JP2005259104A - Data management apparatus, data management method and program thereof - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a data-management apparatus, a data-management method and a program thereof that improve convenience for a user that does not have authorization to access data without sacrificing the security of data. <P>SOLUTION: The data-management apparatus, the data-management method and the program thereof that comprises a user-information provider means that provides information to the user about other users by whom access to the data is possible when access to the data by the user is not possible are provided. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to a data management device, a data management method, and a program thereof.

  Conventionally, a large number of persons in charge are usually involved in the progress of business in a company. Specifically, for example, after one person in charge processes a predetermined work, the work is handed over to the next person in charge. In addition, one work may be constituted by a plurality of operations.

As means for managing the progress of such work, a workflow system operating on a data management apparatus has been introduced. The workflow here can be defined as a series of work sequentially processed by a plurality of users. A workflow system used for business approval or the like is sometimes called groupware. For example, if one task requires approval by a supervisor, the general employee asks the chief, section manager, general manager, and president for approval using circulation using a computer network. It is done. Also, when managing the progress of work, each person in charge handles a part of the work he / she is responsible for, and when the work is handed over to the next person in charge, the workflow system indicates that the part of the work has been completed. input. With this input, the next person in charge can start work, and the progress of the entire business is managed.
JP-A-10-232811

  By the way, in the above-described workflow system, in order to perform tasks such as approval and progress management, it may be necessary to browse data related to the tasks. The related data is, for example, an estimate necessary for approval approval and a progress status of another business required for progress management. When business is performed in the workflow system, it is possible to browse the related data on the screen as related data or to refer to it as an attached document.

  Normally, such data (materials) itself is not secure, so the user of the workflow system clears the authentication of the workflow system, so that all relevant workflow data is related (Material) can be accessed.

  However, in such an operation, if the person in charge of processing on the workflow is registered, it is possible to see materials that cannot be seen originally. For example, if a workflow is related to a nondisclosure agreement (NDA) with a customer and a confidential document is attached to the workflow, the person in charge of each work on the workflow The problem of being able to see

  In order to solve this problem, it is desirable that the data (material) itself is secured by itself. For example, materials that should be disclosed only to superiors who have a predetermined authority in the company, materials related to confidentiality agreements with customers, etc. should be further strengthened. The contents of the security are various, but when an unauthorized person accesses the material, the contents cannot be seen or even accessed (even the existence is not known).

  On the other hand, however, if strong security is applied to the material itself, the following adverse effects occur. In other words, if the person in charge on the workflow cannot refer to the attached material, input for approval and progress management based on the content of the material cannot be performed. Further, when viewing a document, for example, a procedure is required in which an administrator of the data management apparatus grants reference authority or the like so that the user can view the document. However, in a large-scale system, it is unrealistic for an administrator to change such settings for each job. In addition, since the administrator is often unable to fully determine whether or not the disclosure of data to the user is appropriate, there is a problem that security is reduced if authority is easily given to all disclosure requests. Also occurs.

  In addition, when not relying on an administrator, it is also possible to have other users who are authorized to view the material show the material. However, when the number of users of the system is large, there is a problem that information about who has the authority to view the material must be inquired to the administrator after all.

  As described above, conflicting problems coexist with security enhancement and workflow system operation efficiency.

  Therefore, the present invention has been proposed based on the above-mentioned conventional circumstances, and is a data management device and a data management method that improve the convenience of users who do not have the authority to refer to data without sacrificing the safety of data. , And its program.

  The present invention employs the following means in order to achieve the above object. That is, the present invention is premised on a data management apparatus that stores data to be accessed and determines whether or not access to the data is possible in response to an access request from the user. Here, when access to the data by the user is not possible, a user information providing unit that provides the user with information about another user who can access the data is provided.

  As a procedure for providing information about other users, the access right storage means associates a data identifier that can uniquely identify data with an accessible user identifier that is an identifier of a user who can access the data. In response to the access request to the data from the user, the access analysis means obtains the user identifier of the user who made the access request and the data identifier of the data to be accessed from the access request. The accessible user acquisition unit acquires the corresponding accessible user identifier from the access right storage unit based on the data identifier acquired by the access analysis unit. Subsequently, the access permission determination unit compares the user identifier acquired by the access analysis unit with the accessible user identifier acquired by the accessible user acquisition unit, and the user information providing unit performs data access by the access permission determination unit. For example, a procedure of providing information on another user who can access the data to the user who made the access request when it is determined that access to the user is not possible.

  If the user cannot access the data, by providing the user with information about other users who can access the data, even a user without data reference (access) authority can It is possible to acquire information on a user who has the right to access the data without making an inquiry. Therefore, the user can make a determination of the subsequent processing when there is no access right on the spot, and as a result, the convenience of the data management apparatus can be improved.

  In addition, the data management apparatus includes a workflow control unit that controls the workflow, and the user information providing unit has at least an authority to change the access right to the data as information about other users who can access the data. Or there exists a structure which provides the presence or absence of the proxy authority of the process on a workflow. In this case, the data to be accessed is data used by a plurality of users on the workflow system.

  In other words, by applying a data management device to the workflow system, other users' information can be displayed, for example, by requesting other users to perform processing such as approval on the workflow system, or from other users to have authority to access data. This is very effective in promoting workflow processing smoothly.

In addition to the access right storage means, a workflow user storage means for storing workflow users who can use the workflow is provided, and the workflow control means determines whether the workflow can be used based on the workflow user storage means. There is a configuration in which determination is made independently of whether access is possible.
In this case, in addition to authentication of the workflow system itself, security independent of the workflow can be set for the data itself, so that security independent of the workflow can be secured for the data itself.

  The information about other users that can be accessed may include at least the presence / absence of an authority to change the access right and the presence / absence of an authority to act on the workflow system.

  Furthermore, the data management device includes an access right change requesting unit that notifies the user corresponding to this information of an access right change request based on information about the other user selected by the user. is there.

  In this configuration, not only the workflow processing functions smoothly, but also the person who can sufficiently judge the access right change determines the access right change, so the human load when changing the access right is distributed. At the same time, security is also kept strong.

  The access right change requesting unit may be configured to change the access right to the data based on the processing of another user in response to the request notification.

  Further, on the basis of information about the other user selected by the user, the data management device requests the user corresponding to this information to perform the processing on the workflow system to be performed by the selected user. There is a configuration including request means.

  Even in the above processing, the workflow processing can be made to function smoothly, and the security of the material itself is not changed, so that sufficient security is maintained.

  Here, the data management device and the workflow system can be embodied using a computer. In that case, each means excluding the storage means is embodied by operating a program on a computer.

  In the data management device, the data management method, and the like according to the present invention, when the user cannot access the data, the user is provided with information about other users who can access the data. Even a user who does not have data reference (access) authority can acquire information on a user who has the right to access the data without making an inquiry to the administrator. Therefore, the user can make a determination of the subsequent processing when there is no access right on the spot, and as a result, the convenience of the data management apparatus can be improved. Further, since the data has an access right different from the authority in the workflow, the data cannot be referred to only by being registered in the workflow, that is, stronger security can be realized. In addition, since it is possible to acquire information on users who have access rights, the convenience of the workflow is not impaired even though strong security is provided.

  Hereinafter, embodiments of the present invention will be described with reference to the accompanying drawings for understanding of the present invention. In addition, the following embodiment is an example which actualized this invention, Comprising: It is not the thing of the character which limits the technical scope of this invention. Further, as shown in FIG. 1, a data management apparatus 102 according to the present invention constitutes a workflow system 100 that is communicably connected to a user terminal 101 and a DB (database) server 103 via a network. However, for example, the data management apparatus 102 and the DB server 103 may be provided on the same computer.

(Embodiment)
Hereinafter, processing of the workflow system in the embodiment according to the present invention will be described.

  FIG. 1 is a schematic functional block diagram of the user terminal 101, the data management apparatus 102, and the DB server 103 constituting the workflow system 100. The processing of each means will be described later.

  FIG. 2 is a schematic configuration diagram of the data management apparatus 102, which includes a CPU (Central Processing Unit) 201, a RAM (Random Access Memory) 202, a ROM (Read Only Memory) 203, an HDD 204, and a network I / F (interface). 205 is connected via an internal bus 206. The CPU 201 operates as each unit shown in FIG. 1 by using, for example, the RAM 202 as a work area and executing a program stored in the ROM 203, the HDD 204, or the like. The network I / F 205 is connected to a network and can exchange data with other devices. The configurations of the user terminal 101 and the DB server 103 are the same as those of the data management apparatus 102, and different processes can be executed because the stored programs are different.

  FIG. 3 shows a system configuration example of the workflow system 100, in which a plurality of user terminals 101, a data management apparatus 102, and a DB server 103 are connected to be communicable via a network 302 such as the Internet or an intranet. Also, before the user terminal 101 communicates with the data management apparatus 102, for example, the authentication system 303 authenticates the user (person in charge) who uses the user terminal 101. When a workflow system described later is used, the user is authenticated by the workflow control unit 120 described later instead of the authentication system 303 described above.

  Next, processing in the workflow system 100 will be described.

  For example, when a user wants to request the shipment of a sample product to a customer in charge, the user logs in to the workflow system 100 first. That is, for example, the user first operates the user terminal 101 to access the workflow control unit 120 and receives the user authentication screen transmitted from the workflow control unit 120. On the user authentication screen, the user inputs a user ID and password, which are user identifiers for identifying the user, from the input unit 106 and transmits them to the workflow control unit 120 (FIG. 12: S1201). The input means here is, for example, a keyboard or a pointing device. When the input user ID and password are received by the workflow control unit 120, authentication is performed by determining whether or not they match those stored in the user authentication table (FIG. 12: S1202 → S1203). FIG. 11 shows an example of a user authentication table stored in the workflow user storage unit 122. The user authentication table 1100 stores a user ID 1101 of a user who can use the workflow system and a password 1102 in association with each other. It is determined whether the input user ID and password match the user ID 1101 and password 1102 in the user authentication table. If they match, the user ID and password are authenticated.

  When the user is authenticated, by performing a predetermined operation via the input unit 106, the operation content is transmitted to the data management apparatus 102 via the control unit 105, and the workflow control operating on the data management apparatus is performed. Processed by means 120. In other words, for example, a user who has logged in to the workflow system 100 calls and processes a business related to himself / herself from among the business registered on the workflow system 100 via the workflow control unit 120, or creates a new one. It is possible to register a workflow.

  Now, when requesting the shipment of the sample product to the customer in charge, the user calls the request content registration screen 1000, which is one screen of the groupware operating on the workflow system 100 (FIG. 12: S1204). → S1205 → S1206). FIG. 10 is an example of a request content registration screen for registering the request content in the workflow system according to the embodiment of the present invention.

  The user can register a sample product shipment request in the workflow system by inputting data necessary for the request into each input field constituting the request content input area 1013 of the request content registration screen 1000 (FIG. 12). : S1207).

  In FIG. 10, a sample product number “LLL123” is input to the product number 1001, “Receiving / shipping” as the workflow type 1002, “1000” as the quantity 1003, “2003/9/1” as the desired delivery date 1004, and “Sample” as the comment 1005 Is entered. The workflow type is a type that is classified according to the purpose of each workflow. In the case of a workflow that handles receiving / shipping, etc., “in / out” is used. In the case of arrangement of technical materials, “technical material” is selected. Entered.

  In the attached material column 1014, necessary materials necessary for receipt and shipment of the sample product can be attached. For example, when the “add” button 1014A is pressed, a search screen stored on the workflow system 100 is displayed (not shown). By selecting a designated file, the data can be attached as a document. Is possible. Note that the ID of the attached material is displayed on the request content registration screen 1000. In FIG. 10, “JA9028” is displayed as the ID, and the attached material is a development material related to the new product of the customer prototyped using the sample product “LLL123” and is managed as confidential material. Yes. An example of the confidential material is shown as a development confidential material 1400 in FIG. The confidential material is usually a very important document, and even a user who belongs to the same company or a user who shares the same workflow is not necessarily viewable.

  When the user completes the input of the request content, the user transmits an instruction to register the request content to the workflow control unit 120 by pressing the registration button 1015 (FIG. 12: S1208).

  When the workflow control unit 120 receives the request content, the workflow control unit 120 stores the request content in the workflow information storage unit 121.

  Next, the process of the workflow control unit 120 for the requested content will be described with reference to FIG.

  For example, when the workflow control unit 120 receives the request content shown in FIG. 10, a uniquely identifiable flow ID is assigned to the request content, and the record 801 is registered in the workflow table 800 shown in FIG. 8A. . Here, it is assumed that the flow ID 802 is “1000011”. Also, the workflow type: “receipt / shipment”, requester: “Koizumi”, product number: “LLL123”, quantity: “1000”, delivery date: “2003/9/1”, attached material: “JA9028” is input to the workflow type 803, the requester 804, the product number 805, the quantity 806, the delivery date 807, and the attached data ID 808, respectively. The items shown in FIG. 8A are a part of the record 801, and include items that other users need when performing the above request, such as customer names and shipping destinations. The workflow table 800 is stored in the workflow information storage unit 121.

  Next, the workflow control unit 120 determines the processing order and the person in charge of the processing based on the workflow table 800 and the person-in-charge determination table 810 shown in FIG. 8B, and creates the workflow state table 820 ( FIG. 12: S1209 → S1210). 8B is an example of the person-in-charge determination table in the embodiment of the present invention stored in the workflow information storage unit 121. FIG. 8C is a book stored in the workflow information storage unit 121. It is an example of the workflow state table in an embodiment of the invention. In the person-in-charge determination table 810, the order to be processed and the person in charge of each process are associated with each workflow type described above.

  Specifically, three records 815 to 817 are acquired from the workflow type 811 of the person-in-charge determination table 810 based on “receipt / shipment” corresponding to the record 801 and the workflow type 830. Then, based on the record, first, “Suzuki” in the person-in-charge code 814 whose order 812 is “1” performs “approval” of the processing content 813, and then the order 812 is “2”. The order in which “Kobayashi” performs the “arrival” process and the “shipment” process is determined. That is, the requester can register the request contents without being aware of who is in charge, and the person in charge is automatically determined based on the registered request contents.

  Records 821 to 823 shown in the workflow state table 820 are registered (stored) based on the determined three processing orders and the person in charge (FIG. 12: S1211). In the records 821 to 823, a state 825 is further added to the flow ID 802, the order 812, the processing content 813, and the person-in-charge code 814 described above. The state 825 is managed by inputting “completed” for completed processing, “not yet” for processing to be performed next, and blank for other processing.

  Next, each process of the request contents registered in this way will be described.

  For example, another user logs into the workflow system 100 in order to execute a process that he / she is in charge of. That is, as described above, the user accesses the workflow control unit 120 by operating the user terminal 101 and is authenticated by the workflow control unit 120 by inputting a user ID, a password, and the like (FIG. 13: S1301 → S1302 → S1303).

  Next, when the user gives an instruction on the user terminal 101 to call the process he / she is responsible for among the processes registered in the groupware, the content of the instruction is transmitted to the data management apparatus 102 via the control means 105. (FIG. 13: S1304). The instruction content is processed by the workflow control means 120, thereby creating a list of workflows related to the user (FIG. 13: S1305).

  The created list is transmitted to the user terminal 101 and displayed on the display means 104 such as a display via the control means 105 (FIG. 13: S1306). Thus, as long as the workflow system is authenticated, the user can browse the workflow related to the user's confidence.

  An example of the process (above S1303 to S1306) until the workflow list is created is shown below.

  First, when the user is authenticated by the authentication system 303, the authenticated user ID is passed to the workflow control means 120. Here, it is assumed that the user ID is “A004”, that is, “Suzuki” (from FIG. 4 described later, user identifier table 401). The workflow control unit 120 includes, based on the user ID “A004”, a workflow including a process to be handled by the user ID “A004” (Suzuki) from the workflow state table 820 stored in the workflow information storage unit 121. (FIG. 13: S1305A → S1305B).

  When a workflow including a process to be handled by the user ID “A004” (Suzuki) is extracted from the workflow status table 820 shown in FIG. 8C, first, the person-in-charge code 814 is “A004”, and the status A record in which 825 is “not yet” is extracted. In FIG. 8C, record 821 and record 824 correspond.

  The workflow control unit 120 further searches the workflow table 800 based on the flow IDs 802 of the records 821 and 824 extracted above, and the requester 804, the product number 805, the quantity 806, the delivery date 807, and the attached data ID 808 related to the records. Etc. are extracted (FIG. 13: S1305C → S1305D).

  The extracted record is processed so as to be viewable on the user terminal 101 as in a workflow list 901 shown in FIG. 9, for example (FIG. 13: S1305E / processing). Here, in the workflow list 901, a workflow type 902, processing contents 903, status 904, attached data 905, and correspondence 906 are displayed. The workflow type 902 describes what the flow is. The processing content 903 displays processing on the workflow to be performed by the person in charge (user), and corresponds to, for example, “approval”, “reception”, “arrival”, “shipping”, and the like. The status 904 describes the status of processing by the user. The attached data 905 displays the attached data ID shown in FIG. 8 and the name of the attached data based on the data table (FIG. 5B) described later. In response 906, corresponding input buttons to be performed by the user are displayed in accordance with the processing content 903. In this example, an “approval” button and a “denial” button, which are correspondences based on “approval”, are displayed.

  When the workflow list 901 is created, the workflow list 901 is transmitted from the workflow control unit 120 to the control unit 105 and displayed on the display unit 104 (FIG. 13: S1305E / transmission → S1306).

  Note that the above-described process of displaying a list of workflows related to the user is merely an example, and processing contents, display contents, and the like vary depending on the workflow system.

  Next, the user can approve / deny the processing contents by pressing a button corresponding to 906 in a predetermined workflow, for example, from a plurality of displayed workflows. However, in the case of approval (denial), the user may need to access various attached data for approval. In such a case, the data can be browsed if there is an access right by selecting the display of the attached data 905, for example.

  Next, processing related to the determination of the presence / absence of access rights will be described with reference to the outline of the flow of processing contents shown in FIG.

  When the user selects the above display via the input means 106, the selection is received as an access request by the access analysis means 107 of the data management apparatus 102 via the control means 105 (FIG. 6: S601). The access request includes a data ID that is a data identifier for specifying the data and a user ID used in the authentication process.

  Next, the access analysis unit 107 that has received the access request acquires the data ID and the user ID from the access request and transmits them to the accessible user acquisition unit 108 (FIG. 6: S602). Here, for example, it is assumed that the user presses the display of “development confidential material.doc” of the attached data 905. In this case, the data ID is “JA9028”.

  Subsequently, the accessible user acquisition unit 108 that acquired the data ID and the user ID transmits the data ID “JA9028” to the DB server 103, thereby corresponding access from the access right storage unit 111 of the DB server 103. A possible user ID is acquired (FIG. 6: S603 → S604). Here, the accessible user ID is an identifier of a user who can access data corresponding to the data ID. The search by the DB server 103 refers to, for example, the access right table shown in FIG. 5A and extracts accessible user IDs “A001”, “A005”, and “Semiconductor Division” based on the above “JA9028”. This is the process. The acquired accessible user ID (here, “A001”, “A005”, “Semiconductor Division”) is transmitted to the access permission determination unit 109.

  Subsequently, the accessibility determination unit 109 that has received the accessible user ID compares the accessible user ID with the user ID transmitted from the accessible user acquisition unit 108 (FIG. 6: S605). Specifically, the accessible user IDs “A001”, “A005”, “Semiconductor Division” and the user ID “A004” are compared. In the present embodiment, the division is included in the accessible user ID. Since the business division includes a plurality of users, and is referred to as “semiconductor division” here, all users belonging to the “semiconductor division” are accessible users. In other words, the business division can be referred to as a user ID composed of a plurality of user IDs, that is, the same treatment as a user ID (accessible user ID).

  Here, the user ID “A004” does not match the accessible user ID. Further, for example, the user ID “401” is searched by searching the user identifier table 401 (see FIG. 4) stored in the user ID storage unit 112. It is determined that “A004” (402) does not belong to the “semiconductor division” (electronic component division) (FIG. 6: S605 → S606 → S606 No).

  When the user ID does not match the accessible user ID in the access permission determination unit 109, the user corresponding to the user ID accesses the data requested for access in the access request (data ID “JA9028”). It means that there is no right. When there is no access right as described above, the user information providing unit 110 obtains information about other users acquired from the access right storage unit 111, that is, the accessible user IDs “A001”, “A005”, and “Semiconductor Division”. Is acquired from the user ID storage unit 112, the access right storage unit 111, and the like, for example, and transmitted to the user terminal 101 (FIG. 6: S608 → S609). Here, it is assumed that the information of the other users is stored in the user identifier table of the user ID storage unit 112.

  The control unit 105 that has acquired the information about the other user displays the information on the display unit 104 as, for example, an “accessible user” display 701 shown in FIG. 7 (FIG. 6: S610).

  As described above, when the user cannot access the data, the user is not authorized to refer to (access) the data by providing the user with information on other users who can access the data. Even a user can acquire information on a user who has the right to access the data without making an inquiry to the administrator. Therefore, the user can determine the subsequent processing when there is no access right on the spot, and as a result, the convenience of the data management apparatus is improved. In addition, the display of the information of the other user leads to an operation such as requesting other users to perform processing such as approval on the workflow system, or granting access authority to data from other users. The processing can proceed smoothly. In addition, authentication for workflow usage and determination of whether or not to have access rights to the data (data) referenced from the workflow are performed independently, so that the strong security applied to the data itself can be used. It is. Therefore, it is possible to smoothly advance the workflow process without sacrificing data safety.

  The other user information is effective for smooth processing of the workflow system, such as the user's name, department, job title, presence / absence of access right change authority, presence / absence of proxy authority for processing on the workflow system, etc. Possible information is preferred.

  By the way, when the user ID and the accessible user ID match in the access permission determination unit 109, it means that the user corresponding to the user ID has an access right to the data requested to be accessed by the access request. To do. In such a case, the access permission determination unit 109 acquires the data storage location by referring to the data table in the data storage unit 113 shown in FIG. 5B, for example, and as a result, the development shown in FIG. The confidential material 1400 is acquired and transmitted to the user terminal 101 (FIG. 6: S605 → S606 ′ → S605Yes).

  The control means 105 that has acquired the data functions in the same manner as a conventional user terminal by displaying the development confidential material 1400 on the display means 104 (FIG. 6: S610).

  In the present embodiment, a data table in which the data ID and the data storage location are associated with each other is provided. However, the data ID itself may include the position information where the data is stored. In this case, in the above example, the data ID “JA9028” shown in FIG. 5B is, for example, “\\ aa01SRV \ UserB \ Development confidential material.doc”.

  Next, a user process for the “accessible user” display 701 will be described. As described above, when the display 701 is displayed, the user does not have the right to access the desired material. In such a case, the workflow stops. For this reason, for example, the user presses the button 704 on the second display 703 of the display 701 by the input means 106.

  The button 704 includes information that the user whose name is “Kobayashi” has the authority to change the access right. When this button 704 is selected, the selection is received by the access right change request means 114 via the control means 105 and the workflow control means 120 as an access right change request. When the access right change request unit 114 receives the access right change request, the request is notified to the user “Kobayashi” using, for example, a messaging function provided in the workflow system. When the user “Kobayashi” selects, for example, “OK” in response to the request, the access right change requesting unit 114 receives a message to that effect, and the access right change requesting unit 114 receives the access right in the access right storing unit 111. By updating the table, the user can access the corresponding data.

  Through the above processing, the workflow processing functions smoothly. In addition, since the access right change is determined by a person in charge who can be judged sufficiently, which is set in advance for the access right change, the human load at the time of changing the access right is distributed and the security is also maintained firmly. .

  Further, for example, for the display 701, the user selects the button 705 in the first display 702 of the display 701 using the input unit 106.

  The button 705 includes the fact that the user whose name is “Ito” has the authority to perform the processing on the workflow of the user who made the selection on behalf of the user. When this display is selected, the selection is received by the proxy process request unit 115 via the control unit 105 as a proxy process request. When the proxy processing request unit 115 receives the proxy processing request, the request is notified to the user “Ito” using the messaging function. When the user “Ito” selects, for example, “approval” for the request, “not yet” 826 in the workflow state table 820 is updated to “completed”. That is, the response to the proxy processing request is reflected on the workflow system, and the workflow processing to be performed by the user proceeds.

  In the above processing, the workflow processing can be made to function smoothly as well. Naturally, since the security of the material itself is not changed, sufficient security is maintained.

  Although the messaging function is shown as an example of the method of notifying other users by the access right change request and the proxy processing request, the present invention is not limited to this. That is, for example, the access right change request unit 114 and the proxy processing request unit 115 may register a new workflow for notifying (achieving) the request in the workflow information storage unit 121 in response to the notification.

  In the above embodiment, the security processing method related to the attached data has been described in detail. However, the request content referred to by each user during the processing of the workflow, that is, related data may be targeted. That is, not only the attached data but also the records stored in the workflow table 800 are processed in the same manner as the attached data, so that strong security can be realized.

  The data management apparatus, workflow system, and data management method according to the present invention sacrifices the safety of data because it is immediately possible to know who can access the data when an unauthorized person accesses the material. Therefore, the present invention is useful as a data management device, a data management method, and a program for improving the convenience of a user who has no data reference authority.

1 is a schematic functional block diagram of a user terminal, a data management device, and a DB server that constitute a workflow system. The schematic block diagram of a data management apparatus. The figure which shows the system configuration example of a workflow system. The figure which shows an example of a user identifier table. The figure which shows an example of an access right table, and an example of a data table. The flowchart which shows the general | schematic process which determines the data access permission of a workflow system. The figure which shows the example of a display of the information of an accessible user. The figure which shows an example of a workflow table, a person in charge determination table, and a workflow status table. The figure which shows an example of a workflow list. The figure which shows an example of a request content registration screen. The figure which shows an example of a user authentication table. The flowchart which shows the outline of a request process. The flowchart which shows the outline of workflow list preparation for every user. The figure which shows an example of a confidential material.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 Workflow system 101 User terminal 102 Data management apparatus 103 DB server 104 Display means 105 Control means 106 Input means 107 Access analysis means 108 Accessible user acquisition means 109 Access permission determination means 110 User information provision means 111 Access right storage means 112 User ID Storage means 113 Data storage means 114 Access right change request means 115 Proxy processing request means 120 Workflow control means 121 Workflow information storage means 122 Workflow user storage means

Claims (14)

In a data management device that determines whether or not access to the data is possible in response to a data access request from a user
An access right storage means for storing the data identifier that can uniquely identify the data and an accessible user identifier that is an identifier of a user that can access the data;
Access analysis means for acquiring the user identifier of the user who made the access request and the data identifier of the data to be accessed from the access request;
Based on the data identifier acquired by the access analysis means, accessible user acquisition means for acquiring the corresponding accessible user identifier from the access right storage means;
An access permission determination unit that compares the user identifier acquired by the access analysis unit with the accessible user identifier acquired by the accessible user acquisition unit;
User information that provides information on other users who can access the data to the user who made the access request when it is determined that access to the data is impossible by the access permission determination unit. A data management apparatus comprising: a providing unit. Furthermore, a workflow control means for controlling the workflow is provided,
The user information providing means provides at least presence / absence of an authority to change access rights to the data or presence / absence of proxy authority for processing on the workflow as information on other users who can access the information. The data management device described.   The access right change requesting unit according to claim 2, further comprising: an access right change requesting means for notifying a user corresponding to the information based on information about the other user selected by the user to an access right change request. Data management device.   The data management apparatus according to claim 3, wherein the access right change requesting unit changes the access right to the data based on processing of another user in response to the notification of the request.   And a proxy processing requesting unit that requests the user corresponding to the information based on the information about the other user selected by the user to perform the processing on the workflow to be performed by the selected user. Item 3. The data management device according to Item 2. Furthermore, a workflow control means for controlling the workflow,
Workflow user storage means for storing workflow users who can use the workflow,
The data management apparatus according to claim 1, wherein the workflow control unit determines whether or not the workflow can be used independently of whether or not the data can be accessed based on the workflow user storage unit.   7. The user information providing means provides at least presence / absence of an authority to change access rights to the data or presence / absence of proxy authority for processing on the workflow as information on other users who can access the information. The data management device described.   The access right change requesting unit according to claim 7, further comprising: an access right change requesting unit that notifies the user corresponding to the information based on the information about the other user selected by the user to the access right change request. Data management device.   9. The data management apparatus according to claim 8, wherein the access right change requesting unit changes the access right to the data based on a process of another user in response to the notification of the request.   And a proxy processing requesting unit that requests the user corresponding to the information based on the information about the other user selected by the user to perform the processing on the workflow to be performed by the selected user. Item 8. The data management device according to Item 7. In a data management method for determining whether or not access to data is possible in response to an access request for data from a user
In response to an access request to the data from the user, an access analysis step of acquiring the user identifier of the user who made the access request and the data identifier of the data to be accessed from the access request;
Based on the data identifier acquired by the access analysis means, an access right storage means for storing a data identifier that can uniquely identify the data and an accessible user identifier that is an identifier of a user that can access the data More, an accessible user acquisition step for acquiring the corresponding accessible user identifier,
An access permission determination step of comparing the user identifier acquired in the access analysis step with the accessible user identifier acquired in the accessible user acquisition step;
User information that provides information about other users who can access the data to the user who made the access request when it is determined that access to the data is not possible in the access permission determination step. A data management method comprising: a providing step. In response to a data access request from a user, a computer that determines whether or not the data can be accessed,
An access analysis step of acquiring the user identifier of the user who made the access request and the data identifier of the data to be accessed from the access request;
Based on the data identifier acquired by the access analysis step, an access right storage means for storing the data identifier that can uniquely identify the data and the accessible user identifier that is the identifier of the user that can access the data More, an accessible user acquisition step for acquiring the corresponding accessible user identifier,
An access permission determination step of comparing the user identifier acquired in the access analysis step with the accessible user identifier acquired in the accessible user acquisition step;
User information that provides information about other users who can access the data to the user who made the access request when it is determined that access to the data is not possible in the access permission determination step. A program that executes the provided steps. In response to a request for access to data from a user, a computer that determines whether or not access to the data is possible,
An access analysis step of acquiring the user identifier of the user who made the access request and the data identifier of the data to be accessed from the access request;
Based on the data identifier acquired by the access analysis step, an access right storage means for storing the data identifier that can uniquely identify the data and the accessible user identifier that is an identifier of a user that can access the data More, an accessible user acquisition step for acquiring the corresponding accessible user identifier,
An access permission determination step of comparing the user identifier acquired in the access analysis step with the accessible user identifier acquired in the accessible user acquisition step;
User information that provides information about other users who can access the data to the user who made the access request when it is determined that access to the data is not possible in the access permission determination step. A computer-readable recording medium recording a program for executing the providing step. In a data management device that provides corresponding data in response to a data access request from a user,
Access permission determination means for determining whether or not the user can access data;
Data comprising: user information providing means for providing the user with information about other users who can access the data when it is determined that access is not possible by the access permission determining means. Management device.

Images