ansible.windows.win_acl module – Set file/directory/registry/certificate permissions for a system user or group
Note
This module is part of the ansible.windows collection (version 2.5.0).
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install ansible.windows.
To use it in a playbook, specify: ansible.windows.win_acl.
Synopsis
Add or remove rights/permissions for a given user or group for the specified file, folder, registry key or AppPool identifies.
Parameters
Parameter |
Comments |
|---|---|
Follow the symlinks and junctions to apply the ACLs to the target instead of the link. Choices:
|
|
Inherit flags on the ACL rules. Can be specified as a comma separated list, e.g. For more information on the choices see MSDN InheritanceFlags enumeration at https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.inheritanceflags.aspx. Defaults to Choices:
|
|
The path to the file or directory. |
|
Propagation flag on the ACL rules. For more information on the choices see MSDN PropagationFlags enumeration at https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.propagationflags.aspx. Choices:
|
|
The rights/permissions that are to be allowed/denied for the specified user or group for the item at If If If path is a certificate key, rights can be |
|
Specify whether to add Choices:
|
|
Specify whether to allow or deny the rights specified. Choices:
|
|
User or Group to add specified rights to act on src file/folder or registry key. |
Notes
Note
If adding ACL’s for AppPool identities, the Windows Feature “Web-Scripting-Tools” must be enabled.
See Also
See also
- ansible.windows.win_acl_inheritance
Change ACL inheritance.
- ansible.windows.win_file
Creates, touches or removes files or directories.
- ansible.windows.win_owner
Set owner.
- ansible.windows.win_stat
Get information about Windows files.
Examples
- name: Restrict write and execute access to User Fed-Phil
ansible.windows.win_acl:
user: Fed-Phil
path: C:\Important\Executable.exe
type: deny
rights: ExecuteFile,Write
- name: Add IIS_IUSRS allow rights
ansible.windows.win_acl:
path: C:\inetpub\wwwroot\MySite
user: IIS_IUSRS
rights: FullControl
type: allow
state: present
inherit: ContainerInherit, ObjectInherit
propagation: 'None'
- name: Set registry key right
ansible.windows.win_acl:
path: HKCU:\Bovine\Key
user: BUILTIN\Users
rights: EnumerateSubKeys
type: allow
state: present
inherit: ContainerInherit, ObjectInherit
propagation: 'None'
- name: Remove FullControl AccessRule for IIS_IUSRS
ansible.windows.win_acl:
path: C:\inetpub\wwwroot\MySite
user: IIS_IUSRS
rights: FullControl
type: allow
state: absent
inherit: ContainerInherit, ObjectInherit
propagation: 'None'
- name: Deny Intern
ansible.windows.win_acl:
path: C:\Administrator\Documents
user: Intern
rights: Read,Write,Modify,FullControl,Delete
type: deny
state: present
- name: Set certificate private key FullControl to IIS_IUSRS
ansible.windows.win_acl:
path: Cert:\LocalMachine\My\168ba8c488463f88c6648466a22484b6189e165f
user: IIS_IUSRS
type: allow
state: present
rights: FullControl