Securing access through realms

If you want to restrict users to a set of devices, use realms. Realms define security perimeters within the network that do not overlap. Each device belongs to a single realm. When you initially install BMC Network Automation, all devices belong to a single realm named Default. You can create new realms to define additional security perimeters. Users are assigned access to realms based on their assigned role or roles. For example, one role could have full access to a realm; another role only has reporting rights for the realm; and another role has no access to the realm.

You could view a realm as a collection of devices owned by a tenant. For example, a realm could represent:

• A set of devices (for example, all firewalls) managed by a specific IT group (for example, Security)
• A network managed by a specific IT group
• A production and lab network managed by different teams
• A customer's network managed by a service provider