You can assign up to 6 hierarchical (non-set) constraints and 2 non-hierarchical (set) constraints to a user or profile. You must specify at least 1 name:value pair for each constraint.
Each assigned CONSTRAINT object must exist in the database, and the assigned security label values must correspond to valid name:value pairs defined in the object.
When more than one hierarchical label value is assigned to a user or profile, you can include the keyword DEFAULT after the label to specify that it is the default value for user sessions. If DEFAULT is not specified, the first constraint name listed in the user/profile definition is the default. DEFAULT is not applicable to non-hierarchical security constraints.
If a user is the member of a profile that assigns one or more security constraints, the assignments in the profile supersede any assignments made directly to the user.