JP2019092226A - Information processing apparatus - Google Patents

Abstract

To provide an apparatus capable of restricting access to jobs and resources according to a logged-in user, reducing the number of times of user authentication information inputs, and improving convenience.SOLUTION: In an image processing apparatus 1004, it is determined whether implementation of a selected function is permitted on the basis of setting information in which user type information 8001 including a real name user and an anonymous user is registered, and if an anonymous user is prohibited from performing the selected function, a login screen asking for authentication by an authorized user is displayed.SELECTED DRAWING: Figure 10

Description

  The present invention relates to an information processing apparatus such as a multifunction peripheral.

  2. Description of the Related Art In image processing apparatuses such as multifunction machines in recent years, there are many apparatuses configured to perform user authentication and to restrict access to jobs and resources according to the logged-in user. In such an image processing apparatus, when a certain user performs an operation during login and the execution authority for the operation is insufficient, an authentication screen is often displayed to prompt login by a different user having the authority. .

  As such user session management, a configuration in which all information related to the user (for example, a user profile such as a user name and a user's e-mail address, and user authority) are completely switched when logging in as a different user (see below) , Background Art Example 1). In this case, the user who has previously logged in is configured to be automatically logged out immediately before logging in as a different user (see, for example, Patent Document 1).

  As other user session management, a configuration in which only user authority is re-evaluated without switching user profiles such as a user name and a user's e-mail address among already logged-in user information (hereinafter referred to as background art example 2) It is. In this case, as the reevaluation method in this case, the authority of the user who has logged in later is often added to the user authority that has previously logged in.

Japanese Patent Application Laid-Open No. 11-25040

  FIG. 16 is a timing chart showing the user session management of the background art example 1 described above.

  An item 4001 in the figure represents a user profile such as a user name or a user's e-mail address that is actually applied in the user session. An item 4002 represents user authority. An item 4003 represents login user information stored in the image forming apparatus in association with the user session in order to determine the contents of the items 4001 and 4002. FIG. 17 is a tabular diagram showing settings of the user profiles of the users A and B and the user authority used in FIG.

  According to Background Art Example 1, at time t401, user information is input on the login screen, and login is performed as the user A. The user A is permitted to perform color copying according to the setting information of FIG. 17 and can execute color copying.

  Next, at time t402, it is attempted to execute the network management function, but since the user A is prohibited from performing the network management function, the user A is required to be authenticated by an authorized user. Here, by inputting authentication information of the user B, the user A logs in as the administrator as the user B. At this point, the user profile 4001 is changed to the user B as 4021, and the user authority 4002 is changed to the authority of the user B as 4022.

  Next, at time t403, if color copying is to be performed again, since user B is prohibited from color copying, the user B is required to be authenticated by an authorized user, and it is necessary to input user A's authentication information again. Be forced.

  Thus, the background art example 1 adopts a configuration in which a logged-in user is logged out when a new user logs in. In this configuration, there is a case where a function which has been available as one user is not available at the time of logging in as a different user because all the information related to the user is switched. The user must log in again to regain access to features that are no longer available. As a result, there is a problem that the user is required to log in many times, resulting in poor usability.

  FIG. 18 is a timing chart showing user session management in Background Art Example 2.

  Reference numerals 6001 to 6003 in the figure have the same meaning as reference numerals 4001 to 4003 in FIG. The settings of the user profiles of the users A and B and the user authority in the example of FIG. 18 are similar to those of the example of FIG.

  At time t601, user information is input on the login screen, and the user A logs in. The user A is permitted to perform color copying as an available function according to the setting information in the example of FIG. 17 and can execute color copying.

  At the next time t602, the user intends to execute the network management function, but since the user A is prohibited from performing the network management function, the user A is required to be authenticated by an authorized user. Here, by inputting authentication information of the user B, the user A logs in as the administrator as the user B. At this point, although the user profile 6001 remains the user A (see 6021 in FIG. 18), all items for which the user authority 6002 has been granted to the user A and the user B are changed to permission (6022 in FIG. 18). reference).

  If color copying is to be performed again at the next time t603, since the authority of the user A is valid, the user can execute without displaying the authentication screen again.

  As described above, in the background art example 2, when the user who has logged in first or the user who has logged in later is permitted, the authority is reevaluated to be permitted. For this reason, even if a function which has been used as a certain user is logged in as a different user, it will not be usable, and the convenience is improved.

  However, it is intuitively determined by the user whether the user profile such as the user name or the user's e-mail address remains the user profile of the previously logged-in user or switches to the user profile of the logged-in user later. Hateful.

  For example, it is assumed that there is an image processing apparatus having an electronic mail transmission function and automatically setting the login user's email address to the sender address of the outgoing email. While logging in to this image processing apparatus as user A, there is a need to change a certain management setting item, and after changing the setting again as user B who is the administrator, the user A and e are sent. It is difficult to know which user B is set automatically. The same problem as this is that user data not intended for routine work, personal data such as address book, etc. will be charged as a print job of an unintended user, or the sender name of a fax will be an unintended name. You can refer to it.

  SUMMARY OF THE INVENTION In view of the above-described conventional problems, the present invention aims to provide the following information processing apparatus, control method therefor, and program. That is, in the apparatus configured to be able to restrict access to jobs and resources according to the logged-in user, the number of times of user authentication information input is reduced, and convenience is improved.

  In addition, the user can easily determine whether the operation for executing the function is performed based on the user profile of any of the logged-in users.

  In order to achieve the above object, an information processing apparatus according to claim 1 is an information processing apparatus, and control means for performing login processing with a first user authority that can be used by an unspecified user; When login processing with a first user right is executed, a plurality of applications including an application permitted to use the first user right and an application not permitted to use the first user right The display control means for causing the display means to display a menu screen for selecting an application from among them, and the application selected on the menu screen displayed according to the login process with the first user authority If the use with one user authority is permitted, the execution of the selected application is permitted. An execution control unit, the display control unit permitting use of the application selected on the menu screen displayed according to the login process with the first user authority with the first user authority If not, the authentication screen for performing user authentication is displayed, and the execution control unit is configured to execute the authentication process of the specific user based on the authentication information input through the authentication screen. And, when the selected application is permitted to be used with a second user authority of the specific user, the execution of the selected application is permitted, and the specific user is Authentication process is successful, and use of the selected application with the second user authority is permitted. It is If not is is characterized by limiting the execution of the selected application.

  ADVANTAGE OF THE INVENTION According to this invention, the frequency | count of a user's authentication information input operation can be reduced, and the convenience can be improved. Also, among users who are logged in multiple times, the user can easily determine based on user information regarding which user the predetermined function is to be executed.

FIG. 1 is a schematic view showing a configuration of a system in which an image processing apparatus according to an embodiment is used. It is a block diagram which shows the hardware constitutions of the image processing apparatus in FIG. It is a block diagram which shows the software configuration of the image processing apparatus in FIG. It is a timing chart which shows user session management of a 1st embodiment. It is a figure which shows a login screen. It is a figure which shows the menu screen used by 1st Embodiment. It is a figure which shows the login screen displayed at the time of lack of authority used in 1st Embodiment. It is a figure which shows an execution user selection screen. It is a flow chart which shows characteristic processing concerning a 1st embodiment. It is a timing chart which shows user session management concerning a 2nd embodiment. FIG. 11 is a tabular view showing settings of a user profile and user authority used in FIG. 10; It is a menu screen used by 2nd Embodiment. It is a figure which shows the login screen displayed at the time of lack of authority used in 2nd Embodiment. It is a figure which shows the error screen used by 2nd Embodiment. It is a flow chart which shows processing concerning a 2nd embodiment. It is a timing chart which shows user session management of background art example 1. FIG. 17 is a tabular diagram showing settings of a user profile and user authority used in FIG. 16; It is a timing chart which shows user session management of background art example 2.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

First Embodiment
<System configuration>
FIG. 1 is a schematic view showing the configuration of a system in which an image processing apparatus according to an embodiment of the present invention is used.

  This system comprises a server PC (personal computer) 1000, a user information server device 1001, a ticket issuing server device 1002, a client PC 1003, and an image processing device 1004 (information processing device) connected over a network. There is. The system is a print management system that performs access restriction of the user using the device and job execution restriction such as the number of printed sheets. Here, the user includes an individual user, a department, an organization, and the like.

  The server PC 1000 operates a system administrator utility to set and manage this system. In particular, setting of function restriction information (hereinafter, ACE) of the user information server device 1001 can be performed. The user information server apparatus 1001 includes user information such as user ID and password, and a function restriction information list (hereinafter referred to as ACL) which is a set of ACEs indicating which functions are permitted to be used for each user or device in the system. ) Is held.

  The ticket issuing server device 1002 issues a ticket in which information about usable functions is described based on the ACL stored in the user information server device 1001. It is assumed that the client PC 1003 needs a login in order to clarify which user is using the client PC when the printer driver operates and the client PC is used.

  The image processing apparatus 1004 is, for example, a multifunction copying machine. The image processing apparatus 1004 not only has a function of copying a paper document, but also has a function of printing print data sent from an external printer driver, reads a paper document, and transmits its image data to an external file server or a mail address. It also has a function (SEND function). Furthermore, it has a function (a remote copy function, a facsimile function) of transmitting data to another image processing apparatus and printing it by the image processing apparatus of the transmission destination.

  ACT is an abbreviation of Access Control Token. The ACT 1005 describes information about functions that the user can execute in the image processing apparatus 1004 and function restriction information for the image processing apparatus 1004, and is data having a role of transmitting such information from the server to the device. .

  The server PC 1000, the user information server apparatus 1001, the ticket issuing server apparatus 1002, and the client PC 1003 described above are connected by Ethernet (not shown), but this is merely an example of the system. . The server PC 1000 other than the image processing apparatus 1004, the server apparatus for user information 1001, the server apparatus for ticket issuance 1002, and the client PC 1003 may all be configured by the same computer. Furthermore, the server PC 1000, the user information server apparatus 1001, the ticket issuing server apparatus 1002, and the client PC 1003 may be mounted on the image processing apparatus 1004, and may be configured with only the image processing apparatus 1004.

<Hardware Configuration of Image Processing Device>
FIG. 2 is a block diagram showing the hardware configuration of the image processing apparatus 1004 in FIG.

  The controller unit 2000 is connected to a scanner 2070 which is an image input device and a printer 2095 which is an image output device, and connected to a network 1008 and a public line 1009 to input and output image information and device information. A CPU 2001 is a controller that controls the entire system. A RAM 2002 is a system work memory for the CPU 2001 to operate, and is also an image memory for temporarily storing image data. A ROM 2003 is a boot ROM, which stores a boot program of the system. An HDD 2004 is a hard disk drive, which stores system software, applications, and image data.

  The operation unit I / F 2006 is an interface unit with the operation unit 2012 having a touch panel, and outputs image data to be displayed on the operation unit 2012 to the operation unit 2012. Also, it plays a role of transmitting information input by the system user from the operation unit 2012 to the CPU 2001. The Network I / F 2010 is connected to the network 1008 to input and output information. The MODEM 2050 is connected to a public line 1009 to input and output information.

  The SRAM 2100 is a non-volatile storage medium that can operate at high speed. The RTC 2110 is a real time clock and performs processing of continuing to count the current time even when the controller unit 2000 is not powered on. The above devices are arranged on the system bus 2007.

  An image bus I / F 2005 is a bus bridge that connects a system bus 2007 and an image bus 2008 that transfers image data at high speed, and converts data structures. The image bus 2008 is configured by a PCI bus or IEEE 1394. The following devices are disposed on the image bus 2008.

  The RIP 2060 is a raster image processor, which develops a PDL code into a bitmap image. A device I / F unit 2020 connects the scanner 2070 and the printer 2095, which are image input / output devices, to the controller unit 2000, and performs synchronous / asynchronous conversion of image data. The scanner image processing unit 2080 corrects, processes, and edits input image data. A printer image processing unit 2090 performs printer correction, resolution conversion, and the like on print output image data. An image rotation unit 2030 rotates image data. The image compression unit 2040 performs compression / decompression processing.

<Software Configuration of Image Processing Device>
FIG. 3 is a block diagram showing the software configuration of the image processing apparatus 1004 in FIG.

  This software is implemented in a controller unit 2000 incorporated in the image processing apparatus 1004. Software incorporated in the image processing apparatus 1004 and processed by the controller unit 2000 is implemented as so-called firmware, and is executed by the CPU 2001.

  The real-time OS 3001 is a real-time operating system, which provides various resource management services and frameworks optimized for embedded system control for software operating thereon.

  The controller platform 3002 includes a file system 3003, a job device control 3004, and a counter 3005. A file system 3003 is a mechanism for storing data constructed on a storage device such as the HDD 2004 or the RAM 2002. A job / device control 3004 controls the hardware of the image processing apparatus 1004, and also performs a job that uses basic functions (print, scan, communication, image conversion, etc.) provided mainly by the hardware of the image processing apparatus 1004. Control. A counter 3005 manages an expiration date for each application, and print and scan counter values stored in the SRAM 2100.

  A system service 3006 is a module for monitoring the operation status of the image processing apparatus 1004 and downloading software and a license from the software distribution server 1006 via the network 1008.

  The application platform 3007 is middleware for making the mechanism of the real time OS 3001 and the controller platform 3002 available to the system application 3008 and the addable application 3012. The system application 3008 includes an application management 3009, a user session management 3010, and an access management 3011.

  The application management 3009 is a management module for installing, uninstalling, starting, and stopping the application 3012. The user session management 3010 is a module that independently manages user information on users logged in multiple times for each login. That is, it is a module that manages the user profile and the user authority according to the login / logout of the user. The access management 3011 is a security module for permitting or prohibiting access to various jobs and resources based on the user authority of the user session management 3010.

  The application 3012 is application software that realizes various business models by using functions provided by the application platform 3007.

<User Session Management in First Embodiment>
Next, user session management according to the first embodiment will be described with reference to FIG.

  FIG. 4 is a timing chart showing user session management according to the first embodiment.

  The user session management of the present embodiment is executed by the CPU 2001 of the image processing apparatus 1004 as a function of the user session management 3010 and the access management 3011. Reference numerals 7001 to 7003 in FIG. 4 represent the same meanings as reference numerals 4001 to 4003 in FIG. Further, the settings of the user profiles of the user A and the user B and the user authority are the same as those shown in FIG.

  When the user inputs user information on the login screen (FIG. 5) at time t701 and logs in as user A, a menu screen (FIG. 6) is displayed on the operation unit 2012. At the lower part of the main menu 9000, a login user display area 9005 is arranged, and at this time, it is displayed that the function is executed as the user A. The user A is permitted the color copy function according to the setting information of FIG. 17 and can execute the color copy function 9001.

  After execution of the color copy function, the user selects 9002 to return to the menu, returns to the main menu 9000, and tries to execute the network management function 9003 at time t702. At this time, the access management 3011 determines that the user A is prohibited from executing the network management function. In response to this, the user session management 3010 displays a login screen (FIG. 7) for requesting user authentication by the authorized user.

  Here, the user logs in repeatedly as the user B by inputting the authentication information of the user B. At this time, the user session management 3010 changes the user profile 7001 to the user B like 7021, and changes the user authority 7002 to the user B like 7022. However, the information related to the user A is kept in the login user information 7003 without discarding or changing. At the same time, the display of the login user display area 9005 is changed as follows. That is, among the users A and B logged in multiple times, it is displayed that the network management function is executed as the user B.

  After the execution of the network management function, the user returns to the menu, selects 9002 to return to the main menu 9000, and tries to execute the color copy function 9001 again at time t703. At this time, the access management 3011 determines that only the user A is permitted as the logged-in user. In response to this, the user session management 3010 receives the user profile 7001 as 7023 and the user authority 7002 as 7024 based on the information related to the user A held in the login user information 7003. Change to the authority of A. At the same time, the display of the login user display area 9005 is changed again as follows. That is, among the users A and B logged in multiple times, it is displayed that the network management function is executed as the user A.

  After execution of the color copy function, the user selects 9002 to return to the menu to return to the main menu 9000, and tries to execute the fax function 9004 at time t704. At this time, the access management 3011 determines that both the logged-in user A and user B are permitted. In response to this, the user session management 3010 displays an execution user selection screen (9060 in FIG. 8). It is assumed that the user selects, for example, the user B as an execution user who is an executor who executes the fax function 9004. In this case, the user session management 3010 performs the following processing based on the information related to the user B held in the login user information 7003. That is, the user profile 7001 changes again to the user B as 7025, and the user authority 7002 changes to the authority of the user B as 7026. At the same time, the display of the login user display area 9005 is changed again as follows. That is, among the users A and B logged in multiple times, it is displayed that the network management function is executed as the user B.

  On the other hand, when the user A is selected as the user who executes the fax function 9004, neither the contents of the user profile 7001 and the user authority 7002 nor the display of the login user display area 9005 is changed.

<Characteristic processing according to the first embodiment>
Next, characteristic processing according to the first embodiment will be described with reference to FIG.

  FIG. 9 is a flowchart showing characteristic processing according to the first embodiment. This process is a process of automatically determining execution user information at the time of function selection or in response to the user selection, and is executed by the CPU 2001 of the image processing apparatus 1004 as functions of user session management 3010 and access management 3011.

  When the user selects a function in step S121, the access management 3011 checks in the next step S122 whether there are a plurality of logged-in users who are permitted to execute the selected function. If the number of users is not plural, the user session management 3010 automatically selects the only authorized user in step S123 as the execution user. Then, the process proceeds to the next step S126.

  If the number of logged-in users who are permitted to execute the selected function is more than one, the user session management 3010 displays an execution user selection screen (FIG. 8) in step S124. Then, in the subsequent step S125, the result selected by the user is received, and based on this, the execution user of the selected function is determined. Then, the process proceeds to the next step S126.

  From the above, the process of the flow from step S122 to step S126 through step S123 is, in short, the following process. That is, even if there are a plurality of logged-in users, if there is only one user permitted to perform the selected function, the user is not prompted to reselect from the list of logged-in users. It is automatically selected as the execution user of the selected function.

  Next, in step S126, the user session management 3010 determines whether the execution user determined in the above-described procedure is the same as the current execution user. If they are the same, the process advances directly to step S129, and the application 3012 executes the selected function. If not, the user session management 3010 changes the user profile to the determined execution user in step S127, and further changes the user authority to the determined execution user in step S128. Then, in step S129, the selected function is executed.

<Advantages of the First Embodiment>
According to the present embodiment, in the apparatus configured to be able to restrict access to jobs and resources according to the logged-in user, the number of authentication information input operations for the user is reduced, and convenience is improved. be able to.

  In addition, a login user display area is provided to display which user of the logged-in users is to be executed as the predetermined function. As a result, the user can easily determine whether the operation for executing the function is performed based on the user profile of any of the logged-in users.

Second Embodiment
Next, a second embodiment of the present invention will be described.

  The basic configuration of this second embodiment is the same as that described in FIGS. 1, 2 and 3 in the first embodiment. Hereinafter, portions characteristic to the second embodiment will be described.

<User Session Management in Second Embodiment>
FIG. 10 is a timing chart showing user session management according to the second embodiment of the present invention.

  The user session management of the present embodiment is executed by the CPU 2001 of the image processing apparatus 1004 as a function of the user session management 3010 and the access management 3011. Reference numerals 5001 to 5003 in FIG. 10 have the same meanings as reference numerals 4001 to 4003 in FIG.

  FIG. 11 is a tabular diagram showing settings of the user profiles of the users A and B and the user authority used in FIG.

  Unlike the example of FIG. 17 used in the first embodiment, in the example shown in FIG. 11, user type information 8001 indicating the type (type) of the user is registered as the user profile. The user types include, for example, an anonymous user and a real name user. An anonymous user is a special user who is used by an unspecified number of people, and has no user-specific element such as user name information on the name of the user or an e-mail address. The real name user is a user having these user specific elements.

  When the user inputs user information on the login screen (FIG. 5) at time t801 and logs in as an anonymous user, a menu screen (FIG. 12) is displayed on the operation unit 2012. At the lower part of the menu 9010, a login user display area 9015 is arranged, and it is displayed that the function is being executed as an anonymous user at this time. The anonymous user is permitted the color copy function according to the setting information of FIG. 11, and can execute the color copy function 9011. Note that login by an anonymous user may be performed automatically when the image processing apparatus 1004 is started.

  After execution of the color copy function, the user selects 9012 to return to the menu, returns to the main menu 9010, and tries to execute the network management function 9013 at time t802. At this time, the access management 3011 determines that the anonymous user is prohibited from performing the network management function. Then, the user session management 3010 displays a login screen (9070 in FIG. 13) for requesting authentication by the user having the authority. Here, the user logs in repeatedly as the user B by inputting the authentication information of the user B. At this time, the user session management 3010 changes the user profile 5001 to the user B as 5021 in FIG. 10, and the user authority 5002 to the items permitted to the anonymous user and the user B as 5022 in FIG. Change to all permission. At the same time, the login user display area 9015 is changed to display that the user B is being executed.

  After execution of the network management function, the user selects 9012 to return to the menu, returns to the main menu 9010, and tries to execute the color copy function again at time t803. At this time, the access management 3011 determines that the color copy function is permitted with reference to the user authority 5002 shown in 5022 of FIG. As a result, the color copy function can be executed without displaying the authentication screen again, and it is displayed that the login user display area 9015 is also executed as the user B without being changed.

  After completion of the execution of the color copy function again, the user selects “return to menu” 9012 to return to the main menu 9010, and executes the fax function 9014 at time t804. At this time, the access management 3011 refers to the user authority indicated by 5022 in FIG. 10, and determines that the fax function 9014 is not permitted. At this time, the user session management 3010 displays an error screen (FIG. 14) notifying that the user can not change. In the second embodiment, further authentication is prohibited when logging in as a real name user, and the user profile 5001 and the user authority 5002 are not changed.

  In addition, when inputting user information in the login screen (FIG. 5), when trying to execute the network management function 9013 by logging in as the user A who is the real name user, similarly, an error screen notifying that the user can not change the user (FIG. 14) is displayed.

<Characteristic processing according to the second embodiment>
Next, characteristic processing according to the second embodiment will be described with reference to FIG.

  FIG. 15 is a flowchart showing processing according to the second embodiment. This process is a process of determining whether or not to authenticate again according to the logged-in user type when the authority is insufficient, and is executed in the CPU 2001 of the image processing apparatus 1004 as a function of the user session management 3010 and the access management 3011 .

  When the user selects a function in step S131, the access management 3011 determines in step S132 whether the logged-in user is permitted to execute the selected function. If it is determined that the process is permitted, the process advances to step S141, and the application 3012 executes the selected function. On the other hand, if it is determined that the user is not permitted, the user session management 3010 determines in step S133 whether the logged-in user is an anonymous user. If the user is not an anonymous user, the process advances to step S134 to display an error screen (FIG. 14).

  On the other hand, if it is determined that the logged-in user is an anonymous user, the process advances to step S135 to display a login screen (for example, 9070 in FIG. 13) and receives input of authentication information from the user in step S136. In step S137, it is determined whether the received authentication information is correct. If the authentication information is not correct, the process returns to step S135 and repeats the steps S135 and S137. On the other hand, if the received authentication information is correct, the access management 3011 determines whether the execution of the selected function is permitted for the authentication information received in step S138. If not permitted, the process returns to step S135, and the procedure from step S135 to step S138 is repeated.

  On the other hand, when execution of the selected function is permitted, the user session management 3010 overwrites the user profile with the newly logged-in user in step S139. Subsequently, the user authority information is merged in step S140, and the selected function is executed in step S141.

<Advantages of Second Embodiment>
Even in the case where an anonymous user and a real-name user are combined as a logged-in user, the same advantages as the first embodiment can be obtained.

  The object of the present invention is also achieved by executing the following processing. That is, a storage medium recording the program code of software for realizing the functions of the above-described embodiment is supplied to a system or apparatus, and the computer (or CPU or MPU etc.) of the system or apparatus is stored in the storage medium. It is a process of reading a program code.

  In this case, the program code itself read from the storage medium implements the functions of the above-described embodiments, and the program code and the storage medium storing the program code constitute the present invention.

  Also, as a storage medium for supplying the program code, the following can be used. For example, floppy (registered trademark) disk, hard disk, magneto-optical disk, CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-RAM, DVD-RW, DVD + RW, magnetic tape, non-volatile memory card, ROM etc. Alternatively, the program code may be downloaded via a network.

  The present invention also includes the case where the functions of the above-described embodiments are realized by executing a program code read by a computer. In addition, when the OS (Operating System) or the like running on the computer performs a part or all of the actual processing based on the instruction of the program code, and the processing of the above-described embodiment is realized by the processing. Also included.

  Furthermore, the present invention also includes the case where the functions of the above-described embodiment are realized by the following processing. That is, the program code read out from the storage medium is written to a memory provided in a function expansion board inserted in the computer or a function expansion unit connected to the computer. Thereafter, based on the instruction of the program code, the CPU or the like provided in the function expansion board or the function expansion unit performs part or all of the actual processing.

1003 Client PC
1004 Image Processing Device 2001 CPU
2002 RAM
2003 ROM
2012 operation unit

Claims (1)

An information processing apparatus,
Control means for performing login processing with a first user authority that can be used by unspecified users;
When the login process is performed with the first user right, a plurality of applications including an application permitted to use the first user right and an application not permitted to use the first user right Display control means for causing the display means to display a menu screen for selecting an application from the above;
In the case where the application selected on the menu screen displayed according to the login process with the first user authority is permitted to use the first user authority, the application of the selected application And execution control means for permitting execution;
When the application selected on the menu screen displayed according to the login process with the first user authority is not permitted to use the first user authority, the display control means is configured to: Display the authentication screen for performing user authentication,
The execution control unit is a case where an authentication process of a specific user based on the authentication information input through the authentication screen is successful, and the specific user has the selected application for the selected application. When the use with the user authority of 2 is permitted, the execution of the selected application is permitted, and the authentication process of the specific user is successful, and the selected application is selected. An information processing apparatus that restricts the execution of the selected application when the use with the second user right is not permitted;

Images