JP2010122855A - Operation device and operation method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an operation device which restricts operable items for each user and easily changes the contents of the restriction, and provide an operation method thereof. <P>SOLUTION: The operation device is connected to an operator terminal and a monitoring-object device and monitors and controls the monitoring-object device by means of operation from the operator terminal. The operation device has: a terminal communication part 131 which controls communication between the operator terminal and the operation device itself; a device communication part 132 which controls communication between the monitoring-object device and the operation device itself; and a storage part 133 which stores operation group data which are information including information on operation items, which can be operated under a user's authority, and user information. The terminal communication part extracts information on operation items, which an operating user can operate, from an operation group which the operating user belongs to, on the basis of user information received from the operator terminal and the user information included in the stored operation group data. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to an operation device and an operation method, and more particularly, to an operation device and an operation method in which a menu that can be operated by an operator is restricted and the restriction setting can be easily changed.

  At present, various devices such as servers, network devices such as routers and switches, and VoIP (Voice over Internet Protocol) devices are connected as a system infrastructure via a network. A system that centrally monitors the status of these devices and performs maintenance work is called an operation system.

  Since the number of devices connected to the network has been increasing year by year, the time and labor costs for maintenance and management have been increasing. Therefore, various devices have been devised to reduce the man-hours related to maintenance management.

  For example, for maintenance tasks that are regularly executed in a relatively simple fixed procedure such as backup acquisition or traffic status collection, create the procedure as a program and execute it automatically. Yes.

  In addition, for example, even if maintenance work is performed regularly, work that requires human judgment on the timing and target of its execution cannot be automatically executed, so it is performed manually. There is a need.

However, since it is inefficient if the administrator of each device executes it individually, use the operation system to concentrate the procedures that can be executed even by those who are not familiar with the target system. There is also a way to manage it.

  According to this, by using the operation system, the status of each device connected to the network can be displayed graphically on a single screen, making it easy to grasp the overall state of the system. .

In addition, if the user of the operation system has the user ID of the operation system, the user of the operation system can operate the target device without having an account for each of the target devices.

Therefore, it is not necessary to create / delete IDs corresponding to the number of devices each time the number of users increases / decreases, and there is an advantage that user management is simplified.

  However, the fact that it is possible to operate the target device without having an account for each monitored device has the advantage of simplifying user management, but also causes a decrease in security. There is.

  In particular, the operations performed by the user of the operation system are centered on the tasks that are procedural as described above, and the user is not necessarily familiar with the devices to be monitored and the services that are operating on them.

Therefore, it is particularly important to limit the menus that can be operated by the user of the operation system in order to prevent commands such as changing the system configuration from being input due to an operation error.

  In order to solve such a problem, for example, as shown in Patent Document 1, an operation screen is provided for each function, the operator's access is restricted for each screen, and only predetermined functions can be operated according to the authority of the operator. An operation method is disclosed.

JP 2004-318473 A

  However, in this method, access is restricted for each screen, so if more detailed restrictions are to be added, the number of screens increases, and this method is not suitable in terms of management and maintenance.

The fine restriction includes, for example, a case where it is desired to restrict each command when logging in to the monitoring target apparatus from the operation apparatus and inputting a command, or a case where it is desired to restrict the operation target apparatus.

For example, even when trying to add one command that can be operated, it is necessary to change the screen design such as creating a new command screen and organizing the relationship of links from other screens, and the number of operators. It is necessary to change the data that manages whether or not screen access is possible.

  As described above, when it is necessary to change the screen design every time it is changed, a process such as design, development, and testing is required each time, and there is a problem that manpower, time, and cost are required.

  Therefore, the present invention has been made in view of the above problems, and the object of the present invention is to manage only the menus that can be operated by the operator by managing the operation items that can be operated by the operator as independent data. The present invention provides a new and improved operation device and operation method that can dynamically create a screen on which is displayed, can appropriately limit the user's operation, and can easily change the setting of the restriction content. .

  In order to solve the above-described problem, according to one aspect of the present invention, an operation device is connected to an operator terminal and a monitoring target device, and monitors and controls the monitoring target device by an operation from the operator terminal. A terminal communication unit that controls communication with the operation device, a device communication unit that controls communication between the monitoring target device and the operation device, and operation item information and user information that can be operated according to user authority. A storage unit that stores operation group data that is information, and the terminal communication unit is operating based on user information received from the operator terminal and user information included in the operation group data stored in the storage unit An operation that can be operated by the current user from the operation group to which the user belongs. Operation device for extracting Shon item information is provided.

  With this configuration, it is possible to provide information on operation items that can be operated by the user who is operating. By using this information, only the operation items that can be operated by the operating user can be displayed on the screen, thereby preventing erroneous operation by the user.

  In addition, since the operation items are managed as separate data separated from the screen design, it is easy to change the setting of the restriction content.

  The terminal communication unit may display the extracted operation item information on a previously generated screen so that the user in operation can select it.

  When the screen is generated at a location different from the operator terminal and the above screen is acquired from the terminal, such a configuration can be adopted.

In addition, the terminal communication unit may transmit the extracted operation item information to the operator terminal so that the user operating the information can display the operation item information extracted by the operator terminal on the screen.

  Such a configuration can be adopted when generating a screen to be operated on the operator terminal.

  The operation device may further include an operation group data editing unit that edits operation group data stored in the storage unit according to input information from the operator terminal.

  With this configuration, the operation group data can be edited from the operator terminal, and the restriction setting change can be further facilitated.

  The operation item of the operation group data may be a device command for controlling the monitoring target device.

  With this configuration, when a command is input from the operator terminal to the monitoring target apparatus, it is possible to limit the commands that can be input by the user.

  The operation group data may have one or more user information for one operation group.

  With this configuration, when there is one piece of user information for one operation group, different restrictions can be imposed on each user.

  In addition, when there is a plurality of user information for one operation group with such a configuration, it is possible to reduce a load of setting change of restriction information by managing a plurality of users in a group.

  In order to solve the above-mentioned problem, according to another aspect of the present invention, it is executed in an operation device that is connected to an operator terminal and a monitoring target device and monitors and controls the monitoring target device by an operation from the operator terminal. An operation method, a step of storing operation group data, which is information including operation items operable by a user's authority and user information, in a storage unit, and a terminal communication unit stores user information received from an operator terminal An operation method comprising: extracting operation item information operable by the operating user from an operation group to which the operating user belongs based on the user information included in the operation group data stored in the section Is done.

  The operation method may further include a step of displaying the extracted operation item information on a previously generated screen so as to be selectable by the operating user.

The operation method further includes a step of transmitting the extracted operation item information to the operator terminal so that the user operating the operation item information can selectably display the extracted operation item information on the screen. May be.

  As described above, according to the present invention, it is possible to restrict the operation on the monitoring target device from the operator terminal, and it becomes easier to change the restriction content.

  Exemplary embodiments of the present invention will be described below in detail with reference to the accompanying drawings. In addition, in this specification and drawing, about the component which has the substantially same function structure, duplication description is abbreviate | omitted by attaching | subjecting the same code | symbol.

The “best mode for carrying out the invention” will be described in the following order.
[1] System Overview [1-1] Functional Configuration of Each Unit of Operation Device [1-2] Functional Configuration of Each Unit of Operator Terminal [1-3] Configuration of Data Stored in Storage Unit of Embodiment [2] Operation of the operation device [2-1] Operation of the terminal communication processing unit and the device communication processing unit [2-1-1] Operation when setting an operable command [2-1-2] Operation when inputting a command [2- 2] Operation of the operation group data editing processing unit [2-2-1] Operation at the time of registration [2-2-2] Operation at the time of change [2-2-3] Operation at the time of deletion

[1] System Overview First, an overview of an operation system according to an embodiment of the present invention will be described with reference to FIG.

  FIG. 1 is a diagram showing an example of the configuration of the operation system according to the present embodiment. An operation system 100 according to an embodiment of the present invention includes an operation device 1, a monitoring target device 2, and an operator terminal 3.

The operation device 1 and the monitoring target device 2, and the operation device 1 and the operator terminal 3 are connected by a network.

The connection method is, for example, a public line network such as the Internet, a telephone line network, a satellite communication network, various local area networks (LANs) including Ethernet (registered trademark), WAN (Wide Area Network), IP-VPN (Internet Protocol). It may include a private network such as -Virtual Private Network).

  The operation device 1 is a device for centrally monitoring and controlling the monitoring target device 2 from the operator terminal 3.

The monitoring target device 2 is a device such as a server, a switch, or a router, for example, and the operating status is monitored from the operator terminal 3 via the network and the operation device 1.

The operator terminal 3 is a terminal for using the function of the operation device 1 and may be a terminal such as a PC (Personal Computer).

A plurality of operator terminals 3 may be connected, and a plurality of users can be operated simultaneously. In addition, a plurality of monitoring target devices 2 are normally connected, but there may be one.

[1-1] Functional Configuration of Each Unit of Operation Device Next, a functional configuration of each unit of the operation device will be described with reference to FIG. The operation device 1 according to the present embodiment includes a network connection unit 11, a storage unit 12, and a CPU (Central Processing Unit) 13.

  The network connection unit 11 is a wired or wireless interface with other devices included in the operation system, and functions as a reception unit that receives various data from other devices and a transmission unit that transmits various data to other devices. .

The network connection unit 11 may have, for example, a wireless communication function defined in IEEE (Institut of Electrical and Electronic Engineers) 802.11a, b, g, or the like, or MIMO (Multiple defined in IEEE 802.11n). (Input Multiple Output) communication function may be provided, and the type is not limited.

However, the operation system generally has a communication function corresponding to a wired LAN generally defined in IEEE802.3.

  The storage unit 12 may be, for example, a magnetic disk such as a hard disk or a disk-type magnetic disk, and the type thereof is not limited as long as data can be written and recalled.

In the present embodiment, the operation group data 4 and the monitoring target device account 5 are stored in the storage unit 12.

Here, a plurality of storage units 12 may be provided, and the operation group data 4 and the monitoring target device account 5 may be stored in different storage units. Details of the structure of stored data will be described later.

  The CPU 13 is equipped with functions such as a terminal communication unit 131, a device communication unit 132, and an operation group data editing unit 133, and controls the overall operation of the operation device 1.

  That is, each function of the CPU 13 reads a control program from a storage medium (not shown) such as a ROM or RAM that stores a control program in which the CPU 13 describes a processing procedure for realizing the function, and interprets the program. To achieve this.

  In the present embodiment, each function is divided into the terminal communication unit 131, the device communication unit 132, and the operation group data editing unit 133. However, the present invention is not limited to this configuration.

  The terminal communication unit 131 has a function of controlling communication between the operator terminal 3 and the operation device 1.

The communication between the operator terminal 3 and the operation device 1 is, for example, an instruction from the input unit 32 of the operator terminal 3 and a menu that can be operated by the user from the operation group data 4 in the storage unit 12 of the operation device 1. For example, the operation to output.

  The device communication unit 132 has a function of controlling communication between the operation device 1 and the monitoring target device 2.

The communication between the operation device 1 and the monitoring target device 2 is, for example, based on an instruction from the operator terminal 3 to establish a connection with the designated monitoring target device 2 or to a device command received from the operator terminal 3 For example, an operation of putting it into the apparatus.

  The operation group data editing unit 133 has a function of setting the operation group 4 stored in the storage unit 12.

Details of the operation of each unit described above will be described later together with an operation flow.

[1-2] Functional Configuration of Each Part of Operator Terminal Next, the configuration of each part of the operator terminal 3 will be described with reference to FIG. The operator terminal 3 according to the present embodiment includes a network connection unit 31, an input unit 32, and a display unit 33.

  The network connection unit 31 is a wired or wireless interface with the communication network, and functions as a reception unit that receives various data from the operation device and a transmission unit that transmits various data to the operation device.

  The input unit 32 has a function of inputting an operation on the operation device. For example, it comprises an operation means comprising a keyboard, mouse, touch panel, buttons, switches, levers, dials, etc., and an input control circuit for generating an operation signal in response to a user's operation on the operation means and outputting it to the CPU 13. Yes.

  The display unit 33 has a function of displaying an operation screen for operating the function of the operation device.

The display unit 33 may be, for example, an LCD (Liquid Crystal Display), an organic EL (Electro-Luminescence) display, or the like, but is not limited thereto.

  In addition, about the operation screen displayed on a display part, the format which produces | generates a screen with the application on the operator terminal 3 using the data received from the operation apparatus 1 may be sufficient, and it produced | generated at other places. For example, the operator terminal 3 may acquire the screen and display the screen using, for example, a browser, and the place where the screen is generated does not matter.

[1-3] Configuration of Data Stored in the Storage Unit of the Present Embodiment Next, the configuration of the operation group data 4 and the monitoring target device account 5 stored in the storage unit 12 will be described with reference to FIGS. To do.

In this embodiment, an example in which a device command to be input to the monitoring target device 2 is used as an operation item for restricting an operation will be described.

  FIG. 2 is a diagram showing the configuration of the operation group data 4. The operation group data 4 is data for grouping users of the operation system 100 and managing the user group and a group of device commands that can be used according to the authority.

  The operation group data 4 includes an operation group name 41, a device command 42, and user information 43. Here, there may be one or more users belonging to the operation group, and there may be one or more device commands.

As shown in FIG. 3, the user information 43 includes a user ID 431 and a user password 432, and is information for identifying a user who operates the operation system 100.

The device command 42 is a command that can be input and operated on the monitoring target device 2. Here, commands that can be operated by users belonging to the group are grouped and managed.

  With such a configuration, for example, it is possible to manage by grouping a general user who is given a lower authority and a specific user who is given more authority than the general user.

  For example, when it is desired to permit a new command operation to 20 specific users, a command may be added to one specific user group.

  If the management is performed without using a group, the efficiency is higher than that in which it is necessary to add a command to each of the 20 data.

  In the present embodiment, the user information is used as one for each group, so that it is not used for group management but for managing device command information that can be individually operated for each user. You can also.

  FIG. 4 is a diagram showing the configuration of the monitoring target device account 5. The monitoring target device account 5 is account information for logging in to the monitoring target device 2 as the name suggests.

  The monitoring target device account 5 includes a device host name 51, a login account name 52, and a login password 53. The storage unit 12 stores information on the monitoring target device account 5 for the number of devices to be monitored.

  By having such information in the operation device 1, even if the user of the operation system does not have a login account for each of the monitoring target devices 2, the operation of the monitoring target device 2 can be performed by using the operation device 1. You will be able to

  The data used in the operation system 100 according to the present embodiment includes the group edit command 6 and the group information 7 in addition to the data stored in the storage unit.

The group editing command 6 is a command that is input from the operator terminal to the operation device in order to perform editing such as registration, change, and deletion of the operation group.

The group information 7 is data for exchanging information regarding operations between the operator terminal and the operation device.

  Details of the configuration of the group edit command 6 and the group information 7 will be described in detail when the operation is described below together with the flowchart.

[2] Operation of Operation Device Next, the operation of the operation device 1 will be described. Operations in the operation device according to the embodiment of the present invention include operations for registering / changing / deleting operation group data, operations for displaying only device commands that can be operated by the operating user on the screen of the operator terminal, and monitoring targets For example, an operation for inputting a device command to the device. The operation of each part of the operator terminal during these operations will be described below.

[2-1] Operations of Terminal Communication Unit and Device Communication Unit First, operations of the terminal communication unit and the device communication unit will be described. As operations related to these parts, on the operation screen of the operator terminal, select an operation for creating data for displaying only commands that can be operated by the operating user, and a command that can be subsequently operated from the screen, There is an operation to input to the monitoring target device.

  At this time, since the terminal communication unit and the device communication unit control the operation in conjunction with each other, the description will be made with reference to FIGS.

  First, the operation in the terminal communication unit will be described with reference to FIG. First, the terminal communication unit receives a message from the operator terminal (S501). Next, the received message is determined (S502). Here, when the message is group information, an operable command setting process is performed (S503), and when the message is a device command, a command input process is performed (S504). Next, the details of the operable command setting process and the command input process will be described with reference to FIGS.

[2-1-1] Operation when setting an operable command First, see the flowchart of FIG. 14, the command input screen of FIG. 7, and the data configuration diagrams of FIGS. While explaining.

When the operator selects an operation target device from the monitoring target devices 2 on the operation screen displayed on the display unit 33 of the operator terminal 3, the command input screen 310 in FIG. At this time, the group information 7 is transmitted to the terminal communication unit 131 of the operation device 1.

  The group information 7 is data including a user ID 71, a user password 72, a device host name 73, and a device command 74.

At this time, the transmitted group information 7 is a state in which the user ID 71 and the user password 72 of the user in operation and the device host name 73 of the selected device are set.

  In the operation shown in FIG. 14, after the terminal communication unit 131 receives the group information 7, the device communication unit establishes a connection with the selected monitoring target device, and the terminal communication unit can be operated by the operating user. This is the details of the operation from extracting a command to generating data for displaying only the operable command on the command input screen.

  First, the terminal communication unit 131 transfers the received group information 7 to the device communication unit 132 (S601). The device communication unit 132 receives the group information 7 (S602), and the device communication unit 132 extracts the device host name 73 from the group information 7 (S603). Based on the extracted device host name information, the device communication unit 132 acquires the corresponding login account name and login password from the monitored device accounts 5 stored in the storage unit 12 (S604). Using the acquired login account name and login password, a connection is established with the selected monitoring target device (S605).

  Thereafter, the terminal communication unit 131 extracts the user ID 71 and the user password 72 from the group information 7 and identifies the user who is operating (S606). A list of device commands 42 that can be operated by the specified user is acquired from the operation group data 4 stored in the storage unit 12 (S607). The acquired device command is set in the group information (S608), and the group information is transferred to the operation screen of the operator terminal 3 (S609).

  At this time, the command input screen 310 started to start can be operated by the operating user on the operable command list display unit 311 based on the device command stored in the group information 7 returned from the terminal communication unit 131. Show only device commands.

  Further, during the above operation, S602 to 605 in the apparatus communication unit and S606 to 609 in the terminal communication unit may be parallel processing.

[2-1-2] Operation at Command Input When the above-described operable command setting process is completed, a command input screen 310 as shown in FIG. 7 is displayed on the display unit 33 of the operator terminal 3, for example. The connection with the target device is established.

  The command input screen 310 includes an operable command list display unit 311, a device response display unit 312, and operation buttons 313.

The operable command list display unit 311 displays a list of commands acquired by the above-described operable command setting process, and a command operation is performed by selecting a command to be operated from the displayed commands and pressing an execution button. Is possible.

  A device response display unit 312 displays a response message returned from the monitoring target device 2 by inputting a command to the monitoring target device 2 via the operation device 1. The operation when the device command is input will be described below with reference to FIGS.

  As described above, when a command input operation is performed from the command input screen 310 of FIG. 7, information on the selected device command is transmitted to the operation device 1.

  The terminal communication unit 131 that has received the device command transfers the device command to the device communication unit 132 (S701). The device communication unit receives the device command (S702), and inputs the device command to the connected monitoring target device (S703). A response message is received from the monitoring target device (S704), and the received response message is transferred to the terminal communication unit 131 (S705).

  The terminal communication unit 131 receives the response message and transfers the response message so that it can be displayed on the device response display unit 312 of the command input screen 310.

The response message here is, for example, a message indicating the status of the device when a command for viewing the status of the device is input. For example, when a command for changing the setting of the device is input, the change processing is successful. Or a message indicating that the process has failed.

  As described above, in the operation device according to the embodiment of the present application, a command that can be operated by each user of the operation system 100 is associated with user information and stored in the storage unit 12, and a command input screen is displayed from the data. By dynamically creating the command, only the operable commands are displayed, so that the user can be prevented from malfunctioning.

  Note that “dynamically creating a command input screen” here refers to “identified by the user ID being operated from the operation group data in the operable command list display unit 311 of the command input screen 310 of the present embodiment, for example. Only the procedure of “acquiring and displaying commands that can be operated by the user” is described, and it means creating a screen to be displayed when the screen is activated.

Generally, in a static HTML screen or the like, if an attempt is made to create a command input screen as shown in FIG. 7, it is necessary to embed the command in the HTML file itself of the screen. For this reason, it is necessary to edit the screen file by adding only one command.

On the other hand, according to the invention according to the embodiment of the present application, since the operation restriction information for each user is separated from the screen design and stored as independent data, the data operation is performed even when the restriction information is changed. Since it is not necessary to change the screen design, the change is easy.

The operation group data editing section shown below provides operation group data settings that can be easily changed from the operator terminal.

[2-2] Operation of the operation group data editing unit Next, regarding the operation of the operation group data setting unit, refer to the operation flow of FIG. 9, the setting screen diagram of FIG. 8, and the group editing command configuration diagram of FIG. While explaining.

  The operation group data editing unit 133 provides the operation group data 4 so that editing such as registration, change, and deletion can be easily performed from the screen of the operator terminal 3. Although not shown, this function is a function that can be operated only by those who have administrator authority of the operation system 100.

  First, FIG. 8 shows an example of the setting screen 320 for the operation group data 4. 8 includes a registered group display field 321, a registered user display field 322, a group edit field 323, and an account edit field 324.

  The registered group display field 321 displays a list of groups registered at the time of display. The registered user display field 322 displays a list of users belonging to the group selected in the registered group display field 321.

The group edit column 323 can be used to perform new registration of a group and change or deletion of the group selected in the registered group display column 321. In the account edit column 324, the user can be registered and changed / deleted.

  Although not shown, after the buttons in the group edit field 323 and the account edit field 324 are pressed, the details of the edit contents can be set on another screen. When processing for confirming the operation is performed on the screen, information regarding the operated setting is sent to the operation device 1 as a group edit command 6.

At this time, the registration change deletion identifier 61 and the operation group name 62 among the items of the group edit command 6 are essential items, but other items may not be set by operation.

  The operation of the operation group data editing unit will be described with reference to FIG. The group edit command 6 sent to the operation device 1 by the above operation is received by the operation group data editing unit 133 of the operation device 1 (S101).

Thereafter, the operation group data editing unit 133 extracts the registration change deletion identifier 61 from the group editing command 6 (S102), and determines the identifier (S103). Here, when the identifier is registered, a registration process (S104) is executed, when the identifier is changed, a change process (S105) is executed, and when the identifier is deleted, a deletion process (S106) is executed.

  The registration process (S104) is a process when a new operation group is created, the change process (S105) is a process when a new item is added to existing operation group data, and the deletion process (S106) is an existing operation. This is processing when deleting an item from group data or deleting operation group data itself. Details of each operation will be described in detail below.

[2-2-1] Operation during registration Next, the operation during registration will be described. For example, a registration button in the group edit field 323 is pressed on the setting screen 320. On the screen that is launched separately, the group name, device command, and user belonging to the group to be newly created are set.

When the button for completing the setting is pressed, a group edit command 6 including the set items is generated. At this time, the group edit command 6 is in a state where set values are set for all items 61 to 65 shown in FIG.

  Referring to the flow of FIG. 10, the operation group data editing unit 133 first extracts an operation group name from the group editing command 6 (S201). Next, a new group with the extracted operation group name is created (S202).

Then, it is determined whether or not a device command exists in the received group edit command 6 (S203). If it exists, the device command is extracted (S204), and the extracted device command is set in the created operation group. (S205). If not, the process proceeds to S206.

  Next, it is determined whether or not the user ID 64 exists in the group edit command 6 (S206). If it exists, the user ID 64 and the user password 65 are extracted (S207), and the user ID extracted in the created operation group is displayed. A user password is set (S208).

  Through these operations, the group set on the setting screen is created as operation group data in the storage unit.

[2-2-2] Operation at the time of change Next, the operation at the time of change will be described. For example, a case where a newly operable command is added to an existing group will be described. In the setting screen 320, the change button in the group edit column is pressed. Enter the command you want to add to the group and confirm the settings on a separate screen.

  At this time, as the group editing command, the identifier 61 is changed, the group name selected as the operation group name 62, the command input as the device command 63, the user ID 64 and the user password 65 are generated as empty data.

  Referring to the flow of FIG. 11, the operation group data editing unit 133 first extracts an operation group name (S301). Then, it is determined whether or not the registered group name matches the extracted operation group name (S302).

If they match, it is next determined whether the device command is present in the group edit command (S303). In this example, since the device command is input, the process proceeds to S304, where the device command in the group edit command is extracted (S304), and the extracted device command is set in the selected operation group (S305).

  Next, it is determined whether a user ID exists in the group edit command (S306). In the illustrated case, there is no user ID, so S307 and S308 are skipped and the process ends.

  For example, when an existing group is selected and a user is added to the group, the user ID exists in S306. Therefore, the user ID and user password are extracted (S307) and extracted to the selected operation group. The set user ID and user password are set (S308).

[2-2-3] Operation at the time of deletion Next, the operation at the time of deletion will be described with reference to FIG. For example, consider a case where an operation for deleting a user set in an existing group is performed. After selecting a group on the setting screen 320, a user who wants to delete is selected from the list of users belonging to the group, and the delete button is pressed.

  At this time, the identifier 61 is deleted as the group editing command 6, the group name selected as the operation group name 62, the device command is empty, and the data set for the user selected as the user ID 64 and the user password 65 is generated. .

  Referring to the flow of FIG. 12, in this case, the operation group data editing unit 133 first extracts the operation group name (S401), and determines whether it matches the registered group name (S402). Next, it is determined whether or not the user ID exists (S403), and in this example, since it exists, the user ID and the user password are extracted (S404).

Then, the extracted user ID and user password are deleted from the data of the operation group selected first (S405). In this example, since there is no device command, S407 to S408 are skipped, and the process ends.

  For example, when deleting the group itself, the operator selects the group to be deleted on the setting screen 320 and presses the delete button.

At this time, the identifier 61 is deleted as the group edit command 6, the group name selected as the operation group name 62, and empty data are generated for other items.

  In this case, in the flow of FIG. 12, the deletion process of the group itself is executed in step S412 through steps S401, S402, S403, and S409.

  As described above, in the operation group data editing unit, the group editing command 6 is generated based on the information set on the setting screen 320 and stored in the storage unit according to the state of the item set in the group editing command. Can operate on the operation group data.

  The preferred embodiments of the present invention have been described in detail above with reference to the accompanying drawings, but the present invention is not limited to such examples. It is obvious that a person having ordinary knowledge in the technical field to which the present invention pertains can come up with various changes or modifications within the scope of the technical idea described in the claims. Of course, it is understood that these also belong to the technical scope of the present invention.

  For example, in the above embodiment, the operation item is a device command, but the present invention is not limited to such an example. For example, the device host name may be used to limit the monitoring target devices that can be operated by the user.

  For example, when it is desired to manage both the device command and the device host name as operation items, this can be realized by providing a flag item indicating the type of the operation item in the operation group data.

  If a method of providing a flag indicating the type of an operation item in an operation group as described above is used, it is possible to manage, for example, devices having different device command systems in the same operation system.

  For example, although a normal command system is different between a switch and a FW (Firewall), the present invention can be applied by managing the command system so that it can be determined by looking at the flags.

It is a figure which shows an example of the operation system containing the operation apparatus concerning one Embodiment of this invention. It is a figure which shows an example of a structure of the operation group data concerning the embodiment. It is a figure which shows an example of a structure of the user information concerning the embodiment. It is a figure which shows an example of a structure of the monitoring object apparatus account concerning the embodiment. It is a figure which shows an example of a structure of the group edit command concerning the embodiment. It is a figure which shows an example of a structure of the group information concerning the embodiment. It is a figure which shows an example of the command input screen displayed on the display part of an operator terminal in the same embodiment. It is a figure which shows an example of the group edit screen displayed on the display part of an operator terminal in the same embodiment. It is a flowchart which shows operation | movement of the operation group data edit part concerning the embodiment. 10 is a flowchart showing an operation of registration processing of FIG. 9. It is a flowchart which shows the operation | movement of the change process of FIG. 10 is a flowchart showing the operation of the deletion process of FIG. It is a flowchart which shows operation | movement of the terminal communication part and apparatus communication part concerning the embodiment. It is a flowchart which shows the operation | movement of the operation possible command setting process of FIG. It is a flowchart which shows the operation | movement of the command input process of FIG.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 Operation system 1 Operation apparatus 2 Monitoring object apparatus 3 Operator terminal 12 Memory | storage part 131 Terminal communication part 132 Apparatus communication part 133 Operation group data edit part

Claims (9)

An operation device connected to an operator terminal and a monitoring target device, and monitoring and controlling the monitoring target device by an operation from the operator terminal,
A terminal communication unit that controls communication between the operator terminal and the operation device;
A device communication unit that controls communication between the monitoring target device and the operation device;
A storage unit for storing operation group data which is information including operation item information and user information that can be operated according to user authority;
With
Based on the user information received from the operator terminal and the user information included in the operation group data stored in the storage unit, the terminal communication unit is configured so that the user in operation from the operation group to which the user in operation belongs. Extract operation item information that can be operated;
Operation device. The terminal communication unit displays the extracted operation item information on a previously generated screen so that the user in operation can select it;
The operation device according to claim 1. The terminal communication unit transmits the extracted operation item information to the operator terminal so that the operator terminal displays the extracted operation item information on a screen in a selectable manner by the user in operation;
The operation device according to claim 1. An operation group data editing unit that edits operation group data stored in the storage unit according to input information from the operator terminal;
The operation device according to claim 1, further comprising: The operation items of the operation group data are:
A device command for controlling the monitored device;
The operation device according to claim 1. The operation group data includes one or more user information for one operation group;
The operation device according to claim 1. An operation method connected to an operator terminal and a monitoring target device, and executed in an operation device that monitors and controls the monitoring target device by an operation from the operator terminal,
Storing operation group data, which is information including operation items operable by user authority and user information, in a storage unit;
Based on the user information received from the operator terminal and the user information included in the operation group data stored in the storage unit, the terminal communication unit is operated by the operating user from the operation group to which the operating user belongs. Extracting possible operation item information;
An operation method comprising: The terminal communication unit displaying the extracted operation item information on a previously generated screen so that the user in operation can select it;
The operation method according to claim 7, further comprising: The terminal communication unit transmits the extracted operation item information to the operator terminal so that the operator terminal displays the extracted operation item information on a screen in a selectable manner by the user in operation. When;
The operation method according to claim 7, further comprising:

Images