JP2002334062A - Program and file management system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To easily provide batch log-in service for a subcontractor through an ASP provider when data from a plurality of related companies are processed. SOLUTION: The program and the file management system as a computer system which controls the license control method of the application service provider used on the Internet have a means for performing authentication by a DB of company ID's, user ID's, and passwords and a means for performing authentication by a DB of the company ID's, user ID's, and department ID's and display information which can be accessed with the department ID's on a display screen of 1st order.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to batch login of user authentication at a plurality of sites on the Internet.
In particular, it relates to a technology for smoothly managing information of an external organization.

[0002]

2. Description of the Related Art To digitize business processes on the Internet, it is necessary to develop a plurality of application software corresponding to each business process in order to digitize many business processes. Normally, multiple application softwares to be developed require an authentication mechanism for security measures such as maintenance of ID / password and access control, and it takes time and cost to develop user authentication for each application software. ing. In addition, from the viewpoint of the end user, this means that a plurality of IDs and passwords must be used properly, which is inconvenient. Therefore, a system has been proposed for use in a batch login system that integrates an authentication mechanism while ensuring high security.

[0003] For example, in the United States, Entrust Technology, Inc. implements security-related Internet authentication and authority management from Web-based security management software, from integrated login to integrate access control to individual access control with software. There is a product called “getAccess”. By using this product, you can integrate key systems such as “salary statement reference”, “sales information management”, “electronic approval”, “management meeting” etc. within one company, It is possible to build a collective login site according to detailed access control settings on a unit basis. In an implementation example, as shown in FIG. 1, there is a technique for displaying information on the web on a user's browser based on each individual's access authority. FIG.
Indicates that the resources that can be accessed are restricted depending on the position and the like.

[0004]

In recent years, there have been many application service providers (ASPs) that provide application software on the Web and collect license fees only when using the software. Here, in the case of a service provided by one company, it is possible to realize a collective log-in even though the implementation is difficult, by using the above-mentioned system. However, these IDs are set at the first place for one organization, and there is a problem that it is not possible to set them in detail when the organizations are duplicated.

For example, taking the construction industry as an example, a large number of subcontractors usually undertake various operations under a general contractor to form a pyramid structure. In addition, this pyramid structure is not always the same, and from the subcontractor side, there is a relationship in which work is contracted out from the main contractor (general contractor) of many companies. In the construction industry, joint ventures (JVs) are often formed, and this is an obstacle to coordinating data with multiple operators regarding the use of applications and file management. There was a problem that it would.

That is, even if the primary contractor provides a computer program or a file management program to the subcontractor in the collective log-in service, from the subcontractor side, each ASP service is used individually, and the subcontractor views it. Sometimes it wasn't a batch login service.

The subcontractors whose financial bases are weak are individually
There is a problem in that the entire P service cannot be purchased, and there is no system for controlling information sharing from the primary contractor to the subcontractor for the virtual business employee.

In other words, in a system related to information sharing by computer, as shown in FIG. 2, in the construction industry, one user I
There is a problem that it is necessary to make it possible to belong to a plurality of companies in D, and to make it possible for companies to treat them as if they belong only to the company. Naturally, in order to protect personal information, companies must strengthen security so that users cannot know which company they belong to, and also reduce the burden on users by batch login. There was a problem that did not become.

[0009]

In view of the above points, the inventor of the present invention has solved the problems by the following means. The present invention relates to a computer system that controls a license control method in an application service provider used on the Internet. The computer system includes means for authenticating by a DB of a company ID, a user ID, and a password, and a method of authenticating the company ID, the user ID, and the department ID. Department ID by means of authentication by DB
And a file management system for controlling a file or a program designated by the user to be accessible as a user. That is,
If the user has a related department ID, the department I
D has access permission.

Further, the system includes a department ID, a company I,
D, a program and a file management system characterized in that a connection destination of the company and a virtual connection destination are specified by means of authentication using a parent department ID, and for example, a connection destination that performs actual work and a connection destination A DB that represents the relationship with the original company is set, and management when viewing from the user is facilitated.

[0011] In addition, the system has a relation source A and a relation destination B, and the relation source A sets a first department ID to the relation destination B; Means for registering a display state; and
By referring to the DB, it is determined whether the relation source A can display information below the hierarchy of the relation destination B,
A program and a file management system for displaying necessary information. This is, for example, when there is a relationship between a primary contractor (related source A) and a subcontractor (related partner B) of a construction company, whether the primary contractor restricts the access of files and programs to the subcontractor only to users of the hierarchy, It represents a means for determining whether display can be performed up to the hierarchy below the user.

Further, the above-mentioned system is used for different companies I
The subject having D creates a virtual relationship destination,
What is claimed is: 1. A program and file management system including means for virtually setting a relation source and a relation destination, wherein a hierarchical relation is defined for each project by virtually setting a first-ranked company ID. Is what makes it possible.

The system has means for authenticating with a company ID, a user ID, and a password DB and means for authenticating with a company ID, a user ID, and a department ID DB. , A program and a file management system characterized by being displayed on the top display screen. This allows the user to display files and licenses that the user can access first.

[0014]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS First, the outline of the present system will be described with reference to the drawings, and the detailed operation will be described later. FIG. 3 shows two organizations. One is general contractor A
And one is subcontractor B electrical work. The organization of the general contractor A is in the form of headquarters-branch office-sales office, and in electrical construction B, it is a unit of headquarters-site (sales office). It is surrounded by the square in FIG.
In the parts α and β, the respective users (circles) (1, 2,
3, 4, 7, 8). As shown in FIG. 4, each user is ranked first by a company ID, a user ID, and a password. Here, the α of the A general contractor and the B electrical work β are in a relationship of the main contractor and the subcontractor. Normally, in an information system in a company, since a third party from outside does not want to access, β cannot access information of α. Until now, α and β could not share a common application, database, file, etc. for a limited time by a license controller described later.

First, consider a case in which a user 1 of β enters a virtual employee under a business office α (FIG. 5). At this time,
The position of user 1 is an employee of B electrical work.
Since the electric work was subcontracted by A general contractor, it was α
Is expected to share the same information as the sales staff in b.
When the current status of the user 1 is expressed on the hierarchy, the department ID is defined as “a” because the person is a person at the site a (FIG. 6, 100). This employee must be able to recognize even the computer of the office b in the α system. Therefore, if the system administrator sets the department ID to b (101 in FIG. 6), the license controller is recognized as a virtual employee of α by the movement of the license controller described later, and the user 1 is assigned to the data of b in the organization of α. Can be referred to. At this time, the affiliation of this person is defined in another DB (FIG. 7). This DB is provided with a department ID, a company ID, and a parent department ID. As a data reference, b registers the company ID of b in the department, and defines that the two are the general contractor A by these two. The parent department C indicates that the user 1 himself is a person who works on electrical work B.

Further, the site a itself in the B electrical work can virtually enter as a department of β. At this time, FIG. 8 is a conceptual diagram. Here, the sales office “b” of the general contractor A uses the sales office “a” of the electrical construction B for subcontracting, and wants to refer to the data and programs of the people in the office because of the coordination of work. The relationship at this time is shown in FIG.
The state is as shown in (a). Sales office b has issued a request to site a to see if this data can be referred to. Here, despite the relationship between the primary contractor and the subcontractor, if the data is accessed without permission, B
Electric construction companies are also in trouble. Therefore, a trust relationship DB in FIG. 9B is created. In the trust relationship DB, a relationship to be seen and seen is defined. This trust relationship DB is constructed for the first time when the site a accepts the request from the office b.

Here, two cases are considered in FIG. 9B. In FIG. 8, it is determined whether only the users 1 and 2 connected to the site a are referred to (the portion of the box β) or a portion below another node connected to the site can be referred to. This is made possible by setting a request for node management. In (1) of FIG. 9 (b), since only the user is given permission, the node management is set so that 1, 2 of Node → a can be viewed. Similarly, in the case of (2) in FIG. 9 (b), it is possible to refer to the lower part of the tree structure, and it is set so that Trees → 5 and 6 can be seen.

As a result, an example of notation on the screen of the general contractor A is shown in FIG. This screen is an example of a screen in which a person at the sales office b of the general contractor A can refer to the cooperating company. At this time, the setting of the trust relationship DB in FIG.
It has become. As a result, data can be shared and referenced on the screen.

Next, how the above concept is implemented will be described with reference to the drawings. FIG. 11 shows an overall view of a network used in the present invention. In FIG.
1 is the Internet, the P used by the client
C3, a mobile phone 6 or a personal digital assistant (PDA) 9 connected to the mobile phone are connected to the modem 2, the LAN 8 connected by the router 7, the mobile phone base station 5 and the mobile phone network 4, respectively. The system of the license control server 12 used in the present invention is connected to the Internet 1, and the connection point is a firewall 10 or WWW.
A server 11 is provided. The license control server 12, the ASP application server 1 (13), the ASP application server 2 (14), and the DB1 (16) to DB3 (18) in which necessary DBs are stored are connected by the LAN. You. Also,
The ASP application server 3 (1) is externally connected via the Internet 1 via the VPN management server 20.
5) and DB4 (19) connected to the server. The server group includes a well-known OS, on which the license control server and each application server program of the present invention operate. In addition, various servers, such as a settlement server, may be connected as necessary, and the server group may be further arranged outside through the Internet.

Next, the flow of the entire system will be described with reference to FIGS. When the user accesses the page that calls the login screen at 25, at 26
A screen for inputting a company ID, a user ID, and a password appears. At this time, if necessary information is input and the transmission button is pressed, the information is sent to the license controller 31 via the Internet (a). Then, if the authentication is confirmed (b), an application menu is displayed (27). Here, when the menu is selected, the screen shifts to the screen 28. At this time, when a request is made to the application server 32 (c),
The license controller 33 checks whether this user has a license (d). Thereafter, when confirmation is made, permission information is transmitted to the application server 32 (e), and a screen 28 is displayed. While the user is using the same application, the screen transition is performed while confirming the user by electronic authentication (during the same session) unless the browser is forcibly terminated by using the electronic authentication function of the license controller. Go on. That is, when shifting from 28 to 29, the electronic authentication is requested by g, and by sending back h from the electronic authentication side, the application continues to be used. Similarly, when shifting from 29 to 30, the electronic authentication is performed by i. Authentication is requested, and j is sent back from the electronic authentication side.

FIG. 13 is an overall flowchart showing the above process. When a URL request is received from the user browser in S1, the web server returns a login screen display to the user browser in S2.
Thereafter, when login is performed from the user's browser in S3, the license controller transmits a cookie ID to the user browser (S4).
At the same time, the user's cookie I
D is transmitted (S5). At this time, from the web server,
An inquiry about an available license is made (S6),
In response, the license controller transmits the license information held by the license controller to the web server (S7). And this WEB server displays the menu to be displayed by CGI or JAVA
HTML that can be displayed by a user to generate a screen dynamically displayed on a browser using (registered trademark) SERVLET
A file is created (S8), and a menu is displayed from the WEB server to the user's browser (S9). Thereafter, when the user accesses the application server to use the program, the actions of each program are performed after S11.

FIG. 14 shows the WE in the overall flow.
It is a detailed flowchart of a B server. When the server starts in S20, a request is received from the user in S21. Next, a login screen is transmitted to the user in S22. Thereafter, when the user logs in, the cookie ID (similar to the browser of the user) having the identification number held by the user is received from the license controller in S23, and the license information held by the user is sent to the license controller in S24. Request. Then, in S25, the license information is received from the license controller, and in S26, the program (CGI, JAVA SERVLE
T), an HTML file that can be displayed by the user is created in order to dynamically generate a screen to be displayed on the browser, and the page is transmitted to the user in S27, and the process ends in S28.

FIG. 15 shows the details of login in the license controller. In FIG. 15, when the license controller starts (S30), a login is accepted from the user in S31. In S32, it is determined whether or not the login is OK.
The process moves to 33, and the cookie is sent to the user browser.
Then, the cookie ID is also transmitted to the WEB server in S34. After that, when the usable license information is received from the web server, matching with the DB is performed, and the license information held in the web server is transmitted so that the HTML file can be dynamically executed on the web server side (S36), and the processing ends. I do. If the authentication is not performed in S32, the process proceeds to S37, transmits error information to the WEB server, and ends in S38.

FIG. 16 shows a case where the application menu is connected to an external application server at 40 (A). At this time, a and b are their own sites, but c is an external server, and as a link
http://www.alles.ad.jp/asp/index.html (41) indicates a state that must be set. At this time, new login work must be avoided by taking over the session number of the browser.

FIG. 17 shows a first implementation example. At 40 (b), the user selects an application service outside the license controller in menu 3. To display the menu,
When displaying the user screen of the web server, a link is embedded to access the application server.
At this time, for external application resources, the session number is embedded in the link.
When the HTML file has been sent and the user selects menu 3, this link http://www.alles.ad.jp?sessi
on = 0a9b (42) is called, and the application server 43 is called. The external application server transmits to the license controller 44 (a) that the session number 0a9b has been taken over,
The license controller 44 (a) notifies that the takeover has been completed, and shifts to an application menu 45.

FIG. 18 shows a second implementation example. When the user selects an external application service in the menu 3 at 40 (c), the following process occurs.

1) The link of menu 3 of 40 (c) is lc.be
The information of the application to be used is passed to ingcorp.co.jp using parameters. That is, (47)
Http://lc.beingcorp.co.jp/nextAsp?url=www.alles.
ad.jp/asp/index.html. Where nextAs
p is a servlet for transitioning to the next ASP, url
Indicates the URL of the application to be displayed next.

2) The servlet inside the LC receiving the request is lc.alle, which represents the same server in another domain.
Perform redirection (re-instruction) to s.ad.jp. For example, http://lc.alles.ad.jp/currentAsp?url=www.alle
We will redirect to s.ad.jp/asp/index.html&session=0a9b. At this time, lc.beingcorp.co.jp and
lc.alles.or.jp is the same server, currentAsp: URL of the servlet to be redirected url: URL of the application to be displayed next session: User's session I
D is shown. In the license controller 44 (b), the transition from α to β ends at this time (4
8).

3) The redirected servlet is
The session parameter is obtained, and the session ID is written in the cookie 46 of the user's browser. Furthermore, ur
Redirects to the URL specified by the l parameter.

4) The redirected application server 50 transmits an HTML page to the user's browser, and shifts to an application menu of 49. Is performed.

FIG. 19 is a flow chart showing the operation of the license controller for selecting an application. When the process is started in S40, application selection information is received in S41. Then S4
In step 2, the session number is transmitted to the application server. Further, when an action signal is received from the application (S43), it is determined whether or not a transition of the action within the same application is made (S44).
In the case of S, the process for giving an electronic authentication is started (S4
5) If NO, application change processing is performed (S46). At this time, if you have a license,
The process proceeds to S47, where a new session number is provided (even if the session number is the same, the site address is different, so the session number is different when viewed as a whole), and the process ends in S48. If the user does not have a possession license in S46, the process ends (S48).

FIG. 20 is a flowchart showing the operation on the application server side in FIG. S5
When the process starts at 0, in S51, license information is requested to determine whether or not to permit the license controller to use the license.
This registration shall be made in advance. Next, S52
It is determined whether or not the license information has been received. If YES, the application is started (S53). If NO, an error message is transmitted to the WEB server, and the process ends at S60. Next, when an action of the application occurs in S53 due to the user's work, an electronic authentication is requested (S55).
The process proceeds to the next task of the application (S56).
During a series of operations, the processes from S54 to S56 are repeated. Then, when the application is terminated in S57, it is determined whether or not another application is activated in S59. If YES, the process returns to S51. If NO, the process proceeds to S60 and ends. Next, the accounting calculation in the present invention will be described.

FIG. 21 is a flowchart for recording a log which is the basis of accounting calculation. When log management starts in S70, application information is received from the user in S71. Next, in S72,
Pass the session number to the application. S73
It is determined whether or not an electronic authentication request has been received from the application server within the timeout period, and YES
If so, the flow shifts to S74, and upon receipt of the application end information, the end time information is recorded in a log in S75. If “NO” in the step S73, the process shifts to a step S76 to instruct the forced termination of the application. Here, in S77, it is determined whether or not the automatic rollback processing is performed. If the electronic authentication time of the last access is deemed to be the end of the access time, the process proceeds to S78, where the final electronic authentication time information is recorded in a log. If the automatic rollback processing is not to be performed, the all-commit processing is performed in step S79. In step S80, information of the final electronic authentication time + timeout time is recorded in a log.
Exit at 81.

Next, the cooperation of the IDs of the related parties will be described. FIG. 22 is a flowchart in the sysad of the relation source. In S90, when starting, S9
In 1, login is performed and access is performed. Next, S9
In 2, the required company ID and user ID are acquired. In S93, the department ID is assigned to the acquired ID, and the process goes to S94, where the ID is stored in the DB (FIG. 33), and the process ends.

Thereafter, FIG. 23 is a flowchart showing the access of the user. In FIG. 23, when starting in S100, the user logs in in S101. In S101, based on the department ID, processing is performed to determine which files and programs the user can access, and usable files are displayed on the screen (S102).
finish.

FIGS. 24 and 25 are flow charts for setting whether or not it is possible to see below the hierarchy of the relation destination. In FIG. 24, when the related party starts in S110, login is performed (S111), and a company ID and a department ID requesting the related party are acquired (S112). Next, in S113, request information is added, and in S11
In step S11, the information is stored in the data database.
End at 5

Next, the setting of the related system is started. S1
When the process starts at 20, the user logs in at S121. In S122, the request information is DB
And read the request information. S123
If the request can be accepted,
In step 4, a node or a tree is selected. Here, in the case of a node, the node information is written into the DB of FIG. 34 (S127), and the process ends (S128). Similarly, S124
In the case of a tree in step S125, the process proceeds to step S125, where the information as the tree is written in the DB of FIG.
8). When the access is rejected in S123, the flag is set and the process is terminated (S128).

Next, a billing system using the present invention will be disclosed. FIG. 26 is a conceptual diagram illustrating a billing method for authentication and license according to the present invention. User C is shown in FIG.
The user ID “XYZ001” is held as in 50 of 6. Using the server of the present invention, this user can use the license 51, “L0001”, license 2, “L0002”, license 3, “L00”
03 ", license 4, and" L0004 ". This license includes the application drawing sharing “AP0001” and the drawing sharing “AP0”
002 ", process management" 0003 ", process management" 000 "
4 "is linked. Then, a billing method is determined for each application. In this case, in the case of 53, “AP0001” and “AP0003”
000 yen and 1,500 yen per month.
0002 ”and“ AP0004 ”have a storage capacity of 1
A price of 10 yen per MB is set. At this time, the billing destination is specified at 54, and the monthly charge (a) (b) is paid by T Construction at 53, and the company K is paid for the pay-as-you-go fee (c) at 53. It has become.

A database for realizing the conceptual diagram of FIG.
Is used. The fields of this DB are as defined in FIGS. The authentication process is as disclosed in the above flowchart.

In FIG. 27, user information is specified. The user information includes personal attribute information such as an identification ID, a company ID, a company name, a postal code, an address, a Tel number, a fax number, a department name, a name, and an email. Here, when the user logs in, the user accesses the DB in FIG. 28 and performs authentication using the user ID, company ID, and password. At this time, if an unauthorized access is made, it is recorded in the field, and using the email address on the DB,
You can also notify where needed. Once authenticated,
In the operation 51 shown in FIG. 26, license information is defined as shown in FIG. 29, and an identification ID, a license ID, and a user ID are acquired by an identification ID assigned to each user, and usable license information is acquired. .

Next, at 52 in FIG. 26, the DB as shown in FIG. 30 is acquired, and the identification ID, application name, URL, description, store ID (providing destination ID), and UR for activation are obtained.
Information such as L, category ID (reserved), category SubID (reserved), registration date and time, and deletion date and time is acquired. As a result, the application holding destination is specified and the application is actually started. The billing pattern (52) in the application is defined by the identification ID, the application ID, the billing pattern, and the like according to FIG. 31, and information such as the usage time is separately provided in a log file.

The billing destination 54 in FIG. 26 is defined according to FIG. 32, and in the DB in FIG.
A license ID, an application ID, a license name, a billing pattern, a billing company, a department, a start date, an end date, a registration date, a deletion date, and the like are defined, and a necessary bill is generated based on this information. As described above, in this billing calculation system, the holder of the license controller may calculate the billing and bill the user in a lump, or may make various user settings and issue a bill for each department. .

【The invention's effect】

As described above, in the present invention, a DB representing the relationship with the company that is the related source is set at the same time as the related party performing the actual work without the need of a special program, and management when viewing from the user is performed. Can be easier. Also,
When the construction company has a relationship of a primary contractor (related party A) and a subcontractor (related party B), whether the primary contractor restricts the access of files and programs to the subcontractor only to the user of the hierarchical level or the hierarchical level below the user It can be easily determined whether or not to be displayed. Furthermore, it is possible to define a hierarchical relationship in project units by virtually setting the first-ranked company ID in a project formation such as a joint enterprise. This can also allow the user to display the files and licenses that the user can access first.

[Brief description of the drawings]

FIG. 1 is a conceptual diagram of collective login.

FIG. 2 is a conceptual diagram illustrating a problem of the present invention.

FIG. 3 is a conceptual diagram showing a simple precondition of the present invention.

FIG. 4 is an example of login information used by a user on the DB side.

FIG. 5 is a diagram showing how the present invention works.

FIG. 6 is a diagram illustrating a DB of virtual employee settings.

FIG. 7 is a setting example of a company-side DB for virtual employee setting.

FIG. 8 is a conceptual diagram when the entire department is virtualized.

FIG. 9 is a simplified diagram of a DB used in FIG. 8;

FIG. 10 is an example of a display screen at the time of setting in FIG. 8;

FIG. 11 is a configuration diagram of an entire network.

FIG. 12 is an overall transition diagram.

FIG. 13 is a flowchart in the whole system.

FIG. 14 is a flowchart of a login process in a web server.

FIG. 15 is a flowchart illustrating details of login in the license controller.

FIG. 16 is a diagram illustrating a case where an application menu is connected to an external application server;

FIG. 17 shows a first implementation example of handover of a browser session number.

FIG. 18 illustrates a second implementation example of handover of a session number of a browser.

FIG. 19 relates to selection of an application.
6 is a flowchart showing the operation of the license controller.

FIG. 20 is a flowchart showing the operation on the application server side in FIG. 11;

FIG. 21 is a flowchart for recording a log which is a basis for accounting calculation.

FIG. 22 is a flowchart of a sysad of a relation source.

FIG. 23 is a flowchart showing a user access.

FIG. 24 is a flowchart of a relation source for setting whether or not the user can see below the hierarchy of the relation destination;

FIG. 25 is a flowchart of a participant for setting whether or not it is possible to see below the layer of the participant;

FIG. 26 is a conceptual diagram showing a billing method for authentication and license according to the present invention.

FIG. 27 is a DB in which user information is defined;
It is.

FIG. 28 is a DB for managing login.

FIG. 29 is a DB for identifying licenses available to a user.

FIG. 30 is a DB that specifies an application provision destination.

FIG. 31 is a DB that defines a charging pattern for each application.

FIG. 32 is a diagram illustrating a D that defines a billing destination of a license;
B.

FIG. 33 is an example of a department DB;

FIG. 34 is a DB showing trust relationship settings.

 ──────────────────────────────────────────────────続 き Continued on the front page F term (reference) 5B017 AA03 BA05 CA15 CA16 5B085 AE02 AE23 BC01 BG07 5E501 AA13 AC23 AC42 BA03 BA05 FA13 FA14 FA22 FA23 FA43 FA48

Claims (5)

[Claims] 1. A computer system for controlling a license control method in an application service provider used on the Internet, comprising: means for authenticating a company ID, a user ID, and a password DB, and a company ID, a user ID, and a department ID. DB
And a means for authenticating the file or program specified by the department ID so as to be accessible as a user. 2. The management system according to claim 1, wherein the system specifies a connection destination of the company and a virtual connection destination by means for authenticating with a department ID, a company ID, and a parent department ID. . 3. The system has a relation source A and a relation destination B, wherein the relation source A sets a department ID of the highest rank to the relation destination B, and the relation state of the relation destination B is lower than the hierarchy of the relation destination B. By referring to the DB set by the registering means to determine whether or not the relation source A can display information below the hierarchy of the relation destination B to determine necessary information. The management system according to claim 1, wherein the information is displayed. 4. The system according to claim 3, wherein said subject having different company IDs includes means for virtually setting a relation source and a relation destination by creating a virtual relation destination. The management system described. 5. The system includes a company ID, a user ID,
And means to authenticate by password and DB
D. A management system having means for authenticating with a DB of a user ID and a department ID, and displaying information accessible by the department ID on a first display screen.