ansible.builtin.win_acl (v2.9.27) — module

Install Ansible via pip

Install with pip install ansible==2.9.27

Description

Add or remove rights/permissions for a given user or group for the specified file, folder, registry key or AppPool identifies.

Usage examples

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Restrict write and execute access to User Fed-Phil
  win_acl:
    user: Fed-Phil
    path: C:\Important\Executable.exe
    type: deny
    rights: ExecuteFile,Write

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Add IIS_IUSRS allow rights
  win_acl:
    path: C:\inetpub\wwwroot\MySite
    user: IIS_IUSRS
    rights: FullControl
    type: allow
    state: present
    inherit: ContainerInherit, ObjectInherit
    propagation: 'None'

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Set registry key right
  win_acl:
    path: HKCU:\Bovine\Key
    user: BUILTIN\Users
    rights: EnumerateSubKeys
    type: allow
    state: present
    inherit: ContainerInherit, ObjectInherit
    propagation: 'None'

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Remove FullControl AccessRule for IIS_IUSRS
  win_acl:
    path: C:\inetpub\wwwroot\MySite
    user: IIS_IUSRS
    rights: FullControl
    type: allow
    state: absent
    inherit: ContainerInherit, ObjectInherit
    propagation: 'None'

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- name: Deny Intern
  win_acl:
    path: C:\Administrator\Documents
    user: Intern
    rights: Read,Write,Modify,FullControl,Delete
    type: deny
    state: present

Inputs

    
path:
    description:
    - The path to the file or directory.
    required: true
    type: str

type:
    choices:
    - allow
    - deny
    description:
    - Specify whether to allow or deny the rights specified.
    required: true
    type: str

user:
    description:
    - User or Group to add specified rights to act on src file/folder or registry key.
    required: true
    type: str

state:
    choices:
    - absent
    - present
    default: present
    description:
    - Specify whether to add C(present) or remove C(absent) the specified access rule.
    type: str

rights:
    description:
    - The rights/permissions that are to be allowed/denied for the specified user or group
      for the item at C(path).
    - If C(path) is a file or directory, rights can be any right under MSDN FileSystemRights
      U(https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.filesystemrights.aspx).
    - If C(path) is a registry key, rights can be any right under MSDN RegistryRights
      U(https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.registryrights.aspx).
    required: true
    type: str

inherit:
    choices:
    - ContainerInherit
    - ObjectInherit
    description:
    - Inherit flags on the ACL rules.
    - Can be specified as a comma separated list, e.g. C(ContainerInherit), C(ObjectInherit).
    - For more information on the choices see MSDN InheritanceFlags enumeration at U(https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.inheritanceflags.aspx).
    - Defaults to C(ContainerInherit, ObjectInherit) for Directories.
    type: str

propagation:
    choices:
    - InheritOnly
    - None
    - NoPropagateInherit
    default: None
    description:
    - Propagation flag on the ACL rules.
    - For more information on the choices see MSDN PropagationFlags enumeration at U(https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.propagationflags.aspx).
    type: str

See also

• win_acl_inheritance
• win_file
• win_owner
• win_stat