Kron PAM’s role-based management (user/device/policy) concept is based on realms. In essence, individual creations are collected under a group, and groups are connected under a realm definition. Realms connect the groups, and by doing so, the users can connect to devices by using policies. The diagram below illustrates Kron PAM's realm structure, which allows admins to manage specific users to authenticate on specific devices and authorize specific policies.
Policies are applied to SSH/Telnet, SQL, and HTTP connections. RDP and SFTP connections do not need policies.