Basically, when "users" use the services of a UTM application, they always access a "service" via a "coupler". This therefore always results in the following access hierarchy:
"User" -> "Coupler" -> "Service"
In order to protect services against unauthorized access by particular users, both services and couplers can have locks in UTM. Users can thus only access a coupler and, consequently the service, if they possess the appropriate keys for both locks. Depending on the type of service that the user wants to access, the employed coupler may also need a key for the service's lock.
Keys and locks are both represented by a number (keycode/lockcode). Multiple keys can be combined to form a keyset (keyset, UTM object type Kset). The privileges (authorizations) owned by users and couplers are therefore represented by their keysets.
If a service or coupler does not possess a lock (or has a lock with lockcode 0) then it is unprotected. If the user or coupler possesses no keyset (or an empty keyset) then no special authorization exists and only unprotected couplers and services can be accessed.
Thus users can only access a service if
- one of their keys fits the service's lock or the service is unprotected
and - one of their keys fits the coupler's lock or the coupler is unprotected
and (possibly) - one of the coupler's keys also fits the service's lock or the service is unprotected.