JP2002109172A - Recording medium recorded with representative authority grant decision program, and method and device for deciding representative authority grant - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a means for enabling a member other than a manager to temporarily have manger authority without increasing the number of mangers and without lowering security in regard to a recording medium on which a representative authority grant decision program for deciding to give the authority to a representative person is recorded and representative authority grant deciding method and device. SOLUTION: This device is provided with a qualified member ID storing means 1 for storing the ID of a member having a business processing qualification, a representative authority grant approving means 2 with which the member whose ID is stored in the means 1 approves representative authority grant to a specific qualified member, an approved member ID storing means 3 for storing the ID of the member who approves the representative authority grant to the specific member with the means 2, and a representative authority grant deciding means 4 for deciding the representative authority grant to the specific member on the basis of the number of members whose ID is stored in the means 3 and a preliminarily set value.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a business processing management system for managing business processing so that only personnel having both qualifications and authority can perform business processing. TECHNICAL FIELD The present invention relates to a recording medium storing a substitute authority grant determination program for determining that a substitute authority is given, and a substitute authority grant determination method and apparatus.

[0002]

BACKGROUND OF THE INVENTION For example, computer systems used by large numbers of people are usually managed by one or at most two special users, or administrators. When installing software or adding new users to a computer system, these tasks are performed using the special privileges of this administrator.

[0003] The special authority is a special authority inherent to the administrator, but usually, the administrator rarely concentrates solely on the management of the system. Because of the work, they may be absent on a business trip or a meeting. In such a case, these management tasks cannot be performed even temporarily.

[0004] However, even when the manager is absent,
When multiple administrators are set up, other administrators can act on their behalf, but there are cases where all the few administrators can be absent, so in any case, the agency that does not hinder the operation of the computer system Means are needed.

[0005] For example, an agent acting in place of the authority of the administrator is determined in advance, and a method of allowing the system to recognize the agent in the absence of the administrator so that the authority can be acted on, or a method of interchanging the authority between the administrator and the agent. It is conceivable to solve the situation by transmitting a task that requires an authority and an operation that can be performed by a trust relationship.

[0006] In another case where authority is required, when the approval of a specific authorized person is required, such as circulation of an electronic document or electronic sealing of a decision document, the processing can be speeded up similarly, Authority is required to prevent stagnation,
Various out-of-office alternatives have been proposed.

For example, in Japanese Unexamined Patent Publication (Kokai) No. 62-25373, "automatic circulation route designation method for slips", the presence / absence information of the approver and the information of the alternative approver at the absence are input in advance. A method of automatically determining a circulation route that minimizes the approval processing waiting time due to the absence of an approver at the time of input is disclosed.

[0008] Although the agency of the processing such as the work and operation when the administrator having the special authority as described above is absent is similar to the agency of the approval process of the document content, the agency of the document content to be circulated is approved. Is a process in which multiple stakeholders check the contents of the document from their own standpoints, it is a substitute for some of the authority in the judgment work of multiple stakeholders, and there are few real-time elements of the process Different problems arise in that respect.

That is, in practical operations such as operation management including computer system and network system hardware and software, various service providing applications operated on computers and networks, and user management, the power of the operation system is turned on / off, and files are set. ,
Various in a system that operates continuously, such as user terminal settings and application program maintenance,
It is necessary to execute an accurate process when a specific process is required in a real-time process.

[0010] For this reason, the operations for performing these processes can be performed only by personnel technically familiar with the specific operations, that is, those who are qualified to perform the processing operations. The execution must be performed accurately and steadily, and the responsibility for executing the processing is usually given to the administrator who is capable of making comprehensive judgments among the above-mentioned qualified persons. It is proceeded under.

[0011]

Therefore, it is not possible to cope with the above-mentioned proposal by a predetermined small number of delegates acting in the same manner as in the decision of the authority delegation in document approval.

In the above-described method of acting as an administrator of the computer system, the authority is given by giving a password for executing the authority based on personal trust or by setting a plurality of authority holders. There are many passwords that can be issued or many people know the password, and there are many opportunities for unauthorized use of the password to execute the authority. A solution was sought.

In view of such a point, the present invention provides a method for temporarily assigning the authority of an administrator to a person other than the administrator without increasing the number of administrators and without lowering the security. It is intended to provide a means of enabling.

[0014]

The above object is attained by a recording medium storing a substitute authority grant determination program and a substitute authority grant determination method and apparatus constructed as follows.

FIG. 1 is a block diagram of the present invention. The present invention provides a means for determining the assignment of a substitute authority in a business processing management system that manages business processing so that only personnel having both qualifications and authority can perform business processing. I of qualified personnel
D is a qualified personnel ID storage means for storing D; 2 is a proxy authority granting and approving means by which the personnel whose ID has been stored in the qualified personnel ID storage means 1 approves a proxy authority for a specific qualified staff; Approval personnel ID storage means for storing the ID of the personnel who has authorized the specific authority to act on behalf of the specific personnel by the grant / approval means 2;
Is a proxy authority granting deciding means for deciding the granting of the proxy authority to the specific personnel based on the number of personnel stored and the preset value.

[0016] That is, with respect to the authorization of a specific one of the personnel stored as qualified personnel to execute the processing on behalf of the qualified personnel, the approval is obtained from the other qualified personnel and the approval is obtained. A means is provided for evaluating the number of qualified personnel on the basis of a preset value and determining the assignment of the proxy authority.

[0017]

DESCRIPTION OF THE PREFERRED EMBODIMENTS In the present embodiment, an embodiment realized by a computer program executed on a computer used for general purposes such as a personal computer and a workstation will be described.

According to the present invention, there is provided a recording medium storing a substitute authority grant determination program and a substitute authority grant determination method and apparatus, which are executed on a computer including a processing device, a main storage device, an auxiliary storage device, and an input / output device. It is realized by executing a program. The computer program is stored on a floppy (registered trademark) disk or CD-ROM.
And the like, or stored in a main storage device or an auxiliary storage device of another computer connected to a network.
The recording medium of the present invention corresponds to the portable medium, the main storage device, and the auxiliary storage device.

The provided computer program is loaded directly from the portable medium to the main storage device of the computer, or once copied or installed from the portable medium to the auxiliary storage device, and then loaded and executed in the main storage device. Also, when provided by being stored in another device connected to a network, it is also copied to an auxiliary storage device, loaded into a main storage device, and executed after receiving from another device via a network.

FIG. 2 shows a configuration diagram of an embodiment of the present invention. The figure shows the assignment of the management authority of an administrator who manages the hardware and software of a computer system operated using a large number of devices and terminals including the computer 20 or a connected computer (not shown) to an agent. Here's how it works.

In other words, the management of a large-scale computer system includes the operation of hardware such as power-off of the system and the change of the equipment configuration, addition and updating of system software and application software, and registration change of the usage conditions of the user in operation. , Etc., and various operations need to be performed and must be dealt with in a timely manner.

These operations are likely to greatly affect the entire system, and can only be handled by those who are familiar with the computer system conditions and operation processing techniques. Although there are a plurality of management personnel and each of them has a high technical level, the operation processing that requires comprehensive judgment is limited to those who can execute the operation processing, that is, those having a specific management authority, that is, administrators.

However, since an administrator having a specific authority is not always present at all times, there is a case where the above-mentioned necessary operation management processing cannot be performed in a timely manner, and someone substitutes for the administrator. May be required.

When performing these specific operation processes, it is necessary to present a registered administrator password so that the computer can recognize that the administrator has both qualification and authority.

In this embodiment, even when a plurality of personnel who are in charge of the management work are absent, when a predetermined number of technically qualified personnel are approved, it is possible. In this way, the computer recognizes the passwords of the personnel who have obtained the approval of the specified number of other personnel as described above so that they can temporarily have the authority to perform processing operations on behalf of the administrator. The mechanism to make it work is shown.

As a result, the agency processing work is performed with the clear responsibility with the approval and cooperation of another qualified person.

In FIG. 2, reference numeral 21 denotes a terminal of a staff member who applies for obtaining agency authority. Similarly, reference numeral 22 denotes a terminal of a person who approves to give the authority of acting to the person who made the application.

Reference numeral 27 denotes a device for storing the attribute information of a qualified person for confirming that the person is a qualified person. This is a device that stores the ID of the authorized personnel. Reference numeral 29 denotes a storage device that previously stores a proxy determination reference value for evaluating the number of approvers who have approved the proxy of the applicant.

Reference numerals 23 to 26 denote programs stored in the computer 20 and causing the computer 20 to realize the functions of the embodiment of the present invention.

Reference numeral 23 denotes a request that is received when the applicant requests to approve the grant of the delegation authority of the administrator.
24 is the ID of the approver when the approver requests approval and is approved
Is stored as approver information 28.

Reference numeral 25 denotes a program for comparing the number of approvers with the value stored as the proxy determination reference value 29 to determine the approval of the proxy. Reference numeral 26 designates a setting in which the agency authority is given to the applicant when the approval is determined, and the applicant is temporarily given the processing authority of the administrator.

FIG. 3 shows the structure of qualified person attribute information, which takes the form of comparing the ID of a qualified person who performs various operations for operating the center with the password for confirming the use qualification when using a computer. A qualified person registered in advance here is a proxy candidate having a technology capable of substituting the authority of the administrator. In addition, the owner of the ID registered here can be a member who approves the candidate who has applied for acting on behalf of the administrator.

FIG. 4 shows the structure of the approver information. When a qualified person who is requested to approve the application is issued as a substitute for the authority of the manager and responds to the request, the approval is displayed. Is stored and the number of the qualified person who has indicated the intention is stored.

FIG. 5 is a flowchart of the proxy approval application, and FIG. 6 is a flowchart of the approver information storage and the proxy approval determination.

Next, the operation will be described step by step with reference to FIGS. 5 and 6 with reference to FIGS.

In FIG. 5, when it is first necessary to perform the operation processing of the computer system on behalf of the administrator due to the absence of the administrator, one of the qualified persons having the operation skill is required to perform the operation. Apply for approval.

Specifically, for example, by inputting a command for a proxy approval application, a proxy approval application process is started.
In step S51, first, the ID and password used when the applicant logged in are stored.

In step S52, the stored I
D. The password is checked against a list of information on the combination of a qualified person ID and a password stored as qualified person attribute information to confirm that the user is a qualified person. NG, that is, if the applicant is not a registered qualified person, step S
An error is made at 54.

In the case of OK, in step S53, a message requesting proxy approval is transmitted to all the qualified persons except for the applicant for proxy approval registered in the qualified person attribute information of FIG.

As shown in FIG. 6, each qualified person received as an urgent message recognizes the necessity of the proxy application and returns a response approving the operation processing proxy of the applicant. In step S61, the I that was input when the response command was input
D, temporarily store the password.

In step S62, these are compared with the qualified person attribute information 27, and if NG, step S67.
Issue an error message to invalidate it. If OK, the process proceeds to step S63, where the number of approvers in the approver information is counted, and the write pointer for storing the ID of the approver information is advanced.

The I of the approver temporarily stored in step S64
D is stored at the position of the write pointer of the approver information as shown in FIG. In this way, the ID of the qualified person who has responded to the approval is stored, and the number is counted.

Next, as an operation of the proxy approval determination, in step S65, the counted number of approvers who have made the approval response is compared with a preset proxy determination reference value. When the count of the number of approvers is less than the proxy determination reference value, the process waits for an approval response of another qualified person. When the value becomes equal to or more than the proxy determination reference value, proxy authority is given to the proxy approval applicant in step S66. That is, the proxy approval applicant can freely use various special processing commands related to the operation of the computer center until the series of proxy operation processing ends.

As described above, even when the manager is absent, a mechanism that allows the manager to act on behalf of the qualified person operates when approval is obtained for a number of qualified persons or more.

In the above embodiment, when an application is made by a proxy approval applicant, approval is requested in parallel with other qualified persons. It may be.

Although the proxy determination reference value is the minimum required number of approvers, the proxy authority may be granted even when the number of registered users is small, using the ratio of registered users as the reference value. .

[0047]

As is apparent from the above description, according to the present invention, if a plurality of personnel constituting the manager group are approved, the manager can be the manager. You do not need to share. By reducing the number of personnel who know the password of the administrator, the risk of security destruction due to the leakage of the password is reduced. In addition, even if the members constituting the administrator group are not complete administrators, the authority can be temporarily transferred if the group is approved. Because there is no need to set up multiple full administrators, security is improved accordingly. As described above, according to the present invention, the authority of the administrator required for the operation of the computer system can be substituted, so that the operation can be performed safely and smoothly, and the economic effect of improving the efficiency and the security is achieved. .

[Brief description of the drawings]

FIG. 1 is a block diagram of the present invention.

FIG. 2 is a configuration diagram of an embodiment of the present invention.

FIG. 3 Structure of qualified person attribute information

FIG. 4 Configuration of approver information

FIG. 5 is a flowchart of a proxy approval application.

FIG. 6 is a flowchart of approver information storage and proxy approval determination.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 1 Qualified personnel ID storage means 2 Proxy authority grant approval means 3 Approved personnel ID storage means 4 Proxy authority grant determination means

Claims (3)

[Claims] Claims: 1. A recording medium storing a program for deciding to grant a substitute authority in a business processing management system for managing business processing so that only personnel having both qualifications and authority can perform business processing. Qualified personnel ID storage means for storing IDs of personnel having processing qualifications, proxy authority granting and approving means for allowing the personnel whose ID is stored in the qualified personnel ID storage means to approve the grant of proxy authority to specific qualified personnel, Approval personnel ID storage means for storing the ID of the personnel who has authorized the delegation authorization to the specific personnel by the authorization granting means, and the number of personnel whose IDs are stored in the authorization personnel ID storage means and a preset value. Proxy authority grant determination means for functioning as a proxy authority grant determination means for determining grant of proxy authority to the specific personnel based on the specific employee A computer-readable recording medium beam. 2. A method for deciding to grant a substitute authority in a business processing management system for managing business processing so that only personnel having both qualifications and authority can perform business processing, comprising: Asks other qualified personnel to approve the delegation authorization, stores the ID of the approved qualified personnel, and specifies the above based on the number of qualified personnel who have been approved and stored the ID and a preset value A method of determining the granting of the proxy authority to the personnel of the third party. 3. A service authority management system for managing business processes so that only personnel having both qualifications and authority can perform business processes, a proxy authority grant determination device for granting the authority to perform business processes on behalf of the system. A qualified personnel ID storage means for storing IDs of personnel having business processing qualifications, and a proxy authority grant approval for allowing the personnel whose IDs are stored in the qualified personnel ID storage means to grant proxy authority to specific qualified personnel. Means, an authorized personnel ID storage means for storing the ID of the personnel who has authorized the proxy authorization to the specific personnel by the proxy authority granting means, and the number of personnel whose IDs are stored in the authorized personnel ID storage means and preset. And a proxy authority determination unit for determining the grant of the proxy authority to the specific personnel based on the obtained value. .