JP2005293132A - Operation terminal, access method, information providing device and method, and information sharing system and method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an operation terminal, an information providing device and each method for enabling a plurality of users to perform access from a common group account to information resources by making the users independently perform access properly according to the access right of each user, and for enabling the users to share the information resources while integrally securing them. <P>SOLUTION: This information sharing system is configured to make a plurality of users perform access from a common group account, and to allow the users each other to share information resources. This information sharing system is provided with a user setting means for making each user apply for the approval of user information related with the user from a privilege account for every group account to which each user is belonging, and for setting it as the approved user information, a user authenticating means for making the user request user authentication from the group account for the user information to permit the user to perform access and a monitor means for monitoring the execution process of access, and for recording it in a log file for each user. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a work terminal and an access method, an information providing device and an information providing method, and an information sharing system and an information sharing method, and can be applied to, for example, a UNIX (registered trademark) -based workstation, server, and system. it can.

  Conventionally, in a local area network (LAN) using the TCP / IP protocol, there is a case where a UNIX server database in which a UNIX-based operating system is mounted is desired to be shared by a plurality of users through telnet or the like. Generally, in such remote access, it is necessary for a user to properly log in to a UNIX server based on each access right, and various information providing systems having an access function for that purpose have been proposed.

However, the conventional techniques as described above have the following problems.
(1) In a UNIX server, maintenance (release of new resources, update of operating environment settings) and inspection (periodic diagnosis, recovery of trouble) are indispensable in order to support the actual operation of general users. In these maintenances and the like, all the libraries can be accessed and it is necessary to execute any command including modification and deletion. Therefore, a plurality of users who share the work can execute privileged UNIX user IDs (root, resadm). Etc.) are used as a common group account, and file operations are collaborated on the UNIX server.
(2) Therefore, each worker accessed in the scheduled time and order, which worker each access was from, and when and what operation a specific worker performed Of course, it was not possible to follow up directly at the time of the work, but also after the fact.
(3) In addition, if such a UNIX server is used as a remote host, the managers of branches and sales offices that have been expanded over a wide range of floors as well as each floor of the headquarters building, including the case where the same maintenance work is performed, individual users It became important to specify the work time, contents of file operations, etc. It also wants to protect valuable data from unexpected file operations and sometimes eliminates the chance of tampering with personal interests.

  The present invention has been made in view of the above circumstances, and when a plurality of users access information resources from a common group account, according to the access rights of each user, each user is made independent, And it aims at providing the work terminal, the information provision apparatus, and each method which share the said information resource, ensuring these integrally.

In order to achieve the above object, the work terminal according to claim 1 is a work terminal for a plurality of users to access the information providing apparatus from a common group account and share the information resources among the users. And
For each group account to which each user belongs, a user application means for applying for approval of user information regarding the user from a privileged account,
The user information approved through the user application means has an authentication request means for requesting user authentication from a group account again.

  In the first aspect of the present invention, only a user (individual) of a limited management department who can apply each user information in association with a group account by the user application means and belongs to the privileged account is comprehensively managed. Yes. Therefore, for example, users in each department in charge can be properly registered according to the company-wide organizational structure, so that each user needs to worry about deviation of access rights at all within the approved range. There is no, you can concentrate on work such as maintenance. Further, user authentication can be requested from the permitted group account by using the user information of each user by the authentication requesting means, and the merit of sharing information resources can be enjoyed. The user application means can install what is provided as a dedicated tool, and can be downloaded from the information providing apparatus.

  According to a second aspect of the present invention, in the work terminal according to the first aspect, the authentication requesting means performs a user-specific login to the multi-user-oriented operating system following a group account login. It is characterized by being.

  According to the second aspect of the present invention, the user can request log-in smoothly, and the convenience of the group account is utilized in the multi-user.

According to a third aspect of the present invention, there is provided the work terminal according to the first or second aspect of the present invention, wherein the user is provided with a schedule application unit for requesting approval of an access schedule from a group account for the desired information resource. By
The authentication request means requests user authentication in alignment with the access schedule approved by the schedule application means.

  According to the third aspect of the present invention, each user can make an access schedule based on work sharing and apply for approval from the information providing apparatus. Therefore, the correctness of the work is guaranteed by the planned access. For example, actual work on work terminals can be performed in synchronization with the necessary procedures such as plan management of business projects, permission of superiors, approval, etc. Also, in each work, objectivity and transparency within the organization It will also guarantee the sex.

  According to a fourth aspect of the present invention, in the work terminal according to any one of the first to third aspects of the present invention, the authentication requesting means uses user-specific identification codes or names as user information.

  In the invention described in claim 4, a user can be easily specified by an identification code, and examples of such an identification code include an individual user ID, a business employee number, and an e-mail address. Individual users can also be specified by name, and examples of the name include name, abbreviation, and handle name.

  According to a fifth aspect of the present invention, there is provided the work terminal according to any one of the first to fourth aspects, wherein the authentication requesting means sets and changes a password after a user-specific login and encrypts the password. It is characterized in that it is included in the user information of the user by remote communication.

  In the fifth aspect of the present invention, each user can use a password that can be concealed personally, and it is possible to accurately identify the access subject after eliminating impersonation by others. Also, information leakage associated with remote communication can be prevented by encryption. The password setting / changing function can be installed as a dedicated tool or downloaded from the information providing apparatus.

The access method according to claim 6 is an access method for a plurality of users to access the information providing apparatus from a common group account and share the information resources among the users,
For each group account to which each user belongs, a user application step for applying for approval of user information regarding the user from a privileged account;
The user information approved in the user application step includes an authentication requesting step for requesting user authentication from the group account again.

  In the invention described in claim 6, only a user (individual) of a limited management department who can approve each user information in association with the group account in the user application step and belongs to the privileged account is centralized. You can apply. Therefore, for example, users in each department in charge can be properly registered according to the company-wide organizational structure, so that each user needs to worry about deviation of access rights at all within the approved range. There is no. Further, in the authentication request step, user authentication can be requested from the permitted group account using the user information of each user, and the merit of sharing information resources can be enjoyed.

  According to a seventh aspect of the present invention, in the invention of the sixth aspect, the authentication requesting step performs a user-specific login to the multi-user-oriented operating system following a login by a group account. It is characterized by being.

  In the invention according to claim 7, the user can smoothly operate the login operation, and the convenience of the group account by the multi-user is utilized.

An access method according to an eighth aspect of the present invention is the access method according to the sixth aspect or the seventh aspect, wherein a schedule application step for allowing each user to apply for approval of an access schedule for a desired information resource from a group account is added. By
In the authentication request step, user authentication is requested in alignment with the access schedule approved in the schedule application step.

  In the invention described in claim 8, since each user can make an access schedule based on work sharing and apply for approval to the information providing apparatus, the correctness of the work is guaranteed by the planned access. For example, actual work on work terminals can be synchronized with necessary procedures such as plan management of business projects, permission of managers, approval, etc., and each work has objectivity and transparency within the organization. It will also be guaranteed.

  The access method according to claim 9 is the invention according to any one of claims 6 to 8, wherein the authentication requesting step uses a user-specific identification code or name as user information.

  In the invention described in claim 9, a user can be easily specified by an identification code, and examples of such an identification code include an individual user ID, a business employee number, and an e-mail address. Individual users can also be specified by name, and examples of the name include name, abbreviation, and handle name.

  According to a tenth aspect of the present invention, in the invention according to any one of the sixth to ninth aspects, the authentication requesting step includes setting and changing a password after a user-specific login and encrypting the password. It is characterized in that it is included in the user information of the user by remote transmission after conversion.

  In the tenth aspect of the present invention, it is possible to accurately specify the access subject after each user uses a password that can be kept private and excludes impersonation by others. Also, information leakage associated with remote communication can be prevented by encryption.

An information providing apparatus according to claim 11 of the present invention is an information providing apparatus that allows a plurality of users to access from a common group account and shares information resources among users,
For each group account to which each user belongs, user setting means for setting approval of user information related to the user from a privileged account,
User information approved by the user setting means includes user authentication means for performing user authentication from a group account again.

  In the invention described in claim 11, each user information can be set in association with a group account by the user setting means, and only a user (administrator) of a limited management department who belongs to the privileged account is in charge. Can be approved. Therefore, for example, users in each department can be registered on an objective basis in accordance with the company-wide organizational system, and settings can be quickly deleted. As a result, each user (worker) can concentrate on work such as maintenance without having to worry about a deviation of access rights at all within the approved range. In addition, user authentication can be performed using the user information of each user from the permitted group account, and the merit of sharing information resources can be enjoyed. The user application function corresponding to the user setting means can be provided to the work terminal as a dedicated tool and can be uploaded on the communication network.

  According to a twelfth aspect of the present invention, in the invention according to the eleventh aspect, the user authentication means performs a user-specific login to the multi-user-oriented operating system following a group account login. It is characterized by letting it.

  In the invention described in claim 12, login to the user can be allowed smoothly, and the convenience of the group account can be utilized in the multi-user.

According to a thirteenth aspect of the present invention, there is provided the information providing apparatus according to the eleventh or twelfth aspect of the present invention, wherein a schedule approval means for accepting an access schedule from a group account and approving the information resource desired by each user is attached. By
The user authentication means performs user authentication in alignment with the access schedule approved by the schedule approval means.

  In the invention according to the thirteenth aspect, each user can make an access schedule based on the work sharing and approve it by the schedule approving means, so that the correctness of the work is as well as the access planability. For example, the actual work of users (workers) can be synchronized with the necessary procedures such as plan management of business projects, permission of senior managers, approval, etc. Also, in each work, objectivity and transparency within the organization It will also guarantee the sex.

The information providing device according to claim 14 is the invention according to any one of claims 11 to 13, wherein for each of the users, a monitoring means for monitoring an execution process of access and recording it in a log file;
A verification unit for verifying access by the user by referring to the log file of the monitoring unit is provided.

  In the invention according to the fourteenth aspect, since the legitimate access is logged in, thereafter, the log means of the execution process is simply taken by the monitoring means. As a precaution, the verification means guarantees post-analysis and verification for every access. Examples of such execution processes include information resource file operations, execution commands, execution states, and results.

  According to a fifteenth aspect of the present invention, in the information providing apparatus according to the fifteenth aspect, the monitoring means saves the recorded log file outside the apparatus after a set period.

  In the invention according to the fifteenth aspect, in order to ensure security, the log file can be saved and the original can be discarded by the monitoring means independently of the apparatus. Examples of such a setting period include regular, anytime, when a predetermined condition occurs, and examples of the save destination include compression to an external hard disk and a sequential storage medium, and archiving.

The information providing method according to claim 16 is an information providing method for allowing a plurality of users to access from a common group account and sharing information resources among users,
For each group account to which each user belongs, a user setting step for setting approval of user information related to the user from a privileged account;
The user information approved in the user setting step includes a user authentication step for performing user authentication from a group account again.

  In the invention described in claim 16, each user information can be set in association with a group account in the user setting step, and only a limited administrative department user (administrator) belonging to the privileged account is in charge. Can be approved. Therefore, for example, users in each department can be registered on an objective basis in accordance with the company-wide organizational system, and settings can be quickly deleted. As a result, each user (worker) can concentrate on work such as maintenance without having to worry about a deviation of access rights at all within the approved range. Further, user authentication can be performed from the permitted group account by using each user information in the user authentication step, and the merit of sharing information resources can be enjoyed. A user application function corresponding to the user setting step can be provided as a dedicated tool to the work terminal and can be uploaded on the communication network.

  According to a seventeenth aspect of the present invention, there is provided the information providing method according to the sixteenth aspect, wherein the user authentication step performs a user-specific login to the multi-user-oriented operating system after the group account login. It is characterized by letting it.

  In the invention described in claim 17, the user can be permitted to log in smoothly, and the convenience of the group account can be utilized in the multi-user.

According to an eighteenth aspect of the present invention, there is provided the information providing method according to the sixteenth or seventeenth aspect, wherein a schedule approval step of accepting an access schedule from a group account and approving the information resource desired by each user is added. By
In the user authentication step, user authentication is performed in alignment with the access schedule in the schedule approval step.

  In the invention according to claim 18, each user can make an access schedule based on the work sharing and approve it in the schedule approval step, so that the legitimacy of the work is as well as the access planability. For example, the actual work of users (workers) can be synchronized with the necessary procedures such as plan management of business projects, permission of senior managers, approval, etc. Also, in each work, objectivity and transparency within the organization It will also guarantee the sex.

The information providing method according to claim 19 is the monitoring step according to any one of claims 16 to 18, wherein the monitoring process of monitoring the execution process of access for each user and recording it in a log file;
A verification step for verifying access by the user with reference to the log file of the monitoring step is provided.

  In the invention described in claim 19, since the legitimate access is logged in, after that, the log file of the performance process is simply taken in the monitoring step. And in case of need, in the verification step, post-analysis and verification are guaranteed for all accesses. Examples of such execution processes include information resource file operations, execution commands, execution states, and results.

  The information providing method according to claim 20 is the invention according to any one of claims 16 to 19, wherein the monitoring step saves a recorded log file outside the apparatus after a set period. Features.

  In the invention described in claim 20, in order to ensure security, the log file can be saved and the original can be discarded independently of the apparatus in the monitoring step. Examples of such a setting period include regular, anytime, when a predetermined condition occurs, and examples of the save destination include compression to an external hard disk and a sequential storage medium, and archiving.

The information sharing system according to claim 21 is an information sharing system that allows a plurality of users to access from a common group account, and allows users to share information resources.
For each group account to which each user belongs, user setting means for requesting approval of user information related to the user from a privileged account and setting as approved user information;
User information approved by the user setting means includes user authentication means for requesting user authentication from a group account and permitting access.

  In a twenty-first aspect of the present invention, a user (administrator) of a limited management department who can set and set each user information in association with a group account by user setting means and belongs to a privileged account. Only can be generally approved. Therefore, for example, users in each department in charge can be registered on an objective basis in accordance with a company-wide organizational system, and settings can be quickly deleted. As a result, each user (worker) can devote himself / herself to work such as maintenance without worrying about a deviation of access right or the like as long as it is within the approved range. In addition, user authentication can be performed using the user information of each user from the permitted group account, and the merit of sharing information resources can be enjoyed. The user application function corresponding to the user setting means can be provided to the work terminal as a dedicated tool and can be uploaded on the communication network.

  According to a twenty-second aspect of the present invention, in the information sharing system according to the twenty-first aspect, the user authentication means performs a user-specific login to the multi-user-oriented operating system following the login by the group account. It is characterized by letting it.

  In the invention described in claim 22, the user can be permitted to log in smoothly, and the convenience of the group account is utilized in the multi-user.

According to a twenty-third aspect of the present invention, there is provided the information sharing system according to the twenty-first or twenty-second aspect, further comprising schedule approval means for accepting an access schedule from a group account and approving the information resource desired by each user. By
The user authentication means requests user authentication in alignment with the access schedule approved by the schedule approval means, and permits the access.

  In the invention according to the twenty-third aspect, since each user can make an access schedule based on the work sharing and make an application by the schedule approving means, the access can be planned and the legitimacy of the work is guaranteed. For example, the actual work of users (workers) can be performed in synchronization with the necessary procedures such as plan management of business projects, permission of managers, and approvals. And transparency are guaranteed.

An information sharing system according to claim 24, in the invention according to any one of claims 21 to 23, for each of the users, monitoring means for monitoring the execution process of access and recording it in a log file;
A verification unit for verifying access by the user by referring to the log file of the monitoring unit is provided.

  In the invention according to the twenty-fourth aspect, since the legitimate access is logged in, after that, only the log file of the execution process is taken by the monitoring means. As a precaution, the verification means guarantees post-analysis and verification for every access. Examples of such execution processes include information resource file operations, execution commands, execution states, and results.

  An information sharing system according to a twenty-fifth aspect is the invention according to any one of the twenty-first to twenty-fourth aspects, wherein the monitoring means saves a recorded log file outside the system after a set period. Features.

  In the invention described in claim 25, in order to ensure security, the log means can be saved and the original can be discarded by the monitoring means uniformly independently of the apparatus. Examples of such a setting period include regular, anytime, when a predetermined condition occurs, and examples of the save destination include compression to an external hard disk and a sequential storage medium, and archiving.

The information sharing method according to claim 26 is an information sharing method in which a plurality of users are accessed from a common group account, and information resources are shared among users,
For each group account to which each user belongs, a user setting step for requesting approval of user information related to the user from a privileged account and setting as approved user information;
The user information approved in the user setting step has a user authentication step of requesting user authentication from the group account and permitting access again.

  In the invention described in claim 26, only the user (administrator) of the limited management department who can set each user information by applying in association with the group account in the user setting step and which belongs to the privileged account. Can be generally approved. Therefore, for example, users in each department can be registered on an objective basis in accordance with the company-wide organizational system, and settings can be quickly deleted. As a result, each user (worker) can devote himself / herself to work such as maintenance without worrying about a deviation of access right or the like as long as it is within the approved range. Further, user authentication can be performed from the permitted group account by using each user information in the user authentication step, and the merit of sharing information resources can be enjoyed. A user application function corresponding to the user setting step can be provided as a dedicated tool to the work terminal and can be uploaded on the communication network.

  In an information sharing method according to a twenty-seventh aspect, in the invention according to the twenty-sixth aspect, the user authentication step performs a user-specific login for a multi-user-oriented operating system following a login by a group account. It is characterized by letting it.

  In the invention described in claim 27, it is possible to allow the user to log in smoothly and allow the user to make use of the convenience of the group account in the multi-user.

An information sharing method according to a twenty-eighth aspect is the invention according to the twenty-sixth or twenty-seventh aspect, wherein a schedule approval step of accepting an access schedule from a group account and approving the information resource desired by each user is added. By
In the user authentication step, user authentication is requested in alignment with the access schedule approved in the schedule approval step, and the access is permitted.

  In the invention according to the twenty-eighth aspect, in the schedule approval step, each user can make an access schedule based on the work sharing and make an application to approve it, so that the legitimacy of the work is as well as the access planability. For example, the actual work of users (workers) can be performed in synchronization with the necessary procedures such as plan management of business projects, permission of managers, and approvals. And transparency are guaranteed.

An information sharing method according to claim 29, in the invention according to any one of claims 26 to 28, for each of the users, a monitoring step of monitoring an access execution process and recording it in a log file;
A verification step for verifying access by the user with reference to the log file of the monitoring step is provided.

  In the invention described in claim 29, since the legitimate access is logged in, after that, only the log file of the execution process is taken in the monitoring step. And in case of need, in the verification step, post-analysis and verification are guaranteed for all accesses. Examples of such execution processes include information resource file operations, execution commands, execution states, and results.

  In an information sharing method according to a thirty-third aspect, in the invention according to any one of the twenty-sixth to twenty-ninth aspects, the monitoring step saves a recorded log file outside after a set period. And

  In the thirty-third aspect of the invention, in order to ensure security, the log file can be saved and the original can be discarded independently from the apparatus in the monitoring step. Examples of such a setting period include regular, anytime, when a predetermined condition occurs, and examples of the save destination include compression to an external hard disk and a sequential storage medium, and archiving.

  A program according to a thirty-first aspect is a program for causing a computer to execute the method according to any one of the sixth to tenth aspects, the sixteenth to the twentyth aspect, and the twenty-sixth to thirty-third aspects.

  In the invention described in claim 31, a computer can execute the method described in any one of claims 6 to 10, 16 to 20 and 26 to 30.

  A recording medium according to a thirty-second aspect records a program for causing a computer to execute the method according to any one of the sixth to tenth, tenth to twentieth and twenty-sixth to thirty-sixth aspects. It is a computer-readable recording medium characterized by being made.

  In the invention described in claim 32, it is possible to cause a computer to execute the method described in any one of claims 6 to 10, 16 to 20, and 26 to 30.

  According to the work terminal described in claim 1, user registration of each department in charge is appropriately performed in the management department, and each user can concentrate on work such as maintenance within the approval range. In addition, user authentication can be performed individually from the group account. Therefore, work independence is guaranteed for each worker, and information resources can be shared in an integrated manner within and outside the department in charge.

  According to the work terminal described in claim 2, it is possible to obtain the same effect as that of the invention described in claim 1, as well as information resources through smooth login and rational access from a group account. Can be shared.

  According to the work terminal described in claim 3, it is possible to obtain the same effect as that of the invention described in claim 1 or claim 2, and each user systematically performs work such as maintenance. It can be performed and supplemented with necessary management procedures, etc., so that activities within the organization can be integrated and promoted.

  According to the work terminal of claim 4, the same effect as that of the invention of any of claims 1 to 3 can be obtained, and actual workers can be specified individually. Therefore, independence of access can be guaranteed.

  According to the work terminal of claim 5, the same effects as those of the invention of any of claims 1 to 4 can be obtained, as well as the security of each user is protected, and , It becomes possible to accurately identify the accessing user.

  According to the access method of the sixth aspect, users in each department in charge can be registered uniformly and appropriately, and each user can concentrate on work such as maintenance within the approval range. In addition, individual user authentication can be performed from the group account. Accordingly, work independence is guaranteed for each worker, and information resources can be shared in an integrated manner within and outside the department in charge.

  According to the access method of the seventh aspect, it is possible to share the information resource by the smooth login and the rational group account as well as the same effect as the invention of the sixth aspect. It becomes like this.

  According to the access method described in claim 8, it is possible to obtain the same effect as the invention described in claim 6 or claim 7, and each user systematically performs maintenance work. It can be performed and supplemented with necessary management procedures, etc., so that activities within the organization can be integrated and promoted.

  According to the access method of the ninth aspect, the same effect as the invention of any one of the sixth to eighth aspects can be obtained, and an actual worker can be specified individually. Therefore, independence of access is guaranteed.

  According to the access method of the tenth aspect, it is possible to obtain the same effect as the invention according to any one of the sixth to ninth aspects, as well as the security of each user, and , It becomes possible to accurately identify the accessing user.

  According to the information providing apparatus of the eleventh aspect, the user registration of each department in charge can be properly set in the management department, and each user can be dedicated to work such as maintenance within the approval range. In addition, since individual user authentication is performed from the group account, independence of work can be guaranteed for each worker, and information resources can be shared in and out of the department in charge.

  According to the information providing apparatus of the twelfth aspect, the same effect as that of the invention of the eleventh aspect can be obtained, and information resources can be shared by a smooth login and a rational group account. You can make it.

  According to the information providing apparatus of the thirteenth aspect, it is possible to obtain the same effect as that of the invention according to the eleventh or twelfth aspect, and to perform maintenance work on each user systematically. And the necessary management procedures are also advanced, so that activities within the organization can be integrated and promoted.

  According to the information providing apparatus of the fourteenth aspect, it is possible to obtain the same effect as that of the invention according to any one of the eleventh to thirteenth aspects. As a result, it will be possible to expect many derivative effects such as practical improvement as well as emergency situations.

  According to the information providing apparatus of the fifteenth aspect, it is possible to obtain the same effect as that of the invention according to any of the eleventh to fourteenth aspects, as well as to separately manage the log file, thereby preventing falsification. In addition to verifying the work, it will be possible to conduct it in an independent organization.

  According to the information providing method of the sixteenth aspect, the user registration of each department in charge can be properly set in the management department and each user can be dedicated to work such as maintenance within the approval range. In addition, since individual user authentication is performed from the group account, independence of work can be guaranteed for each worker, and information resources can be shared in and out of the department in charge.

  According to the information providing method of claim 17, the same effect as that of the invention of claim 16 can be obtained, and information resources can be shared by smooth login and rational group account. You can make it.

  According to the method for providing information according to claim 18, it is possible to obtain the same effect as that of the invention according to claim 16 or claim 17, and each user can perform work such as maintenance in a planned manner. It is possible to complement the necessary management procedures, so that the activities in the organization can be promoted in an integrated manner.

  According to the information providing method of claim 19, the effect similar to that of the invention of any of claims 16 to 18 can be obtained. As a result, it can be expected to have many derivative effects such as practical improvement as well as emergency situations.

  According to the information providing method of the twentieth aspect, the same effect as that of the invention of any of the sixteenth to nineteenth aspects can be obtained, and the log file can be managed separately, so that falsification can be prevented. In addition to verifying work, it can also be performed by an independent organization.

  According to the information sharing system of the twenty-first aspect, the user registration of each department in charge can be appropriately set in the management department, and each user can concentrate on work such as maintenance within the approval range. In addition, since individual user authentication can be performed from a group account, independence of work can be guaranteed for each worker, and information resources can be shared in and out of the department in charge.

  According to the information sharing system of the twenty-second aspect, the same effect as that of the twenty-first aspect of the invention can be obtained, and the information resource can be accurately determined by a smooth login and a rational group account. To share with.

  According to the information sharing system of the twenty-third aspect, it is possible to obtain the same effect as the invention of the twenty-first or twenty-second aspect. The necessary management procedures can also be carried out, so that activities within the organization can be promoted in an integrated manner.

  According to the information sharing system of the twenty-fourth aspect, it is possible to obtain the same effect as the invention of any one of the twenty-first to twenty-third aspects. As a result, it will be possible to expect many derivative effects such as practical improvement as well as emergency situations.

  According to the information sharing system of claim 25, the log file can be managed separately, as well as the same effect as the invention of any of claims 21 to 24 can be obtained. In addition to preventing tampering, work verification can be performed by an independent organization.

  According to the information sharing method of the twenty-sixth aspect, since the user registration of each department in charge is collected in the management department, it can be set appropriately, and each user can concentrate on work such as maintenance within the approval range. In addition, since individual user authentication is performed from the group account, independence of work can be guaranteed for each worker, and information resources can be shared in and out of the department in charge.

  According to the information sharing method of claim 27, it is possible to obtain the same effect as that of the invention of claim 26, as well as to ensure that the information resources are accurately obtained by smooth login and rational group account. To share with.

  According to the information sharing method of the twenty-eighth aspect, it is possible to obtain the same effect as the invention of the twenty-sixth or twenty-seventh aspect. And the necessary management procedures can be supplemented, so that activities within the organization can be promoted in an integrated manner.

  According to the information sharing method of claim 29, it is possible to obtain the same effect as any of the inventions of claims 26 to 28. Since it can be verified, it will be possible to expect many derivative effects such as practical improvement as well as emergency situations.

  According to the information sharing method of claim 30, the log file can be managed separately, as well as the same effect as the invention of any of claims 26 to 29 can be obtained. In addition to preventing falsification, work verification can be performed by an independent organization.

  According to the program according to claim 31, the method according to any one of claims 6 to 10, 16 to 20 and 26 to 30 can be executed by a computer.

  According to the recording medium of the thirty-second aspect, the method according to any one of the sixth to tenth aspects, the sixteenth to the twentyth aspect, and the twenty-sixth to thirty-third aspects can be executed by a computer.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
FIG. 1 is a diagram for explaining a schematic configuration example of an information sharing system according to an embodiment of the present invention.
This information sharing system includes a UNIX server (information providing apparatus) 1 provided on a local area network (LAN) of a head office of a company or the like, and workstations (work terminals) 2a, 2b,. .., And is a system that allows remote login to the database of the UNIX server 1 from the workstation 2a, 2b,. Instead of the Internet, for example, the present invention can be applied to a wide area network using the company's intranet, extranet, or other telecommunication line.

  The UNIX server 1 is connected to the Internet 3 through routers and other gateways provided on the LAN, and is used as a company-wide manager for various business resources (information resources), such as for business use. , A database main body 110 that is shared by workers, sales representatives of the sales department, a database management server 120 that manages search and update of the database main body 110, an access management server 130 that processes access to the server 1, etc. And operating each server in an integrated manner while maintaining high security with a UNIX-based operating system. In addition, various tools that can be downloaded by the workstations 2a, 2b,. Each of these servers or resources may be mounted on an integrated server for convenience of management. In the following, an example of system management such as construction, update, and disposal of database resources is explained using a worker in the management department as a user. It may be applied when limited system management is performed.

FIG. 2 is a style diagram for explaining the stored information of the database main body shown in FIG.
The database main body 110 associates a personal user ID of a worker (user) or the like with a UNIX user management table (user information) 111 in which the personal user ID is associated with the UNIX user ID, and associates a personal name, password, or other personal information with the personal user ID. Privileged user usage report database (scheduled approval) in which the individual user management table (user information) 112 and the work schedule of each worker, the approval status by the administrator and the like (access schedule) are arranged in correspondence with the personal user ID Means) and a personal user use log (monitoring means) 114 in which the contents of the actual work by the worker are recorded in correspondence with the personal user ID. Such a UNIX user ID is a group account commonly used by a plurality of workers or the like because of the necessity of operating resources.

  The privileged user usage notification database 113 stores the work time such as work date (yyyy, mm, dd) and work period (hh: mm to hh: mm), and the server name of the resource to be logged in for each access schedule of the worker. (Usr_srv), UNIX user ID (such as root), worker specified by name, personal user ID (useracnt5) are registered in association with scheduled work, completed work, application status (1) in the approval process, etc. It is a thing. Of these, the application status is, for example, 1: Applicable, 2: Approved by superior, 3: Approved by system operation manager, 4: Completed No. 5: Same as above, Approved by superior, etc. are displayed in order and updated.

The personal user usage log 114 includes a server name (usr_srv) of a logged-in resource, a UNIX user ID (such as root), a personal user ID (useracnt5), and a date (yyyy, mm, dd) for each actual access. The login and logout time (hh: mm) is registered in association with the contents of the file operation (server name, directory, execution command, execution result, etc.). Of these, the contents of the file operation may be cited from the description contents of the system log recorded on the operating system of the UNIX server 1.

The database management server 120 shown in FIG. 3 allows the administrator to set approval or sometimes deletion regarding the personal user management table 111 and the UNIX user management table 112 of the database main body 110 from the UNIX user ID (group account) of the privileged account. It has a setting unit 121 and a schedule approval unit 122 that allows a worker to apply for a work schedule and the like to the privileged user usage notification database 113 and to allow the administrator to approve the schedule. The administrator's UNIX user ID includes, for example, root authority, but may be any limited privilege account that is not permitted to workers.

  The access management server 130 shown in FIG. 3 confirms the transmitted UNIX user ID for all accesses to the UNIX user management table 112 to approve only the login of the corresponding individual user ID and uses the privileged user. By referring to the notification database 113, the user authentication unit 131 that accepts only the appropriate access to the legitimate one, and the access permitted by the authentication unit 131 is monitored by the operator's file operation and the individual user use log 114. And a verification unit 133 that verifies file operations and the like in each access by referring to the individual user use log 114 as needed. The verification unit 133 collates the contents of the recorded system log with the originally scheduled work for each access, and extracts the difference between the actual work and the access schedule, thereby obtaining the privileged user usage log as the work result. It can also be recorded in the completed work column 113.

  The workstation 2a shown in FIG. 4 communicates with the user setting unit 121 of the database management server 120 to share the personal user management table 111 and the UNIX user management table 112 of the database main body 110. By communicating with the user application unit 210 that requests approval or deletion of personal information such as a worker in authority and the user authentication unit 131, the worker can access the UNIX server 1 by using the UNIX user ID and the individual user. Based on the ID access right (reading, rewriting, execution, etc.), the privileged user usage report database 113 is shared by communicating with the authentication requesting unit 220 that requests login user authentication and the schedule approval unit 122. For work schedules, workers are individual users And a schedule application unit 230 for applying for approval in association with the ID.

  At this time, for example, even if the administrator accesses exclusively from the workstation 2a, and the worker accesses from the other workstations 2b, etc., or does not distinguish between these, the same station instead of both May be accessed from. That is, the UNIX server 1 can be managed as an appropriate login based on the access right of each individual user ID together with the access right of the UNIX user ID. The personal information includes a worker's password, name, job title, and the like, and can be accurately set, changed, and encrypted by using a predetermined user tool. The user application unit 210 has an initialization function in preparation for forgotten passwords by workers. These user tools and the user application unit 210 are provided so as to be downloadable from the UNIX server 1.

FIG. 5 is a format diagram for explaining an application screen for the privileged user use notification database shown in FIG.
The application screen includes a worker application button B01 and an upper manager approval button B02 for executing the work application procedure, an administrator approval button B03 for system operation, and a worker reporting procedure for the work report procedure. A report button B04 and an upper approval button B05 are provided in the upper row. In addition, in the lower row, items other than the application status in the privileged user usage notification database 113 are displayed as a list. Of these, the completed work can be entered by key entry after the completion of the actual work and confirmed by pressing the report button B04 and registered in the privileged user usage report database 113. Further, it can be set as an organizational proper procedure by pressing the approval buttons B02 and B05.

Next, an example of the information sharing method according to the embodiment of the present invention will be described. First, a software process example will be described with reference to an example of a flowchart shown in FIG. 6, an example of each login screen shown in FIG. 7, and each figure shown in FIGS. Hereinafter, a case where a plurality of managers and a plurality of workers share one workstation 2a will be described as an example.
As a preparation, the user tool and the user application unit 210 are downloaded and installed from the UNIX server 1 to the workstation 2a, and the administrator makes a UNIX user ID, personal user ID, and temporary password for all users such as administrators in advance. Is set by the user application unit 210.

  When the software is activated, a UNIX user login prompt is displayed on the UNIX user login screen shown in FIG. 7, and subsequently, the UNIX user ID (for example, root) of the worker is keyed (step ST101). The UNIX server 1 queries the UNIX user management table 112, and access to the system is determined and permitted (step ST102). A password input prompt of the UNIX user is displayed and the password is keyed (step In step ST103, determination and permission are made in the same manner (step ST104), whereby it is determined whether the UNIX user ID is an ID for specifying an individual user (step ST105).

  Since the “root” authority is a common group account, the individual user login prompt shown in FIG. 7 is then displayed, followed by key entry (for example, user_acnt5) (step ST106). ), Inquiry of individual user management table 111 of UNIX server 1, permission of individual user (step ST107), display of password prompt, key input (for example, provisional password) (step ST108), determination, permission (step ST109) Each process is performed.

  If it is appropriate and valid, the login to the UNIX server 1 is permitted and the login time is recorded in the individual user use log 114 including the case where the account is not a group account (step ST110). At this time, the retry of each key input is allowed up to three times to prevent typo. In addition, the temporary password is changed by the user tool so that the worker can conceal himself / herself after the first login to ensure security.

  Subsequently, when the worker performs various file operations on each desired work screen, the operation contents such as the server name, the directory path, the execution command with prompt, the execution result or the status at that time are stored as a system log as an individual user. It is recorded in a predetermined column of the usage log 114 (step ST111). If the execution command is determined and the logout command (for example, exit) is determined (step ST112) (step ST112), the logout time is written in the personal user use log 114 together with the predetermined logout process (step ST113), and the predetermined end process is performed. The

FIG. 9 is a flowchart for explaining an example of another determination process in the personal password determination process.
In the personal password determination process (step ST109) shown in FIG. 6, by collating with the access schedule of the worker, it is possible to link with a procedure necessary for the organization in a business project or the like. That is, in another determination process shown in FIG. 9, the personal user ID and the like are referred to the privileged user usage report database 113 of the database main body 110 (step ST109-1) and compared with the working time and the like. If the current time is within the working time, it is determined that the access is appropriate and the access is valid (step ST109-2). As a result, the sharing time of each resource also tends to be distributed, and the system automatically shifts to a planned system.

FIG. 10 is a flowchart for explaining an example of another process in the monitor unit shown in FIG.
In this process example, the monitor unit 132 determines whether the scheduled backup time has elapsed (step ST301), and transfers the individual user use log 114 from the LAN to the outside (step ST302). It can be saved in the network 119 and securely saved as an operation trail file 115 for preventing falsification.

It is a figure for demonstrating the example of schematic structure of the information sharing system which concerns on embodiment of this invention. FIG. 2 is a style diagram for explaining a UNIX user management table and an individual user management table in the database main body of the UNIX server shown in FIG. 1; FIG. 3 is a block diagram for explaining functions of respective units in the UNIX server. FIG. 3 is a block diagram for explaining functions of respective units in the workstation of the information sharing system. FIG. 3 is a style diagram for explaining an application screen for a privileged user usage notification database of the database main body shown in FIG. It is a figure which shows the process example of the information sharing method which concerns on embodiment of this invention, and is a flowchart which shows the example as an access process in software. FIG. 7 is a style diagram for explaining a UNIX user login screen in the access process shown in FIG. 6. FIG. 7 is a flowchart for explaining the process example shown in FIG. 6 as subsequent access processing. FIG. 7 is a flowchart for partially explaining another password determination process in the process example shown in FIG. 6. 4 is a flowchart for schematically explaining an example of another process in the monitor unit of the access management server shown in FIG.

Explanation of symbols

1 UNIX server (information provision device, information sharing system)
2a, 2b ... workstation (working terminal, information sharing system)
3 Internet (telecommunications line, information sharing system)
110 Database body 120 Database management server 130 Access management server LAN Local area network (telecommunications line)

Claims (32)

A work terminal for a plurality of users to access the information providing apparatus from a common group account and share the information resources among the users,
For each group account to which each user belongs, a user application means for applying for approval of user information regarding the user from a privileged account,
A work terminal characterized by comprising authentication request means for requesting user authentication from a group account again for user information approved through the user application means.   2. The work terminal according to claim 1, wherein the authentication request unit performs user-specific login to the multi-user-oriented operating system following login by a group account. By attaching a schedule application means for allowing each user to apply for approval of an access schedule from a group account for a desired information resource,
The work terminal according to claim 1, wherein the authentication request unit requests user authentication in alignment with an access schedule approved by the schedule application unit.   The work terminal according to any one of claims 1 to 3, wherein the authentication request means uses a user-specific identification code or name as user information.   The authentication request means sets and changes a password after login unique to a user, encrypts the password, and transmits it remotely to be included in the user information of the user. The work terminal according to claim 4. An access method for a plurality of users to access an information providing apparatus from a common group account and share the information resources among the users,
For each group account to which each user belongs, a user application step for applying for approval of user information regarding the user from a privileged account;
An access method comprising: an authentication requesting step for requesting user authentication from a group account for the user information approved in the user application step.   7. The access method according to claim 6, wherein the authentication requesting step performs user-specific login to the multi-user-oriented operating system following login by a group account. By attaching a schedule application step for each user to apply for approval of an access schedule from a group account for a desired information resource,
8. The access method according to claim 6, wherein the authentication request step requests user authentication in alignment with the access schedule approved by the schedule application step.   9. The access method according to claim 6, wherein the authentication requesting step uses user-specific identification code or name as user information.   The authentication requesting step includes setting the password after the login unique to the user, changing the password, encrypting the password, and transmitting it remotely to include the user information of the user. The access method according to claim 9. An information providing apparatus that allows a plurality of users to access from a common group account and share information resources between users,
For each group account to which each user belongs, user setting means for setting approval of user information related to the user from a privileged account,
An information providing apparatus comprising user authentication means for performing user authentication from a group account again for user information approved by the user setting means.   12. The information providing apparatus according to claim 11, wherein the user authentication unit causes a multi-user-oriented operating system to perform a user-specific login following a group account login. For each information resource desired by each user, by attaching a schedule approval means for accepting and approving an access schedule from a group account,
The information providing apparatus according to claim 11, wherein the user authentication unit performs user authentication in alignment with an access schedule approved by the schedule approval unit. For each user, monitoring means for monitoring the access execution process and recording it in a log file;
14. The information providing apparatus according to claim 11, further comprising verification means for verifying access by the user with reference to a log file of the monitoring means.   15. The information providing apparatus according to claim 14, wherein the monitoring unit saves a recorded log file outside the apparatus after a set period. An information providing method for allowing a plurality of users to access from a common group account and sharing information resources among users,
For each group account to which each user belongs, a user setting step for setting approval of user information related to the user from a privileged account;
An information providing method comprising: a user authentication step for performing user authentication from a group account again for the user information approved in the user setting step.   17. The information providing method according to claim 16, wherein the user authentication step causes a multi-user oriented operating system to perform a user-specific login following a group account login. For each information resource desired by each user, by attaching a schedule approval step for accepting and approving an access schedule from a group account,
The information providing method according to claim 16 or 17, wherein the user authentication step performs user authentication in alignment with an access schedule in the schedule approval step. For each user, a monitoring step of monitoring the access execution process and recording it in a log file;
19. The information providing method according to claim 16, further comprising a verification step of verifying access by the user with reference to the log file of the monitoring step.   20. The information providing method according to claim 16, wherein the monitoring step saves the recorded log file outside the apparatus after a set period. An information sharing system that allows multiple users to access from a common group account and shares information resources among users,
For each group account to which each user belongs, user setting means for requesting approval of user information related to the user from a privileged account and setting as approved user information;
An information sharing system comprising user authentication means for requesting user authentication from a group account and permitting access to the user information approved by the user setting means.   The information sharing system according to claim 21, wherein the user authentication means causes a multi-user-oriented operating system to perform user-specific login following login by a group account. For each information resource desired by each user, by attaching a schedule approval means for accepting and approving an access schedule from a group account,
23. The information sharing system according to claim 21, wherein the user authentication unit requests user authentication in alignment with an access schedule approved by the schedule approval unit and permits the access. . For each user, monitoring means for monitoring the access execution process and recording it in a log file;
24. The information sharing system according to claim 21, further comprising verification means for verifying access by the user with reference to a log file of the monitoring means.   25. The information sharing system according to claim 21, wherein the monitoring unit saves a recorded log file outside the system after a set period. An information sharing method for allowing multiple users to access from a common group account and sharing information resources between users,
For each group account to which each user belongs, a user setting step for requesting approval of user information related to the user from a privileged account and setting as approved user information;
An information sharing method comprising: a user authentication step for permitting access by requesting user authentication from a group account again for the user information approved in the user setting step.   27. The information sharing method according to claim 26, wherein, in the user authentication step, a multi-user oriented operating system is caused to perform a user-specific login following a group account login. For each information resource desired by each user, by attaching a schedule approval step for accepting and approving an access schedule from a group account,
28. The information sharing method according to claim 26, wherein the user authentication step requests user authentication in alignment with the access schedule approved in the schedule approval step and permits the access. . For each user, a monitoring step of monitoring the access execution process and recording it in a log file;
29. The information sharing method according to claim 26, further comprising a verification step of verifying access by the user with reference to the log file of the monitoring step.   30. The information sharing method according to claim 26, wherein in the monitoring step, a recorded log file is saved outside after a set period.   A program for causing a computer to execute the method according to any one of claims 6 to 10, 16 to 20 and 26 to 30.   A computer readable program having recorded thereon a computer program for causing a computer to execute the method according to any one of claims 6 to 10, 16 to 20 and 26 to 30. Possible recording media.

Images