Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The Windows security model lets you control access to file-mapping objects. For more information, see Access-Control Model.
You can specify a security descriptor for a file-mapping object when you call the CreateFileMapping function. If you specify NULL, the object gets a default security descriptor. The ACLs in the default security descriptor for a file-mapping object come from the primary or impersonation token of the creator.
To retrieve the security descriptor of a file-mapping object, call the GetNamedSecurityInfo or GetSecurityInfo function. To set the security descriptor of a file-mapping object, call the SetNamedSecurityInfo or SetSecurityInfo function.
The valid access rights for file-mapping objects include the DELETE, READ_CONTROL, WRITE_DAC, and WRITE_OWNER standard access rights. File mapping objects do not support the SYNCHRONIZE standard access right. The following table lists the access rights that are specific to file-mapping objects.
| Access right | Meaning |
|---|---|
| FILE_MAP_ALL_ACCESS | Includes all access rights to a file-mapping object except FILE_MAP_EXECUTE. The MapViewOfFile and MapViewOfFileEx functions treat this the same as specifying FILE_MAP_WRITE. |
| FILE_MAP_EXECUTE | Allows mapping of executable views of the file-mapping object. The object must have been created with page protection that allows execute access, such as PAGE_EXECUTE_READ, PAGE_EXECUTE_WRITECOPY, or PAGE_EXECUTE_READWRITE protection. |
| FILE_MAP_READ | Allows mapping of read-only or copy-on-write views of the file-mapping object. |
| FILE_MAP_WRITE | Allows mapping of read-only, copy-on-write, or read/write views of a file-mapping object. The object must have been created with page protection that allows write access, such as PAGE_READWRITE or PAGE_EXECUTE_READWRITE protection. |
Mapping a copy-on-write view of a file-mapping object requires the same access as mapping a read-only view. The FILE_MAP_COPY flag is not an access right, and it should not be specified as part of a DACL in a security descriptor. This value can be used only with functions that map a view of a file-mapping object, such as the MapViewOfFile and MapViewOfFileEx functions, or with the OpenFileMapping function, which treats FILE_MAP_COPY the same way it treats FILE_MAP_READ.
You can request the ACCESS_SYSTEM_SECURITY access right to a file-mapping object if you want to read or write the object's SACL. For more information, see Access-Control Lists (ACLs) and SACL Access Right.