ansible / ansible.windows / 2.3.0 / module / win_acl Set file/directory/registry/certificate permissions for a system user or group Authors: Phil Schwartz (@schwartzmx), Trond Hindenes (@trondhindenes), Hans-Joachim Kliemeck (@h0nIg)ansible.windows.win_acl (2.3.0) — module
Install with ansible-galaxy collection install ansible.windows:==2.3.0
collections: - name: ansible.windows version: 2.3.0
Add or remove rights/permissions for a given user or group for the specified file, folder, registry key or AppPool identifies.
- name: Restrict write and execute access to User Fed-Phil ansible.windows.win_acl: user: Fed-Phil path: C:\Important\Executable.exe type: deny rights: ExecuteFile,Write
- name: Add IIS_IUSRS allow rights ansible.windows.win_acl: path: C:\inetpub\wwwroot\MySite user: IIS_IUSRS rights: FullControl type: allow state: present inherit: ContainerInherit, ObjectInherit propagation: 'None'
- name: Set registry key right ansible.windows.win_acl: path: HKCU:\Bovine\Key user: BUILTIN\Users rights: EnumerateSubKeys type: allow state: present inherit: ContainerInherit, ObjectInherit propagation: 'None'
- name: Remove FullControl AccessRule for IIS_IUSRS ansible.windows.win_acl: path: C:\inetpub\wwwroot\MySite user: IIS_IUSRS rights: FullControl type: allow state: absent inherit: ContainerInherit, ObjectInherit propagation: 'None'
- name: Deny Intern ansible.windows.win_acl: path: C:\Administrator\Documents user: Intern rights: Read,Write,Modify,FullControl,Delete type: deny state: present
- name: Set certificate private key FullControl to IIS_IUSRS ansible.windows.win_acl: path: Cert:\LocalMachine\My\168ba8c488463f88c6648466a22484b6189e165f user: IIS_IUSRS type: allow state: present rights: FullControl
path: description: - The path to the file or directory. required: true type: str type: choices: - allow - deny description: - Specify whether to allow or deny the rights specified. required: true type: str user: description: - User or Group to add specified rights to act on src file/folder or registry key. required: true type: str state: choices: - absent - present default: present description: - Specify whether to add C(present) or remove C(absent) the specified access rule. type: str follow: default: false description: - Follow the symlinks and junctions to apply the ACLs to the target instead of the link. type: bool version_added: 1.12.0 version_added_collection: ansible.windows rights: description: - The rights/permissions that are to be allowed/denied for the specified user or group for the item at C(path). - If C(path) is a file or directory, rights can be any right under MSDN FileSystemRights U(https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.filesystemrights.aspx). - If C(path) is a registry key, rights can be any right under MSDN RegistryRights U(https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.registryrights.aspx). - If I(path) is a certificate key, rights can be C(Read) and/or C(FullControl). (Added in 2.2.0) required: true type: str inherit: choices: - ContainerInherit - ObjectInherit description: - Inherit flags on the ACL rules. - Can be specified as a comma separated list, e.g. C(ContainerInherit), C(ObjectInherit). - For more information on the choices see MSDN InheritanceFlags enumeration at U(https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.inheritanceflags.aspx). - Defaults to C(ContainerInherit, ObjectInherit) for Directories. type: str propagation: choices: - InheritOnly - None - NoPropagateInherit default: None description: - Propagation flag on the ACL rules. - For more information on the choices see MSDN PropagationFlags enumeration at U(https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.propagationflags.aspx). type: str