salt.states.win_dacl¶

Windows Object Access Control Lists

Ensure an ACL is present

parameters:

name - the path of the object objectType - Registry/File/Directory user - user account for the ace permission - permission for the ace (see module win_acl for available permissions for each objectType) acetype - Allow/Deny propagation - how the ACL should apply to child objects (see module win_acl for available propagation types)

addAcl:
  win_dacl.present:
    - name: HKEY_LOCAL_MACHINE\SOFTWARE\mykey
    - objectType: Registry
    - user: FakeUser
    - permission: FullControl
    - acetype: ALLOW
    - propagation: KEY&SUBKEYS

Ensure an ACL does not exist

parameters:

name - the path of the object objectType - Registry/File/Directory user - user account for the ace permission - permission for the ace (see module win_acl for available permissions for each objectType) acetype - Allow/Deny propagation - how the ACL should apply to child objects (see module win_acl for available propagation types)

removeAcl:

win_dacl.absent:

• name: HKEY_LOCAL_MACHINESOFTWAREmykey
• objectType: Registry
• user: FakeUser
• permission: FulLControl
• acetype: ALLOW
• propagation: KEY&SUBKEYS

Ensure an object is inheriting permissions

parameters:

name - the path of the object objectType - Registry/File/Directory clear_existing_acl - True/False - when inheritance is enabled, should the existing ACL be kept or cleared out

eInherit:

win_dacl.enableinheritance:

• name: HKEY_LOCAL_MACHINESOFTWAREmykey
• objectType: Registry
• clear_existing_acl: True

Ensure an object is not inheriting permissions

parameters:

name - the path of the object objectType - Registry/File/Directory copy_inherited_acl - True/False - if inheritance is enabled, should the inherited permissions be copied to the ACL when inheritance is disabled

dInherit:

win_dacl.disableinheritance:

• name: HKEY_LOCAL_MACHINESOFTWAREmykey
• objectType: Registry
• copy_inherited_acl: False

salt.states.win_dacl.absent(name, objectType, user, permission, acetype, propagation)¶

Ensure a Linux ACL does not exist

salt.states.win_dacl.disinherit(name, objectType, copy_inherited_acl=True)¶

Ensure an object is not inheriting ACLs from its parent

salt.states.win_dacl.inherit(name, objectType, clear_existing_acl=False)¶

Ensure an object is inheriting ACLs from its parent

salt.states.win_dacl.present(name, objectType, user, permission, acetype, propagation)¶

Ensure an ACE is present