Figure 5–2 illustrates applying different policies stored in Oracle Internet Directory to the databases accessed by different enterprise users. Determining the policy to be applied is controlled by the directory entries corresponding to the user and the accessed database. Figure 5-2, "Illustration of Oracle Label Security Policies Applied through Oracle Internet Directory", shows a box at the left labeled "olsadmintool" leading to the right to a database labeled OID containing OLS policies Alpha and Beta. A footnote on the OID label reads "User profile in OID changeable using olsadmintool." The OID database has one outgoing arrow leading horizontally to the right, and two incoming arrows coming from 45-degree angles above and below the horizontal. The outgoing arrow leads to a container labeled "Directory Integration Platform (DIP) Server", which is shown as containing OID changes. A footnote on the Server label says "Directory Integration Platform (DIP) provisioning/synchronizing profile in Oracle Internet Directory (OID), changeable using oidprovtool." From this DIP Server container come two arrows, one to a database above labeled Oracle DB1 and the otehr to a database below, labeled Oracle DB2. Each of these databases, DB1 and DB2, is labeled OLS Policies Alpha and Beta, and each has an arrow pointing back at a 45-degree angle to the OID database. Each arrow is labeled "LDAP, SSL, or SASL". From each database, DB1 and DB2, a horizontal double-headed arrow points to the right to a box. Each arrow has a label above it reading "SSL/non-SSL", and a label below it reading "log on as an enterprise user". The box to the right of DB1, at the top, is labeled "sqlplus". The box to the right of DB2, at the bottom, is labeled "PL/SQL Programs".