win_acl – Set file/directory/registry permissions for a system user or group¶
Synopsis¶
- Add or remove rights/permissions for a given user or group for the specified file, folder, registry key or AppPool identifies.
Parameters¶
| Parameter | Choices/Defaults | Comments | 
|---|---|---|
| inherit 
                    string
                                                                 | 
 | Inherit flags on the ACL rules. Can be specified as a comma separated list, e.g.  ContainerInherit,ObjectInherit.For more information on the choices see MSDN InheritanceFlags enumeration at https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.inheritanceflags.aspx. Defaults to  ContainerInherit, ObjectInheritfor Directories. | 
| path 
                    string
                                             / required                     | The path to the file or directory. | |
| propagation 
                    string
                                                                 | 
 | Propagation flag on the ACL rules. For more information on the choices see MSDN PropagationFlags enumeration at https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.propagationflags.aspx. | 
| rights 
                    string
                                             / required                     | The rights/permissions that are to be allowed/denied for the specified user or group for the item at  path.If  pathis a file or directory, rights can be any right under MSDN FileSystemRights https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.filesystemrights.aspx.If  pathis a registry key, rights can be any right under MSDN RegistryRights https://msdn.microsoft.com/en-us/library/system.security.accesscontrol.registryrights.aspx. | |
| state 
                    string
                                                                 | 
 | Specify whether to add  presentor removeabsentthe specified access rule. | 
| type 
                    string
                                             / required                     | 
 | Specify whether to allow or deny the rights specified. | 
| user 
                    string
                                             / required                     | User or Group to add specified rights to act on src file/folder or registry key. | 
Notes¶
Note
- If adding ACL’s for AppPool identities (available since 2.3), the Windows Feature “Web-Scripting-Tools” must be enabled.
See Also¶
See also
- win_acl_inheritance – Change ACL inheritance
- The official documentation on the win_acl_inheritance module.
- win_file – Creates, touches or removes files or directories
- The official documentation on the win_file module.
- win_owner – Set owner
- The official documentation on the win_owner module.
- win_stat – Get information about Windows files
- The official documentation on the win_stat module.
Examples¶
- name: Restrict write and execute access to User Fed-Phil
  win_acl:
    user: Fed-Phil
    path: C:\Important\Executable.exe
    type: deny
    rights: ExecuteFile,Write
- name: Add IIS_IUSRS allow rights
  win_acl:
    path: C:\inetpub\wwwroot\MySite
    user: IIS_IUSRS
    rights: FullControl
    type: allow
    state: present
    inherit: ContainerInherit, ObjectInherit
    propagation: 'None'
- name: Set registry key right
  win_acl:
    path: HKCU:\Bovine\Key
    user: BUILTIN\Users
    rights: EnumerateSubKeys
    type: allow
    state: present
    inherit: ContainerInherit, ObjectInherit
    propagation: 'None'
- name: Remove FullControl AccessRule for IIS_IUSRS
  win_acl:
    path: C:\inetpub\wwwroot\MySite
    user: IIS_IUSRS
    rights: FullControl
    type: allow
    state: absent
    inherit: ContainerInherit, ObjectInherit
    propagation: 'None'
- name: Deny Intern
  win_acl:
    path: C:\Administrator\Documents
    user: Intern
    rights: Read,Write,Modify,FullControl,Delete
    type: deny
    state: present
Status¶
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Core Team. [core]
Red Hat Support¶
More information about Red Hat’s support of this module is available from this Red Hat Knowledge Base article.
Authors¶
- Phil Schwartz (@schwartzmx)
- Trond Hindenes (@trondhindenes)
- Hans-Joachim Kliemeck (@h0nIg)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
