W3cubDocs

/Ansible

win_acl - Set file/directory permissions for a system user or group.

New in version 2.0.

Synopsis

Add or remove rights/permissions for a given user or group for the specified src file or folder.

Options

parameter required default choices comments
inherit
 no For Leaf File, None; For Directory, ContainerInherit, ObjectInherit;
  • ContainerInherit
  • ObjectInherit
  • None
Inherit flags on the ACL rules. Can be specified as a comma separated list (Ex. "ContainerInherit, ObjectInherit"). For more information on the choices see MSDN InheritanceFlags Enumeration.
path
 yes
File or Directory
propagation
 no None
  • None
  • NoPropagateInherit
  • InheritOnly
Propagation flag on the ACL rules. For more information on the choices see MSDN PropagationFlags Enumeration.
rights
 yes none
  • AppendData
  • ChangePermissions
  • Delete
  • DeleteSubdirectoriesAndFiles
  • ExecuteFile
  • FullControl
  • ListDirectory
  • Modify
  • Read
  • ReadAndExecute
  • ReadAttributes
  • ReadData
  • ReadExtendedAttributes
  • ReadPermissions
  • Synchronize
  • TakeOwnership
  • Traverse
  • Write
  • WriteAttributes
  • WriteData
  • WriteExtendedAttributes
The rights/permissions that are to be allowed/denyed for the specified user or group for the given src file or directory. Can be entered as a comma separated list (Ex. "Modify, Delete, ExecuteFile"). For more information on the choices see MSDN FileSystemRights Enumeration.
state
 no present
  • present
  • absent
Specify whether to add present or remove absent the specified access rule
type
 yes none
  • allow
  • deny
Specify whether to allow or deny the rights specified
user
 yes none
User or Group to add specified rights to act on src file/folder

Examples

# Restrict write,execute access to User Fed-Phil
$ ansible -i hosts -m win_acl -a "user=Fed-Phil path=C:\Important\Executable.exe type=deny rights='ExecuteFile,Write'" all

# Playbook example
# Add access rule to allow IIS_IUSRS FullControl to MySite
---
- name: Add IIS_IUSRS allow rights
  win_acl:
    path: 'C:\inetpub\wwwroot\MySite'
    user: 'IIS_IUSRS'
    rights: 'FullControl'
    type: 'allow'
    state: 'present'
    inherit: 'ContainerInherit, ObjectInherit'
    propagation: 'None'

# Remove previously added rule for IIS_IUSRS
- name: Remove FullControl AccessRule for IIS_IUSRS
    path: 'C:\inetpub\wwwroot\MySite'
    user: 'IIS_IUSRS'
    rights: 'FullControl'
    type: 'allow'
    state: 'absent'
    inherit: 'ContainerInherit, ObjectInherit'
    propagation: 'None'

# Deny Intern
- name: Deny Deny
    path: 'C:\Administrator\Documents'
    user: 'Intern'
    rights: 'Read,Write,Modify,FullControl,Delete'
    type: 'deny'
    state: 'present'

This is an Extras Module

For more information on what this means please read Extras Modules

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, developing_test_pr and Developing Modules.

© 2012–2016 Michael DeHaan
© 2016 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/win_acl_module.html