win_acl_inheritance – Change ACL inheritance

New in version 2.1.

Synopsis

  • Change ACL (Access Control List) inheritance and optionally copy inherited ACE’s (Access Control Entry) to dedicated ACE’s or vice versa.

Parameters

Parameter Choices/Defaults Comments
path
path / required
Path to be used for changing inheritance
reorganize
boolean
    Choices:
  • no ←
  • yes
For P(state) = absent, indicates if the inherited ACE's should be copied from the parent directory. This is necessary (in combination with removal) for a simple ACL instead of using multiple ACE deny entries.
For P(state) = present, indicates if the inherited ACE's should be deduplicated compared to the parent directory. This removes complexity of the ACL structure.
state
string
    Choices:
  • absent ←
  • present
Specify whether to enable present or disable absent ACL inheritance.

See Also

See also

win_acl – Set file/directory/registry permissions for a system user or group
The official documentation on the win_acl module.
win_file – Creates, touches or removes files or directories
The official documentation on the win_file module.
win_stat – Get information about Windows files
The official documentation on the win_stat module.

Examples

- name: Disable inherited ACE's
  win_acl_inheritance:
    path: C:\apache
    state: absent

- name: Disable and copy inherited ACE's
  win_acl_inheritance:
    path: C:\apache
    state: absent
    reorganize: yes

- name: Enable and remove dedicated ACE's
  win_acl_inheritance:
    path: C:\apache
    state: present
    reorganize: yes

Status

Red Hat Support

More information about Red Hat’s support of this module is available from this Red Hat Knowledge Base article.

Authors

  • Hans-Joachim Kliemeck (@h0nIg)

Hint

If you notice any issues in this documentation you can edit this document to improve it.