ansible / ansible.windows / 2.3.0 / module / win_acl_inheritance Change ACL inheritance Authors: Oleg Galushko (@inorangestylee), Hans-Joachim Kliemeck (@h0nIg)ansible.windows.win_acl_inheritance (2.3.0) — module
Install with ansible-galaxy collection install ansible.windows:==2.3.0
collections: - name: ansible.windows version: 2.3.0
Change ACL (Access Control List) inheritance and optionally copy inherited ACE's (Access Control Entry) to dedicated ACE's or vice versa.
- name: Disable inherited ACE's ansible.windows.win_acl_inheritance: path: C:\apache state: absent
- name: Disable and copy inherited ACE's ansible.windows.win_acl_inheritance: path: C:\apache state: absent reorganize: true
- name: Enable and remove dedicated ACE's ansible.windows.win_acl_inheritance: path: C:\apache state: present reorganize: true
- name: Disable registry key inherited ACE's ansible.windows.win_acl_inheritance: path: HKLM:\SOFTWARE\Secrets state: absent
- name: Disable and copy registry key inherited ACE's ansible.windows.win_acl_inheritance: path: HKLM:\SOFTWARE\Secrets state: absent reorganize: true
- name: Enable and remove registry key dedicated ACE's ansible.windows.win_acl_inheritance: path: HKLM:\SOFTWARE\Secrets state: present reorganize: true
path: description: - Path to be used for changing inheritance - Support for registry keys have been added in C(ansible.windows>=1.11.0) required: true type: str state: choices: - absent - present default: absent description: - Specify whether to enable I(present) or disable I(absent) ACL inheritance. type: str reorganize: default: false description: - For C(state=absent), indicates if the inherited ACE's should be copied from the parent. This is necessary (in combination with removal) for a simple ACL instead of using multiple ACE deny entries. - For C(state=present), indicates if the inherited ACE's should be deduplicated compared to the parent. This removes complexity of the ACL structure. type: bool