JP2000181776A - Access controller and its program recording medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To limit the simultaneous access of plural items in the association of the items only by describing simple definition information even if complicated logic on an access limit is incorporated in an application itself. SOLUTION: A limit definition specifying plural items and limiting simultaneous access is set in an authority information definition file in a storage device 2. When data access for plural items is requested, CPU 1 compares respective objective items which are access-requested with the plural items specified by limit definition. When the plural items whose simultaneous access is inhibited exist in the objective item which is access-requested, the plural items are decided as the limit items which cannot be accessed and the access is inhibited.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an access control device for restricting item access and a program recording medium therefor.

[0002]

2. Description of the Related Art Conventionally, a database management system (DB)
MS), the access right information to the database is set using a database language or set in the upper application layer itself, but any setting is made for each item according to the user attributes and the like. Was like that. For example, in sensitive files such as payroll files, especially for unauthorized employees,
Although access to general items such as name and gender is freely permitted, security is maintained by restricting access to specific items such as basic salary and qualification allowances.

[0003]

As described above, since the access restriction is performed on an item-by-item basis, it is possible to control whether or not access is possible for each item. For example, specific items such as "basic pay" and "qualification allowance" can be controlled. However, there is a problem in that the system is inflexible because access is uniformly disabled. By the way, "basic salary" and "qualification allowance" restrict the access in relation to "name" which specifies an individual. Restriction will match the business content and the authority of the user, and will not impair confidentiality and will be in line with the actual situation. An object of the present invention is to enable simultaneous access of a plurality of items to be limited in relation to those items only by describing simple definition information without incorporating complicated logic regarding access restriction into the application itself. It is to be.

[0004]

The means of the present invention are as follows. According to the first aspect of the present invention, there is provided a definition information storage unit for storing a restriction definition for specifying a plurality of items and restricting their simultaneous access, and an access request when a data access for a plurality of items is collectively requested. By comparing each target item with the plurality of items specified by the restriction definition, it is determined whether there are a plurality of items for which simultaneous access is restricted among the target items for which access is requested. Determining means; and determining means for determining, when it is determined that the plurality of items specified by the restriction definition exist, at least one of the plurality of items as an access restriction item. Access control means for restricting access to the restriction item determined by the determination means. The present invention may be as follows. (1) The restriction definition lists item specification information for specifying each item for which simultaneous access of a plurality of items is to be restricted, and specifies in what relation the simultaneous access between each item is restricted. It is expressed by the relational expression shown below. (2) In the case where a plurality of the restriction definitions are stored for each type of restricting access, based on the plurality of restriction definitions, the determining means includes, among the target items for which access is requested,
It is determined whether or not there are a plurality of items for which simultaneous access is restricted, and based on a result of the determination, the determination unit determines an access restricted item. (3) The restriction definition is definition information arbitrarily set by an input operation. (4) When the relational expression included in the restriction definition is a logical expression, the determination unit sets the item for which the access request is made to “true” and sets the item without the access request to “false”. Evaluate the logical expression by substituting the relevant item into
If the evaluation result is “true”, it is determined that there are a plurality of items for which simultaneous access is restricted among the target items for which access is requested. (5) The access control unit prohibits the output of the data corresponding to the access restriction item determined by the determination unit.

According to the first aspect of the present invention, when a data access for a plurality of items is requested in a state in which a restriction definition for specifying a plurality of items and restricting their simultaneous access is stored, By comparing each requested target item with the plurality of items specified by the restriction definition, it is determined whether or not there are a plurality of items for which simultaneous access is restricted among the requested target items. Is determined, and if it exists, at least one of the plurality of items is determined as an access restriction item to restrict the access. Therefore, the simultaneous access of a plurality of items can be limited in relation to those items only by describing simple definition information without incorporating complicated logic relating to access restriction into the application itself.

[0006]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS An embodiment of the present invention will be described below with reference to FIGS. FIG. 1 is a block diagram showing the overall configuration of the data processing device. The CPU 1 is a central processing unit that controls the overall operation of the data processing device according to various programs. The storage device 2 includes a storage medium 3 in which a database management system, various application programs, a database, character font data, and the like are stored in advance, and a drive system thereof. The storage medium 3 is fixedly provided or removably mountable, and includes a magnetic / optical storage medium such as a floppy disk, a hard disk, an optical disk, and a RAM card, and a semiconductor memory. Also,
Programs and data in the storage medium 3 may be
The data is loaded into the RAM 4 under the control of the PU 1. Furthermore,
The CPU 1 receives programs and data transmitted from other devices via a communication line or the like and stores them in the storage medium 3 or programs stored in a storage medium provided in other devices. And data can be used via a communication line or the like. Further, an input device 5, a display device 6, and a printing device 7, which are input / output peripheral devices, are connected to the CPU 1 via a bus line, and the CPU 1 controls these operations according to an input / output program. The input device 5 has a pointing device such as a keyboard and a mouse for inputting character string data and the like and for inputting various commands. Here, when character string data is input from the input device 5 at the time of database creation, the character string data is displayed on the text screen of the display device 6 and the determined character string determined by the kana-kanji conversion is stored in the storage device 2. You.

FIG. 2A shows a payroll ledger database 2-1 and an authority information definition file 2-2 stored in the storage device 2, and each record in the payroll ledger database 2-1 is shown in FIG. As shown in parentheses), each employee has the following items: "employee number", "name", "sex", "basic pay", "qualification allowance", and "post allowance". The authority information definition file 2-2 stores, for example, a restriction definition for specifying a plurality of items and restricting their simultaneous access in a record constituting the payroll database 2-1. FIG. Indicates a column. That is, FIG.
(A) shows a description format of the restriction definition, and has a configuration in which a logical expression for restricting simultaneous access of a plurality of items is described for each type of authority indicating what kind of access is restricted. FIG. 3B is a diagram for explaining the contents of the “authority type” and “logical expression”, where the “authority type” is represented by “R-impossible (read-inhibited)”, “W-impossible (write-inhibited)” or the like. It is. "Logic expression" is a logical operator "OR", "AN
D "and the name of the target item for which simultaneous access of a plurality of items is to be restricted define the conditions under which the simultaneous access of a plurality of items is limited in terms of the relationship between the items. When there is a request, if each of the requested items includes an item defined in the logical expression, “true” must be included as the boolean value of that item in the logical expression. For example, by setting "false", the access permission / non-permission is defined by the true / false of the entire logical expression.

For example, FIG. 3C shows a specific description example of the restriction definition. In the figure, in the restriction definition of the authority type "R impossible" and the logical expression "basic salary OR qualification allowance," On the other hand, even when an access request is made, the entire logical expression is "true", indicating a definition content in which any item cannot be R. The figure shows a restriction definition of the authority type “R not allowed” and the logical expression “name AND basic pay”. If only one of the items of the name or basic pay is requested to access, the entire logical expression is “false”. However, if both the name and basic salary items are accessed at the same time, the entire logical expression will be “true”, so the simultaneous reading of those items will be disabled. Indicates the prohibited definition contents. The figure shows an example in which OR and AND are combined as logical operators. That is,
The definition contents restrict simultaneous reading of "employee number and basic salary", "employee number and qualification allowance", "name and basic salary", and "name and qualification allowance". In this case, simultaneous reading of “employee number and name” and “basic salary and qualification allowance” is permitted in addition to individual reading of each item. By inputting such a restriction definition from the input device 5, an arbitrary restriction definition can be set in the authority information definition file 2-2. In this case, a simple description in a table format is sufficient for the setting, so that even a person who does not have specialized knowledge such as a program can make the setting. The number of restriction definitions is not limited to one, and a plurality of restriction definitions can be set for each authority type. The above-described example is based on the authority information definition file 2-2.
Is associated with the payroll database 2-1. However, a restriction definition exists for each database, and the corresponding restriction definition is read from the authority information definition file 2-2 when the database is opened.

FIG. 2B shows various memory areas allocated to the RAM 4. Definition number counter 4-
1 counts the number of restriction definitions set in the authority information definition file 2-2. If a plurality of restriction definitions are set for each authority type, the value of the definition number counter 4-1 is counted. The restriction definitions in the authority information definition file 2-2 are sequentially specified based on the. Also, the definition item number counter 4
-2 counts the number of item names described in one restriction definition (in the logical expression), and further, a target item number counter 4-
3 counts the number of requested target items when data access for a plurality of items is requested. Work memory 4
Reference numeral -4 denotes another work area for temporarily storing an intermediate result of the processing.

Next, item access control in the data processing apparatus will be described with reference to flowcharts shown in FIGS. Here, a program for realizing each function described in these flowcharts is stored in a storage medium 3 in the form of a readable program code, and the CPU 1 sequentially executes operations according to the program code. I do. FIG. 4 is a flowchart showing a pre-process that is started prior to accessing the database. Authority information definition file 2-2
In each database, a restriction definition is read. When an arbitrary database is opened, a restriction definition reading routine is called, the corresponding restriction definition is read from the authority information definition file 2-2, and the predetermined definition is read. The data is formatted according to the structure and expanded on the work memory 4-4 (step A1). FIG. 5 is a flowchart detailing the operation of the limit definition reading routine.

First, after the data structure of the restriction definition is initialized (formatted), the authority information definition file 2-2
, All the restriction definitions are read, and are developed according to the data structure (steps B1 to B3). FIG. 10B shows a data structure in this case. On the format, “definition limit type”, “logical formula”, “number of definition items”, “definition item name” are used for each definition with “number of definitions” as a header. Each development area is assigned. The CPU 1 reads all the restriction definitions from the authority information definition file 2-2 to determine the “number of definitions”, and also sets “authority type”,
The "logical expression" is extracted and stored in the corresponding development area according to the format. Then, the CPU 1 substitutes the initial value “1” into the definition number counter 4-1 (step B4),
It is checked whether the value has exceeded the “number of definitions” (step B
5) Now, since the value of the definition counter 4-1 is "1", all the item names are extracted from the area "logical expression" in the format indicated by the value, and are extracted as "definition item names".
And the number of defined items is determined and set to "number of defined items" (step B6), and the value of the defined number counter 4-1 is updated (step B7). Are repeated until steps B6 and B7 are exceeded. 11 and 12 are operation conceptual diagrams specifically showing the overall operation, and FIGS. 11 and 12 show different specific examples, respectively. In the figures, (a) to (d) show the flow of operation, and the data is sequentially processed as shown in the figure according to the order. Here, the restriction definition in the authority information definition file 2-2 corresponding to the payroll database 2-1 is shown in FIG.
(B) and FIG. 12 (B), the contents are formatted according to a predetermined data structure and developed on a memory (see FIGS. 11 and 12). In this case, in the example of FIGS. 11 and 12, 2 is stored in the authority information definition file 2-2.
Since the types of restriction definitions are set, expansion is performed for the number of definitions.

Here, there is an access request from the user,
In response to the request, the application AP (see FIGS. 11 and 12) calls a record reading routine or a record rewriting routine. Prior to this, the application AP deletes all of the access-requested target items. Set as a list (see FIGS. 11 and 12). That is, in step A2 of FIG. 4, a process of formatting a list of access target items according to a predetermined data structure and developing the list on the work memory 4-4 is performed. FIG. 10A shows the data structure of this item list, and its format is composed of "number of target items", "target item name", and "target authority type". Is set in the area "target item name" in the extracted format, and the number of items is obtained and set as "number of target items". FIG.
FIG. 12C shows a specific example of an item list set as an access target item among records in the payroll database 2-1. This item list is formatted into a data structure shown in FIG. Is done.

When the item list is formatted in this way, an authority judgment processing routine is called. In this authority determination process, the target item is acquired from the list of items to be accessed passed from the application AP, authority determination is performed with reference to the restriction definition, and the determination result is passed to the application AP as access authority information. In addition,
The “target authority type” secured by formatting the access target item list as shown in FIG. 10A is an area in which the determination result of the access authority determined for each access target item is stored. In addition to the “number of target items”, information associating the “target right type” with the “target item name” is used as the access right information by the application AP.
Handed over to the side. In other words, when the list of items to be accessed is formatted, the “target authority type” is secured for each “target item name”, so that the corresponding relationship becomes access authority information as it is.

FIG. 6 is a flowchart showing the authority judging process. First, an initialization process of setting “RW permitted” as “target authority type” corresponding to all “target item names” assigned on the format of the target item list is performed, and all rights are assigned to each item. Is permitted (step C1). In FIGS. 11 and 12, “* 1” indicates a state in which the authority type in the access target list is initialized.
In each item, “RW permitted” is set as the target authority type. Here, the authority determination processing routine is a group for each definition that analyzes the restriction definition for each definition. In order to loop through all the definitions from the first definition, first, the definition number counter 4-1 is initialized. The value "1" is substituted (step C2). Then, it is checked whether the value is equal to or less than the "number of definitions" (step C3). Since the number of definitions is "2" in the example shown in FIG. The “logical expression” of the restriction definition indicated by the value is extracted, and the “logical item name” is evaluated as “true” and the logical expression is evaluated. In this case, the logical expression is "(employee number or
Name) and (qualification allowance) ", and does not include" qualification allowance "as an access target item, and the evaluation result of the whole logical expression is" false ". Proceed to C7 and define number counter 4-1
Is updated by adding "1" to the value of. As a result, the value of the definition number counter 4-1 becomes "2", but does not exceed the "definition number" (step C3). Therefore, the second restriction definition indicated by the value of the definition number counter 4-1. "Logical formula" is extracted from the list and its evaluation is performed (step C
4). The logical expression in this case is “(name) and (post allowance)”. When the logical expression is evaluated with “target item name” set to “true”, the evaluation result is “true”, and the target item list is Then, a process of setting an access restriction is performed (step C6).

FIG. 7 is a flowchart showing the restriction setting process in this case. First, an initial value "1" is substituted into a target item number counter 4-3 for counting the number of items to be accessed (step D1), and it is checked whether the value is equal to or less than "the number of target items" in the item list (step D2). ). Since the "number of target items" is "4", the process proceeds to step D3. This time, the initial value "1" is substituted into the definition item number counter 4-2 for counting the number of items of the restriction definition, and the definition number counter 4 It is checked whether it is equal to or less than the "number of defined items" of the restriction definition indicated by -1 (step D4). In this case, the value of the definition number counter 4-1 is "2" and the corresponding "number of definition items"
Is "2", the process proceeds to step D5, where the "definition item name" indicated by the definition item number counter 4-2 and the "object item name" specified by the object item number counter 4-3 are compared. , And check whether they are the same item name. In this case, the values of the definition item number counter 4-2 and the target item number counter 4-3 are both "1", the definition item name is "name", and the target item name is "employee number". Therefore, while the value of the target item number counter 4-3 is fixed, "1" is added to the value of the definition item number counter 4-2 to update the value (step D7). Then, the process returns to step D4. In this case, since the number does not exceed the "number of defined items", the process proceeds to step D5. Hereinafter, the definition item names are sequentially designated while the value of the target item number counter 4-3 is fixed, that is, the value of the definition item number counter 4-2 is updated without changing the target item name of interest. Compare item names. In this case, since the target item name of interest is not included in the definition item names, the value of the definition item number counter 4-2 is changed to “the number of definition items” when all the definition item names have been specified. Therefore, "1" is added to the value of the target item number counter 4-3 to update the value (step D8). If the value is equal to or smaller than "the number of target items" (step D2), the definition is made. Item number counter 4-
2 is initialized (step D3). As a result, the target item name is moved to the next item, and the definition item name is returned to the head. In this case, since both the "definition item name" and the "target item name" match as "name", the contents of the "definition authority type" as the "target authority type" corresponding to the item in the item list are not changed. Copied (step D
6). Hereinafter, the above operation is repeated until all the target item names have been focused. As a result, the correspondence (access authority information) between the “target item name” and the “target authority type” is as shown in FIG. 11D, and among the access target items, “employee number” and “sex” Is still the initialized authority type "RW allowed", but "Name"
As for the “post allowance”, since the definition restriction type is copied, both are “R impossible”.

On the other hand, in the specific example shown in FIG.
The second restriction definition is extracted, and the logical expression is evaluated with “target item name” set to “true” (step C4 in FIG. 6). Since the entire evaluation result is “true”, the authority set process is executed. (Steps C5 and C6). In this case, since all the definition item names match the target item names (step D5 in FIG. 7), the “definition authority type” corresponding to the “target authority type” of the matching item is copied (step D6). For this reason, when the authority set processing is performed based on the first restriction definition, the authority information after the setting is as shown in FIG.
As shown in “* 2” in “2”, “employee number”, “name”, and “qualification allowance” are each “R impossible”. Next, when the second restriction definition is extracted and its logical expression is evaluated, the evaluation result becomes “true” in this case as well, so that the authority set processing is performed. Also in this case, since all the definition item names match the target item names, the “definition authority type” is copied to the “target authority type”. Accordingly, the authority information is as shown in FIG. 12 (D), and the authority type of “post allowance” including “name” already “R impossible” is also “R impossible”.

Such authority information is stored in the application A
When passed to P, the application AP acquires this authority information. Then, the type of access requested is determined, and if the access is a read access, a record reading routine is called. As a result, the access target item is "R
A record reading process for sequentially outputting the item data while confirming that it is not “impossible” is performed (see FIGS. 11 and 12). In the case of a write access, a record rewriting routine is called. A rewriting process of rewriting item data while confirming that the item is not “W impossible” is performed.
Is a flowchart showing a record reading process. First, a head record is read from the payroll database 2-1 (step E1), and an initial value "1" is substituted into a target item number counter 4-3 (step E1). E
2). Then, the "target authority type" of the item indicated by the value of the target item number counter 4-3 is extracted from the authority information, and if it is "R impossible" (step E3), the corresponding item in the read record is extracted. "****" is inserted into the item, and the data is masked (step E4). Next, an increment process of adding "1" to the value of the target item number counter 4-3 is performed (step E5). If the value is equal to or smaller than the "number of target items" in the restriction information (step E6), the target The process returns to step E3 until the processing for the number of items is completed, and the above operation is repeated for each target item. As a result, when the processing for the number of target items is completed, the access target items are extracted from the read record and displayed and output (step E).
7). Then, it is checked whether the next record is also specified as an output target (step E8).
Returning to step E1, the next record is read from the payroll database 2-1 and the same processing is performed. As a result, the display screens shown in FIGS. 11 and 12 are as shown in (E), and the restricted items of which the simultaneous access is prohibited among the access target items are displayed as asterisks, and the data contents thereof are masked. .

FIG. 9 is a flowchart showing a record rewriting process. First, the payroll database 2-1
In the state in which the first record in is focused on as a rewriting target, the initial value “1” is substituted into the target item number counter 4-3 (step F1), and is indicated by the value of the target item number counter 4-3 from the authority information. The “target authority type” of the item to be extracted is extracted, and if “W permission” is included (step F2),
Under this condition, rewriting of data for the corresponding item in the record of interest is permitted (step F3), but rewriting of item data is prohibited unless "W Allowed" is included. Then, an increment process of adding "1" to the value of the target item number counter 4-3 is performed (step F4),
If the value is equal to or less than the “number of target items” (step E
5) Return to step F2 until the processing for the number of target items is completed, and repeat the above operation. Then, when the processing for the target item is completed, if the next record is also designated as a rewrite target (step E6), the target item number counter 4-3
Is returned to the initial value (step E1), and the same processing is performed focusing on the next record.

After acquiring the access right information, the application AP can perform R / W access control while referring to the same access right information if the target items requested to be accessed have the same contents. Further, when the access target item changes, new access authority information may be obtained by calling the authority determination processing routine.

As described above, in this embodiment, 1
A restriction definition that arbitrarily specifies a plurality of items in a record and restricts their simultaneous access is a privilege information definition file 2
When data access for a plurality of items is requested in the state set to -2, the access request is made by comparing each target item for which access is requested with the plurality of items specified by the restriction definition. In the target item,
If there are multiple items for which simultaneous access is restricted, it is determined as a restriction item and access to any of the restriction items is prohibited. Therefore, complicated logic for access restriction is not built into the application itself. However, the simultaneous access of a plurality of items can be limited in relation to those items only by writing simple definition information. In addition, since a plurality of restriction definitions can be set for each type of authority indicating what kind of access is to be restricted, a simple description is sufficient even for complicated access restrictions. It will be easy. Further, the restriction definition is represented by an item name for specifying each item for which simultaneous access of a plurality of items is prohibited, and a logical expression indicating in what relation the simultaneous access of each item is prohibited. Therefore, the setting becomes easier, and "AND" as a logical operator,
Various definitions can be made by appropriately combining "OR". Here, a plurality of items are "AND" as a logical expression.
In this case, simultaneous access is prohibited only when the AND condition is satisfied. If the AND condition is not satisfied, any item can be accessed.

In the above-described embodiment, "OR" and "AND" have been described as examples of logical operators.
T "may be used. In this case, the item names connected by the logical operator may be the item names excluding the restriction target. In addition, the restriction target is specified by the item name, but the item position is specified. The restriction definition is not limited to a logical expression, and may be a definition expression using a comparison operator. In this case, the item data value to be restricted such as A> B A and B may be compared and simultaneous access of a plurality of items may be prohibited when the comparison condition is satisfied, and the restriction definition is set for each user, each user level, and each group to which the user belongs. Furthermore, in the above-described embodiment, the items that exist in one record as a plurality of items that limit simultaneous access are defined, but the relationship between items between different records, files, and databases is defined. So It may be. In this case, "the file name, the item name", may be defined by the expression format such as "database name, item name". Also, the type of authority is not limited to “R” and “W”, and “Select”, “In” and “In” generally used by the database management system are used.
sert (addition), Update (correction), or the like may be used.

[0022]

According to the present invention, simultaneous access of a plurality of items can be simultaneously performed by describing simple definition information without incorporating complicated logic relating to access restriction into the application itself. , Security can be maintained in accordance with the actual situation, and versatility is enhanced.

[Brief description of the drawings]

FIG. 1 is a block diagram showing an overall configuration of a data processing device.

2A shows a payroll database 2-1 and an authority information definition file 2-2 stored in a storage device 2, and FIG. 2B shows a memory area allocated to a RAM 4. FIG. Figure.

FIGS. 3A to 3C are authority information definition files 2-2.
The figure for demonstrating the restriction definition set to.

FIG. 4 is a flowchart showing pre-processing executed prior to accessing a database.

FIG. 5 is a step A1 (restriction definition reading processing) in FIG. 4;
5 is a flowchart detailing FIG.

FIG. 6 is a flowchart detailing step A3 (authority determination processing) in FIG. 4;

FIG. 7 is a flowchart detailing step C6 (authority setting processing) in FIG. 6;

FIG. 8 is a flowchart showing a record reading process.

FIG. 9 is a flowchart showing a record rewriting process.

10A is a diagram illustrating a data structure when a list of access target items is formatted, and FIG. 10B is a diagram illustrating a data structure when a restriction definition is formatted.

FIG. 11 is an operation conceptual diagram specifically showing the entire operation.

FIG. 12 is an operation conceptual diagram similar to FIG. 11, showing another specific example.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 1 CPU 2 Storage device 2-1 Payroll database 2-2 Authority information definition file 3 Storage medium 4 RAM 4-1 Definition number counter 4-2 Definition item number counter 4-3 Target item number counter 5 Input device 6 Display device

Claims (7)

[Claims] 1. A definition information storage means for storing a restriction definition for specifying a plurality of items and restricting their simultaneous access, and when a data access for a plurality of items is collectively requested, each object requested to be accessed. Determining means for comparing the item with the plurality of items specified by the restriction definition to determine whether or not there is a plurality of items for which simultaneous access is restricted among the target items requested to be accessed; A determination unit that determines, when it is determined that the plurality of items specified by the restriction definition exist, determines at least one of the plurality of items as an access restriction item; An access control device, comprising: access control means for restricting access to the determined restriction item. 2. The restriction definition includes a list of item designation information for specifying each item for which simultaneous access of a plurality of items is to be restricted, and how the simultaneous access of each item is restricted. 2. The access control device according to claim 1, wherein the access control device is represented by a relational expression: 3. When a plurality of the restriction definitions are stored for each type of restricting access, based on the plurality of restriction definitions, the judging means restricts simultaneous access to target items for which access is requested. 2. The access control device according to claim 1, wherein it is determined whether or not a plurality of items are present, and based on a result of the determination, the determination unit determines an access restriction item. 4. The restriction definition is definition information arbitrarily set by an input operation.
The access control device according to any one of claims. 5. When the relational expression included in the restriction definition is a logical expression, the determination means sets an item for which an access request is made as “true” and an item for which no access request is made as “false”. The logical expression is evaluated by substituting the relevant item into the expression, and if the evaluation result is "true", there are multiple items for which simultaneous access is restricted among the target items for which access was requested. 3. The access control device according to claim 2, wherein the determination is made. 6. An access control apparatus according to claim 1, wherein said access control means prohibits output of the data corresponding to the access restriction item determined by said determination means. 7. A recording medium having a program code read by a computer, wherein when a data access for a plurality of items is requested collectively, a restriction definition for restricting simultaneous access to a plurality of predetermined items is defined. A function of referring to and determining whether there are a plurality of items for which simultaneous access is restricted by the restriction definition among target items for which access is requested, and a plurality of items specified by the restriction definition. The function of determining at least one of the plurality of items as an access restriction item and the function of restricting the access to the determined restriction item. A recording medium having a program code.