Resource Type: reg_acl

Defined in:
lib/puppet/type/reg_acl.rb
Providers:
regacl

Overview

Puppet type for managing Windows Registry ACLs

Properties

  • inherit_from_parent (defaults to: true)

    Should this ACL include inherited permissions? Valid values are true, false. Default: true

    Supported values:
    • true
    • false
  • owner

    Provide the name of the owner for this registry key. Can be string or SID.

  • permissions

    Array of hashes of desired ACEs to be applied to target registry key. By default, reg_acl will simply compare existing permissions (non-inherited only) and make sure that the provided permissions are applied. Use the purge parameter to adjust this behavior.

    For each hash, valid parameters:

    IdentityReference: String or SID format for identity to have this ACE applied

    AccessControlType: String of access type. Valid values Allow or Deny

    InheritanceFlags: String of inheritance flags. Valid values: ‘ContainerInherit, ObjectInherit’, ‘ContainerInherit’, or ‘ObjectInherit’

    PropagationFlags: String of propagation behavior. Valid values: ‘None’, ‘InheritOnly’, or ‘NoPropagateInherit, InheritOnly’

    RegistryRights: String of Permissions to apply. Keep in mind you can combine values where needed(single string, comma seperated). Common values are ‘FullControl’, ‘ReadKey’, and ‘WriteKey’. Valid values: ‘QueryValues’,‘SetValue’,‘CreateSubKey’,‘EnumerateSubKeys’,‘Notify’,‘CreateLink’,‘ReadKey’,‘WriteKey’,‘Delete’,‘ReadPermissions’,‘ChangePermissions’,‘TakeOwnership’,‘FullControl’. See msdn.microsoft.com/en-us/library/system.security.accesscontrol.registryrights(v=vs.110).aspx for more details.

Parameters

  • name (namevar)

    The description used for uniqueness. If the target parameter is not provided name will be used.

  • provider

    The specific backend to use for this ‘reg_acl` resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.

  • purge (defaults to: false)

    Boolean to specify if all ACE should be purged that are not specifically named. Valid values are all, listed, false. Default: false

    all: If additional ACE are present that have not been specifically declared (non-inherited), they will be removed.

    listed: Ensure that the defined ACEs in permissions parameter are removed if present(i.e. delete listed parameters).

    false: Default. Only compare defined ACEs in permissions and ignore any other present.

    Supported values:
    • all
    • listed
    • false
  • target

    Path to the registry key. If not provided the name parameter will be used.