Ensure NTFS permissions on a file for a given user.

⚙️ Compatible targets: Windows


pathFile path.

This parameter is required.

This parameter is required.
rightsComma separated right list.

This parameter is required.
accesstype"Allow" or "Deny".

  • Allow
  • Deny

This parameter is optional.
propagationpolicyDefine the propagation policy of the access rule that Rudder is applying.

  • ThisFolderOnly
  • ThisFolderSubfoldersAndFiles
  • ThisFolderAndSubfolders
  • ThisFolderAndFiles
  • SubfoldersAndFilesOnly
  • SubfoldersOnly
  • FilesOnly

This parameter is optional.

Outcome conditions

You need to replace ${path} with its actual canonified value.

  • ✅ Ok: permissions_ntfs_${path}_ok
    • ☑️ Already compliant: permissions_ntfs_${path}_kept
    • 🟨 Repaired: permissions_ntfs_${path}_repaired
  • ❌ Error: permissions_ntfs_${path}_error


method: permissions_ntfs
  accesstype: Allow
  propagationpolicy: ThisFolderOnly
  path: VALUE
  rights: VALUE
  user: VALUE


Ensure that the correct NTFS permissions are applied on a file for a given user.

Inheritance and propagation flags can also be managed. If left blank, no propagation will be set.

To manage effective propagation or effective access, please disable the inheritance on the file before applying this generic method.

Note: that the Synchronize permission may not work in some cases. This is a known bug.

Right validate set:

None, ReadData, ListDirectory, WriteData, CreateFiles, AppendData, CreateDirectories, ReadExtendedAttributes, WriteExtendedAttributes, ExecuteFile, Traverse, DeleteSubdirectoriesAndFiles, ReadAttributes, WriteAttributes, Write, Delete, ReadPermissions, Read, ReadAndExecute, Modify, ChangePermissions, TakeOwnership, Synchronize, FullControl

AccessType validate set:

Allow, Deny

PropagationPolicy validate set:

ThisFolderOnly, ThisFolderSubfoldersAndFiles, ThisFolderAndSubfolders, ThisFolderAndFiles, SubfoldersAndFilesOnly, SubfoldersOnly, FilesOnly