| Platform SDK: Memory |
Windows NT/Windows 2000 security enables you to control access to file-mapping objects. For more information about security, see Access-Control Model.
You can specify a security descriptor for a file-mapping object when you call the CreateFileMapping function. To retrieve the security descriptor of a file-mapping object, call the GetNamedSecurityInfo or GetSecurityInfo function. To set the security descriptor of a file-mapping object, call the SetNamedSecurityInfo or SetSecurityInfo function.
The valid access rights for file-mapping objects include the DELETE, READ_CONTROL, WRITE_DAC, and WRITE_OWNER standard access rights. File-mapping objects do not support the SYNCHRONIZE standard access right. The following table lists the specific access rights for file-mapping objects.
| Value | Meaning |
|---|---|
| FILE_MAP_COPY | Copy on write access. If you create the map with PAGE_WRITECOPY and the view with FILE_MAP_COPY, you will receive a view to the mapped file. If you write to the mapped view, the modifications do not change the original data file. |
| FILE_MAP_READ | Read-only access. The file-mapping object must be created with PAGE_READWRITE or PAGE_READONLY protection. A read-only view of the file is mapped. |
| FILE_MAP_WRITE | Read and write access. The file-mapping object must be created with PAGE_READWRITE protection. A read/write view of the file is mapped. |
| FILE_MAP_ALL_ACCESS | Includes all access rights to a file-mapping object. The MapViewOfFile and MapViewOfFileEx functions treat this the same as if you had specified FILE_MAP_WRITE. |
You can request the ACCESS_SYSTEM_SECURITY access right to a file-mapping object if you want to read or write the object's SACL. For more information, see Access-Control Lists (ACLs) and SACL Access Right.