ansible.windows.win_acl_inheritance – Change ACL inheritance

Note

This plugin is part of the ansible.windows collection.

To install it use: ansible-galaxy collection install ansible.windows.

To use it in a playbook, specify: ansible.windows.win_acl_inheritance.

Synopsis

  • Change ACL (Access Control List) inheritance and optionally copy inherited ACE’s (Access Control Entry) to dedicated ACE’s or vice versa.

Parameters

Parameter Choices/Defaults Comments
path
path / required
Path to be used for changing inheritance
reorganize
boolean
    Choices:
  • no ←
  • yes
For P(state) = absent, indicates if the inherited ACE's should be copied from the parent directory. This is necessary (in combination with removal) for a simple ACL instead of using multiple ACE deny entries.
For P(state) = present, indicates if the inherited ACE's should be deduplicated compared to the parent directory. This removes complexity of the ACL structure.
state
string
    Choices:
  • absent ←
  • present
Specify whether to enable present or disable absent ACL inheritance.

See Also

See also

ansible.windows.win_acl

The official documentation on the ansible.windows.win_acl module.

ansible.windows.win_file

The official documentation on the ansible.windows.win_file module.

ansible.windows.win_stat

The official documentation on the ansible.windows.win_stat module.

Examples

- name: Disable inherited ACE's
  ansible.windows.win_acl_inheritance:
    path: C:\apache
    state: absent

- name: Disable and copy inherited ACE's
  ansible.windows.win_acl_inheritance:
    path: C:\apache
    state: absent
    reorganize: yes

- name: Enable and remove dedicated ACE's
  ansible.windows.win_acl_inheritance:
    path: C:\apache
    state: present
    reorganize: yes

Authors

  • Hans-Joachim Kliemeck (@h0nIg)