JP2002304317A - Data management system and data management method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a data management system allowing access to various data distributed to plural computers without consciousness of information about access authority set in each the data or a location of the data. SOLUTION: This data management system mainly comprises an access management function (an access management means) 10 and data access functions (data access means) 20 as shown in Figure. The data access function 20 acquires the data stored in the computers A, B, C on the basis of a data use request 30D received from a user's computer 30 connected to a network 100 including the Internet through the access management function 10 of the computer A, and the user's computer 30 executes result acquisition 30R from the data access function 20 through the access management function 10.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a database management system, and more particularly to a data management method for managing access authority.

[0002]

2. Description of the Related Art Conventionally, when trying to access data distributed to a plurality of computers on a network 1000N, a user recognizes in advance which computer the necessary data and database are registered in, and Was going to access.

FIG. 11 is a configuration diagram showing an example of a conventional data management system.

When the data A1100 is required from the user's computer 1000U, the computer A1000
Is connected to the network 1000N, and the data B1100
Is required, the network 1000N is connected to the computer B1000. Similarly, if the data C1100 is required, the computer C1000 is connected to the network 1
000N connection needs to be switched.

[0005] Also, by increasing or decreasing the amount of data or changing the data management method, data that has been on the same computer is distributed to a plurality of computers, or data that has been distributed to a plurality of computers is distributed to the same computer. Even in the case of the above integration, it is necessary to grasp all the computers to which the data used by the user has been transferred. Data on a computer is broadly classified into data managed by a relational database management system (RDBMS) and data managed by a file system of the computer. Regardless of the type of data, not everyone has unrestricted access, and the RDBMS or file system manages the data so that use can be restricted only to users who have been granted access.

[0006] Usually, an identification ID, a password, and the like are set in the data as access authority information, and the data can be used after authentication. For this reason, the user
You must always know the access authority information of all data that you may use. In the drawing, an arrow indicates a data flow 1000F.

FIG. 12 is a diagram showing an example of a data flow in a conventional data management system.

[0008] With respect to the computer D1000, the user A 1050 transmits the information to the computer 1 based on the access restriction information.
010U and data A1110 and data A1120
And are available. Further, the user B 1050 can use the data B 1110 via the computer 1020U based on the access restriction information.

[0009]

However, the prior art has the following problems.

[0010] By notifying each user of the access right information, there is a possibility that data security may be impaired. In general, the notification of access authority information to a user is not notified to the user as an individual, but to the user for the purpose of performing the job within the organization to which the user belongs. It was done.

[0011] When a new job is to be taken due to a personnel change or the like, the use of data that had been used up to now must be prevented, but the access authority information known as an individual is used. As a result, there has been a problem that data outside the range of job authority related to conventional access authority information may be used.

The present invention has been made in view of the above problems, and has as its object to manage which computer stores various data distributed to a plurality of computers, and to control each data. Data management that manages the information on the access authority possessed and the information on the access authority of the user, and allows the user to access the data without being aware of the location of the required data and the information on the access authority set for each data An object of the present invention is to provide a technology relating to a system and a data management method.

[0013]

The gist of the present invention is a data management method for receiving access from a user computer connected to a network such as the Internet. A first step of performing a user authentication process and a data access reception process based on a data use request from a user's computer, and based on a data use request from the user's computer authenticated by the user authentication process A second step of accessing data access means capable of accessing data desired by the user, and a third step of transmitting an access result corresponding to the data use request received from the data access means to the computer of the user.
Wherein the second step comprises a step of, when accessing the data access means, an access judgment in which correspondence information between the user, the access authority to the data and a computer capable of accessing the corresponding data is registered in advance. A data management method characterized by including a step of referring to information. The gist of the present invention described in claim 2 is that
When the access request from the user is user authentication, the first step performs an authentication check by referring to a user information table having a user ID and a password in the access determination information; It is determined whether the user ID and the password can be authenticated. If the user can be authenticated, a use having the user ID in the access determination information and a location ID associated with the user ID Searching a user-location table and a location table having server information and data authority information holding the address of the computer where the location ID and data are present, and acquiring the corresponding server information;
Connecting to the data access means of the corresponding computer and requesting acquisition of a name of usable data. The gist of the present invention described in claim 3 is that, in the first step, when the access request from the user is not user authentication, the user I in the access determination information
Performing an authentication check with reference to a user information table having a password D and a password; and, if the access request from the user is not user authentication, the user ID and the user ID in the access determination information are related. User-location with location ID attached
An available data table created based on a table, a location table having server information and data authority information holding the location ID and the address of the computer where the data desired by the user exists, and the location A step of searching a table and obtaining the server information; and a step of connecting to the data access means of a corresponding computer based on the obtained server information and requesting execution of an access command. The data management method according to claim 1. The gist of the present invention according to claim 4 is that, in the second step, after the data access unit connects to a file system such as an RDBMS based on data authority information of the access determination information,
Determining whether the access request from the user is a request for a data name, and if the request is a data name, requesting the file system to acquire an available data name; Acquiring the data name and transmitting the data name to the access management unit. 4. The data management method according to claim 1, further comprising the steps of: The gist of the present invention according to claim 5 is that, in the second step, after the data access means connects to a file system such as an RDBMS based on the data authority information of the access determination information, Judge whether the access request is a request for data name, and if there is no data name,
2. The method according to claim 1, further comprising: issuing an access command to the file system; and acquiring an execution result of the access command as the access result from the file system, and transmitting the execution result to the access management unit. The data management method according to any one of (1) to (4). The gist of the present invention according to claim 6, wherein the third step is a step of registering an available data name, which is the access result acquired from a data access unit, in an available data table of the access determination information; Requesting a location such as all computers to acquire a data name, and transmitting a list of accessible data names to a user computer. Be in data management method. The gist of the present invention according to claim 7, wherein in the third step, an execution result of the access command as the access result is received from the data access means and transmitted to a user computer. 6. The data management method according to any one of claims 1 to 6, wherein The gist of the present invention described in claim 8 is as follows.
A database access method using the data management method according to any one of the above-mentioned items, wherein employees such as banks and temporary employees who frequently change work locations use the database. Be in the way. The gist of the present invention described in claim 9 is:
A storage medium in which a program capable of executing the data management method according to any one of claims 1 to 7 is recorded. The gist of the present invention is a data management system which is accessed from a user's computer connected to a network such as the Internet, wherein user authentication is performed based on a data use request from the user's computer. A computer having access management means for performing processing and data access reception processing, and data access for accessing data required by the user based on a data use request from the computer of the user authenticated by the access management means And a computer having means for transmitting, to the user's computer, an access result corresponding to a data use request via the access management means, wherein the access management means Access rights and data are stored Correspondence information between computer resides in the data management system characterized by having an access decision information registered. The gist of the present invention described in claim 11 is that
The access determination information includes: a user information table having a user ID and a password of a user who uses a database; a user-location table having a location ID associated with the user ID; A location table having server information and data authority information holding an ID and an address of a computer where data exists, an available data table created based on the user-location table and the location table; The available data table has the location ID associated with the user ID and a data name of data used by the user, and the server information is used by the user. Information of the computer that stores the data The data authority information, there is provided a data management system of claim 10, wherein the user is a permission information available.

[0014]

Embodiments of the present invention will be described below in detail with reference to the drawings.

FIG. 1 is a diagram showing a configuration of a data management system according to the present embodiment.

As shown in FIG. 1, the data management system according to the present embodiment is schematically constituted by an access management function (access management means) 10 and a data access function (data access means) 20, and a data access function 2
0 acquires data stored in the computers A, B, and C based on a data use request 30D received from the user's computer 30 connected to the network 100 including the Internet via the access management function 10 of the computer A. The user computer 30 can obtain the result 30R from the data access function 20 via the access management function 10.

The access management function 10 is provided in the computer A, and the data access function 20 is provided in the computers A, B, and C having data requested by the user's computer 30. “User authentication processing” and “data acquisition processing” are realized by the cooperative operation of these two functions.

The access management function 10 performs a user authentication process and a data access reception process based on a data use request 30D from the user.

In the data access reception process, the user
Refer to the user-location table 50B having information corresponding to the user's access authority, and refer to the data access function 2 of the computer in which usable data exists.
0, a data use request 30D is transmitted. Further, the access result received from the data access function 20 is transmitted to the user. In the figure, an arrow indicates a data flow 100F.

FIG. 2 is a diagram showing an example of information managed by the data management system according to the present embodiment.

FIG. 2 shows access determination information having correspondence information between a user and an access right to data.

The access determination information includes a user information table 50A and a user-location table 50B.
, A location table 50C, and an available data table 50D.

The user information table 50A has a user ID 50A1 and a password 50A2 of a user who uses the database.

User-location table 50B
Has a user ID 50A1 and a location ID 50B3.

The location table 50C has a location ID 50B3, server information 50C4, and data authority information 50C5. The server information 50C4 is
Holds the address of the computer where the data resides.
The data authority information 50C5 holds authority information for accessing data.

The available data table 50D has a user ID 50A1, a location ID 50B3, and a data name 50D6.

FIG. 3 is a diagram showing the flow of the user authentication process in FIG.

On the user's computer 30, the user connects to the access management function 10 using the user ID 50A1 and the password 50A2 (step S00).
1).

In the computer A, the access management function 10 receives the user ID 50A1 and the password 50A2, and uses the user ID 50A1 to enter the user information table 5
0A is searched, and whether or not the corresponding password 50A2 matches is checked. If the user ID 50A1 does not exist or the password 50A2 does not match, an error is returned (step S002).

When the user is authenticated, the user ID
The user-location table 50B is searched at 50A1, and the corresponding location ID 50B3 is obtained (step S003).

Next, the location table 50C is searched with the location ID 50B3, and the corresponding server information 50C4 and data authority information 50C5 are obtained (step S004).

Further, the computer having the data access function 20 is searched for, connected to the data access function 20 on the corresponding computer based on the server information 50C4, and the data authority information 50C5 is transferred (step S).
005).

In the computers A, B, and C having the data access function 20, the received data authority information 5
RDBMS file system 60D based on 0C5
(RDBMS or file system) to acquire an accessible data name 50D6 and pass it to the access management function 10 (step S006). Computer A
In, an available data table 50D is created based on the data name 50D6 passed from the data access function 20 (step S007).

Next, a list of data names 50D6 accessible to the data user is returned (step S008).

At the user's computer 30, the data user receives a list of available data names 50D6 (step S009).

In the case of an authentication error in step S002, the data user inputs the correct user ID 50A1 and password 50A2 in the user's computer 30 and reconnects to the access management function 10 (step S0).
10).

FIG. 4 is a diagram showing the flow of the data acquisition process in FIG.

In the user's computer 30, the user selects data to be used from a list of available data names 50D6, and accesses the data using access commands (data search, data addition, data update, data deletion, etc.). ) Is issued (step S101).

The computer A receives the data name 50D6 to be used and the access command, searches the available data table 50D with the data name 50D6, and acquires the corresponding location ID 50B3 (step S102).

The location table 50C is searched with the obtained location ID 50B3, and the corresponding server information 50C4 and data authority information 50C5 are obtained (step S103).

Based on the server information 50C4, it connects to the data access function 20 on the corresponding computer, and transfers the data authority information 50C5 and the access command (step S104).

The computers A, B, and C connect to the RDBMS file system 60D (RDBMS or file system) based on the received data authority information 50C5 and execute an access command (step S105).

The RDBMS file system 60D (RD
A result of executing the access command is acquired from the BMS or the file system and transferred to the access management function 10 (step S106).

The computer A receives the execution result of the access command and returns the result to the data user (step S107).

The user computer 30 receives the execution result of the access command (step S10).
8).

FIG. 5 is a flowchart showing an access management function according to the embodiment of the present invention.

First, the flow of the access management function will be described with reference to FIG.

When there is an access request from the user (step T100), it is determined whether or not the user is authenticated (step T101).

In the case of user authentication (YES in the figure), the user ID 5 is referred to by referring to the user information table 50A.
An authentication check is performed based on 0A1 and password 50A2 (step T102). It is determined whether the user ID 50A1 and the password 50A2 have been authenticated (step T103).

When the user has been successfully authenticated (YES in the figure), the user-location table 50B and the location table 50C are searched, and the corresponding server information 50C4 is obtained (step T104). Here, the user-location table 50B and the location
Reference is made to table 50C.

Data access function 2 of the computer
0, and requests acquisition of the name of usable data (step T105). Here, the process proceeds to step T201 in FIG.

If the user could not be authenticated in step T103 (NO in the figure), a display of an authentication error is returned to the user (step TT121).

In step T101, when the user authentication is not performed (NO in the figure), the available data table 50D and the location table 50C are searched, and the corresponding server information 50C4 is obtained (step T13).
1).

Data access function 2 of the computer
0, and requests execution of an access command (step T132). Next, the process proceeds to step T201 in FIG.

Next, the flow of the data access function in FIG. 6 will be described.

FIG. 6 is a flowchart showing a data access function according to the embodiment of the present invention.

Based on the data authority information 50C5, the RDB
Connect to the MS file system 60D (RDBMS or file system) (step T201).

It is determined whether the request is for the data name 50D6 (step T202).

The data name is 50D6 (YES in the figure).
), The RDBMS file system 60D (RDB
MS or file system) is requested (step T203).

The RDBMS file system 60D (RD
An available data name is acquired from a BMS or a file system (step T204).

The obtained information is transferred to the access management function 10 (step T205). Next, step T1 in FIG.
Return to 06.

In step T202, data name 5
If it is not 0D6 (NO in the figure), an access command is issued to the RDBMS file system 60D (RDBMS or file system) (step T211).

The RDBMS file system 60D (RD
The execution result of the access command is acquired from the BMS or the file system (step T212). Next, the process of step T205 is performed, and the process returns to step T141 of FIG.

Referring again to FIG. 5, the flow of the access management function after the processing in FIG. 6 will be described.

The available data name acquired from the data access function 20 is registered in the available data table 50D (step T106).

It is determined whether acquisition of data names has been completed for all locations (step T10).
7).

Data name 5 for all locations
When the acquisition of 0D6 is completed (YES in the figure), a list of accessible data names 50D6 is returned to the user computer 30 (step T108).

The user computer 30 displays a data name list (step T109).

If it is determined in step T107 that the acquisition of the data names 50D6 has not been completed for all the locations (NO in the figure), the process returns to step T105.

The continuation of the processing flow relating to the access command in FIG. 6 will be described.

The execution result of the access command is received from the data access function 20 (step T141).

The execution result of the “access command” is returned to the user computer 30.

The user computer 30 displays the command execution result (step T143).

(Example) Next, a data management method according to the present embodiment will be described using an example.

FIG. 7 is a diagram showing the settings of the present embodiment in the information of FIG.

As shown in FIG. 7, a user information table 50A, a user-location table 50B and a location table 50C are set in advance.

FIG. 8 is a diagram showing a normal use example in the present embodiment in the setting of FIG.

When the information is set as shown in FIG. 7, the user UA is provided with “L” in the location ID 50B3.
"1" and "L2" are related.

Further, “Comp1” in the server information 50C4 that holds the address of the computer A is associated with “L1” and “L2”, and “Kengen1” and “Kengen1” in the data authority information 50C5 that can access the computer A. Each is related to “Kengen2”. Also, information that can be used for the user UB and the user UC is set in the same manner.

After setting in these tables, the data name 50D in the available data table 50D
The “sales data”, “order data”, and “daily report data” of No. 6 are respectively associated with “L1”, “L1”, and “L2” of the location ID 50B3 associated with “UA” of the user ID 50A1. Also, information that can be used for the user UB and the user UC is set in the same manner.

FIG. 9 is a diagram showing another example of use in this embodiment in the setting of FIG.

When data accessible by “Kengen2” stored in computer A is moved to computer B, for example, specific data is moved to another computer for purposes such as load distribution of the computer,
"Kengen" stored in computer C, such as changes in data available to specific individuals such as personnel changes
User UB who used the data accessible in "3"
Shows a case where the data used by is changed to data accessible by “Kengen4”.

FIG. 10 is a diagram showing an example of changing the table contents in FIG. 7 according to the use example of FIG.

Initially, for example, moving specific data to another computer for the purpose of distributing the load on the computer, etc.
A case where data stored in the computer A accessible by “Kengen2” is moved to the computer B will be described.

The system administrator changes the contents of the server information 50C4 corresponding to the corresponding “L2” in the location ID 50B3 of the location table 50C from “CompA” meaning the computer A to “CompB” meaning the computer B. Thus, the information for connecting to the computer A can be changed to the information for connecting to the computer B. Due to this change in the content, the user UA can use the data regardless of the movement of the data as before.

Further, in the case where the access right to the data available to a specific individual changes due to a personnel change or the like, the user UB is changed from “Kengen 3” meaning the access right to the data stored in the computer C to another. "Kenge" which means access authority to data
The case where the number has changed to "n4" will be described.

The operation manager of the system determines the location of the user UB from “L3” to “L” for the location ID 50B3 corresponding to “UB” of the user ID 50A1 in the user-location table 50B.
4 to “K” corresponding to the computer C
The setting accessible from “engen3” can be changed to the accessible setting “Kengen4” corresponding to the computer D. With this setting change, the user UB can use new data.

Since the data management system and the data management method according to the embodiment are configured as described above, the following effects can be obtained.

When data accessible by “Kengen2” stored in the computer A is moved to the computer B, such as moving specific data to another computer for the purpose of distributing the load of the computer, the conventional system The operation manager notifies the user UA that the corresponding data has moved to the computer B, and the notified user UA accesses the computer B when using the data accessible by “Kengen2”. However, in the present embodiment, the system operation manager determines “L” in the location ID 50B3 of the location table 50C.
"CompA" in the server information 50C4 corresponding to "2"
By changing the content from “CompB” to “CompB”, the content can be changed from the information for connecting to the computer A to the information for connecting to the computer B. Thereby, the user U
A can use the same data as before.

Further, the data used by the user UB who has used the data accessible by “Kengen 3” stored in the computer C is changed to “Kengen
If you change to data that can be accessed with "4",
The system operation manager notifies the user UB of the information for connecting to the computer D and the “access authority information” for using the data, and the user UB receiving the notification notifies the user UB of the computer based on the information. D and connect to "Keng
It was necessary to use data accessible by "en4". In addition, the system operation manager uses the information of the old knowledge to the user UB to store “Keng” in the computer C.
Although it was necessary to ensure security so as not to use data that can be accessed with "en3", in this embodiment, the system operation manager sets "U" in the user ID 50A1 of the user-location table 50B.
By changing the location ID 50B3 corresponding to “B” from “L3” to “L4”, “Ke” of the computer C is changed.
ngen3 ”to access computer D
Can be changed to a setting that can be accessed with "Kengen4". With this change, the user UB can use the new data. Further, since the user UB has not been informed of the information for connecting to the computer C and the data authority information 50C5 for using the data from the beginning, no special work for ensuring the security is required.

The computer A is provided with only the access management function 10 in accordance with the processing capacity and the storage capacity of the computer, so that it is possible to centrally perform the approval processing of the access authority to the data of the user.

The computers B and C also have access management functions 10 according to the processing capacity and storage capacity of the computers.
By having the above, it is possible to have distributed access points.

In the present embodiment, the present invention is not limited to this, and can be applied to a technique relating to a data management system and a data management method suitable for applying the present invention.

Further, the number, position, shape, etc. of the above-mentioned constituent members are not limited to the above-described embodiment, but can be set to a number, position, shape, etc. suitable for carrying out the present invention.

In each of the drawings, the same components are denoted by the same reference numerals.

[0096]

Since the present invention is configured as described above, the following effects can be obtained. If data that is stored on the original computer and is available for access is moved to another computer, such as moving specific data to another computer for the purpose of distributing the load on the computer, the system operation administrator Location ・
By changing the content of the server information corresponding to the corresponding location ID in the table from the original computer to the other relevant computer with respect to the location of the computer, the information that can be connected to the original computer and the information that can be connected to another relevant computer Change the content to Users can use the same data as before.

If the access right of the user who originally used the data of the computer using the initial access right is changed to another access right, for example, due to a personnel change, the system operation manager will be notified of the user. -By changing the user ID of the location table from the original location ID to another location ID, the content is changed from the original access right to the computer to the access right to the other computer, and the user is allowed to access the other computer. New data will be available. Since the user is not informed of the information for connecting to the computer or the data authority information on the access authority for using the data, no special work is required to ensure security.

In the case where employees, such as a bank or a temporary worker, whose work location changes frequently, use the database of the base from the usual work location, it is possible to eliminate the trouble of issuing an ID when the work location is changed. Protection can also be achieved.

As described above, when a user uses data (RDB, document file, etc.) distributed to a plurality of computers on a network, connection information to a computer that stores data to be used by the user and use of the data is made. Necessary data can be used without being aware of data access authority information, which reduces the burden on the user regarding computer data. Further, since the user does not need to know the data access right information directly, improvement in security can be expected. Further, the labor for reissuing the ID card for data access accompanying the updating work can be saved.

[Brief description of the drawings]

FIG. 1 is a diagram showing a configuration of a data management system according to the present embodiment.

FIG. 2 is a diagram showing an example of information managed by a data management system according to the present embodiment.

FIG. 3 is a diagram showing a flow of a user authentication process in FIG. 1;

FIG. 4 is a diagram showing a flow of a data acquisition process in FIG. 1;

FIG. 5 is a flowchart showing an access management function according to the embodiment of the present invention.

FIG. 6 is a flowchart showing a data access function according to the embodiment of the present invention.

FIG. 7 is a diagram showing settings of the embodiment in the information of FIG. 2;

FIG. 8 is a diagram showing an example of a normal use in the embodiment in the setting of FIG. 7;

FIG. 9 is a diagram showing another example of use in the present embodiment in the setting of FIG. 7;

FIG. 10 is a diagram showing an example of changing the table contents in FIG. 7 according to the use example of FIG. 9;

FIG. 11 is a configuration diagram illustrating an example of a conventional data management system.

FIG. 12 is a diagram showing an example of a data flow in a conventional data management system.

[Explanation of symbols]

A, B, C Computer D Computer UA User UB User UC User 10 Access Management Function (Access Management Means) 20 Data Access Function (Data Access Means) 30 User's Computer (User Computer) 30D Data Usage Request 30R Acquisition of results 50A User information table 50A1 User ID 50A2 Password 50B User-location table 50B3 Location ID 50C Location table 50C4 Server information 50C5 Data authority information 50D Available data table 50D6 Data name 60D RDBMS file system 100 Network 100F Data flow A1000, B1000, C1000, D1000 Computer A1050 User A1100, A11 0, A1120, B1100, B
1110, C1100 data 1000F Data flow 1000N Network 1000U, 1010U, 1020U Computer

Continuation of the front page F term (reference) 5B017 AA07 BA05 CA16 5B082 GA11 HA08 5B085 AE02 AE03 BA07 BG04 BG07

Claims (11)

[Claims] 1. A data management method for receiving access from a computer of a user connected to a network such as the Internet, wherein the access management means performs a user authentication process based on a data use request from the computer of the user. And a data access accepting process, and a data access unit capable of accessing data desired by the user based on a data use request from the computer of the user authenticated by the user authentication process. A second step of accessing, and a third step of transmitting an access result corresponding to the data use request received from the data access unit to the user's computer, wherein the second step includes a data access When accessing the means, access to said user and data Data management method characterized by comprising the step of referring to the access decision information correspondence information between computers that can access the data and the appropriate permissions have been previously registered. 2. The method according to claim 1, wherein when the access request from the user is user authentication, the authentication check is performed by referring to a user information table having a user ID and a password in the access determination information. And determining whether the user ID and the password have been authenticated. If the user can be authenticated, the location associated with the user ID and the user ID in the access determination information A user-location table having an ID and a location table having server information and data authority information holding the address of the computer where the data exists and the location ID and the corresponding server information are obtained. Connecting to the data access means of the relevant computer; The data management method according to claim 1, characterized in that it comprises the step of requesting the name acquisition of use available data. 3. The method according to claim 1, wherein, if the access request from the user is not user authentication, the first step performs an authentication check by referring to a user information table having a user ID and a password in the access determination information. Performing a user-location table having a user ID in the access determination information and a location ID associated with the user ID when the access request from the user is not user authentication; Location I
Search for an available data table created based on D and a location table having server information holding data of a computer where the data desired by the user exists and data authority information, and the location table Acquiring the server information; and connecting to the data access means of the corresponding computer based on the acquired server information, and requesting execution of an access command. Data management method described in. 4. The method according to claim 2, wherein, after the data access unit connects to a file system such as an RDBMS based on the data authority information of the access determination information, an access request from the user includes a data name. Judging whether it is a request, and if the data name, requesting the file system to obtain an available data name; obtaining the available data name as the access result from the file system; Transmission step.
The data management method according to any of the above. 5. In the second step, after the data access unit connects to a file system such as an RDBMS based on the data authority information of the access determination information, the access request from the user may include a data name. Determining whether the request is a request, and if there is no data name, issuing an access command to the file system; acquiring an execution result of the access command as the access result from the file system; and transmitting the execution result to the access management unit 5. The data management method according to claim 1, further comprising the steps of: 6. The third step includes: registering an available data name, which is the access result obtained from data access means, in an available data table of the access determination information; Requesting the user to obtain a data name and transmitting a list of accessible data names to the user computer. 6. The data management method according to claim 1, further comprising: 7. The method according to claim 1, wherein in the third step, an execution result of the access command as the access result is received from the data access unit and transmitted to a user computer. Data management method described. 8. A database access method using the data management method according to any one of claims 1 to 7, wherein employees such as a bank or a temporary worker who frequently changes work locations use the database. A database access method characterized by: 9. A storage medium on which a program capable of executing the data management method according to claim 1 is recorded. 10. A data management system which is accessed from a user's computer connected to a network such as the Internet, wherein a user authentication process and a data access reception process are performed based on a data use request from the user's computer. And a computer having data access means for accessing data required by the user based on a data use request from the user's computer authenticated by the access management means. The data access unit transmits an access result corresponding to a data use request to the user's computer via the access management unit, and the access management unit includes an access right to the user and the data and data. Is stored on the computer and Data management system characterized by having an access decision information corresponding information is registered. 11. The access determination information includes: a user information table having a user ID and a password of a user who uses a database; and a user-location / user having a location ID associated with the user ID. Table, a location table having server information and data authority information holding the location ID and the address of the computer where the data exists, and a user created based on the user-location table and the location table. An available data table, wherein the available data table has the location ID associated with the user ID and a data name of data used by the user, and the server information includes: A computer that stores data used by the user. The data management system according to claim 10, wherein the data authority information is information on a computer, and the data authority information is information on authority that can be used by the user.