If the user ID associated with the server has permission to access the file, access is granted if:
The file already exists in the %SYBASE% directory structure, read-only access is allowed, and open-for-write requests receive an ERROR_ACCESS_DENIED error, or
The file exists or is being created in the Windows %TEMP% directory and read-write access is allowed, or
The file exists or is being created in a configured work directory (a trusted directory). The access allowed is that defined for the work directory, or
The file exists or is being created in any subdirectory under a trusted directory. The access allowed is that defined for the parent directory.
If one trusted directory is nested inside another, then the system examines access to each trusted parent in the target file path and the most restricted access is applied. Thus it is possible to allow read-write access to a trusted directory tree, but then specify read-only or no access for specified directories below it. This behavior is similar to Windows behavior when applying ACLs to files.