You can use the member attribute to assign users to a mechanism object.
If a user is not a member of any mechanism policy, the user has no policy-based mechanism usage restrictions, and can use any mechanism that is not disabled in the TDGSS configuration.
If a user is a member of one or more mechanisms, the user can log on only with a mechanism of which he or she is a member.
For a list of rules governing the specification of users as policy members, see Rules for Specifying Users as Policy Members.
Users accessing the database through pooled sessions are subject to the security policies assigned to the application logon user, rather than the policies assigned to them as individuals.