permissions_ntfs

Ensure NTFS permissions on a file for a given user.

⚙️ Compatible targets: Windows

Parameters

Name	Documentation
path	File path. This parameter is required.
user	DOMAIN\Account. This parameter is required.
rights	Comma separated right list. This parameter is required.
accesstype	"Allow" or "Deny". Choices: `Allow` `Deny` This parameter is optional.
propagationpolicy	Define the propagation policy of the access rule that Rudder is applying. Choices: `ThisFolderOnly` `ThisFolderSubfoldersAndFiles` `ThisFolderAndSubfolders` `ThisFolderAndFiles` `SubfoldersAndFilesOnly` `SubfoldersOnly` `FilesOnly` This parameter is optional.

Outcome conditions

You need to replace ${path} with its actual canonified value.

✅ Ok: permissions_ntfs_${path}_ok
- ☑️ Already compliant: permissions_ntfs_${path}_kept
- 🟨 Repaired: permissions_ntfs_${path}_repaired
❌ Error: permissions_ntfs_${path}_error

Example

method: permissions_ntfs
params:
  user: VALUE
  path: VALUE
  accesstype: Allow
  propagationpolicy: ThisFolderOnly
  rights: VALUE

Documentation

Ensure that the correct NTFS permissions are applied on a file for a given user.

Inheritance and propagation flags can also be managed. If left blank, no propagation will be set.

To manage effective propagation or effective access, please disable the inheritance on the file before applying this generic method.

Note: that the Synchronize permission may not work in some cases. This is a known bug.

Right validate set:

None, ReadData, ListDirectory, WriteData, CreateFiles, AppendData, CreateDirectories, ReadExtendedAttributes, WriteExtendedAttributes, ExecuteFile, Traverse, DeleteSubdirectoriesAndFiles, ReadAttributes, WriteAttributes, Write, Delete, ReadPermissions, Read, ReadAndExecute, Modify, ChangePermissions, TakeOwnership, Synchronize, FullControl

AccessType validate set:

Allow, Deny

PropagationPolicy validate set:

ThisFolderOnly, ThisFolderSubfoldersAndFiles, ThisFolderAndSubfolders, ThisFolderAndFiles, SubfoldersAndFilesOnly, SubfoldersOnly, FilesOnly