ansible / ansible.builtin / v2.3.2.0-1 / module / win_acl Set file/directory permissions for a system user or group. | "added in version" 2.0 of ansible.builtin" Authors: Phil Schwartz (@schwartzmx), Trond Hindenes (@trondhindenes), Hans-Joachim Kliemeck (@h0nIg) preview | supported by coreansible.builtin.win_acl (v2.3.2.0-1) — module
pip
Install with pip install ansible==2.3.2.0.post1
Add or remove rights/permissions for a given user or group for the specified src file or folder.
If adding ACL's for AppPool identities (available since 2.3), the Windows "Feature Web-Scripting-Tools" must be enabled
- name: Restrict write and execute access to User Fed-Phil win_acl: user: Fed-Phil path: C:\Important\Executable.exe type: deny rights: ExecuteFile,Write
- name: Add IIS_IUSRS allow rights win_acl: path: C:\inetpub\wwwroot\MySite user: IIS_IUSRS rights: FullControl type: allow state: present inherit: ContainerInherit, ObjectInherit propagation: 'None'
# Remove previously added rule for IIS_IUSRS - name: Remove FullControl AccessRule for IIS_IUSRS win_acl: path: C:\inetpub\wwwroot\MySite user: IIS_IUSRS rights: FullControl type: allow state: absent inherit: ContainerInherit, ObjectInherit propagation: 'None'
# Deny Intern - name: Deny Deny win_acl: path: C:\Administrator\Documents user: Intern rights: Read,Write,Modify,FullControl,Delete type: deny state: present
path: description: - File or Directory required: true type: choices: - allow - deny default: none description: - Specify whether to allow or deny the rights specified required: true user: default: none description: - User or Group to add specified rights to act on src file/folder required: true state: choices: - present - absent default: present description: - Specify whether to add C(present) or remove C(absent) the specified access rule required: false rights: choices: - AppendData - ChangePermissions - Delete - DeleteSubdirectoriesAndFiles - ExecuteFile - FullControl - ListDirectory - Modify - Read - ReadAndExecute - ReadAttributes - ReadData - ReadExtendedAttributes - ReadPermissions - Synchronize - TakeOwnership - Traverse - Write - WriteAttributes - WriteData - WriteExtendedAttributes default: none description: - The rights/permissions that are to be allowed/denyed for the specified user or group for the given src file or directory. Can be entered as a comma separated list (Ex. "Modify, Delete, ExecuteFile"). For more information on the choices see MSDN FileSystemRights Enumeration. required: true inherit: choices: - ContainerInherit - ObjectInherit - None default: For Leaf File, None; For Directory, ContainerInherit, ObjectInherit; description: - Inherit flags on the ACL rules. Can be specified as a comma separated list (Ex. "ContainerInherit, ObjectInherit"). For more information on the choices see MSDN InheritanceFlags Enumeration. required: false propagation: choices: - None - NoPropagateInherit - InheritOnly default: None description: - Propagation flag on the ACL rules. For more information on the choices see MSDN PropagationFlags Enumeration. required: false