JP2006092075A - Computer program for object management, and object management device and method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To easily perform setting of access right and addition of a group member. <P>SOLUTION: An access right change request processing section 12 receives an access right setting request, refers to a change condition storage section 14, and discriminates whether there is an automatic setting rule of the owner of an object. When there is the rule, it discriminates whether a client establishes the condition of the rule. At this time, it investigates the user's attribute while referring to an object storage section 11. When the client establishes the condition of the rule, it automatically sets the access right, registers it in an access right list storage section 13, and finishes the processing. When the client does not establish the condition, it transmits an electronic mail for requesting the setting of the access right to the owner, and finishes the processing. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a technique for managing an object of an information processing system, and in particular, can change an access right and group information for management.

  In the document management device, the user who normally accesses the object to be managed and the group to which the user belongs can be set, and the contents that the user or group can work on the document or folder (viewing, editing, Deletion etc.) is controlled by means of access rights. Only the owner or manager of the document or group is allowed to edit the access right or group member. Patent Document 1 describes an access right that permits access to some data (attributes) as an access right. However, if the end user wants to view not only partial data but also all data, the document An example is given when a request is sent to a manager using a tool outside the document management apparatus such as e-mail, and the request is dealt with. At this time, there has been a problem that the procedure of transmitting a request and the manual setting of access right by the administrator who has received the request are complicated and burdensome.

The same is true for group management. If an end user wants to belong as a member of a group, it is necessary to make a manual request by sending a request to the group administrator via email.
JP 2004-21719 A

  The present invention has been made in view of the above circumstances, and an object thereof is to provide an object management technique capable of setting an access right and adding a group member without complicated work. Yes.

  In the basic configuration example of the present invention, in order to reduce the workload of such end users and document owners, it is possible to simplify the addition of access rights and the addition request to group members and to automate the additional work. Do. Therefore, the following means are provided.

(1) Condition setting means.
Each user can set access right granting conditions and additional conditions for group members as his / her own attribute information using the condition setting means.

(2) Object attribute setting means.
It is possible to select whether or not to apply the above condition to a document, folder, or group (object) created by the user. However, it may be managed in any form, and may not be managed as an object attribute.

(3) Access right change request processing means.
When an end user wants to view / edit a document for which he / she does not have access rights to view / edit, prepare a method (such as a button) to send a request to the owner of the document. It is checked whether an access right granting condition is set for the user, and if it is set, the condition is evaluated, and if it is a condition that can give the access right for reference / editing, it is given. If the setting described in item 2 is “do not apply conditions” for the document, the owner is notified by e-mail or the like.

(4) Group information change request processing means.
When an end user wants to join a group, the request is sent to the administrator of the group in the same way as the access right. If it is a condition that can be added to a group member, add it to the member. If the setting described in item 2 for the group is “do not apply conditions”, the group administrator is notified by e-mail or the like.

(5) Request history confirmation means.
Regardless of whether or not the items requested by the means (3) and (4) are automatically added, the owner user can check the history.

  Some examples using this means are given below.

[Example 1]: When there is a “title” in the user attribute and the title is “department manager”, browsing of the document created by the user is permitted.

(1) The following conditions are set in the own condition setting attribute.
“Give access rights for viewing when attribute“ title ”is“ manager ”

(2) When creating a document, create a document that says “Apply access right granting conditions” and do not grant access right to anyone. (This is document A)

(3) When a user whose job title is “General Manager” accesses the document A, he / she does not have the access right to view, so the screen is displayed for transmitting a request, and the request is transmitted by pressing a button.

(4) Apply the access right granting conditions to the transmitted request. Since the job title attribute of the requesting user is “director”, the user A is given viewing authority for the document A.

(5) The user browses the document A.

[Example 2]: When the end user belongs to the group B with respect to the group A created by the user, the user is allowed to become a member.

(1) The following conditions are set in the own condition setting attribute.
“If user belongs to group B, allow members to add”

(2) Create group A as “Apply member addition condition”.

(3) When the end user wants to become a member of group A, the end user presses a request transmission button.

(4) Apply own member addition condition to the transmitted request. If the end user is a member of group A, the user is added as a member of group B.

  Also, it is possible to define a plurality of access right granting conditions and conditions for adding to group members. At this time, a plurality of conditions can be applied by the following method.

(1) A priority is assigned to each condition, and a condition with a higher priority is a target to be applied than a condition with a lower priority.
(2) Take AND of each condition and apply only when all conditions are met (3) Take OR of each condition and apply when any one condition is applied A plurality of methods cannot be used, and one of the methods is used.

  The present invention will be further described.

  According to one aspect of the present invention, in order to achieve the above-described object, the object management apparatus includes: an attribute information storage unit that stores attribute information that defines an attribute of an object; the user owns one or more users Change condition storage means for storing a change condition of attribute information of an object to be performed; and attribute information change means for changing the attribute information when there is an attribute information change request that satisfies the change condition of the attribute information. Yes.

  The object management apparatus manages objects such as documents, files, folders, e-mails, electronic bulletin boards, users, and groups. It may be called “data management device” or “document management device” instead of “object management device”, and it does not matter how it is called.

  “Ownership” refers to having the authority to change the attribute of an object, for example, a document, a folder, an electronic bulletin board access right, a group member, and the like. Usually, it corresponds to the creator or manager of the object, but is not limited to this.

  The attribute of the object may be managed with the name of the property, or may be separately managed with a plurality of objects by a table or the like. Object attributes include, but are not limited to, document, folder (document belonging to folder) access rights, and group membership.

  In this configuration, when a preset condition is satisfied, the change of the attribute of the object is accepted as it is, so that the owner does not have to deal with it as before. If the condition is not satisfied, the owner is requested to change the attribute as usual.

  In this configuration, the object is typically a document or a folder, and the attribute of the object is information on access rights to the object.

  Alternatively, the object is a group, and the attribute of the object is information about users belonging to the group.

  In addition, when there is an attribute information change request that does not satisfy the attribute information change condition, it is preferable to send an e-mail containing the attribute change request to the user who owns the object.

  Moreover, it is preferable to present the history of the attribute information change request to the owner of the object.

  Further, a screen may be displayed to transmit the attribute change request when it is determined that the user satisfies the change condition of the attribute information.

  According to another aspect of the present invention, in order to achieve the above object, the access right management device includes: access right information storage means for storing access right information defining the access right of the object; Change condition storage means for storing an access right change condition for an object owned by the user; and an access right for changing the access right information when there is an access right change request that satisfies the access right change condition. Information changing means is provided.

  In this configuration, when a preset condition is satisfied, the setting of the access right is permitted as it is, so that the owner does not have to deal with it as before. If the condition is not satisfied, the owner is requested to set the access right as usual.

  According to another aspect of the present invention, in order to achieve the above-described object, the group management apparatus includes: a group information storage unit that stores information on the users constituting the group; A change condition storage means for storing a change condition of a constituent user of the owned group; and a group information change means for changing the information of the user when a group information change request that satisfies the change condition of the constituent user is received. I have to.

  In this configuration, when a preset condition is satisfied, addition as a member is permitted as it is, so that the owner does not have to deal with each other as before. If the conditions are not met, the owner is requested to add a member as usual.

  The present invention can be realized not only as an apparatus or a system but also as a method. Of course, a part of the invention can be configured as software. Of course, software products used for causing a computer to execute such software are also included in the technical scope of the present invention.

  These and other aspects of the invention are set forth in the appended claims and will be described in detail below with reference to examples.

  According to the present invention, it is possible to set an access right and add a group member without complicated work.

  Examples of the present invention will be described below.

  FIG. 1 shows the entire document management system 100 and its usage environment according to the first embodiment of the present invention. In this figure, the document management system 100 and a client terminal 200 are connected via a communication network 300. The document management system 100 is a server computer, and realizes each unit indicated by functional blocks below by cooperating its hardware resources and software resources. The client terminal 200 is typically a personal computer and operates as a web client or a mail client, but is not limited thereto, and various fixed and mobile information terminals can be used. The communication network is typically a LAN, but is not limited to this.

  The document management system 100 includes an object management unit 10, an object storage unit 11, an access right change request processing unit 12, an access right list storage unit 13, an access right change condition storage unit 14, an access right change condition setting unit 15, and a mail processing unit. 16, a history information storage unit 17 and the like.

  The object management unit 10 manages documents, folders, e-mails, electronic bulletin boards, articles, schedules, schedules, users, groups, and the like as objects. Information on these objects is basically stored in the object storage unit 11. Stored in memory.

  For example, a document object has an attribute group (property) as shown in FIG. 3, and a file or a file address constituting the document is managed. A folder forming a document container has an attribute group as shown in FIG. The attributes of the document and folder also include a “condition valid / invalid” attribute, which can be set by the user at the time of creation or at an arbitrary time, as will be described later.

  The access right list storage unit 13 stores an access right list for documents and folders. The access right list is, as shown in FIG. 7, for example, a “reading right”, “ Whether to have “write right”, “full management right” or the like is defined. These can be originally set only by the owner and administrator of the object (document, folder). Conventionally, a user who wants to acquire an access right to a predetermined document or the like has contacted the owner and has the access right set manually.

  The access right change condition storage unit 14 stores conditions (also referred to as rules) for changing the access right. As will be described later, the owner of the object uses the access right change condition setting unit 15 to set the access right change condition for the object (document, folder, etc.) that he owns. For example, as shown in FIG. 5, if the “title” attribute of the requester is “manager”, “reading right” is granted, and if the “affiliation” attribute of the requester is “intellectual property department”, It is like giving both “reading right” and “writing right”. Conditions are set for each user, and a plurality of conditions may be set for one user. Whether the condition is applied can be set by the owner using the “condition valid / invalid” attribute of each object. This “condition valid / invalid” attribute can also be set using the object management unit 10 in the same manner as other attributes, and is stored and held in the object storage unit 11.

  The access right change condition setting unit 15 receives an access right change condition from the client terminal 200 on a web basis, for example.

  The access right change request processing unit 12 processes an access right change request from a user, and details thereof are shown in detail in the flowchart of FIG. 2 and the schematic diagram of FIG.

  The mail processing unit 16 has the functions of a mail delivery server (SMTP, etc.) and a mail receiving server (POP3, IMAP, etc.). In this embodiment, when necessary, an e-mail for requesting access right setting is sent to an object. Send to owner. It has mail creation and mail client functions to the extent necessary.

  Next, the access right setting operation will be described.

  For example, as shown in FIG. 6, it is assumed that a search result list is displayed and the user clicks a document A in the list. If the user does not have “reading rights” for this document A, this is indicated and a prompt is made to request access right setting. When the request mail transmission button is pressed, it is determined whether or not the requesting party satisfies the condition, and if it is satisfied, the access right is automatically set. If not, the corresponding e-mail is sent to the owner of the object. Sent. The subsequent steps are the same as those in the normal access right setting process, and the access right is set at the owner's discretion. Or ignore the request. In this example, when a request mail transmission button is operated, a request mail is sent to the document management system 100, and the access right change request processing unit 12 receives and processes it via the mail processing unit 16, and is necessary. (If the condition is not met) the email may be forwarded to the owner. Alternatively, when the request mail transmission button is operated, the attribute of the request form is sent to the access right change request processing unit 12 for processing, and if necessary (if the condition is not satisfied), an electronic requesting access right grant is made. Create an email and send it to the owner.

  Although not mentioned in particular, in this example, it is possible to search and display the title and the like without “reading right”. “Search rights” for searching and displaying titles may be prepared separately.

  FIG. 2 shows details of an example of processing of an access right setting request. Details of the processing example are as follows.

[Step S10]: The access right change request processing unit 12 receives an access right setting request.
[Step S11]: It is determined whether or not there is an automatic setting rule (condition) for the owner of the object with reference to the change condition storage unit 14. If there is, the process proceeds to step S12, and if not, the process proceeds to step S14.
[Step S12]: It is determined whether the client satisfies the rule condition. At this time, the user attribute is checked with reference to the object storage unit 11. If the condition of the client's rule is satisfied, the process proceeds to step S13, and if not satisfied, the process proceeds to step S14.
[Step S13]: The access right is automatically set and registered in the access right list storage unit 13, and the process ends.
[Step S14]: An e-mail requesting the owner to set the access right is transmitted and the process is terminated.

  The contents of the access right set when the condition is satisfied may be set for each rule, or “reading right” may be set by default, or “ A setting access right may be designated in the “condition valid / invalid” attribute. In this case, for example, any one of “invalid”, “reading right”, “writing right”, and “rule specifying right” is specified for the document and the folder.

  FIG. 7 shows an example of the access right list of the document A before such an access right setting request is made. After User-1 performs the above-described processing and obtains “reading right”. An example of the access right list is shown in FIG.

  The request request, automatic setting, and actual transmission of the e-mail to the owner are preferably stored in the history information storage unit 17 so that the user can refer to them.

  According to this embodiment, the owner prescribes the access right setting conditions for the documents and the like so that each document can be individually specified as to whether or not to apply the conditions. Since the access right setting request is automatically set, the conventional complexity can be avoided within the range.

  Next, a document management system according to Embodiment 2 of the present invention will be described. In this embodiment, the group information, that is, the addition of group members can be automatically performed under conditions.

  FIG. 9 shows the document management system 100A according to the second embodiment and its usage environment as a whole. In this figure, portions corresponding to those in FIG.

  9, the document management system 100A includes an object management unit 10, an object storage unit 11, a mail processing unit 16, a history information storage unit 17, a group information change request processing unit 22, a group information storage unit 23, and a group information change condition storage. Unit 24, group information change condition setting unit 25, and the like.

  The group information storage unit 23 holds group attributes as shown in FIG. Each group is assigned a list of one or a plurality of members (users or groups) as shown in FIG. How the member list is managed is arbitrary, but this is also an attribute of the group. The group information change condition storage unit 24 stores conditions for adding members. This condition is the same as the access right changing condition described in the first embodiment. For example, if the post attribute is “director”, it may be added to the member.

  The group information change condition setting unit 25 sets a member addition condition for the entire group owned by the user, and registers the contents in the group information change condition storage unit 24. A plurality of conditions may be registered. The group information change request processing unit 22 processes a group information change request transmitted from the client terminal 200, and details thereof are as shown in FIGS.

  As shown in FIG. 13, a management tool is used to display a group list and designate a group to join. In this example, group B is designated. If the user has possession authority, the properties of group B are displayed and a user can be added. If the user is a normal user and is not the owner of the group, a screen prompting for a member addition request is displayed, and when the request mail transmission button is operated, similar to that performed at the time of setting the access right with reference to FIG. If the condition is satisfied, the member is automatically added as a member. Otherwise, the group owner is requested to add a member using an electronic mail.

  FIG. 10 shows details of an example of the member addition request processing. Details of the processing example are as follows.

[Step S20]: The group information change request processing unit 22 receives a group information change (member addition) request.
[Step S21]: The group information change condition storage unit 24 is referred to and it is determined whether or not there is an automatic setting rule (condition) for the owner of the object. If there is, the process proceeds to step S22, and if not, the process proceeds to step S24.
[Step S22]: It is determined whether the client satisfies the rule condition. At this time, the user attribute is checked with reference to the object storage unit 11. If the condition of the client's rule is satisfied, the process proceeds to step S23, and if not satisfied, the process proceeds to step S14.
[Step S23]: The requester is automatically added as a member of the group and registered in the group information storage unit 23, and the process ends.
[Step S14]: An e-mail requesting the owner to add a member to the group is transmitted, and the process ends.

  According to this embodiment, the owner prescribes the group member addition conditions in general, and it is possible to specify whether or not to apply the conditions to each group individually. Since the request is automatically set, the conventional complexity can be avoided within the range.

  The present invention is not limited to the above-described embodiments, and various modifications can be made without departing from the spirit of the invention. For example, in the above-described example, the addition of the access right and the member has been described. For example, the present invention can be applied to setting access rights to electronic bulletin boards. In the above example, general conditions (rules) are specified and whether or not the rules are applied to individual objects is specified. However, individual conditions are set individually for individual objects without setting general conditions. These conditions may be set. In this case, it is preferable to prototype the conditions.

  In the above example, the user has been prompted to set the access right and request to add a member without first determining whether the condition is satisfied, but if the condition is satisfied by determining whether the condition is satisfied In addition, you may be prompted to set access rights or request to add members.

  Also, it is possible to define a plurality of access right granting conditions and conditions for adding to group members. At this time, a plurality of conditions can be applied by the following method.

(1) A priority is assigned to each condition, and a condition with a higher priority is a target to be applied than a condition with a lower priority.
(2) Take AND of each condition and apply only when all conditions are met (3) Take OR of each condition and apply when any one condition is applied A plurality of methods cannot be used, and one of the methods is used.

It is a figure explaining the structure of Example 1 which applied this invention to the document management system, and its utilization environment as a whole. It is a flowchart explaining the example of an access right setting operation | movement of the said Example 1. FIG. It is a figure explaining the example of the property (attribute group) of the document of the said Example 1. FIG. It is a figure explaining the example of the property (attribute group) of the folder of the said Example 1. FIG. It is a figure explaining the example of the conditions (rule) of the access right setting of the said Example 1. FIG. It is a schematic diagram explaining the example of an access right setting operation | movement of the said Example 1. FIG. It is a figure explaining the example of the access right list before the change of the said Example 1. FIG. It is a figure explaining the example of the access right list after the change of the said Example 1. FIG. It is a figure explaining the structure and utilization environment of Example 2 applied to the document management system of this invention. It is a flowchart explaining the example of an access right setting operation | movement of the said Example 2. FIG. It is a figure explaining the example of the property (attribute group) of the group of the said Example 2. FIG. It is a figure explaining the example of the table of the group of the said Example 2, and a structural member. It is a schematic diagram explaining the example of access right setting operation | movement of the said Example 2. FIG.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Object management part 11 Object storage part 12 Access right change request processing part 13 Access right list storage part 14 Access right change condition storage part 15 Access right change condition setting part 16 Mail processing part 17 History information storage part 22 Group information change request process Unit 23 Group information storage unit 24 Group information change condition storage unit 25 Group information change condition setting unit 100, 100A Document management system 200 Client terminal 300 Communication network

Claims (14)

Attribute information storage means for storing attribute information defining the attributes of the object;
Change condition storage means for storing a change condition of attribute information of an object owned by the user for one or a plurality of users;
An object management computer program which is executed by a computer to realize attribute information changing means for changing the attribute information when an attribute information change request satisfying the attribute information change condition is received.   2. The computer program for object management according to claim 1, wherein the object is a document or a folder, and the attribute of the object is information on an access right to the object.   2. The computer program for object management according to claim 1, wherein the object is a group, and the attribute of the object is information relating to a user belonging to the group.   4. The object management computer according to claim 1, wherein when there is an attribute information change request that does not satisfy the attribute information change condition, an e-mail containing the attribute change request is transmitted to a user who owns the object. program.   5. The object management computer program according to claim 1, wherein a history of the attribute information change request is presented to an owner of the object.   6. The computer program for object management according to claim 1, wherein a screen for displaying the attribute change request is displayed when it is determined that the user satisfies a change condition of the attribute information. Access right information storage means for storing access right information defining the access right of the object;
Change condition storage means for storing an access right change condition of an object owned by the user for one or a plurality of users;
An access right that is executed by a computer in order to realize having an access right information changing unit that changes the access right information when there is an access right change request that satisfies the access right change condition. Computer program for management. Group information storage means for storing information of the users constituting the group;
Change condition storage means for storing change conditions of the constituent users of the group owned by the user for one or a plurality of users;
A computer program for group management, which is executed by a computer in order to realize group information changing means for changing the information of the user when there is a group information change request that satisfies the change conditions of the constituent users. Attribute information storage means for storing attribute information defining the attributes of the object;
Change condition storage means for storing a change condition of attribute information of an object owned by the user for one or a plurality of users;
An object management apparatus comprising: attribute information changing means for changing the attribute information when there is an attribute information change request that satisfies the attribute information change condition. Access right information storage means for storing access right information defining the access right of the object;
Change condition storage means for storing an access right change condition of an object owned by the user for one or a plurality of users;
An access right management apparatus comprising: access right information changing means for changing the access right information when there is an access right change request that satisfies the access right change condition. Group information storage means for storing information of the users constituting the group;
Change condition storage means for storing change conditions of the constituent users of the group owned by the user for one or a plurality of users;
And a group information changing unit for changing the information of the user when a group information change request satisfying a change condition of the constituent user is received. Storing attribute information defining attributes of the object in the attribute information storage means;
Storing the change condition of the attribute information of the object owned by the user for one or more users in the change condition storage means;
And a step of changing the attribute information when there is an attribute information change request that satisfies the attribute information change condition by the attribute information changing means. Storing access right information defining the access right of the object in the access right information storage means;
Storing a change condition of an access right of an object owned by the user for one or a plurality of users in a change condition storage unit;
And a step of changing the access right information when there is an access right change request that satisfies the access right change condition by the access right information changing means. Storing information of group configuration users in group information storage means;
Storing, in the change condition storage means, a change condition of a configuration user of a group owned by the user for one or a plurality of users;
And a step of changing the information of the user when there is a group information change request that satisfies the change conditions of the constituent users by the group information changing means.

Images