ansible.builtin.win_acl (v2.3.2.0-1) — module

Install Ansible via pip

Install with pip install ansible==2.3.2.0.post1

Description

Add or remove rights/permissions for a given user or group for the specified src file or folder.

If adding ACL's for AppPool identities (available since 2.3), the Windows "Feature Web-Scripting-Tools" must be enabled

Usage examples

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Restrict write and execute access to User Fed-Phil
  win_acl:
    user: Fed-Phil
    path: C:\Important\Executable.exe
    type: deny
    rights: ExecuteFile,Write

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Add IIS_IUSRS allow rights
  win_acl:
    path: C:\inetpub\wwwroot\MySite
    user: IIS_IUSRS
    rights: FullControl
    type: allow
    state: present
    inherit: ContainerInherit, ObjectInherit
    propagation: 'None'

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# Remove previously added rule for IIS_IUSRS
- name: Remove FullControl AccessRule for IIS_IUSRS
  win_acl:
    path: C:\inetpub\wwwroot\MySite
    user: IIS_IUSRS
    rights: FullControl
    type: allow
    state: absent
    inherit: ContainerInherit, ObjectInherit
    propagation: 'None'

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# Deny Intern
- name: Deny Deny
  win_acl:
    path: C:\Administrator\Documents
    user: Intern
    rights: Read,Write,Modify,FullControl,Delete
    type: deny
    state: present

Inputs

    
path:
    description:
    - File or Directory
    required: true

type:
    choices:
    - allow
    - deny
    default: none
    description:
    - Specify whether to allow or deny the rights specified
    required: true

user:
    default: none
    description:
    - User or Group to add specified rights to act on src file/folder
    required: true

state:
    choices:
    - present
    - absent
    default: present
    description:
    - Specify whether to add C(present) or remove C(absent) the specified access rule
    required: false

rights:
    choices:
    - AppendData
    - ChangePermissions
    - Delete
    - DeleteSubdirectoriesAndFiles
    - ExecuteFile
    - FullControl
    - ListDirectory
    - Modify
    - Read
    - ReadAndExecute
    - ReadAttributes
    - ReadData
    - ReadExtendedAttributes
    - ReadPermissions
    - Synchronize
    - TakeOwnership
    - Traverse
    - Write
    - WriteAttributes
    - WriteData
    - WriteExtendedAttributes
    default: none
    description:
    - The rights/permissions that are to be allowed/denyed for the specified user or group
      for the given src file or directory.  Can be entered as a comma separated list (Ex.
      "Modify, Delete, ExecuteFile").  For more information on the choices see MSDN FileSystemRights
      Enumeration.
    required: true

inherit:
    choices:
    - ContainerInherit
    - ObjectInherit
    - None
    default: For Leaf File, None; For Directory, ContainerInherit, ObjectInherit;
    description:
    - Inherit flags on the ACL rules.  Can be specified as a comma separated list (Ex.
      "ContainerInherit, ObjectInherit").  For more information on the choices see MSDN
      InheritanceFlags Enumeration.
    required: false

propagation:
    choices:
    - None
    - NoPropagateInherit
    - InheritOnly
    default: None
    description:
    - Propagation flag on the ACL rules.  For more information on the choices see MSDN
      PropagationFlags Enumeration.
    required: false