Win_acl Is Not Removing ACL's

I have applied acl’s for user MYDOMAIN\GARY on directory D:\BIN. On occasion, I would like to remove all ACL’s for GARY on that directory and the re-add them with inheritance.

Here’s the ACL’s before:

Type Principal Access Inherited From Applies To
Allow Gary@mydomain.local Read None This folder, subfolders and files

I then have a task that looks like this:

- name: Remove ACL's
  ansible.windows.win_acl:
    user: MYDOMAIN\GARY
    path: D:\BIN
    rights: Read
    type: allow
    state: absent

When I run this tasks I get the following output:

TASK [Remove ACL's] **********************************************************************************
ok: [myserver.local]

This appears to tell me that nothing changed, and when I check the ACL’s I see that nothing has changed: Gary still has read access.

Is this how the module is supposed to work? Is there a better way to remove a user’s access to a directory?

Im not familiar with the module, but it looks like the criteria for removing ACLs is overly strict.

It looks like if the existing ACL is any different than what the user specifies, then it wont be removed. ansible.windows/plugins/modules/win_acl.ps1 at main · ansible-collections/ansible.windows · GitHub
Like if any of these other settings are different for some reason, the ACL wont be removed even though it exists and matches the user/path etc that you specified

I cant tell what setting is causing the issue though. they all look like they would be equal. Maybe the username? You could try using Gary@mydomain.local instead of MYDOMAIN\GARY