You are reading an unmaintained version of the Ansible documentation. Unmaintained Ansible versions can contain unfixed security vulnerabilities (CVE). Please upgrade to a maintained version. See the latest Ansible documentation.

win_acl - Set file/directory/registry permissions for a system user or group¶

New in version 2.0.

Synopsis
Options
Examples
- Status
- Maintenance Info

Synopsis ¶

Add or remove rights/permissions for a given user or group for the specified file, folder, registry key or AppPool identifies.
If adding ACL’s for AppPool identities (available since 2.3), the Windows Feature “Web-Scripting-Tools” must be enabled.

Options ¶

parameter	required	default	choices	comments
inherit	no	For Leaf File, 'None'; For Directory, 'ContainerInherit, ObjectInherit';	ContainerInherit None ObjectInherit	Inherit flags on the ACL rules. Can be specified as a comma separated list, e.g. `ContainerInherit`, `ObjectInherit`. For more information on the choices see MSDN InheritanceFlags enumeration at https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.inheritanceflags.aspx.
path	yes			The path to the file or directory.
propagation	no	None	InheritOnly None NoPropagateInherit	Propagation flag on the ACL rules. For more information on the choices see MSDN PropagationFlags enumeration at https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.propagationflags.aspx.
rights	yes			The rights/permissions that are to be allowed/denied for the specified user or group for the item at `path`. If `path` is a file or directory, rights can be any right under MSDN FileSystemRights https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.filesystemrights=.aspx. If `path` is a registry key, rights can be any right under MSDN RegistryRights https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.registryrights.aspx.
state	no	present	absent present	Specify whether to add `present` or remove `absent` the specified access rule.
type	yes		allow deny	Specify whether to allow or deny the rights specified.
user	yes			User or Group to add specified rights to act on src file/folder or registry key.

Examples ¶

- name: Restrict write and execute access to User Fed-Phil
  win_acl:
    user: Fed-Phil
    path: C:\Important\Executable.exe
    type: deny
    rights: ExecuteFile,Write

- name: Add IIS_IUSRS allow rights
  win_acl:
    path: C:\inetpub\wwwroot\MySite
    user: IIS_IUSRS
    rights: FullControl
    type: allow
    state: present
    inherit: ContainerInherit, ObjectInherit
    propagation: 'None'

- name: set registry key right
  win_acl:
    path: HKCU:\Bovine\Key
    user: BUILTIN\Users
    rights: EnumerateSubKeys
    type: allow
    state: present
    inherit: ContainerInherit, ObjectInherit
    propagation: 'None'

- name: Remove FullControl AccessRule for IIS_IUSRS
  win_acl:
    path: C:\inetpub\wwwroot\MySite
    user: IIS_IUSRS
    rights: FullControl
    type: allow
    state: absent
    inherit: ContainerInherit, ObjectInherit
    propagation: 'None'

- name: Deny Intern
  win_acl:
    path: C:\Administrator\Documents
    user: Intern
    rights: Read,Write,Modify,FullControl,Delete
    type: deny
    state: present

Status ¶

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Maintenance Info ¶

For more information about Red Hat’s this support of this module, please refer to this knowledge base article<https://access.redhat.com/articles/rhel-top-support-policies>

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.