If your UTM applications interact with external resource managers, e.g. database systems, you can also use the security mechanisms of these resource managers. The openUTM security mechanisms are kept completely separate from those of the database system, and there is no delegation, i.e. the security functions do not “pass through” individual users. From the point of view of the database, the UTM application functions as a user.
This has a number of advantages:
clear differentiation between the “Application” and “Data storage” tiers
data access control on the service level rather than the data level
no unnecessary redundancies in the authorization profiles, thereby reducing the effort involved in administration and eliminating inconsistencies (e.g. anomalies in modifications)
faster access times and more efficient utilization of resources in the database system (administration tables, caches)
You can alternatively specify the access data for Oracle databases interfaced to openUTM as an XA Resource Manager in the start parameters in plain text form or define them in the generation of the UTM application. For security reasons, it is recommended to specify the access data only in the generation.
In addition, the access data can be modified by means of administration.