JP7200322B2 - Affiliation Management Device, Affiliation Management Method, and Affiliation Management Program - Google Patents

Description

The present invention relates to a job sharing permission device, a job sharing permission method, and a job sharing permission program.

In Patent Document 1, in a computer system that is hierarchically managed and used by multiple users, an administrator who is entrusted to manage the access authority of a lower system, without registration permission for users and system administrators discloses an access right management system in which access to the corresponding lower system is impossible (see paragraph 0001, etc.). Also, US Pat. No. 6,200,002 discloses an access management system in which access to resources such as digital content or digital services is provided only according to corresponding access permissions, which can be expressed in the form of digital licenses or certificates, for example. (See paragraph 0001, etc.).

JP-A-2000-76194 JP 2006-254464 A

In the field of managing system access and system security, for example, an operator who belongs to the area of company 1 can use not only the jobs of company 1 but also the jobs of the area of company 2. In the past, when setting (sharing settings for jobs between areas) was desired, an administrator (general administrator) who had access to both company 1 and company 2 had to perform the sharing setting.

However, there is a problem that in some cases it is not preferable from the viewpoint of security that a certain administrator can access all areas in this way. In addition, there is also the problem that the operation of allowing a certain administrator to access all areas and make the sharing setting becomes complicated.

For this reason, only through communication between administrators with a narrowed range of access, that is, in the above example, an administrator who can access only company 1 (full-time administrator of company 1) and only company 2 can be accessed. I want to enable operators belonging to company 1 to also perform jobs of company 2 only by exchanging with a full-time manager (full-time manager of company 2) (i.e., to enable sharing between job areas) I want to do it), but it has not been realized in the past.

The present invention has been made in view of the above, and permits the sharing of jobs performed by operators between areas through exchanges between dedicated administrators who are administrators who can access only specific areas. To provide a job-sharing permission device, a job-sharing permission method, and a job-sharing permission program.

In order to solve the above-described problems and achieve the object, a job sharing permission apparatus according to the present invention includes a control unit, and includes an area shared by a former operator who belongs to the original area, which is the area of the sharing source. wherein the control unit assigns the former operator set by a former administrator who belongs to the former area to the former area It is characterized by comprising a sharing permitting means for permitting the sharing of the job in the previous area by the former operator upon acceptance by a previous administrator who is a manager to which he or she belongs.

Further, the job sharing permission apparatus according to the present invention further includes a storage unit, and the storage unit stores, as information set by the former administrator, former operator identification information for identifying the former operator and the user shared information including the destination area identification information for identifying the destination area and the completion division indicating completion of acceptance by the former operator; and user group identification information for identifying the user group and the area. and user group information including region identification information for identification, and the sharing permission means refers to the user shared information to determine the destination from which the destination region identification information having the completion section is obtained. a first user group obtaining means for obtaining user group identification information associated with the destination area identification information obtained by the destination area obtaining means by referring to the user group information; and the first user group obtaining means. storage means for storing the user group identification information acquired by the means and the former operator identification information included in the user shared information in the user group affiliation information.

In the job sharing permission apparatus according to the present invention, the storage unit stores job utilization authority information including the user group identification information and job group identification information for identifying a job group, and the job group identification information. Job group affiliation information including job identification information for identifying a job is further stored, and the control unit refers to the user group affiliation information and associates it with the input original operator identification information. A second user group acquisition means for acquiring user group identification information, and a job for acquiring job group identification information linked to the user group identification information acquired by the second user group acquisition means by referring to the job use authority information. further comprising: group acquisition means; and job acquisition means for acquiring job identification information associated with the job group identification information acquired by the job group acquisition means by referring to the job group affiliation information. .

In the job sharing permission apparatus according to the present invention, the storage unit stores administrator identification information for identifying an administrator, operator identification information for identifying an operator, and area identification information for identifying an area. The control unit further comprises setting control means for controlling setting and cancellation of setting of the former operator by the former administrator, and the setting control means stores the user information and the operator identification information set by the former administrator by referring to the user information. Whether or not the operator area acquisition means for acquiring the associated area identification information, the area identification information acquired by the first administrator area acquisition means, and the area identification information acquired by the operator area acquisition means are the same and setting determination means for determining.

In the job sharing permission apparatus according to the present invention, the storage unit further stores user information including administrator identification information for identifying an administrator and area identification information for identifying an area. , the control unit further includes acceptance control means for controlling the acceptance and cancellation of acceptance of the former operator by the former manager, and the acceptance control means refers to the user information to confirm the input manager Second administrator area acquisition means for acquiring area identification information associated with identification information, area identification information acquired by the second administrator area acquisition means, and user shared information set by the former administrator and acceptance determination means for determining whether or not the included destination area identification information is the same.

Further, the job sharing permission method according to the present invention is executed by an information processing apparatus having a control unit, and a former operator who belongs to a source area, which is a sharing source area, determines a destination area, which is a sharing destination area, by a former operator. A job sharing permission method for permitting job sharing, wherein the former operator set by a former administrator who is an administrator who belongs to the former area is assigned to the destination area, which is executed by the control unit. and a sharing permission step of permitting said sharing of said job in said former area by said former operator upon acceptance by a former manager who is an administrator.

Further, a job sharing permission program according to the present invention is a destination area, which is an area to be shared by a former operator who belongs to an original area, which is a sharing source area, to be executed by an information processing apparatus having a control unit. a job sharing permission program for permitting the sharing of a job of the above, wherein the former operator set by a former administrator who is an administrator belonging to the former area is transferred to the destination area for execution by the control unit and a sharing permission step of permitting said sharing of said job in said previous area by said former operator upon acceptance by a previous manager who is a manager to which she belongs.

According to the present invention, it is possible to permit the sharing of a job performed by an operator between areas through exchanges between full-time administrators who are administrators who can access only specific areas.

FIG. 1 is a block diagram showing an example of the configuration of a job sharing permission device. FIG. 2 is a diagram showing classification of a work list performed by a system administrator. FIG. 3 is a diagram showing types of users. FIG. 4 is an image diagram of a system configuration in conventional security management. FIG. 5 is an operation assumption diagram in security management for an organization having an ASP type configuration. FIG. 6 is an image diagram of a system configuration in security management for an organization having an ASP type configuration. FIG. 7 is a conceptual operational diagram of security management for an organization having a parent company-subsidiary structure. FIG. 8 is an image diagram of a system configuration in security management for an organization having a parent company-subsidiary configuration. FIG. 9 is a hypothetical operational diagram of security management for an organization having a parent company-subsidiary-subsidiary structure. FIG. 10 is a hypothetical operation diagram of security management for an organization having a structure in which a plurality of parent companies and subsidiaries are arranged side by side. FIG. 11 is an image diagram of concurrent operator setting. FIG. 12 is a table showing the flow of processing when concurrent operator setting is performed. FIG. 13 is an image diagram showing the operation contents and operation ranges of the general administrator and the full-time administrator. FIG. 14 is a diagram showing an implementation plan for auditing and usage management jobs. FIG. 15 is an image diagram of a reference range when executing a user search for a business job. FIG. 16 is a diagram illustrating an example of a security reflection target table. FIG. 17 is a diagram showing an example of a company-specific security reflection process when the reflection source table (setting data) is user group affiliation information and the reflection destination table (reflection data) is user group affiliation reflection information. FIG. 18 is a diagram showing an example of a company-specific security reflection process when the reflection source table (setting data) is area-specific login authority information and the reflection destination table (reflection data) is area-specific login authority reflection information. be. FIG. 19 is a diagram illustrating security version control. FIG. 20 is a diagram showing a data configuration example of area information. FIG. 21 is a diagram showing a data configuration example of user information, user group information, and user group affiliation information. FIG. 22 is a diagram showing a data configuration example of job information, job group information, and job group affiliation information. FIG. 23 is a diagram showing a data configuration example of area login authority information, job utilization authority information, and user shared information. FIG. 24 is a diagram showing a data configuration example of intra-area business system information. FIG. 25 is a diagram showing an example of login authentication processing and area login authority determination processing in this embodiment. FIG. 26 is a diagram illustrating an example of available job determination processing in this embodiment. FIG. 27 is a diagram showing an example of output data from available job determination processing in this embodiment. FIG. 28 is a diagram showing an example of a common operation (belonging area ID specifying process) in the security setting process in this embodiment. FIG. 29 is a diagram showing an example of user registration processing (existing user update processing, reference processing, and deletion processing) in this embodiment. FIG. 30 is a diagram showing an example of user registration processing (new user addition processing) in this embodiment. FIG. 31 is a diagram showing an example of user group registration processing (existing user group update processing, reference processing, and deletion processing) in this embodiment. FIG. 32 is a diagram showing an example of user group registration processing (new user group addition processing) in this embodiment. FIG. 33 is a diagram showing an example of user group affiliation registration processing (reference processing, deletion processing, and addition processing) in this embodiment. FIG. 34 is a diagram showing an example of job group registration processing (existing job group update processing, reference processing, and deletion processing) in this embodiment. FIG. 35 is a diagram illustrating an example of job group registration processing (new job group addition processing) in this embodiment. FIG. 36 is a diagram illustrating an example of job group affiliation registration processing (reference processing, deletion processing, and addition processing) in this embodiment. FIG. 37 is a diagram showing an example of area login authority registration processing (reference processing, deletion processing, and addition processing) in this embodiment. FIG. 38 is a diagram showing an example of job use authority registration processing (reference processing, deletion processing, and addition processing) in this embodiment. FIG. 39 is a diagram showing an example of user sharing setting processing (sharing processing) in this embodiment. FIG. 40 is a diagram illustrating an example of user sharing setting processing (sharing cancellation processing) in this embodiment. FIG. 41 is a diagram showing an example of user sharing setting processing (sharing acceptance processing) in this embodiment. FIG. 42 is a diagram showing an example of user sharing setting processing (sharing acceptance cancellation processing) in this embodiment. FIG. 43 is a diagram illustrating an example of user share setting processing (transfer processing) in this embodiment.

Exemplary embodiments of a job sharing permission device, a job sharing permission method, and a job sharing permission program according to the present invention will be described below in detail with reference to the drawings. In addition, this invention is not limited by this embodiment.

[1. overview]
Conventionally, the system administrator who manages accounts has the authority to view and modify all user information, and there was no mechanism to manage (restrict) the area that can be managed by the administrator (manageable area). rice field. In addition, "a user who has login authority across multiple areas" cannot be set and managed jointly by only the administrators of the multiple areas without permitting operations other than the administrator of the multiple areas. was difficult.

Moreover, normally, the work of the system administrator is roughly classified into three types as shown in (A) to (C) of FIG. Conventionally (currently), one administrator has authority over the entire system for all the tasks (A) to (C). Here, since the work of (A) is related to the control of the entire system, while the authority of the whole system is required as before, the work of (B) and (C) is managed exclusively as shown in FIG. Although there was a desire to distinguish the scope of authority between general administrators and individual company full-time administrators, as shown in the case of individual company operation, it could not be realized.

Therefore, in this embodiment, when the manageable area (company in charge, etc.) of the system account and system security administrator is restricted, the administrator's access to information outside the manageable area is restricted. , to provide a mechanism that allows the administrator to appropriately manage only the users of the area to which the administrator has access authority. That is, in the present embodiment, management by an administrator (dedicated administrator) who narrows the operable range is enabled.

As a result, for example, the following effects 1 to 3 are produced.
1. It is now possible to set (restrict) manageable areas (company, etc.) for system account and system security administrators.
2. The administrator whose manageable area is limited can only set access rights for his own area.
3. When a user account can log in to multiple areas, a mechanism has been implemented that allows the same account to be shared only among administrators of the multiple areas.
Specific configurations and operations will be described below.

[2. Constitution]
The configuration of the job sharing permission device 100 according to this embodiment will be described with reference to FIG. FIG. 1 is a block diagram showing an example of the configuration of the job sharing permission device 100. As shown in FIG.

The job sharing permission device 100 is a commercially available desktop personal computer. Note that the job sharing permission apparatus 100 is not limited to a stationary information processing apparatus such as a desktop personal computer. type information processing device.

The job sharing permission device 100 includes a control unit 102, a communication interface unit 104, a storage unit 106, and an input/output interface unit 108, as shown in FIG. Each unit included in job sharing permission apparatus 100 is communicably connected via an arbitrary communication path.

The communication interface unit 104 communicatively connects the job sharing permission apparatus 100 to the network 300 via a communication device such as a router and a wired or wireless communication line such as a dedicated line. The communication interface unit 104 has a function of communicating data with another device via a communication line. Here, the network 300 has a function of connecting the job sharing permission apparatus 100 and the server 200 so that they can communicate with each other, and is, for example, the Internet or a LAN (Local Area Network). Note that data stored in the storage unit 106 to be described later may be stored in the server 200 .

An input device 112 and an output device 114 are connected to the input/output interface section 108 . The output device 114 can be a monitor (including a home television), a speaker, or a printer. The input device 112 can be a keyboard, a mouse, a microphone, or a monitor that cooperates with the mouse to provide a pointing device function. In the following description, the output device 114 may be referred to as the monitor 114 as a display unit, and the input device 112 may be referred to as the keyboard 112 or the mouse 112 .

The storage unit 106 stores various databases, tables, files, and the like. The storage unit 106 stores a computer program for performing various processes by giving commands to a CPU (Central Processing Unit) in cooperation with an OS (Operating System). As the storage unit 106, for example, memory devices such as RAM (Random Access Memory) and ROM (Read Only Memory), fixed disk devices such as hard disks, flexible disks, and optical disks can be used.

The storage unit 106 stores, for example, area information 106a, user information 106b, user group information 106c, user group affiliation information 106d, job information 106e, job group information 106f, job group affiliation information 106g, and area login information. It includes authority information 106h, job utilization authority information 106i, user shared information 106j, and intra-area business system information 106k.

In the following description of the area information 106a to the intra-area business system information 106k, expressions in parentheses are specific examples of each piece of information. Specific examples of identification information include, for example, area IDs and area names. The figure shows a specific example.

The area information 106a is a table for managing IDs and names identifying areas to be managed. The area information 106a includes, for example, area identification information (area ID and area name) for identifying an area, as shown in FIG. The area is not particularly limited, but includes, for example, a company and a group company that combines a plurality of companies. The area defined by area ID=0 is a special area for environment setting (system control setting and system security management). On the other hand, an area defined by area ID ≠ 0 is an area in which the environment setting is not performed and is an area to be managed.

The user information 106b is a table that manages IDs and names that uniquely identify users. As shown in FIG. 21, the user information 106b includes, for example, user identification information (user ID and user name) for identifying the user, area identification information (belonging area ID), password, and the like. As for the types of users, there are administrators (managing side) who mainly set and manage the system and operators (managed side) who perform only specific business jobs. Furthermore, as the types of managers, there are a general manager who can manage the entire area and a full-time manager who belongs to a specific area and can manage only the specific area (manager by area). For this reason, as the user identification information, for example, administrator identification information for identifying administrators (in FIG. 21, for example, Manager1, which is the user ID of the general administrator, and Area1Manager1, which is the user ID of the full-time administrator, etc. ) and operator identification information for identifying the operator (in FIG. 21, for example, Area1Operater1 which is the operator's user ID, etc.). A user defined by belonging area ID=<NULL> is a user who does not belong to any area and can refer to the entire system. On the other hand, a user defined by area ID≠<NULL> is an area-specific user belonging to a specific area.

The user group information 106c is a table that manages units for grouping users. As shown in FIG. 21, the user group information 106c includes, for example, user group identification information (user group ID and user group name) for identifying a user group, user group type and area identification information (belonging area ID), and the like. include. The user group types include "1: general administrator" which is a type corresponding to the user group of the general administrator, "2: area administrator" which is a type corresponding to the user group of the full-time administrator, and There is a type "3: general by area" corresponding to the operator's user group. A user group defined with belonging field=0 is a special group that can operate the environment setting field. On the other hand, a user group defined by belonging area ≠ 0 is a group by area belonging to the management area.

The user group belonging information 106d is a table for managing users belonging to user groups. The user group belonging information 106d includes, for example, user group identification information (user group ID), user identification information (user ID), etc., as shown in FIG. The administrator of the entire system, indicated by MA1 in FIG. An operator dedicated to each area indicated by MA3 in FIG. 21 belongs to a group of user group type "3: General by area". It is also possible for one user to belong to (concurrently serve) a plurality of user groups.

The job information 106e is a table for managing information on programs (jobs) to be executed. The job information 106e includes, for example, job identification information (job ID) for identifying a job, a job type, and the like, as shown in FIG. As for the job type, "1: General control" (indicated by MA4 in FIG. 22), which is a type corresponding to an important program that controls the core of the system (a program that can be operated only by the general administrator), "2: Security Management" (indicated by MA5 in FIG. 22), which is the type corresponding to the programs to be operated (programs that can only be operated by the general administrator and area-specific managers), and the type corresponding to the business programs used by general operators. "3: general by area" (indicated by MA6 in FIG. 22), etc. exist.

The job group information 106f is a table that manages units for grouping jobs. As shown in FIG. 22, the job group information 106f includes, for example, job group identification information (job group ID and job group name) for identifying a job group, job group type and area identification information (belonging area ID), and the like. include. A job group defined with belonging area=0 is a special group that can operate the environment setting area. On the other hand, a job group defined by belonging area ≠ 0 is a group by area belonging to the management area.

The job group belonging information 106g is a table for managing jobs belonging to a job group. The job group belonging information 106g includes, for example, job group identification information (job group ID), job identification information (job ID), etc., as shown in FIG. A job for system control indicated by MA7 in FIG. 22 belongs to a group of job group type "1: General control", and a job for security management indicated by MA8 in FIG. 22 belongs to a group of job group type "2: Security management". Each area-specific general job indicated by MA9 in FIG. 22 belongs to the group of job group type "3: area-specific general".

The area login authority information 106h is a table for managing which area each user group can operate (login to which area). The area login authority information 106h includes, for example, area identification information (area ID and area name), user group identification information (user group ID), etc., as shown in FIG. As indicated by MA10 in FIG. 23, the general administrator and full-time administrator can operate the environment setting area. On the other hand, as indicated by MA11 in FIG. 23, the operator of each area can operate only the area that he/she is allowed to operate.

The job use authority information 106i is a table for managing which job group in which area each user group can operate (start). As shown in FIG. 23, the job use authority information 106i includes, for example, area identification information (area ID and area name), user group identification information (user group ID), job group identification information (job group ID), and the like. As shown by MA12 in FIG. 23, the general administrator can perform operations related to overall control and security management, and as shown by MA13 in FIG. 23, the area-specific administrators can perform operations related to security management. On the other hand, as indicated by MA14 in FIG. 23, the operator of each area can operate only jobs belonging to the job group of each area.

The user shared information 106j is a table for managing settings for sharing users among administrators of multiple areas. As shown in FIG. 23, the user shared information 106j is, for example, information set by a former administrator who belongs to the original area, which is the area of the sharing source. Former operator identification information (user ID) for identifying the operator, destination area identification information (shared destination area ID) for identifying the destination area that is the shared destination, administrator belonging to the destination area of the former operator An incomplete classification (acceptance status = incomplete), which is a classification indicating that acceptance by a certain previous manager is incomplete, and a completion classification ( acceptance status = completed), etc. Details are described in [4. Specific example of processing], the previous manager can accept the former operator by updating the incomplete classification to the completed classification. An operator whose acceptance status is complete can be referred to by the manager of the shared destination area ID associated with the completion. On the other hand, an operator whose acceptance status is incomplete cannot be referenced by the administrator until the administrator of the shared destination area ID associated with the incomplete acceptance accepts the operator.

The intra-area business system information 106k is various business data for each area, and is a table for managing IDs for identifying areas to be managed and various attributes. The intra-area business system information 106k includes, for example, area identification information (area ID), etc., as shown in FIG. Note that the intra-area business system information 106k shown in FIG. 24 assumes general data to be managed, so it does not specify anything other than the area ID.

The control unit 102 is a CPU or the like that controls the job sharing permission apparatus 100 in an integrated manner. The control unit 102 has an internal memory for storing a control program such as an OS, a program defining various processing procedures, required data, and the like, and performs various information processing based on these stored programs. Run.

Functionally, the control unit 102 can, for example, (1) transfer the former operator set by the former administrator who belongs to the former area to the previous administrator who belongs to the previous area; (2) the sharing permitting unit 102a as a sharing permitting means for permitting the sharing of the job in the destination area by the former operator; (3) user group identification information linked to the destination area identification information obtained by the destination area obtaining unit by referring to the user group information; and (4) the user group identification information obtained by the first user group obtaining means and the former operator identification information included in the user shared information. in the user group affiliation information; a second user group acquisition unit 102b as a user group acquisition unit; a job group acquisition unit 102c as a job group acquisition unit to be acquired; (8) a setting control unit 102e as setting control means for controlling setting and cancellation of setting of the former operator by the former administrator; and (9) with reference to the user information. , a first administrator area acquisition unit 102e1 as first administrator area acquisition means for acquiring area identification information associated with the input administrator identification information; (11) the area identification information obtained by the first administrator area obtaining means; (12) the above (13) area identification information associated with the input administrator identification information by referring to the user information; (14) the area identification information obtained by the second administrator area obtaining means and the area identification information set by the former administrator; and an acceptance determination unit 102f2 as acceptance determination means for determining whether or not the destination area identification information included in the user shared information is the same. Details of the processing executed by each unit are described in [4. Specific example of processing].

[3. Overview of processing]
An overview of the processing according to the present embodiment will be described below. In this section, first, the mode of security management will be explained, then the outline of the job sharing operation will be explained, and finally, the company-specific security reflection will be explained.

[3-1. Mode of Security Management]
In this section, aspects of security management will be described with reference to FIGS. 3 to 11. FIG.

First, three types of users (company-wide users, full-time users, and part-time users) appearing in FIG. 4 and subsequent figures will be described with reference to FIG. As for user classification, the aforementioned [2. Configuration], there is a classification that focuses on one's own role (classification into system administrator who manages and operator who is managed), but there is a range of areas (company) that can be operated There is also a classification that we paid attention to. Specifically, as shown in Figure 3, users are divided into users who have access rights to the entire system (company-wide users), users who have access rights to only one specific company (dedicated users), and users who have access rights to multiple specific companies. users (concurrent users) who have access rights to

Next, the state of conventional security management (the state in which there is no full-time administrator) will be described with reference to FIG. As shown in FIG. 4, conventionally, both the company-specific administrator function (the function of establishing a full-time administrator who can access only a specific company) and the inter-company user sharing function (the function of sharing operators between companies) are disabled. Met. In addition, conventionally, the mode of security management has been the operation of 1 to 3 below.
1. System administrators could manage security for the entire system.
2. System administrators had the authority to refer to and update company settings on the configuration menu, even when the roles of personnel in charge were divided by company.
3. The system administrator could give the business operator the right to log in to one company or any number of companies as needed.

Next, as a first example of a security management mode (a mode in which a full-time administrator exists) in this embodiment, regarding a mode of security management for an organization having an ASP type configuration (perfectly vertically divided management by company), Description will be made with reference to FIGS. 5 and 6. FIG. In this mode, the company-specific administrator function is enabled (the company-specific administrator is independent), and the inter-company user sharing function is disabled (there is no sharing of users between companies). In addition, in this mode, the mode of security management shall be the operation of 1 to 9 below. The arrows in FIG. 5 indicate the presence or absence of a controlling relationship between companies, the vertical arrows in FIG. 6 indicate the operable range of the manager, and the horizontal arrows in FIG. indicate the range.
1. A system administrator who maintains the environment can manage security for the entire system.
2. There is no business connection between the asset management companies (if a group company falls under this form, consolidated accounting may be used, but even in that case the consolidated company is independent).
3. Each company's security administrator (ie, dedicated administrator) can manage security for their own company only.
4. Business operators of each company can log in only to their own company.
5. There are no concurrent security administrators and business operators who operate across companies.
6. The relationship between the security administrator and the company subject to security setting is 1:1.
7. The relationship between the business operator and the company to which the business operator can log in is assumed to be 1:1.
8. If there is an exceptional security administrator who can manage multiple companies, separate IDs for each company should be prepared and used accordingly.
9. In the event that an operator is transferred or seconded between holding companies or affiliated companies, the security management described in the following paragraph will be used.

Next, as a second example of security management in this embodiment (with a full-time administrator), security management for an organization with a parent company-subsidiary structure (management by a business holding company, etc.) , with reference to FIGS. 7 and 8. FIG. In this mode, the company-specific administrator function is enabled (the company-specific administrator is independent), and the inter-company user sharing function is disabled (there is no sharing of users between companies). In addition, in this mode, the mode of security management shall be the operation of 1 to 9 below. The arrows in FIG. 7 indicate the presence or absence of a controlling relationship between companies, the vertical arrows in FIG. 8 indicate the operable range of the administrator, and the horizontal arrows in FIG. indicate the range.
1. The system administrators who maintain the environment are employees of the parent company and can manage the security of the entire system.
2. In this mode, since the parent company has a controlling relationship with the subsidiary, the parent company employee may have the business approval authority of the subsidiary.
3. Subsidiary security administrators can only manage security for their own company.
4. Subsidiary business operators can log in only to their own company.
5. Concurrent security administrators and business operators who operate across companies are employees of the parent company and have company-wide authority.
6. The relationship between the security manager of the parent company (parent company system manager in FIG. 8) and the company subject to security setting is 1: ALL.
7. The relationship between the business operator of the parent company (company-wide concurrent operator in FIG. 8) and the companies to which the business operator can log in is assumed to be 1:ALL.
8. The relationship between the subsidiary's security administrator (dedicated administrator in FIG. 8) and the security setting target company is assumed to be 1:1.
9. The relationship between the business operator of the subsidiary (dedicated operator in FIG. 8) and the company to which the business operator can log in is assumed to be 1:1.

Next, as a third example of the mode of security management in this embodiment (mode where a full-time manager exists), security management for an organization with a parent company-subsidiary-subsidiary structure structure (when there is an intermediate holding company) management) will be described with reference to FIG. In this mode, the company-specific administrator function is enabled, and the inter-company user sharing function is also enabled (that is, company-specific administrators cooperate with each other and user sharing occurs). In addition, in this mode, the following 1 to 13 are used as the mode of security management. The arrows in FIG. 9 indicate whether or not there is a controlling relationship between companies.
1. Parent company system administrators are employees of the parent company and can manage the security of their own company and its direct subsidiaries.
2. In this mode, since the parent company has a controlling relationship with the subsidiary, the parent company employee may have the business approval authority of the subsidiary.
3. The subsidiary system administrator is an employee of the subsidiary and can manage the security of the company and sub-subsidiaries under management.
4. In this mode, since the subsidiary has a controlling relationship with the sub-subsidiary, the employee of the subsidiary may have the business approval authority of the sub-subsidiary.
5. Sub-company security administrators can only manage security for their own company.
6. Business operators of sub-subsidiaries can only log in to their own company.
7. Only the security administrator for environment maintenance has the authority to perform operations across companies, and this is not used in actual operations.
8. The relationship between the security manager of the parent company (manager of company A in FIG. 9) and the security setting target company is assumed to be 1:m (m is a natural number).
9. The relationship between business operators of the parent company (operators of company A in FIG. 9) and companies to which the business operators can log in is assumed to be 1:m (m is a natural number).
10. The relationship between the subsidiary's security administrator (the administrator of Company C in FIG. 9) and the security setting target company is assumed to be 1:n (n is a natural number).
11. The relationship between business operators of subsidiaries (operators of company C in FIG. 9) and companies to which the business operators can log in is assumed to be 1:n (n is a natural number).
12. The relationship between the security administrators of the sub-subsidiaries (administrators of Company D and Company E in FIG. 9) and the company subject to security setting is assumed to be 1:1.
13. The relationship between business operators of sub-subsidiaries (operators of companies D and E in FIG. 9) and companies to which the business operators can log in is assumed to be 1:1.

Next, as a fourth example of security management in this embodiment (where there is a full-time administrator), security management for an organization in which multiple parent companies and subsidiaries coexist will be described with reference to FIG. explain. In this mode, the company-specific administrator function is enabled, and the inter-company user sharing function is also enabled (that is, company-specific administrators cooperate with each other and user sharing occurs). In addition, in this mode, the mode of security management shall be the operation of 1 to 5 below. The arrows in FIG. 10 indicate whether or not there is a controlling relationship between companies.
1. Parent company system administrators are employees of the parent company and can manage the security of their own company and its direct subsidiaries.
2. In this mode, since the parent company has a controlling relationship with the subsidiary, the parent company employee may have the business approval authority of the subsidiary.
3. Subsidiary security administrators can only manage security for their own company.
4. Subsidiary business operators can log in only to their own company.
5. Security administrators do not have security management authority, and operators do not have login authority within the scope of straddling companies affiliated with different parent companies.

Here, in the third example and the fourth example, the procedure for setting a concurrent operator who can operate jobs of a plurality of companies (that is, the procedure for sharing jobs) will be described with reference to FIG. . The vertical arrows in FIG. 11 indicate the operable range of the administrator, and the horizontal arrows in FIG. 11 indicate the operable range of the operator. In addition, in the present embodiment, administrators (concurrent administrators) who can set security for a plurality of specific companies are not set. This is because even the administrator of the parent company does not fully understand the security group configuration and user configuration of the subsidiary company. This is because the authority is too loose.

Concurrent operators are set according to the following procedures 1 to 3. For example, if you want an operator who belongs to company A in FIG.
1. First, as indicated by the arrow (1) in FIG. 11, the full-time manager of company A creates a full-time operator for company A.
2. Next, as indicated by the arrow (2) in FIG. 11, the full-time manager of company A discloses the created full-time operator of company A to company B.
3. Finally, as indicated by the arrow (3) in FIG. 11, the full-time manager of company B determines whether the disclosed full-time operator of company A can be accepted. As a result, a full-time operator belonging to A company becomes a concurrent operator belonging to both A company and B company.
Although the detailed explanation is omitted, as shown in FIG. 11, setting a full-time operator belonging to Company C to concurrently serve as both Company D and Company E can be done in the same procedure as 1 to 3 above. can be done.

[3-2. Overview of Job Sharing Operation]
In this item, an outline of the job sharing operation will be described with reference to FIGS. 12 to 15. FIG.

First, the meanings of terms used in tables (A) to (J) of FIG. 12 will be explained. The affiliated company number is a company number that indicates that the company is exclusive to a specific company. and can only handle groups. The public company number is the company number to which the user is to be disclosed when maintenance is permitted to administrators of companies other than the user's affiliated company number, and multiple public company numbers can be specified. is possible. The disclosure acceptance state turns ON (completed) when the system administrator of the disclosure destination company accepts the user having the disclosure destination company No. As a result, the user can use the disclosure destination company's job.

Procedures until job sharing is performed will be described with reference to tables (A) to (J) in FIG.

First, as shown in table (A) of FIG. 12, a system administrator who has full authority and does not have an affiliated company NO attribute can refer to and update all objects (targets) as in the past. Company NO attribute can be viewed and set. In addition, the system administrator who has full authority can give the user only one affiliated company number, which means that the user belongs to a specific company. For example, in the table (B) of FIG. 12, the system administrator with full authority creates a full-time administrator for company 100 by giving a certain user company No. 100, and also gives another user A full-time manager of company 200 is created by giving company No. 200 to which he belongs.

Users and groups created by an administrator given a company number automatically take over the company number of the administrator who is the creator, and can only perform security management and jobs in the company of the company number. . For example, an administrator (shown in table (C) of FIG. 12) given a company No. 100 to belong to can create company 100 administrator 2 and company 100 operator. The company 100 operator automatically takes over the affiliated company No. 100 as shown in table (D) in FIG. As a result, the company 100 administrator 2 can only manage the security of the company belonging to the company No. 100, and the company 100 operator can only carry out the jobs of the company belonging to the company No. 100. Become. Since this is similar to this, detailed description is omitted, but as shown in Tables (E) and (F) of FIG. 200 operators can be created.

An administrator given an affiliated company number can assign a public company number to an operator having the same affiliated company number. For example, when a company 100 administrator who has affiliated company No. 100 wants to disclose company 100 operators who have affiliated company No. 100 to companies 200 and 300, the company 100 administrator requests company 100 operators in table (G) of FIG. On the other hand, public company No. 200 and public company No. 300 are assigned to create table (H) in FIG. Unless the disclosure acceptance status in table (H) of FIG. 12 changes from "uncompleted" to "completed", that is, the operator having the public company number is not validated by the acceptance by the manager having the company number of the disclosure destination. As long as the disclosure destination manager cannot refer to the operator having the disclosure company number.

An administrator who has an affiliated company number of a disclosure destination can accept an operator disclosed to his/her own company from another company and complete the disclosure acceptance state. For example, when a company 200 administrator (shown in table (I) in FIG. 12) who has a company No. 200 to which he belongs wants to accept a company 100 operator that is open to the company 200, which is his own company, from the company 100, As shown in table (J) of FIG. 12, the public acceptance status of public company NO200 of company 100 operator can be updated from "unfinished" to "completed".

In this way, the company 100 operator who belongs to the company 100 can perform not only the jobs of the company 100 but also the jobs of the company 200, thus completing the job sharing.

As described above in this item [3-2], the operation contents that can be performed by the system administrator (general administrator) who has no affiliated company NO attribute and the system administrator (dedicated administrator) who has affiliated company NO attribute FIG. 13 shows an image diagram summarizing the range of operations. Note that the following points 1 to 4 exist for the operations performed by the general administrator and full-time administrator.

1. When assigning an administrator who can set security for each company, the timing of reflecting the setting results also differs for each company. The method of reflecting security for each company will be described in detail in item [3-3] below.
2. A system administrator (general administrator) can perform all operations. If the administrator (dedicated administrator) of the company 100 cannot refer to the authority settings for the company 100 that he or she has made for the company 100, as well as the authority settings that the system administrator (general administrator) has made for the company 100, can't see A manager (full-time manager) of the company 100 needs to be able to operate the configuration menu so that he can increase the number of managers of the same company 100 by himself. It is necessary to clarify the operations that can be performed by each company's administrator in the configuration menu.
3. The table in FIG. 14 shows an implementation plan for auditing and usage management jobs.
4. When searching for user information in a business job, it is possible to take security into consideration by narrowing down the search to only users who have login authority for the operating company. FIG. 15 shows an image diagram of a reference range when executing a user search for a business job.

[3-3. Reflect security by company]
In this item, a method of reflecting security by company will be described with reference to FIGS. 16 to 19. FIG.

In order to manage the security setting information in chronological order and switch the security to be applied according to the login timing, the security setting information and security reflection information tables should be separated, and the security reflection processing should reflect the settings in the actual environment. I had a request. However, conventionally, when group companies transfer security authority settings to dedicated administrators in each company, it is difficult to adjust the timing of reflecting security collectively. In addition, it should be avoided that unrelated other companies are reflected at the timing when the administrator of each company reflects the security.

Therefore, in the present embodiment, a company-specific security reflection function is realized in order to meet the requirement that a full-time administrator of each company wants to reflect only the setting contents of his/her own company after setting security. FIG. 16 shows a security determination target table.

An outline of the company-specific security reflection function is as shown in 1 to 5 below.
1. Data with the same security version must be generated in all import tables.
2. When the full-time administrator reflects security, follow the steps 3 and 4 below for each table reflection.
3. The full-time administrator's company security information generates a new version of the reflection data from the setting data.
4. For the security information of companies other than the full-time manager's company, the new version of the reflection data is copied from the previous version of the reflection data.
5. The above 3 to 4 should not be executed simultaneously in each company, and job exclusive control is required in the entire system.

17 to 19 show specific processing images when the company-specific security reflection function is executed. As a premise of the processing, it is assumed that the full-time manager of company No.=100 performs the reflection processing. It is also assumed that the previous security version=N has already been reflected.

FIG. 17 is a diagram showing processing when the reflection source table (setting data) is user group affiliation information and the reflection destination table (reflection data) is user group affiliation reflection information. As shown in FIG. 17, in this case, the company to be reflected is determined based on the affiliated company number. As indicated by the straight arrows in FIG. 17, the own company is generated from the set data, and as indicated by the curved arrows in FIG. 17, the other companies are generated from the previous reflected data.

FIG. 18 is a diagram showing processing when the reflection source table (setting data) is area login authority information and the reflection destination table (reflection data) is area login authority reflection information. As shown in FIG. 18, in this case, the company to be reflected is determined by the key company number. As indicated by the straight arrows in FIG. 18, the own company is generated from the setting data, and the other companies are generated from the previous reflection data.

FIG. 19 is a diagram illustrating security version control. As shown in Figure 19, the security version is updated from N to N+1.

[4. Specific example of processing]
A specific example of the processing according to this embodiment will be described below. The processing according to the present embodiment can be broadly classified into data totalization and security setting, so the items will be described in this order below.

[4-1. Data aggregation]
First, the data aggregation performed to acquire jobs will be explained. Since data aggregation is performed in the order of login authentication, area login authority determination, and available job determination, the items will be described below in this order.

(1) Login Authentication First, login authentication to the system is performed. Specifically, as shown in FIG. 25, a user ID (Area1Operater1) and a password are entered. If the combination of the input user ID and password exists in the user information 106b (if the user ID and password match), login is permitted. On the other hand, if the combination of the entered user ID and password does not exist in the user information 106b (if the user ID and password do not match), the login is rejected, an error is displayed, and then the process ends. do.

(2) Area Login Authority Determination Next, areas to which area login authority is granted are displayed as a list as options according to the logged-in user. Specifically, first, as shown in FIG. 25, the user group affiliation information 106d is referenced, and the user group ID (Area1OperaterGroup1) associated with the user ID (Area1Operater1) input in (1) above is obtained. . Subsequently, as shown in FIG. 25, the area login authority information 106h is referenced to acquire the area ID (1) and area name (area 1) associated with the acquired user group ID (Area1OperaterGroup1). Is displayed. Note that there are the following points 1 to 3 to consider when determining the area login authority.

1. If the user only has realm login privileges in a single realm (e.g., as explained in the previous paragraph, he only has login privileges in Area 1), omitting the selection of the obtained realm ID. , can proceed to (3) below.
2. If the user has domain login authority for multiple areas (for example, if the user has login authority for areas 1 and 2), the acquired area IDs and area names are listed as options, and the selected area ID is the input information in (3) below.
3. If the user's login area does not exist, an error is displayed and the process ends.

(3) Determination of available jobs Finally, the login user ID entered in (1) above and the area ID selected in (2) above are entered, and a list of available jobs is displayed. Specifically, first, as shown in FIG. 26, the user group affiliation information 106d is referenced, and the user group ID (Area1OperatorGroup1) associated with the login user ID (Area1Oprerater1) input in (1) above is obtained. be. Subsequently, as shown in FIG. 26, with reference to the job use authority information 106i, the area ID 1 selected in (2) above and the user group ID Area1OperaterGroup1 acquired in item (3) are A linked job group ID (Area1JobGroup1) is acquired. Finally, as shown in FIG. 26, the job group affiliation information 106g is referenced to acquire the job IDs (business menu 1 and business menu 2) associated with the acquired job group ID (Area1JobGroup1). In this way, area-specific operators can use the task menu of the area to which they belong.

Here, when the login user ID entered in (1) above and the area ID acquired and selected in (2) above are not information on the operator but information on the general administrator and the full-time administrator, Describe what kind of jobs are acquired.

When the login user ID (Manager1) is entered as the information on the general manager, and the area ID (0) is acquired and selected, the left column of FIG. As shown in , system control jobs (area registration and job registration) and security management jobs (user registration, user group registration, user group affiliation registration, job group registration, job group affiliation registration, area login authority registration, job usage authority registration and user sharing settings) are acquired.

When the login user ID (Area1Manager1) is entered as the information on the full-time manager and the area ID (0) is acquired and selected, the middle row of FIG. , security management jobs (user registration, user group registration, user group affiliation registration, job group registration, job group affiliation registration, area login authority registration, job use authority registration, and user sharing setting) are acquired.

In this way, both the general administrator and the full-time administrator can manage security management jobs (user registration, user group registration, user group affiliation registration, job group registration, job group affiliation registration, area login authority registration, job use authority, etc.). registration and shared user settings) can be obtained and used, but the scope of possible security settings differs between a general administrator and a dedicated administrator. Therefore, the difference in the range in which security can be set will be described in detail in item [4-2] below.

[4-2. security settings]
Next, security settings performed by the general administrator and the dedicated administrator will be described.

(1) Common Actions In this section, common actions performed in any of the following (2) to (16) will be described. When a security setting-related job is activated, the belonging area ID is specified from the login user ID as an initial operation. Specifically, as shown in FIG. 28, referring to the user information 106b, the belonging area ID (NULL) associated with the user ID (Manager1) input by the system administrator (general administrator) who is the operator. is obtained, and the belonging area ID (3) associated with the user ID (Area3Manager1) input by the area manager (full-time manager) who is the operator is obtained. In the following, security setting control is performed using this identified belonging area ID (hereinafter referred to as "operator's belonging area ID").

(2) User registration (update, reference and deletion of existing users)
The settable range in user registration (updating, referring to, and deleting an existing user) is controlled as follows, depending on the relationship between the operator's belonging area ID, the belonging area ID in the user information 106b, and the user shared information 106j. .

The control when the operator's belonging area ID is NULL (when the operator is the general administrator) is as described in 1 and 2 below.
1. As shown in (A) of FIG. 29, in the user information 106b, reference and updating of information of all users is permitted regardless of the area ID to which they belong.
2. However, when an operation to change the belonging area ID in the user information 106b is performed, as shown in FIG. 29A, the user whose belonging area ID has been changed is deleted from the existing user group belonging information 106d. be done. This is because existing set authority information becomes invalid when the area ID to which the user belongs is changed.

Control when the operator's belonging area ID is 1 (when the operator is a full-time manager) is as follows 1 and 2.
1. About the information of the user having the same affiliation area ID of 1 as the operator in the user information 106b (users with the second to fourth circles from the top in the user information 106b of FIG. 29B) , read, update and delete are allowed. However, changing the belonging area ID in the user information 106b to another value is not permitted.
2. In the user information 106b, only reference is permitted to the information of the user whose belonging area ID is NULL (the first circled user from the top in the user information 106b of FIG. 29B).

Control when the operator's belonging area ID is 2 (when the operator is a full-time manager) is as follows 1 to 3.
1. Regarding the information of the user who has the same affiliation area ID 2 as the operator in the user information 106b (users marked by the second and third circles from the top in the user information 106b in (C) of FIG. 29) , are allowed to read and update. However, changing the belonging area ID in the user information 106b to another value is not permitted.
2. In the user information 106b, only reference is permitted to the information of the user whose belonging area ID is NULL (the first circled user from the top in the user information 106b in (C) of FIG. 29).
3. The user information 106b has an affiliation area ID different from that of the operator. is "Complete" (users marked with a circle in the user shared information 106j of FIG. 29C) are only allowed to be referred to.

(3) User registration (addition of new users)
The settable range in user registration (addition of a new user) is controlled as follows according to the area ID of the operator's affiliation.

When the operator's belonging area ID is NULL (when the operator is the general administrator), as shown in FIG. and specific numerical values are permitted to be registered.

If the operator's belonging area ID is other than NULL (if the operator is a full-time administrator), for example, if it is 1, as shown in FIG. is not allowed to select the affiliation area ID of , and 1, which is the same affiliation area ID as that of the operator, is automatically assigned. With this control, the full-time administrator of each area can unconsciously increase the number of users in the same area when registering new users.

(4) User group registration (update, reference and deletion)
The settable range in user group registration (update, reference and deletion) is controlled as follows according to the relationship between the operator's belonging area ID and the user group information 106c.

If the area ID to which the operator belongs is NULL (if the operator is a general administrator), as shown in FIG. Viewing and updating of group information is permitted. However, changing the belonging region ID in the user group information 106c to another value is not permitted.

If the operator's belonging area ID is other than NULL (if the operator is a full-time administrator), for example, if it is 1, as indicated by a circle in FIG. Reference, update, and deletion are permitted only for the information of the user group that has the same affiliation area ID 1 as that of the operator. However, changing the belonging region ID in the user group information 106c to another value is not permitted. It should be noted that the same control as in this paragraph is performed when the operator's belonging region ID is 2 or 3.

(5) User group registration (new addition)
The settable range in user group registration (new addition) is controlled as follows according to the region ID to which the operator belongs.

If the operator's affiliation area ID is NULL (if the operator is the general administrator), as shown in FIG. It is allowed to select and register a Region ID. However, the following combinations of 1 and 2 shall not be specified.
1. Combination of user group type=3 and belonging area ID=NULL2. Combination of user group type ≠ 3 and belonging area ID ≠ NULL

If the operator's belonging area ID is other than NULL (if the operator is a full-time administrator), for example, if it is 1, as shown in FIG. It is not allowed to select the type and belonging area ID of the new user group, and type=3 and 1, which is the same belonging area ID as the operator, are automatically assigned. With this control, the full-time administrator of each area can unconsciously increase the number of user groups in the same area when registering a new user group. It should be noted that the same control as in this paragraph is performed when the operator's belonging region ID is 2 or 3.

(6) User group affiliation registration (reference, deletion and addition)
The settable range in user group affiliation registration (reference, deletion and addition) is controlled as follows.

If the operator's affiliation area ID is NULL (if the operator is the general administrator), as shown in FIG. Additions are allowed. However, as an exception, among the combinations of user groups and users, the following combinations are not allowed to operate.
A user group whose user group type is "3: general by area", and
"user's belonging area ID ≠ NULL, user group belonging area ID ≠ user's belonging area ID, and "user group belonging area ID = shared destination area ID of user shared information 106j does not exist. or, the user of "acceptance status in user shared information 106j is incomplete"

If the operator's affiliation area ID is other than NULL (if the operator is a full-time administrator), for example, if it is 2, as shown in FIG. Referencing and deletion of information on user groups and users that have the same affiliation area as is permitted. However, the following operations are permitted as exceptions in cases where 1 and 2 below apply.
1. For subordinates of a user group whose user group type is "2: area manager" (circled AreaManagerGroup in FIG. 33), a user having the same belonging area ID 2 as the operator (circled in FIG. 33) Mark Area2Manager1) is allowed to be referenced, deleted and added. This control allows administrators to add and delete administrators in the same area as the operator himself.
2. For users under a user group whose user group type is "3: general by area" and has the same affiliation area ID as the operator himself (Area2OperaterGroup2 circled in FIG. (Manager1 circled in FIG. 33)” or “A user who has the same shared destination area ID as the operator's belonging area ID in the user shared information 106j and whose acceptance status is completed (Area1Operater1 circled in FIG. 33) ] is allowed to refer to, delete and add. With this control, a user shared by an administrator of another area can be added to or deleted from the user group of the area to which the operator belongs.

(7) Job group registration (update, reference and delete)
The settable range in job group registration (update, reference and deletion) is controlled as follows according to the relationship between the operator's belonging area ID and the job group information 106f.

When the operator's area ID is NULL (when the operator is the general administrator), as shown in FIG. 34A, in the job group information 106f, all jobs Viewing and updating of group information is permitted. However, changing the belonging area ID in the job group information 106f to another value is not permitted.

If the operator's belonging area ID is other than NULL (if the operator is a full-time manager), for example, if it is 1, the job group information 106f, as indicated by a circle in FIG. Reference, update, and deletion are permitted only for the information of the job group having the same belonging area ID of 1 as that of the operator. However, changing the belonging area ID in the job group information 106f to another value is not permitted. It should be noted that the same control as in this paragraph is performed when the operator's belonging region ID is 2 or 3.

(8) Job group registration (new addition)
The settable range in job group registration (new addition) is controlled as follows according to the area ID to which the operator belongs.

When the operator's belonging area ID is NULL (when the operator is the general administrator), as shown in FIG. It is allowed to select and register a Region ID. However, the following combinations of 1 and 2 shall not be specified.
1. A combination of job group type=3 and belonging area ID=NULL2. Combination of job group type ≠ 3 and belonging area ID ≠ NULL

If the operator's belonging area ID is other than NULL (if the operator is a full-time manager), for example, if it is 1, as shown in FIG. It is not allowed to select the type and belonging area ID of the new job group, and type=3 and 1, which is the same belonging area ID as that of the operator, are automatically assigned. With this control, the full-time manager of each area can unconsciously increase the number of job groups in the same area when registering a new job group. It should be noted that the same control as in this paragraph is performed when the operator's belonging region ID is 2 or 3.

(9) Job group affiliation registration (reference, deletion and addition)
The settable range in job group affiliation registration (reference, deletion and addition) is controlled as follows.

If the operator's affiliation area ID is NULL (if the operator is the general administrator), all information in the job group affiliation information 106g can be referenced, deleted, and deleted as shown in FIG. Additions are allowed. However, as an exception, among the combinations of job groups and jobs, the following combinations are not allowed to operate.
Job group type ≠ Job type combination

If the operator's belonging area ID is other than NULL (if the operator is a full-time manager), for example, if it is 2, as shown in FIG. Setting of a job group with the same belonging area ID (Area2JobGroup1 circled in FIG. 36) and a job with job type=3 (work menu 1, work menu 2, and work menu 3 circled in FIG. 36) is permitted. . With this control, the security management group for the operator's own work menu can be arbitrarily rearranged at the discretion of the area manager (dedicated manager).

(10) Login authority setting by area (reference, deletion and addition)
The settable range in the area-specific login authority setting (reference, deletion, and addition) is controlled by the area ID to which the operator belongs as follows.

If the area ID to which the operator belongs is NULL (if the operator is a general administrator), as shown in FIG. be. Note that the area IDs to be linked are limited to areas that are the same as the user group's belonging area ID.

If the area ID to which the operator belongs is other than NULL (if the operator is a full-time administrator), for example, if it is 1, the area login authority information 106h is shown enclosed in a square in FIG. 37(B). , the operation is permitted only for the information of the user group having the same belonging area ID of 1 as the operator. With this control, it is possible to appropriately manage only the login authority of the operator's domain.

(11) Job use authority registration (reference, deletion and addition)
The settable range in job use authorization registration (reference, deletion, and addition) is controlled as follows according to the area ID to which the operator belongs.

When the operator's belonging area ID is NULL (when the operator is the general administrator), as shown in FIG. be. Note that the associated area IDs are limited to areas that are the same as the belonging area IDs of the user group and the job group.

If the operator's affiliation area ID is other than NULL (if the operator is a full-time manager), for example, if it is 1, the job use authority information 106i is shown enclosed in a square in FIG. 38(B). , operation is permitted only for the information of the user group and job group having the same belonging area ID of 1 as that of the operator. With this control, it is possible to appropriately manage only the job utilization authority of the operator's domain. Note that the associated area IDs are limited to areas that are the same as the belonging area IDs of the user group and the job group.

(12) to (16) Job Sharing In the following items (12) to (16), job sharing between areas will be described in detail with reference to FIGS. As an overview of the job sharing process, the sharing permission unit 102a is the former administrator who belongs to the original area, which is the area of the sharing source (in FIGS. 39 to 43, the administrator of the area with area ID=1). 39 to 43, the former operator who belongs to the original area set by If accepted by the manager (in FIGS. 39 to 43, the manager of the area with the area ID=2), the former operator is permitted to share the job in the destination area.

(12) User shared settings (shared)
The settable range in the user shared setting (shared) is controlled as follows according to the area ID to which the operator belongs.

Control when the operator's belonging area ID is NULL (when the operator is the general administrator) is as follows 1 to 4.
1. As shown in the user information 106b in (A) of FIG. 39, a user whose belonging area ID=NULL can be referred to by all administrators without being shared, and is excluded from sharing settings. In other words, only users whose domain ID is not NULL are subject to shared settings.
2. As shown in (A) of FIG. 39, for a user set as a sharing target, it is necessary to set the belonging area ID in the user information 106b ≠ the sharing destination area ID in the user shared information 106j (combinations that can be shared are , area ID ≠ user's belonging area ID combination). For example, when setting NewUser1 (belonging area ID=1) in the user information 106b of FIG. It means not.
3. As shown in the user shared information 106j in (A) of FIG. 39, immediately after the user is set as a shared object, the acceptance status of the user becomes "incomplete".
4. As shown in the area information 106a in FIG. 39A, the sharable range is limited to area ID≠0. That is, in the user shared information 106j of (A) of FIG. 39, the shared destination area ID must be set to a value other than zero.

If the operator's belonging area ID is other than NULL (if the operator is a full-time administrator), for example, if it is 1, as shown in FIG. to control former operator settings. Specifically, 1 to 6 below.
1. As shown in FIG. 39B, the first administrator area acquisition unit 102e1 refers to the user information 106b and acquires the affiliation area ID associated with the input former administrator user ID. For example, when the user ID of the input former administrator is Area1Manager1, the belonging area ID acquired by the first administrator area acquisition unit 102e1 is the belonging area ID as shown in the user information 106b in FIG. ID=1.
2. As shown in (B) of FIG. 39, the operator area acquisition unit 102e2 refers to the user information 106b and acquires the belonging area ID associated with the user ID of the operator set by the former administrator. For example, when the user ID of the set operator is NewUser1, the belonging area ID acquired by the operator area acquiring unit 102e2 is the belonging area ID=1 as shown in the user information 106b in FIG. 39B. . On the other hand, for example, when the set user ID of the operator is Area2Operater1, the affiliated area ID obtained by the operator area acquisition unit 102e2 is assigned area ID=2, as shown in the user information 106b in FIG. is.
3. The setting determination unit 102e3 determines whether the belonging area ID acquired by the first administrator area acquiring unit 102e1 described in 1 above is the same as the belonging area ID acquired by the operator area acquiring unit 102e2 described in 2 above. determine whether For example, as described in 1 and 2 above, when the input former administrator's user ID is Area1Manager1 and the set operator's user ID is NewUser1, the first administrator area acquisition unit 102e1 acquires Since the belonging area ID is 1 and the belonging area ID acquired by the operator area acquisition unit 102e2 is also 1, the setting determination unit 102e3 determines that "they are the same." determined to be a target). On the other hand, as described in 1 and 2 above, when the input former administrator's user ID is Area1Manager1 and the set operator's user ID is Area2Operater1, the first administrator area acquisition unit 102e1 is 1, and the operator area acquisition unit 102e2 acquires an affiliation area ID of 2. Therefore, the setting determination unit 102e3 determines that "they are not the same" (that is, the set operator shares determine that it is not a configurable target). If "not the same", the setting determination unit 102e3 may notify the former administrator who is performing the operation of "not the same" by, for example, displaying an error or the like. In this way, by providing the setting control unit 102e in the job sharing permission apparatus 100 according to the present embodiment, the former administrator who is the operator can only assign users having the same belonging area ID as the former administrator to another user. Can be set as a shared target for the area. As a result, the user of the operator's area can be shared with the administrator of another area.
4. As in item 2 when the area ID to which the operator belongs is NULL, for the user set as the sharing target, the area ID to which the user belongs in the user information 106b is not equal to the shared destination area ID in the user shared information 106j. not.
5. Similar to item 3 when the operator's belonging area ID is NULL, immediately after setting the user as a sharing target, the acceptance status for the user becomes "incomplete".
6. As indicated by circles in the area information 106a in FIG. 39B, the range that can be shared is limited to area ID ≠ 0 and area ID ≠ operator's belonging area ID. That is, in the user shared information 106j of FIG. 39B, the shared destination area ID must be set to a value other than 0 and 1.

(13) User sharing setting (unsharing)
The user sharing setting (unsharing) is a function used when the manager of the sharing side (source area side) cancels the sharing with respect to the manager of another area (destination area). The settable range in the user sharing setting (unsharing) is controlled as follows according to the region ID to which the operator belongs.

The control when the operator's belonging area ID is NULL (when the operator is the general administrator) is as described in 1 and 2 below.
1. As shown in the user shared information 106j of FIG. 40A, as a result of the operation of deleting sharing, the user is deleted from the user shared information 106j.
2. When sharing is canceled for a user whose acceptance status is complete, the user ID of the user is extracted from the user group affiliation information 106d of FIG. The user group ID associated with the same belonging area ID is deleted. This is because it is necessary to revoke the login authority and the job utilization authority for the other area (destination area) when the sharing is cancelled.

If the operator's belonging area ID is other than NULL (if the operator is a full-time administrator), for example, if it is 1, as shown in FIG. Controls the unsetting of former operators by . The specific control method for canceling the setting is the same as items 1 to 3 when the operator's belonging region ID is other than NULL in (12) above, so the explanation is omitted. As shown in B), when the affiliated area ID associated with Area1Manager1, which is the user ID of the former administrator, is 1, and the affiliated area ID associated with Area1Operater1, which is the user ID of the set operator, is also 1, the setting The determining unit 102e3 determines that they are "same" (that is, determines that the set operator can be set to cancel sharing). In this way, by providing the setting control unit 102e in the job sharing permission apparatus 100 according to the present embodiment, the former administrator who is the operator can share only the users having the same affiliation area ID as the former administrator. can be released. Note that the method of deleting the user group ID and user ID from the user group affiliation information 106d of FIG. Description is omitted.

(14) User sharing setting (sharing acceptance)
The settable range in the user shared settings (shared acceptance) is controlled as follows according to the region ID to which the operator belongs.

If the operator's affiliation area ID is NULL (if the operator is the general administrator), as shown in FIG. is allowed to be changed to "Done".

If the operator's belonging area ID is other than NULL (if the operator is a full-time manager), for example, if it is 2, as shown in FIG. controls the acceptance of ex-operators by Specifically, 1 and 2 below.
1. The second administrator area acquisition unit 102f1 refers to the user information 106b and acquires the affiliation area ID associated with the input previous administrator's user ID. For example, if the input previous administrator's user ID is Area2Manager1, the second administrator area acquisition unit 102f1 acquires the belonging area ID=2 by the method shown in FIG.
2. The acceptance determination unit 102f2 acquires the belonging area ID acquired by the second administrator area acquisition unit 102f1 described in 1 above, the shared destination area ID included in the user information shared information 106j set by the former administrator, are the same. For example, when the shared destination area ID set for Area1Operater1 by the former administrator is 2, the acceptance determination unit 102f2 determines that it is “same” (that is, the set operator can set sharing acceptance). determined to be). On the other hand, if the shared destination area ID set for Area1Operater1 by the former administrator is 3, the acceptance determination unit 102f2 determines that it is "not the same" (that is, the set operator has shared acceptance setting determined not to be a possible target). In the case of "not the same", the acceptance determination unit 102f2 may notify the previous administrator who is performing the operation of "not the same" by, for example, displaying an error or the like. In this way, by providing the acceptance control unit 102f in the job sharing permission apparatus 100 according to the present embodiment, the previous administrator who is the operator has the same shared destination area ID as the previous administrator's belonging area ID. For users only, the acceptance status "incomplete" can be changed to "completed" for shared acceptance.

Here, when the acceptance status in the user shared information 106j is changed from "incomplete" to "completed", how is the status created so that the operator in the source area can use the job in the destination area? and how the operator of the source area can acquire the job of the destination area after the ready state is created, items (14-1) and ( 14-2).

(14-1) Creating a state in which the operator in the source area can use the job in the destination area First, how to create a state in which the operator in the source area 1 can use the job in the destination area 2 I will explain in detail.

First, the destination area obtaining unit 102a1 refers to the user shared information 106j and obtains a shared destination area ID having a completed section. For example, when the user shared information 106j is as shown in FIG. 41B, the destination area acquisition unit 102a1 sets the shared destination area ID of Area1Operater1=2, the shared destination area of Area1Operator1 Acquire area ID=3 and NewUser1's shared destination area ID=2. However, in the following description, for convenience of explanation, it is assumed that only the sharing destination area ID=2 of Area1Operater1 is acquired.

Next, the first user group acquisition unit 102a2 acquires a user group ID associated with the shared destination area ID acquired by the destination area acquisition unit 102a1 by referring to the user group information 106c. For example, when the data configuration of the user group information 106c is as shown in FIG. 21 and the shared destination area ID obtained by the destination area obtaining unit 102a1 is the shared destination area ID of Area1Operater1=2, the first user group obtaining unit 102a2 acquires Area2OperaterGroup2 as a user group ID associated with ID=2, as shown in FIG.

Finally, the storage unit 102a3 stores the user group ID (Area2OperaterGroup2) acquired by the first user group acquisition unit 102a2 and the user ID (Area1Operater1) included in the user shared information 106j in the user group belonging information 106d. .

In this way, the information "Area1Operater1 belonging to the original area 1 also belongs to Area2OperaterGroup2 (the destination area 2)" is stored in the user group belonging information 106d. A state is created in which the operator can use jobs in the destination area, Area2OperaterGroup2.

(14-2) Acquisition of Job in Previous Area by Operator of Original Area Next, how the operator of the original area 1 can acquire the job of the previous area 2 will be described in detail. It is assumed that the user group affiliation information 106d stores the user group ID (Area2OperaterGroup2) and the user ID (Area1Operater1) as described in (14-1) above.

First, the second user group acquisition unit 102b refers to the user group belonging information 106d to acquire a user group ID associated with the input former operator's user ID. For example, when the user ID of the input former operator is Area1Operater1, the second user group acquisition unit 102b acquires Area2OperaterGroup2 as a user group ID associated with the user group ID.

Next, the job group acquisition unit 102c acquires a job group ID associated with the user group ID acquired by the second user group acquisition unit 102b by referring to the job use authority information 106i. For example, when the data configuration of the job use authority information 106i is as shown in FIG. 26 and the user group ID acquired by the second user group acquisition unit 102b is Area2OperaterGroup2, the job group acquisition unit 102c acquires the user group ID and Acquire Area2JobGroup1 as the associated job group ID.

Finally, the job acquisition unit 102d refers to the job group affiliation information 106g to acquire a job ID associated with the job group ID acquired by the job group acquisition unit 102c. For example, when the data configuration of the job group belonging information 106g is as shown in FIG. 26 and the job group ID acquired by the job group acquisition unit 102c is Area2JobGroup1, the job acquisition unit 102d acquires the job associated with the job group ID. Acquire the job menu 2 as an ID.

In this way, Area1Operater1, which is the operator of the source area, can acquire Job Menu 2, which is the job of Area2OperaterGroup2, which is the destination area.

(15) User sharing setting (cancellation of sharing acceptance)
User sharing setting (cancellation of shared acceptance) is a function used when acceptance is canceled by the manager of the shared area (destination area side). The settable range in the user sharing setting (cancellation of sharing acceptance) is controlled as follows according to the region ID to which the operator belongs.

The control when the operator's belonging area ID is NULL (when the operator is the general administrator) is as described in 1 and 2 below.
1. Acceptance status 'Complete' is allowed to change to 'Incomplete'.
2. When sharing acceptance of a user whose acceptance status is completed is canceled, the user ID of the user and the sharing destination area of the user in the user group information 106c are derived from the user group belonging information 106d of (A) of FIG. The user group ID associated with the belonging region ID that is the same as the ID is deleted. This is because it is necessary to revoke the log-in authority and the job utilization authority for the other area (destination area) when the shared acceptance is cancelled.

If the operator's belonging area ID is other than NULL (if the operator is a full-time manager), for example, if it is 2, as shown in FIG. control the unacceptance of former operators by The specific control method for canceling acceptance is the same as items 1 and 2 when the operator's belonging region ID is other than NULL in (14) above, so the explanation is omitted. As shown in B), when the affiliated area ID associated with Area2Manager1, which is the user ID of the former administrator, is 2, and the shared destination area ID set for Area1Operater1 by the former administrator is also 2, the acceptance determination unit 102f2 are "same" (that is, it is determined that the set operator can be set to cancel shared acceptance). In this way, by providing the acceptance control unit 102f in the job sharing permission apparatus 100 according to the present embodiment, the previous administrator who is the operator has the same shared destination area ID as the previous administrator's belonging area ID. For users only, the acceptance status "Completed" can be changed to "Incomplete" to cancel shared acceptance. Note that the method of deleting the user group ID and the user ID from the user group affiliation information 106d of FIG. Description is omitted.

(16) User sharing settings (transfer)
Transfer is a function used when an administrator of an area sharing a user (original area) transfers ownership and management authority to an administrator of another area (destination area). In other words, for example, when an operator who originally belonged to area 1 moves to an area under the jurisdiction of another administrator due to a change or transfer, the sharing side (original area side) and the shared side It is a function to switch the position with (preceding area side). Note that this function can only be used between areas in which operator sharing is established.

When the operator's affiliation area ID is NULL (when the operator is the general manager), as shown in FIG. An update that replaces the ID and the affiliated area ID in the user information 106b is permitted. As a result, the administrator owned by the operator is replaced and transferred.

If the operator's belonging area ID is other than NULL (if the operator is a full-time manager), for example, if it is 1, the control is as follows 1 and 2.
1. The transfer operation is permitted only for operators who have the same affiliation area ID as the former administrator who is the operator. For example, in the case of (B) of FIG. 43, the transfer operation is permitted only for Area1operator1 having the same belonging area ID=1 as the belonging area ID=1 of the former administrator who is the operator in the user information 106b.
2. The transfer operation can only be performed by the administrator who shares the operator (original area administrator), and the ownership is taken away at the discretion of the shared area (destination area administrator). Operation not allowed.

Above, [4. Specific example of processing], according to the job sharing permission apparatus 100 according to the present embodiment, a job performed by an operator can be performed by communication between a full-time administrator who is an administrator who can access only a specific area. can allow sharing between domains. For this reason, for example, job sharing settings can be made without going through a general administrator who can access all areas. There is an advantage that the setting for doing is not complicated.

[5. Other embodiments]
The present invention may be implemented in various different embodiments other than the embodiments described above within the scope of the technical idea described in the claims.

For example, among the processes described in the embodiments, all or part of the processes described as being automatically performed can be manually performed, or all of the processes described as being manually performed Alternatively, some can be done automatically by known methods.

In addition, unless otherwise specified, the processing procedures, control procedures, specific names, information including parameters such as registration data and search conditions for each process, screen examples, and database configurations shown in this specification and drawings can be changed arbitrarily.

Also, with regard to the job sharing permission apparatus 100, each component shown in the figure is functionally conceptual, and does not necessarily need to be physically configured as shown in the figure.

For example, the processing functions of job-sharing permission apparatus 100, particularly the processing functions performed by control unit 102, are implemented in whole or in part by a CPU and a program interpreted and executed by the CPU. Alternatively, it may be implemented as hardware using wired logic. Note that the program is recorded in a non-temporary computer-readable recording medium containing programmed instructions for causing the information processing apparatus to execute the processing described in this embodiment. It is read mechanically by the device 100 . That is, a storage unit such as a ROM or HDD (Hard Disk Drive) stores a computer program for giving instructions to the CPU in cooperation with the OS to perform various processes. This computer program is executed by being loaded into the RAM and constitutes a control section in cooperation with the CPU.

Also, this computer program may be stored in an application program server connected to the job sharing permission apparatus 100 via any network, and it is possible to download all or part of it as necessary. is.

Also, the program for executing the processing described in this embodiment may be stored in a non-temporary computer-readable recording medium, or may be configured as a program product. Here, the term "recording medium" means memory card, USB (Universal Serial Bus) memory, SD (Secure Digital) card, flexible disk, magneto-optical disk, ROM, EPROM (Erasable Programmable Read Only Memory), EEPROM (registered (trademark) (Electrically Erasable and Programmable Read Only Memory), CD-ROM (Compact Disk Read Only Memory), MO (Magneto-Optical disk), DVD (Digital Versatile Disk), and Disc (registered trademark) such as Blu- shall include any "portable physical medium". Therefore, a recording medium storing a program for executing the processing or processing method described in this specification also constitutes the present invention.

A "program" is a data processing method written in any language or writing method, regardless of the format such as source code or binary code. In addition, the "program" is not necessarily limited to a single configuration, but is distributed as multiple modules or libraries, or cooperates with a separate program represented by the OS to achieve its function. including things. It should be noted that well-known configurations and procedures can be used for the specific configuration and reading procedure for reading the recording medium in each device shown in the embodiments, the installation procedure after reading, and the like.

The various databases and the like stored in the storage unit 106 are storage means such as memory devices such as RAM and ROM, fixed disk devices such as hard disks, flexible disks, and optical disks, and are used for various processes and website provision. programs, tables, databases, and files for web pages.

Further, the job sharing permission apparatus 100 may be configured as an information processing apparatus such as a known personal computer or workstation, or may be configured as the information processing apparatus to which arbitrary peripheral devices are connected. Further, the job sharing permission apparatus 100 may be implemented by installing software (including programs, data, etc.) for realizing the processes described in the present embodiment.

Furthermore, the specific forms of distribution and integration of devices are not limited to those shown in the figures, and all or part of them can be functionally or physically arranged in arbitrary units according to various additions or functional loads. It can be distributed and integrated. In other words, the embodiments described above may be arbitrarily combined and implemented, or the embodiments may be implemented selectively.

INDUSTRIAL APPLICABILITY The present invention is useful in all industries, and is particularly useful in industries that manage accounts and security.

100 job sharing permission device
102 control unit
102a sharing authorization unit
102a1 destination area acquisition unit
102a2 first user group acquisition unit
102a3 storage unit
102b second user group acquisition unit
102c job group acquisition unit
102d job acquisition unit
102e setting control unit
102e1 First administrator area acquisition unit
102e2 operator area acquisition unit
102e3 setting determination unit
102f acceptance control unit
102f1 Second administrator area acquisition unit
102f2 Acceptance decision unit
104 communication interface unit
106 storage unit
106a region information
106b User Information
106c User Group Information
106d User group affiliation information
106e Job information
106f Job group information
106g Job group affiliation information
106h Area login authority information
106i job use authority information
106j User shared information
106k Area business system information
108 input/output interface
112 input device
114 output device 200 server 300 network

Claims (3)

An affiliation management device comprising a control unit and a storage unit,
The storage unit contains
User group information including user group identification information and user group type;
user information including user identification information and area identification information;
User identification information about the former operator who belongs to the original area that is the sharing source area, destination area identification information for identifying the destination area that is the sharing destination, and the former operator's belonging to the destination area User shared information including a segment indicating whether or not acceptance by the administrator has been completed;
is stored and
The control unit
When a full-time administrator who belongs to a specific area and can manage only the specific area wants to make a person belong to a certain group as an operator, the user group information Acquisition means for acquiring a user group type associated with group identification information;
If the user group type acquired by the acquisition means means that the certain group is an administrator group that is a group composed of administrators dedicated to each area, the user identification of the certain person If the area identification information in the user information associated with information satisfies the condition that the area identification information is the same as the area identification information for the area to which the operator belongs, the certain person to the administrator group Allow affiliation as administrator,
If the user group type acquired by the acquiring means means that the certain group is an operator group consisting of operators dedicated to each area, (1) the user for the certain person (2) a condition that the destination area identification information in the user shared information associated with the identification information is the same as the area identification information about the area to which the operator belongs; When both the condition that the classification in the user shared information linked with the identification information is a classification that means that the acceptance has been completed, the area to which the operator belongs to the operator group affiliation permission means for permitting affiliation of said certain person as said operator;
to provide
An affiliation management device characterized by: A affiliation management method executed by an information processing device comprising a control unit and a storage unit,
The storage unit contains
User group information including user group identification information and user group type;
user information including user identification information and area identification information;
User identification information about the former operator who belongs to the original area that is the sharing source area, destination area identification information for identifying the destination area that is the sharing destination, and the former operator's belonging to the destination area User shared information including a segment indicating whether or not acceptance by the administrator has been completed;
is stored and
executed by the control unit;
When a full-time administrator who belongs to a specific area and can manage only the specific area wants to make a person belong to a certain group as an operator, the user group information an acquisition step of acquiring a user group type associated with group identification information;
If the user group type acquired in the acquiring step means that the certain group is an administrator group that is a group composed of administrators dedicated to each area, the user identification of the certain person If the area identification information in the user information associated with information satisfies the condition that the area identification information is the same as the area identification information for the area to which the operator belongs, the certain person to the administrator group Allow affiliation as administrator,
If the user group type obtained in the obtaining step means that the certain group is an operator group consisting of operators dedicated to each area, (1) the user for the certain person (2) a condition that the destination area identification information in the user shared information associated with the identification information is the same as the area identification information about the area to which the operator belongs; When both the condition that the classification in the user shared information linked with the identification information is a classification that means that the acceptance has been completed, the area to which the operator belongs to the operator group an affiliation permission step of permitting the affiliation of the certain person as the operator;
including
An affiliation management method characterized by: An affiliation management program to be executed by an information processing device having a control unit and a storage unit,
The storage unit contains
User group information including user group identification information and user group type;
user information including user identification information and area identification information;
User identification information about the former operator who belongs to the original area that is the sharing source area, destination area identification information for identifying the destination area that is the sharing destination, and the former operator's belonging to the destination area User shared information including a segment indicating whether or not acceptance by the administrator has been completed;
is stored and
for causing the control unit to execute
When a full-time administrator who belongs to a specific area and can manage only the specific area wants to make a person belong to a certain group as an operator, the user group information an acquisition step of acquiring a user group type associated with group identification information;
If the user group type acquired in the acquiring step means that the certain group is an administrator group that is a group composed of administrators dedicated to each area, the user identification of the certain person If the area identification information in the user information associated with information satisfies the condition that the area identification information is the same as the area identification information for the area to which the operator belongs, the certain person to the administrator group Allow affiliation as administrator,
If the user group type obtained in the obtaining step means that the certain group is an operator group consisting of operators dedicated to each area, (1) the user for the certain person (2) a condition that the destination area identification information in the user shared information associated with the identification information is the same as the area identification information about the area to which the operator belongs; When both the condition that the classification in the user shared information linked with the identification information is a classification that means that the acceptance has been completed, the area to which the operator belongs to the operator group an affiliation permission step of permitting the affiliation of the certain person as the operator;
including
An affiliation management program characterized by:

Images