community.proxmox.proxmox_access_acl module – Management of ACLs for objects in Proxmox VE Cluster

Note

This module is part of the community.proxmox collection (version 1.3.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.proxmox. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: community.proxmox.proxmox_access_acl.

New in community.proxmox 1.1.0

Synopsis
Requirements
Parameters
Attributes
Examples
Return Values

Synopsis

Setting ACLs via /access/acls to grant permission to interact with objects.

Requirements

The below requirements are needed on the host that executes this module.

proxmoxer >= 2.0
requests

Parameters

Parameter	Comments
api_host string / required	Specify the target host of the Proxmox VE cluster. Uses the `PROXMOX_HOST` environment variable if not specified.
api_password string	Specify the password to authenticate with. Uses the `PROXMOX_PASSWORD` environment variable if not specified.
api_port integer	Specify the target port of the Proxmox VE cluster. Uses the `PROXMOX_PORT` environment variable if not specified.
api_token_id string	Specify the token ID. Uses the `PROXMOX_TOKEN_ID` environment variable if not specified.
api_token_secret string	Specify the token secret. Uses the `PROXMOX_TOKEN_SECRET` environment variable if not specified.
api_user string / required	Specify the user to authenticate with. Uses the `PROXMOX_USER` environment variable if not specified.
path string	Access Control Path
propagate boolean	Allow to propagate (inherit) permissions. Choices: `false` `true` ← (default)
roleid string	name of the role
state string / required	create or delete Choices: `"present"` `"absent"`
type string	type of access control Choices: `"user"` `"group"` `"token"`
ugid string	id of user or group
validate_certs boolean	If `false`, SSL certificates will not be validated. This should only be used on personally controlled sites using self-signed certificates. Uses the `PROXMOX_VALIDATE_CERTS` environment variable if not specified. Choices: `false` ← (default) `true`

Attributes

Attribute	Support	Description
action_group	Action group: community.proxmox.proxmox	Use `group/community.proxmox.proxmox` in `module_defaults` to set defaults for this module.
check_mode	Support: none	Can run in `check_mode` and return changed status prediction without modifying target.
diff_mode	Support: none	Will return details on what has changed (or possibly needs changing in `check_mode`), when in diff mode.

Examples

- name: Create ACE
  community.proxmox.proxmox_access_acl:
    api_host: "{{ ansible_host }}"
    api_password: "{{ proxmox_root_pw | default(lookup('ansible.builtin.env', 'PROXMOX_PASSWORD', default='')) }}"
    api_user: root@pam

    state: "present"
    path: /vms/100
    type: user
    ugid: "a01mako@pam"
    roleid: PVEVMUser
    propagate: 1

- name: Delete all ACEs for a given path
  community.proxmox.proxmox_access_acl:
    api_host: "{{ ansible_host }}"
    api_password: "{{ proxmox_root_pw | default(lookup('ansible.builtin.env', 'PROXMOX_PASSWORD', default='')) }}"
    api_user: root@pam

    state: "absent"
    path: /vms/100

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
new_acls list / elements=string	The output message that the test module generates. Returned: when changed
old_acls list / elements=string	The original name param that was passed in. Returned: always

Authors

Markus Kötter (@commonism)

Collection links

© 2012–2018 Michael DeHaan
© 2018–2025 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/proxmox/proxmox_access_acl_module.html