Time based Access to Database Using Database Vault

Database Vault -
Scenario Description- Restrict three dba's - dba1,dba2 and dba3 with command rule connect, so that they canconnect only at a specific time in the day.dba1 - First 8 hours of the day dba2- 2nd 8 hours of the day dba3 - 3rd 8 hours of the day
The challenge -The problem is whenever a rule is written to achieve the above mentioned scenario, no user in the database is able to connect to anything andone has to disable the database vault to disable the ruleset attached with connect command rule.
The solution - It is imperative to write the rule expression absolutely correctly so that only the three users in the scenario are affected based on the time of the day. It is important to create a bypass, in the rule exprression, for the rest of the users of the database so that they can connect anytime and they arenot affected by the rule set.
So the expression is written this way -
to_char(sysdate,'hh24') in ('08','09','10','11','12','13','14','15') and sys_context('userenv','session_user')='DBA2' ) OR (SYS_CONTEXT('USERENV','SESSION_USER')='DBA1' AND TO_CHAR(SYSDATE,'HH24') IN ('00','01','02','03','04','05','06','07')) OR (to_char(sysdate,'hh24') in ('17','18','19','20','21','22','23','16') AND SYS_CONTEXT('USERENV','SESSION_USER') = 'DBA3') OR (SYS_CONTEXT('USERENV','SESSION_USER') not IN ('DBA1','DBA2','DBA3'))
Note: Remember not to put a semicolon at the end of the rule expression.
Here the last line of the rule-expression acts as the bypass and allows all other users (except dba1, dba2 and dba3) to connect to the database withoutany problem.