
    state: present
    reorganize: true

- name: Disable registry key inherited ACE's
  ansible.windows.win_acl_inheritance:
    path: HKLM:\SOFTWARE\Secrets
    state: absent

- name: Disable and copy registry key inherited ACE's
  ansible.windows.win_acl_inheritance:
    path: HKLM:\SOFTWARE\Secrets
    state: absent
    reorganize: true

- name: Enable and remove registry key dedicated ACE's
  ansible.windows.win_acl_inheritance:
    path: HKLM:\SOFTWARE\Secrets
    state: present
    reorganize: true

Authors

  • Oleg Galushko (@inorangestylee)

  • Hans-Joachim Kliemeck (@h0nIg)