ansible.windows.win_acl module – Set file/directory/registry/certificate permissions for a system user or group
Note
This module is part of the ansible.windows collection (version 2.5.0).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install ansible.windows.
To use it in a playbook, specify: ansible.windows.win_acl.
Synopsis
- Add or remove rights/permissions for a given user or group for the specified file, folder, registry key or AppPool identifies.
Parameters
Parameter | Comments |
|---|---|
follow boolean added in ansible.windows 1.12.0 | Follow the symlinks and junctions to apply the ACLs to the target instead of the link. Choices:
|
inherit string | Inherit flags on the ACL rules. Can be specified as a comma separated list, e.g. For more information on the choices see MSDN InheritanceFlags enumeration at https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.inheritanceflags.aspx. Defaults to Choices:
|
path string / required | The path to the file or directory. |
propagation string | Propagation flag on the ACL rules. For more information on the choices see MSDN PropagationFlags enumeration at https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.propagationflags.aspx. Choices:
|
rights string / required | The rights/permissions that are to be allowed/denied for the specified user or group for the item at If If If path is a certificate key, rights can be |
state string | Specify whether to add Choices:
|
type string / required | Specify whether to allow or deny the rights specified. Choices:
|
user string / required | User or Group to add specified rights to act on src file/folder or registry key. |
Notes
Note
- If adding ACL’s for AppPool identities, the Windows Feature “Web-Scripting-Tools” must be enabled.
See Also
See also
- ansible.windows.win_acl_inheritance
-
Change ACL inheritance.
- ansible.windows.win_file
-
Creates, touches or removes files or directories.
- ansible.windows.win_owner
-
Set owner.
- ansible.windows.win_stat
-
Get information about Windows files.
Examples
- name: Restrict write and execute access to User Fed-Phil
ansible.windows.win_acl:
user: Fed-Phil
path: C:\Important\Executable.exe
type: deny
rights: ExecuteFile,Write
- name: Add IIS_IUSRS allow rights
ansible.windows.win_acl:
path: C:\inetpub\wwwroot\MySite
user: IIS_IUSRS
rights: FullControl
type: allow
state: present
inherit: ContainerInherit, ObjectInherit
propagation: 'None'
- name: Set registry key right
ansible.windows.win_acl:
path: HKCU:\Bovine\Key
user: BUILTIN\Users
rights: EnumerateSubKeys
type: allow
state: present
inherit: ContainerInherit, ObjectInherit
propagation: 'None'
- name: Remove FullControl AccessRule for IIS_IUSRS
ansible.windows.win_acl:
path: C:\inetpub\wwwroot\MySite
user: IIS_IUSRS
rights: FullControl
type: allow
state: absent
inherit: ContainerInherit, ObjectInherit
propagation: 'None'
- name: Deny Intern
ansible.windows.win_acl:
path: C:\Administrator\Documents
user: Intern
rights: Read,Write,Modify,FullControl,Delete
type: deny
state: present
- name: Set certificate private key FullControl to IIS_IUSRS
ansible.windows.win_acl:
path: Cert:\LocalMachine\My\168ba8c488463f88c6648466a22484b6189e165f
user: IIS_IUSRS
type: allow
state: present
rights: FullControl
Collection links
© 2012–2018 Michael DeHaan
© 2018–2024 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/ansible/windows/win_acl_module.html