salt.states.win_dacl

Windows Object Access Control Lists

Ensure an ACL is present
parameters:
name - the path of the object objectType - Registry/File/Directory user - user account for the ace permission - permission for the ace (see module win_acl for available permissions for each objectType) acetype - Allow/Deny propagation - how the ACL should apply to child objects (see module win_acl for available propagation types)
addAcl:
  win_dacl.present:
    - name: HKEY_LOCAL_MACHINE\SOFTWARE\mykey
    - objectType: Registry
    - user: FakeUser
    - permission: FulLControl
    - acetype: ALLOW
    - propagation: KEY&SUBKEYS
Ensure an ACL does not exist
parameters:
name - the path of the object objectType - Registry/File/Directory user - user account for the ace permission - permission for the ace (see module win_acl for available permissions for each objectType) acetype - Allow/Deny propagation - how the ACL should apply to child objects (see module win_acl for available propagation types)

removeAcl:
win_dacl.absent:
  • name: HKEY_LOCAL_MACHINESOFTWAREmykey
  • objectType: Registry
  • user: FakeUser
  • permission: FulLControl
  • acetype: ALLOW
  • propagation: KEY&SUBKEYS
Ensure an object is inheriting permissions
parameters:
name - the path of the object objectType - Registry/File/Directory clear_existing_acl - True/False - when inheritance is enabled, should the existing ACL be kept or cleared out

eInherit:
win_dacl.enableinheritance:
  • name: HKEY_LOCAL_MACHINESOFTWAREmykey
  • objectType: Registry
  • clear_existing_acl: True
Ensure an object is not inheriting permissions
parameters:

name - the path of the object objectType - Registry/File/Directory copy_inherited_acl - True/False - if inheritance is enabled, should the inherited permissions be copied to the ACL when inheritance is disabled


dInherit:
win_dacl.disableinheritance:
  • name: HKEY_LOCAL_MACHINESOFTWAREmykey
  • objectType: Registry
  • copy_inherited_acl: False
salt.states.win_dacl.absent(name, objectType, user, permission, acetype, propagation)

Ensure a Linux ACL does not exist

salt.states.win_dacl.disinherit(name, objectType, copy_inherited_acl=True)

Ensure an object is not inheriting ACLs from its parent

salt.states.win_dacl.inherit(name, objectType, clear_existing_acl=False)

Ensure an object is inheriting ACLs from its parent

salt.states.win_dacl.present(name, objectType, user, permission, acetype, propagation)

Ensure an ACE is present