JP2002202956A - Security management system, security management method, and security management program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To facilitate the management of security accompanying the change of the necessity of security protection. SOLUTION: An ID number for identifying a user, which contains an information on a department to which the user belongs, is received (S13), access right specification information showing that the access to the information related to the department by the user is permissible or not is read from an access right information storage means for storing it in conformation to ID numbers on the basis of the received ID number, and it is judged whether the access is permissible or not on the basis of the read access right specification information (S14). When a plurality of pieces of department information is related to the user, it is judged whether the access to the information related to each department related to the department information is permissible or not.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

The present invention relates to a security management system for managing security, a security management method, and a security management program.

[0002]

2. Description of the Related Art Conventionally, there has been a method of transmitting various intentions in an organization such as a company using a network such as an in-house LAN. Specifically, a terminal is provided to each employee, and communication is made by simultaneously sending an e-mail including contents to be notified to each employee from the server to each terminal.
In this in-house LAN, in order to protect the security of personnel information and the like of each employee, the information required for security protection (hereinafter simply referred to as security information) is browsed by I.
The input of the D number and the password was required.

[0003] The management of the security information is normally performed on the server side, and the server determines whether or not access is possible based on the ID number.

[0004]

A server is provided for each department, and one ID number unique to each department is assigned to each employee. This is because there is information that cannot be accessed from other departments for each department, and whether such information is accessible for each server is determined based on an ID number to which identification information unique to each department is added. .

[0005] For example, when transferring from the accounting department to the sales department, a takeover process is also required for the in-house LAN. When performing the handover process, the work of each unit before and after the transfer is both handled.

[0006] However, the ID number is assigned as a unique number to each section of the accounting department and the sales department.
Therefore, the network ID number is assigned either before or after the transfer. In this case, in the state before the transfer, the server can be accessed based on the ID number before the transfer, but the information of the accounting department before the transfer can be accessed, but the information of the sales department cannot be accessed.
Conversely, in the case of the state after the transfer, the information of the sales department after the transfer cannot be accessed. Therefore, for the in-house LAN, which department information can be accessed is determined depending on the execution time of the change process of the ID number and the like. This causes an inconvenience that the work place and the affiliation and the access right that actually perform the work are not unified. In this way, in the method of uniformly managing security information,
If the security management target fluctuates, such as personnel changes, it will hinder business operations.

SUMMARY OF THE INVENTION The present invention has been made to solve the above problems, and an object of the present invention is to provide a security management system, a security management method, and a security management system for facilitating security management accompanying a change in security protection necessity. To provide a management program.

[0008]

According to one aspect of the present invention, whether or not the user is permitted to access information associated with the attribute information is determined based on attribute information indicating an attribute to which the user belongs. The access right storage unit stores, for each user, the access right specifying information indicating the access right identification information indicating the user, and reads out the access right storage unit based on the identification information given by the user. Determining permission of access to the information based on the access right specifying information, wherein the plurality of attribute information items are associated with the user, and the plurality of associated attribute information items are mutually exclusive with respect to the access permission. Access right determination means for permitting access to each piece of information associated with the plurality of pieces of attribute information. Security management system is provided which is characterized by comprising.

According to such a configuration, a user who may belong to mutually exclusive attributes in terms of access permission can be permitted to access information relating to both attributes.

According to one embodiment of the present invention, for at least one user, the access right specifying information for which access is permitted for both of the at least two pieces of information mutually exclusive with respect to access permission is the identification information. It is stored in the access right information storage means in association with information. Accordingly, the access right to a user who may belong to mutually exclusive attributes can be appropriately set only by assigning a plurality of pieces of identification information to the user without individually setting the access right for each user.

According to one embodiment of the present invention, there is further provided a receiving means for receiving the identification information via the network. As a result, security can be managed even when a user accesses via a network.

[0012] Preferably, for at least one user, the access right specifying information that is permitted to access both of the at least two pieces of information that are mutually exclusive with respect to the access permission includes the access permission to both of the information. The start time and / or the end time are stored in association with each other.

[0013] This makes it possible to limit the unstable state of being able to access information relating to both mutually exclusive attributes regarding the access permission to a certain time. More desirably, the access right determination means, when determining the permission of the access before the start time, determines the permission of the access to one of the at least two pieces of information that are mutually exclusive. If the access right determination unit determines access permission after the end time, the access right determination unit may perform access permission for one of the at least two pieces of information that are mutually exclusive. I do. As a result, before the unstable state in which information about both exclusive attributes can be accessed or after it ends, only information about attributes that are not mutually exclusive can be accessed as usual.

According to another embodiment of the present invention, the attribute information mutually exclusive with respect to the access permission is the assignment information in the company of the user. This allows
Eliminates the inconvenience of being able to access information about one of the assignments only when assignments overlap, for example, when a personnel transfer takes over, etc. Can access both information. As a result, the transfer of the personnel change can be smoothly performed.

Further, the present invention relating to an apparatus or a method is provided for causing a computer to execute a procedure corresponding to the present invention (or for causing a computer to function as means corresponding to the present invention, or for causing a computer to correspond to the present invention). And a computer-readable recording medium on which the program is recorded.

[0016]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS An embodiment of the present invention will be described below with reference to the drawings.

FIG. 1 is a diagram showing the overall configuration of a security management system according to one embodiment of the present invention. In the present embodiment, an example will be described in which the present invention is applied to a network system in which a company has a plurality of departments each including a plurality of employees and a terminal is assigned to each employee.

As shown in FIG. 1, a network 2 connected to a center server 1 for managing all departments
, Networks 3 to 6 are connected. The sales department server 31 for managing the sales department is provided in the network 3.
And terminals 32 to 35 are connected to the network 4, the accounting department server 41 and the terminals 42 to 45 are connected to the network 4, the personnel department server 51 and the terminals 52 to 55 are connected to the network 5, and the system design department is connected to the network 6. Server 61
And terminals 62 to 65 are connected.

FIG. 2A is a diagram showing an example of a detailed configuration of the center server 1. As shown in FIG. 2A, the center server 1 includes an interface 11 for transmitting and receiving information to and from the network 2,
1 and a processor 12 connected to the
And an access right management database 13 storing access right identification information for managing access rights in the present system and information required for security protection (hereinafter simply referred to as security information) transmitted and received by the present system. And a security information database 14. In the security information database 14, security information for each position is stored as security information that is not mutually exclusive with respect to access permission, and security information for each section is stored as mutually exclusive security information with respect to access permission.

The processor 12 has a judgment program 12a,
Transfer registration program 12b and information transmission program 12
c. The determination program 12a derives attribute information of a user who uses the terminal based on the ID number transmitted from each terminal based on the access right management database 13, and derives content in the security information database 14 based on the attribute information. It is determined whether or not is accessible. The transfer registration program 12b performs a transfer registration process based on the personnel transfer information transmitted from the personnel department server 51. The information transmission program 12c transmits various information such as information to which access is permitted to each terminal and each department server.

FIG. 2B is a diagram showing an example of a detailed configuration of the department server 31. The basic configuration is the same as that of the center server 1 shown in FIG.
11, a processor 312, an access right management database 313, and a security information database 314. The processor 312 determines the judgment program 31
2a, a transfer registration program 312b and an information transmission program 312c. Each program 312a-312
The processing of c is the same as that of the programs 12a to 12c. The configuration of the other department servers 41, 51, and 61 is the same as the configuration of the department server 31, and a description thereof will be omitted.

FIG. 3 is a diagram showing an example of the data structure of the access right specifying information stored in the access right management database 13. As shown in FIG. 3, the access right management database 13 stores access right specifying information including an employee name, an ID number, and a department name for each employee. Employee name is name and ID to identify each employee
The number is an identification number assigned to each employee to identify a certain employee from other employees. One of a sales department, an accounting department, a human resources department, and a system design department is assigned to a department name as assignment information in a company. In addition, a unique number is assigned to the ID number according to the position of each employee. For example, an 8-digit number starting with 10 is used for the manager-level employee, an 8-digit number starting with 20 for the section-level employee, and an 8-digit number starting with 30 for the other employees. Note that I
Information for identifying each department may be added to the D number. For example, a two-digit number for identifying each department is assigned to the next two digits of a two-digit number specifying a position. For example, 30 for the sales department, 40 for the accounting department, and 5 for the human resources department.
0, the system design department is 60 mag. Further, the next four digits after the numerical values for identifying the four-digit positions and departments are given different numerical values for each employee.

Although only one department name is associated with an ID number, only when a personnel change is issued, a plurality of department names are assigned to one employee name as the department name before the change and the department after the change. It is identifiably associated and indicates that a plurality of departments are concurrently serving. If a plurality of department names are associated, transfer period information for specifying a transfer period is given to the access right specifying information of the employee.

In the example of FIG. 3, since the employee H is transferred from the accounting department to the sales department, the accounting department and the sales department are associated with the department name. -10/20 "(October 10
From October 20 to October 20).

FIG. 4 shows the access right management database 313.
FIG. 3 is a diagram showing an example of a data structure of access right specifying information stored in a. As shown in FIG. 4, the access right management database 313 stores access right identification information including an employee name, an ID number, and a department name in association with each employee in the same manner as the access right management database 13. It is. The difference from the database 13 is that the access right management database 313 stores access right specifying information of only employees belonging to the department of the department server 31 to which the database 313 belongs. Therefore, in principle, the department name included in the access right specifying information stored in the access right management database 313 provided in the department server 31 of the sales department is only the sales department.

However, only when a personnel change is issued, a plurality of department names are associated with one employee name, indicating that a plurality of departments are concurrently serving. If a plurality of department names are associated, transfer period information for specifying a transfer period is given to the access right specifying information of the employee. The data change during the personnel change issuance is the same as in the case of FIG. It should be noted that the access right management database of the section related to any of the section names during the concurrent post is also stored including its employees. In the example of FIG.
Employee H is still in the accounting department, but is eventually transferred to the sales department, and is also serving as both departments. Therefore, the employee H is stored in the access right management database 313 of the sales department. Of course, it is also stored in the access right management database of the accounting department.

FIG. 5 shows an example of the data structure of the security information in the security information database 14.

An index as a headline of the content is associated with the content indicating the content itself of the security information, and further, this content is associated with department-based access permission information and post-based access permission information. When an employee selects an item for which information transmission is desired from the index displayed as a list on the display screen of the terminal, the employee can receive the content only when access is permitted by each access permission information.

The security information for each position includes, for example, manager-level information accessible only to the manager-level, manager-level information accessible only to the manager-level or higher, and general information accessible to all employees. Whether or not
Specified by post-specific access permission information. Therefore, manager-level employees can access all of manager-level information, section-level information, and general information, section-level employees can access section-level information and general information, and general employees can access only general information. is there. Therefore, these pieces of information are hierarchical in terms of access permission, and can access certain manager-level information but cannot access section manager-level information, and can access section manager-level information but cannot access manager-level information. Are not mutually exclusive information.

The security information for each department can be accessed for each department, for example, business information accessible only to the sales department and accounting information accessible only to the accounting department. Is specified by the section-specific access permission information. Also, sales information cannot be accessed by employees of other accounting departments, human resources departments, and system design departments, and accounting information cannot be accessed by employees of other sales departments, human resources departments, and system design departments. As a general rule, only one department information can be accessed. That is, each department information is exclusive with respect to the access permission, and is mutually contradictory information regarding the access permission.

Further, access is permitted only to the employees to whom access is permitted with respect to both the position-based access permission information and the section-based access permission information. That is, for example, even if access is permitted only from post-specific access permission information, access is not permitted if access is not permitted based on section-specific access permission information.

The security information database 314 provided in the department server 31 has the same data structure as that of the security information database 14, but has no department-specific access permission information and is permitted only to that department. Only security information is stored. Of course, security information permitted only to other departments may be stored as needed.

Next, the security management method will be described with reference to the sequence diagram of FIG. 6, taking as an example a case where the employee H to which the terminal 42 is assigned is transferred from the accounting department to the sales department. In the sequence diagram of FIG. 6, transmission and reception of information between terminals and servers via the network are indicated by arrows, and information processing at each terminal and server is indicated by circles. Unless otherwise specified, transmission and reception of information between terminals and servers is performed via a network.

First, when a personnel change is issued from the personnel department to transfer the employee H from the accounting department to the sales department, the personnel change information on the employee H is transmitted to the networks 3 and 2 by the department server 51 of the personnel department. It is transmitted to the center server 1 via the server (s1). The personnel change information is not sent from the department server 51 but to the personnel department terminal 52.
To 55 may be transmitted. The personnel change information includes access right specifying information on employee H and employee H
Includes transfer period information indicating a transfer period in which both departments are concurrently used. It is desirable that the employee H be notified of the personnel change prior to the transmission of the personnel change information.

Transfer registration program 1 of center server 1
2b performs personnel change registration processing based on personnel change information received via the interface 11 (s2). The personnel change registration process is specifically performed in the personnel change registration program 1
2b updates the ID number of the access right specifying information of the employee H to a new ID number and adds a new department name. In the example of FIG. 4, the ID number “30400008” assigned to the employee H belonging to the accounting department before the transfer is set to I
The department name “Accounting department” which has been rewritten to the D number “30300008” and associated with this new ID number
Next, the department name “sales department” of the employee H belonging to the sales department after the transfer is associated with the employee H. As a result, the access right specifying information on the employee H in the access right management database 13 is updated to information indicating that the employee H is concurrently serving.

When the personnel transfer registration processing is completed, the information transmission program 12c of the center server 1 is updated to the department servers 31 and 41 of the accounting department and the sales department, which are the departments before and after the employee H is changed. The access right identification information is transmitted (s3a, s3b). This allows
Personnel changes have been issued to each department. Each of the section servers 31 and 41 is provided with an access right management database 313.
Is rewritten with the updated access right specifying information on the employee H (s4a, s4).
b). FIG. 4 shows an example of the data structure of the access right management database 313 in which the access right specifying information of the employee H is updated.
Is shown in Further, the updated access right specifying information is transmitted to the terminal 42 assigned to the employee H (s
5). The access right specifying information may be transmitted from the center server 1. At least the new ID number “30300008” in the access right specifying information transmitted to the terminal 42 is assigned to the CRT provided in the terminal 42.
Etc. are output from output means (not shown). From this output result, the employee H can know the new ID number.

As described above, after the personnel change is issued to each department and after the concurrent position, the employee H turns on the power of the newly allocated terminal 35 and tries to access the center server 1 ( s11), the input of the ID number is requested from the center server 1 (s12). A new ID that the employee H has previously learned from the terminal 35 based on the output result of the terminal 42
When the number "30300008" is input (s13), the determination program 12a of the center server 1 determines whether or not the access is permitted, and as a result, the access to the security information on the new sales department is permitted (s1).
4). Two ID numbers may be assigned to the employee H during the transfer period. In this case, the ID number “3” in the accounting department era is used.
When "0400008" is entered, access to security information relating to the accounting department is permitted.
The processes 1) to (s14) are the same when the terminal 42 accesses the center server 1. When the access is permitted, desired information is transmitted from the center server 1 based on the information request from the terminal 42 to the information transmission program 12.
c to the terminal 42.

In step (s14), the access permission is determined by searching the access right management database 13 based on the received ID number, extracting the department name associated with the ID number, and The position is specified based on the position information included in the number. On the other hand, the section-based access permission information and the post-based access permission information included in the security information shown in FIG. 5 are searched to determine whether or not the content requested to be transmitted by the employee H can be accessed based on the access permission information. judge.

As described above, at the time of personnel change, it is possible to access both the security information before the personnel change and the security information after the personnel change only by inputting the ID number from the new terminal of the new transfer destination. The environment is set.

Next, after the personnel change is announced, the employee H
Is completed, the center server 1 updates the access right specifying information based on the transfer period information included in the access right specifying information of the employee H in the access right management database 13 (s21). This update process deletes the department name before the change and deletes the change period information. As a result, only the ID number and the department name of the sales department are associated with the employee H. If two ID numbers are assigned to employee H during the transfer period,
The ID number of the accounting department is deleted. The updated access right specifying information is transmitted to the department servers 31 and 41 of the sales department and the accounting department (s22a, s22b). The department servers 31 and 41 update the access right specifying information on the employee H in the access right management database 313 based on the updated access right specifying information (s23).
a, s23b). This updating process is performed in the same manner as in (s14).

Next, after the concurrent post is completed, that is, after October 21, the employee H attempts to access the center server 1 from the terminal 35 (s31), and the ID number is "30400008".
Does not grant access to the accounting department's security information. This is because the center server 1 searches the access right specifying information of the access right management database 13 in a timely manner, and further updates the access right specifying information to the access right specifying information of only the sales department based on the transfer period information. Therefore, based on the access right specifying information, the determination program 12a determines whether or not the access right is permitted in the same manner as in (s14) (s32), and transmits that the access is not permitted to the terminal 35 (s33). The same applies to the case where the terminal 42 attempts to access the center server 1.

As described above, according to the present embodiment, when there is a personnel change, the access right specifying information of the employee who is the subject of the personnel change is rewritten.
The security information of a new transfer destination can be obtained only by inputting a number from a new terminal. In this way, two department names can be assigned to one employee and one ID
Only by assigning the number to the number, it is possible to set the access right according to the job without rewriting the access right specifying information of the employee, especially for each employee who is not in the normal business execution state.

FIG. 7 compares the features of this embodiment with the conventional example. The table of FIG. 7 shows the contents of work, work place, and affiliation of the employee H of the above-described embodiment, and two conventional examples that can be accessed security information according to the present embodiment over time. As can be seen from FIG. 7, in the case of the conventional system, only the security information of any department can be accessed during the period from October 10 to October 20. It is understood that the security information can be accessed, and as a result, the setting of the access right according to the work content, work place, affiliation, etc. of the employee H is realized.

Further, by assigning the transfer period information indicating that the job is concurrently assigned and a plurality of department names to the employees who are also concurrently assigned, both the security information unique to the department before the change and the security information unique to the department after the change are transferred. Can be obtained. As a result, a handover process accompanying a personnel change can be smoothly performed. Further, since the transfer period information manages from the issuance of the personnel change to the end of the concurrent position, the access right specifying information is updated without any action by the employee, and the normal security management is maintained.

The present invention is not limited to the above embodiment. For example, the case where the access right specifying information is updated on both the center server and the department server in response to the transmission of the personnel change information from the personnel department has been described, but the input of a new ID number from the terminal of the transfer destination has been described. The access right specifying information may be updated later in the department server.

Further, the case where an access request or an information transmission request is made to the center server 1 has been described. However, the present invention is not limited to this, and an access request or an information transmission request may be made to a department server of a department to which an employee belongs. Good. In this case, processing similar to that of the center server 1 is performed by the department servers 31, 41, 51, and 61.

Further, the case where the request for access permission and the determination are performed between the center server or the department server and the terminal via the network has been described. However, the present invention is not limited to this. For example, a plurality of stand-alone computers may be used. For example, when the user uses the system, the system can be applied to all systems in which access rights need to be determined for each user from the viewpoint of security protection. Although the setting of the access right is shown for each user, for example, a common ID number or password is assigned to all employees in a certain department, and access permission is determined for each department based on the number and password. You may. Also, security protection during the transfer period and security protection after the transfer can be achieved only by having a plurality of pieces of identification information such as department names and job titles associated with the ID number without changing the ID number. Further, information indicating that the transfer period is in progress and information indicating the department name before the transfer and the department name after the transfer may be added to the ID number. For example, the last digit of the two-digit number that identifies the department is 4 instead of 0
Thus, it is possible to identify whether or not it is during the transfer period. In this case, for example, in the example of the personnel change of the employee H, the ID number “304” is assigned to the employee H before the personnel change registration processing (s2).
00008 ”becomes“ 30340008 ”after the registration process.
However, after the end of the transfer period, "30300008" is given. In this way, by including information indicating whether or not a transfer period is in progress and information on department names before and after the transfer, the ID number can be compared with the access permission information without reading the access right management database 13. Only with this, it is possible to determine access permission.

Also, a case has been described in which a program for executing the functions of the present invention is incorporated in a processor, and the functions of the present invention are executed by the program. For example, a computer-readable recording medium on which these programs are recorded is stored in a server. May be read from a recording medium reader (not shown), and the processor may execute the function.

[0049]

As described above in detail, according to the present invention, security management accompanying a change in the need for security protection becomes easy.

[Brief description of the drawings]

FIG. 1 is a diagram showing an overall configuration of a security management system according to a first embodiment of the present invention.

FIG. 2 is an exemplary view showing an example of a detailed configuration of a center server and a department server according to the embodiment.

FIG. 3 is an exemplary view showing an example of a data structure stored in an access right management database of the center server according to the embodiment.

FIG. 4 is an exemplary view showing an example of a data structure stored in an access right management database of the department server according to the embodiment.

FIG. 5 is an exemplary view showing an example of a data structure of a security information database according to the embodiment.

FIG. 6 is an exemplary sequence diagram of the security management method according to the embodiment;

FIG. 7 is a diagram showing a comparison between accessible security information of the present embodiment and conventional security information.

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 1 ... Center server 2-6 ... Network 31,41,51,61 ... Department server 32,33,34,35,42,43,44,45,5
2,53,54,55,62,63,64,65 ... terminal

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) G06F 17/60 158 G06F 17/60 158

Claims (14)

[Claims] 1. An identification identifying a user, the access right specifying information being determined based on attribute information indicating an attribute to which the user belongs and indicating whether the user is permitted to access information associated with the attribute information. Access right information storage means stored for each user in association with information; and reading out the access right storage means based on identification information given by the user, and accessing the information based on the read access right specifying information. Determining permission of access, wherein, when a plurality of the attribute information items are associated with the user, and the plurality of associated attribute information items are mutually exclusive with respect to the access permission, the plurality of attribute information items are determined. Security management system comprising access right determination means for permitting access to each associated information. Beam. 2. The access right information, wherein at least one of the users is mutually exclusive with respect to access permission and at least two pieces of the information are permitted to access, and the access right identification information is associated with the identification information. 2. The security management system according to claim 1, wherein the security management system is stored in a storage unit. 3. The security management system according to claim 1, further comprising receiving means for receiving the identification information via a network. 4. An access right specifying information which is permitted to access both of at least two pieces of information which are mutually exclusive with respect to an access permission for at least one user, and wherein access permission to the both information is started. The security management system according to claim 1, wherein the time and / or the end time are stored in association with each other. 5. The access right determination unit, when determining access permission before the start time, accesses one of the at least two pieces of information that are mutually exclusive. The security management system according to claim 4, wherein permission is given. 6. When the access right determination unit determines access permission after the end time, the access right determination unit determines access permission for at least one of the mutually exclusive information pieces. The security management system according to claim 4, wherein: 7. The security management system according to claim 1, wherein the attribute information mutually exclusive with respect to access permission is assignment information of the user in a company. 8. A method comprising: receiving attribute information indicating an attribute to which a user belongs; and receiving identification information identifying the user; wherein the user is associated with the attribute information based on the attribute information indicating the attribute to which the user belongs. An access right information storage unit that stores access right identification information indicating whether or not permission to access information is stored in association with identification information for identifying a user based on the identification information; And determining a permission of access based on the attribute information. The determination step is that the plurality of the attribute information items are associated with the user, and the plurality of the associated attribute information items are mutually exclusive with respect to the access permission. In case,
A security management method, comprising determining whether to permit access to each piece of information associated with the plurality of pieces of attribute information. 9. The access right information storage means stores the access right specifying information for at least one user who is permitted to access both of at least two pieces of information mutually exclusive with respect to access permission. The security management method according to claim 8, wherein the security management method is stored in association with information. 10. The access right specifying information which is allowed to access both of the at least two pieces of information which are mutually exclusive with respect to the access permission for at least one user, and that the access permission to both the information is started. The security management method according to claim 8, wherein the time and / or the end time are stored in association with each other. 11. The method according to claim 1, wherein, in the determining step, when the access permission is determined before the start time, the access permission is performed for one of the at least two pieces of information that are mutually exclusive. The security management method according to claim 10, further comprising performing a step. 12. The method according to claim 1, wherein in the determining step, when determining the permission of the access after the end time, the access is permitted to at least one of the at least two pieces of information that are mutually exclusive. 11. The security management method according to claim 10, comprising a step. 13. The security management method according to claim 8, wherein the attribute information mutually exclusive with respect to access permission is assignment information of the user in a company. 14. A computer, based on attribute information indicating an attribute to which a user belongs, identifies access right specifying information indicating whether the user is permitted to access information associated with the attribute information. Access right information storage means stored in association with the identification information; read out the access right storage means based on the identification information provided by the user and including the attribute information for identifying the user; Determining permission of access to the information based on the information, wherein the plurality of attribute information items are associated with the user, and the plurality of associated attribute information items are mutually exclusive with respect to the access permission; Security for functioning as access right determination means for permitting access to information associated with multiple attribute information Management program.