When you establish a session, the default value for row-level security constraints assigned to the profile for the user or those directly assigned to the user become current for the session. Those row-level security constraints that are assigned to a profile take precedence over those assigned to the user. The rules for determining the initial assignment of constraint values for a session are as follows.
- If a user has been assigned a profile and that profile has been assigned row-level security constraint values, those profile constraints become current for the session.
In this case, Vantage does not consider any constraints that are assigned directly to the user.
- If a user has been assigned a profile and that profile has not been assigned any row-level security constraints, then Vantage assigns any constraints for the session from the user definition.
If there are no row-level security constraints assigned to the user, all constraints for the session are null.
- If a user has not been assigned a profile, then Vantage allocates the row-level security constraints assigned directly to the user for the session.
If no row-level security constraints are assigned to the user, all constraints for the session are set null.
- If a hierarchical constraint with multiple assigned values is assigned to a session, then Vantage only assigns the default values for the source to the session.
- If a non-hierarchical constraint with multiple assigned values is assigned to a session, then Vantage applies all assigned values for the source to the session.