salt.states.win_dacl
Windows Object Access Control Lists
- Ensure an ACL is present
- parameters:
- name - the path of the object
objectType - Registry/File/Directory
user - user account for the ace
permission - permission for the ace (see module win_acl for available permissions for each objectType)
acetype - Allow/Deny
propagation - how the ACL should apply to child objects (see module win_acl for available propagation types)
addAcl:
win_dacl.present:
- name: HKEY_LOCAL_MACHINE\SOFTWARE\mykey
- objectType: Registry
- user: FakeUser
- permission: FulLControl
- acetype: ALLOW
- propagation: KEY&SUBKEYS
- Ensure an ACL does not exist
- parameters:
- name - the path of the object
objectType - Registry/File/Directory
user - user account for the ace
permission - permission for the ace (see module win_acl for available permissions for each objectType)
acetype - Allow/Deny
propagation - how the ACL should apply to child objects (see module win_acl for available propagation types)
- removeAcl:
- win_dacl.absent:
- name: HKEY_LOCAL_MACHINESOFTWAREmykey
- objectType: Registry
- user: FakeUser
- permission: FulLControl
- acetype: ALLOW
- propagation: KEY&SUBKEYS
- Ensure an object is inheriting permissions
- parameters:
- name - the path of the object
objectType - Registry/File/Directory
clear_existing_acl - True/False - when inheritance is enabled, should the existing ACL be kept or cleared out
- eInherit:
- win_dacl.enableinheritance:
- name: HKEY_LOCAL_MACHINESOFTWAREmykey
- objectType: Registry
- clear_existing_acl: True
- Ensure an object is not inheriting permissions
- parameters:
name - the path of the object
objectType - Registry/File/Directory
copy_inherited_acl - True/False - if inheritance is enabled, should the inherited permissions be copied to the ACL when inheritance is disabled
- dInherit:
- win_dacl.disableinheritance:
- name: HKEY_LOCAL_MACHINESOFTWAREmykey
- objectType: Registry
- copy_inherited_acl: False
-
salt.states.win_dacl.
absent
(name, objectType, user, permission, acetype, propagation)
Ensure a Linux ACL does not exist
-
salt.states.win_dacl.
disinherit
(name, objectType, copy_inherited_acl=True)
Ensure an object is not inheriting ACLs from its parent
-
salt.states.win_dacl.
inherit
(name, objectType, clear_existing_acl=False)
Ensure an object is inheriting ACLs from its parent
-
salt.states.win_dacl.
present
(name, objectType, user, permission, acetype, propagation)
Ensure an ACE is present