JP2008134923A - Information processing device, access control method, and access control program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To make it easy to change addresses which are browseable for each of a plurality of users. <P>SOLUTION: An MFP is provided with; an address table 173 which connects address information with group identification information; a user table 171 which connects user identification information, the group identification information and authority levels; a group table 175 which connects the group identification information with reference permission levels; a user identification information reception part 151 which receives the user identification information; a first address extraction part 163 which extracts the address information which is connected with the group identification information and address records when user records including the user identification information define the group identification information; and a second address extraction part 164 which extracts the group identification information which is connected with reference permission levels, which are below the authority levels, and the group table, and extracts the address information which is connected with the group identification information and the address records. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to an information processing apparatus, an access control method, and an access control program, and more particularly to an information processing apparatus, an access control method, and an access control program that display destination information that is a data transmission destination for each user.

  In recent years, multifunction devices called MFPs (Multi Function Peripherals) having functions of a scanner device, a printer device, a copy device, and a facsimile device have appeared. This MFP has a function of transmitting data by e-mail or file transfer in addition to a function of transmitting data by facsimile. When sending data, it is necessary to input an e-mail address or URL (Uniform Resource Locator) as destination information that is the destination of the data. In order to simplify this input work, information about the destination, Is registered in advance.

  However, when a plurality of users share an MFP, a destination used for each of the plurality of users is different. For this reason, if an address book is stored for each of a plurality of users, a plurality of data of the same destination is stored and the amount of data increases, which is inefficient. On the other hand, if a single address book is shared by a plurality of users, the amount of data can be reduced. However, the user has to select a desired destination from all of the address books, and there is a problem that it takes time and effort to search. is there. In addition, since the destination information stored in the address book is personal information, it may not be preferable for other users to browse.

  Japanese Patent Laid-Open No. 2006-26876 discloses a central device that transmits stored destination information and destination information transmitted by the central device, and transmits the information to the outside using the received destination information. In a communication system including a plurality of terminal devices, the central device sets destination information and means for storing confidentiality information indicating the degree of confidentiality of the destination information, destination information, and the destination information. Means for transmitting the confidentiality information to the terminal device, the terminal device receiving the destination information, the means for receiving the confidentiality information paired with the destination information, and a display for displaying the destination information And a part of or all of the received confidentiality information, and safety information indicating the safety of the device and the security of the device relating to confidentiality, authority information indicating the authority regarding confidential disclosure, and received in combination with the confidentiality information Destination information There means for determining whether it is possible to display, when it is visible, the communication system characterized by comprising a means for displaying the destination information on the display means is described.

However, in the conventional communication system, it is difficult to set the authority information and the confidentiality information because the authority information indicating the authority related to the confidential disclosure and the confidentiality information paired with the destination information are related to each other. There's a problem. In addition, there is a problem that the destination information that can be browsed for each user cannot be changed flexibly.
JP 2006-26876 A

  The present invention has been made to solve the above-described problems, and one of the objects of the present invention is to simplify the task of setting a destination that can be referred to for each of a plurality of users and It is to provide an information processing apparatus that can be easily changed.

  To achieve the above object, according to an aspect of the present invention, an information processing apparatus stores a destination record that associates destination information related to a destination for data transmission and group identification information for identifying a group. Address table storage means, user table storage means for storing user records for associating user identification information for identifying users, group identification information, and authority levels, and group records for associating group identification information with reference permission levels A group table storage unit, a user identification information receiving unit that receives user identification information, and an access control unit that allows access to destination information that can be referred to based on a user record that includes the received user identification information. The access authority acquisition means is the accepted user When a user record including different information defines group identification information, the first destination extraction means for extracting destination information associated with the group identification information and the destination record, and the user record including the received user identification information are authorized. When a level is defined, a second destination that extracts group identification information associated with a reference permission level lower than the authority level and a group table, and extracts destination information associated with the extracted group identification information and a destination record Extracting means.

  According to this aspect, when the user identification information is accepted, if the user record including the accepted user identification information defines the group identification information, the destination information associated with the group identification information and the destination record is extracted, When the user record including the received user identification information defines the authority level, the group identification information associated with the reference permission level below the authority level and the group table is extracted, and the extracted group identification information and the destination record Is extracted, and the extracted destination information is made accessible. For this reason, since it is only necessary to set the reference permission level for each group in which a plurality of pieces of destination information are collected, it is easy to set the reference permission level set in the destination information. In addition, the destination information associated with the group identification information determined from the relationship between the authority level and the reference permission level and the destination information associated with the group identification information determined for the user identification information can be accessed for the user identification information. It becomes. Therefore, even if the reference permission level for the group identification information is changed, the group identification information determined for the user identification information is maintained, and even if the group identification information directly determined for the user identification information is changed, the authority for the user identification information is maintained. Group identification information determined from the relationship between the level and the reference permission level is maintained. In other words, even when a change of the group to which the user belongs or a change of the reference permission level of the group occurs, it is only necessary to change one of the group record and the user record. As a result, it is possible to provide an information processing apparatus that makes it easy to set a destination that can be referred to for each of a plurality of users and that makes it easy to change a destination that can be referred to.

  Preferably, the user table storage unit stores a user record in which a plurality of group identification information is associated with one user identification information.

  Preferably, user identification information display means for displaying user identification information, user identification information selection reception means for receiving selection of the displayed user identification information, and group identification information is displayed in a state where the user identification information is selected. A group identification information display unit; a group identification information selection reception unit that receives selection of the displayed group identification information; and a group association unit that associates the selected user identification information with the selected group identification information. .

  Preferably, with the user identification information selected, an authority level display means for displaying the authority level, an authority level selection accepting means for accepting selection of the displayed authority level, and the selected user identification information are selected. It further comprises authority level association means for associating the authority level.

  According to another aspect of the present invention, an access control method is an access control method executed by an information processing device, the information processing device for identifying destination information and a group related to a destination for data transmission. Destination table storage means for storing destination records for associating group identification information, user table storage means for storing user records for associating user identification information for identifying users, group identification information, and authority levels, and group identification information And a group table storage unit that stores a group record that associates the reference permission level with the user permission information, and when the user record including the received user identification information defines the group identification information, The group identification information is associated with the destination record. When the first extraction step for extracting the destination information and the user record including the received user identification information define the authority level, the group identification information associated with the reference permission level below the authority level and the group table is extracted. The second extraction step for extracting the destination information associated with the extracted group identification information and the destination record, the destination information extracted by the first extraction step, and the destination information extracted by the second extraction step are accessed. And enabling the information processing apparatus to execute the enabling step.

  According to this aspect, it is possible to provide an access control method that makes it easy to set a destination that can be referred to for each of a plurality of users and that makes it easy to change a destination that can be referred to.

  According to still another aspect of the present invention, an access control program is an access control program executed by an information processing device, and the information processing device is for identifying destination information and a group related to a destination for data transmission. Destination table storage means for storing destination records for associating group identification information of the user, user table storage means for storing user records for associating user identification information for identifying users, group identification information, and authority levels, and group identification Group table storage means for storing a group record for associating information with a reference permission level, and the access control program receives the user identification information, and the user record including the received user identification information is group-identified. When defining information, A first extraction step for extracting destination information associated with the loop identification information and the destination record; and when a user record including the received user identification information defines an authority level, a reference permission level and a group table below the authority level A second extraction step for extracting the group identification information associated in step (b) and extracting the destination group information associated with the extracted group identification information and the destination record; and the destination information and the second extracted in the first extraction step. Allowing the information processing apparatus to execute the step of making the destination information extracted in the extraction step accessible.

  According to this aspect, it is possible to provide an access control program that makes it easy to set a destination that can be referred to for each of a plurality of users and makes it easy to change a destination that can be referred to.

  Embodiments of the present invention will be described below with reference to the drawings. In the following description, the same parts are denoted by the same reference numerals. Their names and functions are also the same. Therefore, detailed description thereof will not be repeated.

  FIG. 1 is a diagram showing an overall outline of an information processing system according to an embodiment of the present invention. Referring to FIG. 1, information processing system 1 includes multifunction peripherals (hereinafter referred to as “MFPs”) 100, 100A, 100B, and 100C, and personal computers (hereinafter referred to as “PCs”) as information processing apparatuses respectively connected to network 2. 200). The PC 200 is a general computer.

  In the present embodiment, MFPs (Multi Function Peripherals) 100, 100A, 100B, and 100C will be described as an example of an information processing apparatus, but a function for transmitting and receiving data instead of the MFPs 100, 100A, 100B, and 100C For example, a scanner, a printer, a facsimile, a personal computer, or the like may be used. The network 2 is a local area network (LAN), and the connection form may be wired or wireless. The network 2 is not limited to a LAN, and may be a wide area network (WAN), a public switched telephone network (PSTN), the Internet, or the like.

  Although the functions of MFPs 100, 100A, 100B, and 100C may be different, the configuration of MFP 100 will be described here assuming that MFP 100 has all the functions.

  FIG. 2 is a perspective view showing the appearance of the MFP. Referring to FIG. 2, MFP 100 includes an automatic document feeder (ADF) 10, an image reading unit 20, an image forming unit 30, a paper feeding unit 40, and a post-processing unit 50. The ADF 10 handles a plurality of documents mounted on the document table, and sequentially conveys them to the image reading unit 20 one by one. The image reading unit 20 optically reads image information such as photographs, characters, pictures, and the like from a document and acquires image data.

  When image data is input, the image forming unit 30 forms an image on a sheet based on the image data. The image forming unit 30 forms an image using toners of four colors, cyan, magenta, yellow, and black. The paper feed unit 40 stores paper and supplies the stored paper to the image forming unit 30 one by one. The post-processing unit 50 discharges the paper on which the image is formed. The post-processing unit 50 has a plurality of paper discharge trays, and can sort and discharge the recording sheets. The post-processing unit 50 includes a punch hole processing unit and a staple processing unit, and can perform punch hole processing or staple processing on the discharged recording sheet. MFP 100 includes an operation panel 9 on the upper surface thereof.

  FIG. 3 is a block diagram illustrating an example of a hardware configuration of the MFP. Referring to FIG. 3, MFP 100 includes main circuit 101, facsimile unit 60, communication control unit 61, ADF 10, image reading unit 20, image forming unit 30, paper feeding unit 40, and post-processing unit. 50. The main circuit 101 includes a central processing unit (CPU) 111, a RAM (Random Access Memory) 112 used as a work area of the CPU 111, and an EEPROM (Electronically Erasable Programmable Read Only Memory) for storing programs executed by the CPU 111. ) 113, a display unit 114, an operation unit 115, a hard disk drive (HDD) 116 as a mass storage device, and a data communication control unit 117. The CPU 111 is connected to the display unit 114, the operation unit 115, the HDD 116, and the data communication control unit 117, and controls the entire main circuit 101. CPU 111 is connected to facsimile unit 60, communication control unit 61, ADF 10, image reading unit 20, image forming unit 30, paper feeding unit 40, and post-processing unit 50, and controls the entire MFP 100.

  The display unit 114 is a display such as a liquid crystal display (LCD) or an organic ELD (Electro Luminescence Display), and displays an instruction menu for the user, information about acquired image data, and the like. The operation unit 115 includes a plurality of keys, and accepts input of various instructions, data such as characters and numbers by user operations corresponding to the keys. The operation unit 115 includes a touch panel provided on the display unit 114. The display unit 114 and the operation unit 115 constitute the operation panel 9.

  The data communication control unit 117 includes a LAN terminal 118 that is an interface for communication using a communication protocol such as TCP (Transmission Control Protocol) or FTP (File Transfer Protocol), and a serial communication interface terminal 119 for serial communication. . The data communication control unit 117 transmits / receives data to / from an external device connected to the LAN terminal 118 or the serial communication interface terminal 119 in accordance with an instruction from the CPU 111.

  When a LAN cable for connecting to a network is connected to the LAN terminal 118, the data communication control unit 117 communicates with an electronic mail server connected via the LAN terminal 118, and transmits an electronic mail to the electronic mail server. Is possible.

  Further, the CPU 111 controls the data communication control unit 117 to read a program to be executed by the CPU 111 from the memory card 119A, and stores the read program in the RAM 112 and executes it. The recording medium for storing the program to be executed by the CPU 111 is not limited to the memory card 119A, but a flexible disk, a cassette tape, an optical disk (CD-ROM (Compact Disc-Read Only Memory) / MO (Magnetic Optical Disc / A medium such as a semiconductor memory such as an MD (Mini Disc) / DVD (Digital Versatile Disc), an IC card, an optical card, a mask ROM, an EPROM (Erasable Programmable ROM), an EEPROM (Electronically EPROM), or the like may be used. A program is downloaded from a computer connected to the HDD and stored in the HDD 116 Alternatively, a computer connected to the Internet may write a program to the HDD 116, and the program stored in the HDD 116 may be loaded into the RAM 112 and executed by the CPU 111. The program here is executed by the CPU 111. It includes not only directly executable programs but also source programs, compressed programs, encrypted programs, and the like.

  The communication control unit 61 is a modem for connecting the CPU 111 to a PSTN (Public Switched Telephony Networks) 7. The MFP 100 is assigned a telephone number in the PSTN 7 in advance. When a call is made from the facsimile apparatus connected to the PSTN 7 to the telephone number assigned to the MFP 100, the communication control unit 61 detects the call. When the communication control unit 61 detects a call, the communication control unit 61 establishes a call and causes the facsimile unit 60 to communicate.

  The facsimile unit 60 is connected to the PSTN 7 and transmits facsimile data to the PSTN 7 or receives facsimile data from the PSTN 7. The facsimile unit 60 converts the received facsimile data into print data that can be printed by the image forming unit 30 and outputs the print data to the image forming unit 30. As a result, the image forming unit 30 prints the facsimile data received by the facsimile unit 60 on a recording sheet. Further, the facsimile unit 60 converts the data stored in the HDD 116 into facsimile data, and outputs it to a facsimile machine connected to the PSTN 7 or another MFP. As a result, the data stored in HDD 116 can be output to a facsimile machine or another MFP. As described above, the MFP 100 has a facsimile transmission / reception function.

  FIG. 4 is a functional block diagram showing an outline of functions of the control unit of the MFP together with information stored in the HDD. Referring to FIG. 4, HDD 116 stores a user table 171 storing a user record in which user identification information for identifying a user is associated with an authority level, a destination table 173, and a group table 175. .

  FIG. 5 is a diagram illustrating an example of the format of the user table 171. Referring to FIG. 5, user table 171 includes a user record in which user identification information for identifying a user, group identification information for identifying a group, and an authority level are associated with each other. The group identification information is group identification information of a group to which the user belongs. The group is determined in advance to combine a plurality of users into one. For example, when the MFP 100 is used in a plurality of departments, a plurality of groups corresponding to the plurality of departments are determined. Here, an example in which the user record includes one group identification information will be described, but the user record may include a plurality of group identification information. For example, when a certain user belongs to two of a plurality of departments, the user record of the user includes group identification information of groups assigned to the two belonging departments. The authority level is assigned to the user and is used when determining whether or not the user can refer to a destination record described later. If the authority level is equal to or higher than the reference permission level assigned corresponding to the destination identification information included in the destination record, the destination record can be referred to. Here, an example in which the user record includes user identification information and an authority level is shown, but the user record may include information related to the user, for example, a password, a name, a department to which the user belongs, and the like. Further, when the user does not belong to any group, the user data does not define the group identification information, and when the authority level is not given to the user, the user data does not define the authority level.

  FIG. 6 is a diagram illustrating an example of the format of the destination table. Referring to FIG. 6, destination table 173 includes a destination record for associating destination identification information for identifying a destination, group identification information, reference permission level, transmission method, and address. The group identification information and the reference permission level are in an exclusive relationship, and the destination record includes either the group identification information or the reference permission level. When the destination record includes group identification information, the reference permission level corresponding to the destination record is the reference permission level associated with the group identification information in the group record. The transmission method defines a protocol for transmitting data, for example, a protocol for electronic mail transmission and a protocol for file transfer. The address is a destination address for transmitting data by the transmission method. If the transmission method defines a protocol for sending an e-mail, the address is defined as an e-mail address. If the protocol for file transfer is defined, the address is defined as a network address such as a URL. .

  FIG. 7 is a diagram illustrating an example of the format of the group table. The group table 175 includes a group record that associates group identification information with a reference permission level.

  Returning to FIG. 4, the CPU 111 outputs a user identification information receiving unit 151 for receiving user identification information, an access control unit 153 for controlling access to the destination table 173 for each user identification information, and destination identification information. A destination information output unit 155.

  The user identification information receiving unit 151 receives user identification information from the operation unit 115 when the user identification information is input to the operation unit 115 by the user. Further, the user identification information receiving unit 151 reads the user table 171, displays the user identification information included therein on the display unit 114, and selects one of the user identification information displayed on the operation unit 115 by the user. When an instruction is input, user identification information is received from the operation unit 115. Further, when MFP 100 is remotely operated by PC 200, user identification information received from PC 200 by data communication control unit 117 is received from data communication control unit 117. The user identification information receiving unit 151 outputs the received user identification information to the access control unit 153.

  The access control unit 153 includes a user record extraction unit 161, a first destination extraction unit 163, and a second destination extraction unit 165. The user record extraction unit 161 searches the user table 171, extracts a user record including user identification information input from the user identification information reception unit 151, and acquires group identification information and authority level included in the user record. . As described above, the user data may not define the group identification information, and may not define the authority level. When the extracted user record defines group identification information, the user record extraction unit 161 outputs the group identification information to the first destination extraction unit 163, and when the extracted user record defines the authority level The authority level is output to the second destination extraction unit 163.

  The first destination extraction unit 163 refers to the destination table 173, extracts a destination record defining the group identification information input from the access authority acquisition unit 153, and outputs the destination record to the destination information output unit 157. The destination record included in the destination table 173 defines one of group identification information and a reference permission level. For this reason, the first destination extraction unit 163 extracts a destination record that defines the group identification information input from the access authority acquisition unit 153 from among the destination records that define the group identification information included in the destination table 173.

  The second destination extraction unit 165 refers to the destination table 173, compares the authority level input from the access authority acquisition unit 153 with the reference permission level assigned to each destination record included in the destination table 173, and determines the authority level. A destination record that defines the following reference permission level is extracted, and the destination record is output to the destination information output unit 157. The destination record included in the destination table 173 defines one of group identification information and a reference permission level. For this reason, the second destination extraction unit 165 extracts a destination record that defines the group identification information input from the access authority acquisition unit 153 from among the destination records that define the reference permission level included in the destination table 173.

  Also, the second destination extraction unit 165 refers to the group table 175, extracts a group record that defines a reference level equal to or lower than the authority level input from the access authority acquisition unit 153, and group identification information defined by the group record To get. Next, the second destination extraction unit 163 refers to the destination table 173, extracts a destination record that defines the acquired group identification information, and outputs the destination record to the destination information output unit 157.

  The destination information output unit 157 outputs the destination record input from the access control unit 155. When the user identification information receiving unit 151 receives user identification information from the operation unit 115, the destination information output unit 157 displays a destination record on the display unit 114. When the user identification information receiving unit 151 receives user identification information from the data communication control unit 117, the destination information output unit 157 controls the data communication control unit 117 to send a destination record to the device that has transmitted the user identification information. Send.

  Next, the operation executed by the CPU 111 will be specifically described. FIG. 8 is a diagram illustrating a specific example of destinations that can be referred to by the user. Referring to FIG. 8, the first column, the second column, and the third column indicate the user identification information, group identification information, and authority level of the user record, respectively. The first, second, and third lines indicate destination identification information, reference permission level, and group identification information of the destination record, respectively. The columns after the fourth column and the fourth and subsequent rows indicate “○” when the destination record defining the destination identification information can be referred to when the user identification information in the first column is accepted, and cannot be referred to. In this case, an “x” mark is attached.

  FIG. 9 is a diagram illustrating an example of the group table. Here, reference permission levels 0, 1, 2, 3, 4, and 5 are associated with the group identification information G0, G1, G2, G3, G4, and G5, respectively.

  Referring to FIGS. 8 and 9, for example, the user identification information “user AA” is not associated with the group identification information and the authority level. For this reason, when the CPU 111 receives the user identification information “user AA”, it does not output any of the destination records. The user identification information “user 0A” is associated with the group identification information “G0”, but is not associated with an authority level. Therefore, when the CPU 111 receives the user identification information “user 0A”, the CPU 111 does not output a destination record to which a reference level equal to or lower than the authority level is assigned, but the destination record including the group identification information “G0”, specifically Specifically, a destination record whose destination identification information is “Destination 0A” is output.

  Further, the user identification information “user A0” is not associated with the group identification information “G0”, but is associated with the authority level “0”. For this reason, when the CPU 111 receives the user identification information “user A0”, the destination record to which the reference level equal to or lower than the authority level “0” is assigned, specifically, the destination record whose destination identification information is “destination A0”. The destination record with the destination identification information “Destination 0A” is output, but the destination record with the same group identification information is not output.

  Further, the user identification information “user 10” is associated with the group identification information “G1” and the authority level “0”. For this reason, when the CPU 111 receives the user identification information “user 10”, the CPU 111 selects a destination record to which a reference level equal to or lower than the authority level “0” is assigned, specifically, a destination record whose destination identification information is “destination A0”. In addition, a destination record whose destination identification information is “Destination 0A” is output, and a destination record that defines destination identification information “1A” associated with the group identification information “G1” is output.

  FIG. 10 is a flowchart illustrating an example of the flow of user registration processing. The user registration process is a process executed by the CPU 111 when the CPU 111 executes a user registration program stored in the EEPROM 113. Referring to FIG. 10, CPU 111 determines whether user identification information has been received (step S01). The process waits until user identification information is received from operation section 115 or data communication control section 117 (NO in step S01). If user identification information is received, the process proceeds to step S02. That is, the user registration process is a process executed on condition that user identification information is received.

  In step S02, it is determined whether a group designation instruction has been accepted. FIG. 11A is a diagram illustrating an example of a user registration screen. The user registration screen is a screen displayed on the display unit 114 when the CPU 111 executes user registration processing. Referring to FIG. 11A, a user registration screen 301 includes a hierarchy display area 401, an area 302 for displaying a user record, a button 303 in which “group setting” is displayed, and “authority level setting”. And a button 304 on which the characters are represented. There are a plurality of screens displayed by the CPU 111, and they are associated in a hierarchical structure. The hierarchy display area 401 is an area indicating in which position the screen displayed on the display unit 114 is located. The user registration screen shown in FIG. 11 (A) is shown to be located in the fifth layer, which is lower than the reference permission setting screen.

  When the user operates the operation unit 115 to input user identification information in the area 302, the user identification information is received by the CPU 111. A plurality of user records are displayed in the area 302, and any one user record can be selected. When the button 303 is instructed with the user record selected, the CPU 111 accepts a group designation instruction, and when the button 304 is instructed, the CPU 111 accepts an authority level designation instruction.

  Returning to FIG. 10, in step S02, it is determined whether a group designation instruction has been accepted. If a group designation instruction is accepted, the process proceeds to step S03; otherwise, the process proceeds to step S06. In step S03, a first group setting screen for displaying group identification information is displayed on display unit 114. FIG. 11B is a diagram illustrating an example of the first group setting screen. The first group setting screen 311 includes a hierarchy display area 401 and an area 312 for displaying group identification information. The CPU 111 reads the group table 175 stored in the HDD 116 and displays all the group identification information included in the group record. Here, group identification information “G0”, “G1”, “G2”, “G3”, “G4”, “G5” is displayed, and the group identification information “G4” is selected. An example is shown. In this state, when a button with OK characters is pressed, the CPU 111 accepts the selected group identification information “G4”.

  Returning to FIG. 10, in step S04, it is determined whether or not group identification information has been selected. If selected, the process proceeds to step S05, and if not selected, the process proceeds to step S06. In step S05, the user identification information received in step S01 is associated with the group identification information selected in step S04. Specifically, a user record including user identification information and group identification information is generated. If a user record including user identification information already exists in the user table 171, the group identification information of the user record is updated with the group identification information selected in step S04.

  In step S06, it is determined whether an authority level designation instruction has been accepted. If an authority level designation instruction is accepted, the process proceeds to step S07; otherwise, the process proceeds to step S10. In step S07, an authority level setting screen for displaying the authority level is displayed on display unit 114. FIG. 11C is a diagram illustrating an example of an authority level setting screen. The authority level setting screen 321 includes a hierarchy display area 401 and an area 322 for displaying the authority level. An area 322 shows an example in which six authority levels of level 0 to level 5 are displayed and the authority level “level 1” is selected. In this state, when a button with OK characters is pressed, the CPU 111 accepts the selected authority level “level 1”.

  Returning to FIG. 10, in step S08, it is determined whether or not the authority level is selected. If selected, the process proceeds to step S09. If not selected, the process proceeds to step S10. In step S09, the user identification information received in step S01 is associated with the authority level selected in step S08. Specifically, a user record including user identification information and group identification information is generated. If a user record including user identification information already exists in the user table 171, the authority level of the user record is updated with the authority level selected in step S08.

  In step S10, the user record generated in step S05 or step S09 is added to the user table 171.

  FIG. 12 is a flowchart illustrating an example of the flow of destination registration processing. The destination registration process is a process executed by the CPU 111 when the CPU 111 executes a destination registration program stored in the EEPROM 113. Referring to FIG. 12, CPU 111 determines whether destination identification information has been received (step S21). The process waits until destination identification information is received from the operation unit 115 or the data communication control unit 117 (NO in step S21). If the destination identification information is received, the process proceeds to step S22. That is, the destination registration process is a process that is executed on the condition that destination identification information is received.

  In step S22, it is determined whether designation of a group has been accepted. FIG. 13A illustrates an example of a destination registration screen. The destination registration screen is a screen displayed on the display unit 114 when the CPU 111 executes destination registration processing. Referring to FIG. 13A, the destination registration screen 331 includes a hierarchy display area 401, an area 332 for displaying a destination record, a button 333 in which “group setting” is displayed, and “reference permission level setting”. ”And a button 334 in which the characters“ ”are represented. The destination registration screen shown in FIG. 13A displays in the layer display area 401 that the destination registration screen is located in the fifth layer below the destination level setting screen.

  When the user operates the operation unit 115 and inputs destination identification information in the area 332, the destination identification information is received by the CPU 111. A plurality of destination records are displayed in the area 332, and any one destination record can be selected. When the button 333 is instructed with the destination record selected, the CPU 111 accepts a group designation instruction, and when the button 334 is instructed, the CPU 111 accepts a reference permission level designation instruction.

  Returning to FIG. 12, in step S22, it is determined whether a group designation instruction has been accepted. If a group designation instruction is accepted, the process proceeds to step S23; otherwise, the process proceeds to step S26. In step S23, a second group setting screen for displaying group identification information is displayed on display unit 114. FIG. 13B is a diagram illustrating an example of the second group setting screen. The second group setting screen 341 includes a hierarchy display area 401 and an area 342 for displaying group identification information. The CPU 111 reads the group table 175 stored in the HDD 116 and displays all the group identification information included in the group record. Here, group identification information “G0”, “G1”, “G2”, “G3”, “G4”, “G5” is displayed, and the group identification information “G0” is selected. An example is shown. In this state, when a button with OK characters is pressed, the CPU 111 accepts the selected group identification information “G0”.

  Returning to FIG. 12, in step S24, it is determined whether or not group identification information is selected. If selected, the process proceeds to step S25, and if not selected, the process proceeds to step S30. In step S25, the destination identification information received in step S21 is associated with the group identification information selected in step S24. Specifically, a destination record including destination identification information and group identification information is generated. If a destination record including the destination identification information already exists in the destination table 173, the reference permission level is updated with a blank if the destination record includes the reference permission level, and if the destination record includes the group identification information, the reference permission level is updated. The group identification information is updated with the group identification information selected in step S24.

  In step S26, it is determined whether a reference permission level designation instruction has been accepted. If a reference permission level designation instruction is accepted, the process proceeds to step S27; otherwise, the process proceeds to step S30. In step S27, a first reference permission level setting screen for displaying the reference permission level is displayed on display unit 114. FIG. 13C is a diagram illustrating an example of a first reference permission level setting screen. The first reference permission level setting screen 351 includes a hierarchy display area 401 and an area 352 for displaying a reference permission level. An area 352 shows an example in which six reference permission levels of level 0 to level 5 are displayed and the reference permission level “level 0” is selected. In this state, when a button with OK characters is pressed, the CPU 111 accepts the selected reference permission level “level 0”.

  Returning to FIG. 12, in step S28, it is determined whether or not the reference permission level is selected. If selected, the process proceeds to step S29. If not selected, the process proceeds to step S30. In step S29, the destination identification information received in step S21 is associated with the reference permission level selected in step S28. Specifically, a destination record including destination identification information and group identification information is generated. In addition, when a destination record including the destination identification information already exists in the destination table 173, if the destination record includes the group identification information, the group identification information is updated with a blank, and if the destination record includes the reference permission level, The reference permission level is updated with the authority level selected in step S28.

  In step S30, the destination record generated in step S25 or step S29 is added to the destination table 173 and stored.

  FIG. 14A shows an example of a group registration screen. Referring to FIG. 14A, group registration screen 361 includes a hierarchy display area 401 and an area 362 for displaying group identification information. It is indicated in the hierarchy display area 401 that the group registration screen shown in FIG. 14 (A) is located in the fifth hierarchy below the reference permission setting screen.

  When the user operates the operation unit 115 to select the group identification information displayed in the area 362, the CPU 111 receives the selected group identification information. Then, the second reference permission level setting screen is displayed on the display unit 114. FIG. 14B is a diagram illustrating an example of a second reference permission level setting screen. The second reference permission level setting screen 371 includes a hierarchy display area 401 and an area 372 for displaying the reference permission level. An area 372 shows an example in which six reference permission levels of level 0 to level 5 are displayed and the reference permission level “level 4” is selected. In this state, when a button with OK characters is pressed, the CPU 111 accepts the selected reference permission level “level 0” and the group identification information previously designated on the group registration screen 361 is selected. Associate with a reference permission level. Specifically, a group record including group identification information and a reference permission level is generated and added to the group table 175. When a group record including group identification information already exists in the group table 175, the reference permission level included in the group record 175 is updated with the reference permission level selected on the second reference permission level setting screen.

  FIG. 15 is a flowchart illustrating an example of the flow of destination display processing. The destination display process is a process executed by the CPU 111 when the CPU 111 executes a destination display program stored in the EEPROM 113. Referring to FIG. 15, CPU 111 determines whether or not user identification information has been received (step S41). The process waits until user identification information is received from operation section 115 or data communication control section 117 (NO in step S41). If user identification information is received, the process proceeds to step S42. That is, the destination display process is a process executed on condition that user identification information is received.

  In step S42, the user record including the user identification information received in step S41 is read from the user table 171 stored in the HDD 116. Next, one destination record is read from the destination table 173 stored in the HDD 116.

  In step S44, it is determined whether or not the user record read in step S41 defines an authority level. If the authority level is defined, the process proceeds to step S45. If not defined, the process proceeds to step S47. This is because if the authority level is not defined, it cannot be determined whether or not the destination record can be referred to based on the authority level.

  In step S45, the authority level defined in the user record is compared with the reference permission level defined in the destination record read in step S43. If the destination record does not define a reference permission level, the process proceeds to step S47. As a result of the comparison, if the authority level is equal to or higher than the reference permission level, the process proceeds to step S46. If not, the process proceeds to step S47. In step S46, the destination record read in step S43 is set to be displayable, and the process proceeds to step S47. Thereby, when the reference permission level is set in the destination record, the destination record having the reference permission level equal to or lower than the authority level assigned to the user identification information is set to be displayable.

  In step S47, it is determined whether to perform group extraction. Whether to perform group extraction may be set in advance in MFP 100, or in step S41, the user who has input the user identification information may specify in MFP 100 whether to perform group extraction. The CPU 111 determines whether to perform group extraction according to preset information or user designation. If it is determined that group extraction is to be performed, the process proceeds to step S48; otherwise, the process proceeds to step S54.

  In step S48, the reference permission level of the group of destination records is acquired. When the destination record read in step S43 includes group identification information, the CPU 111 reads out the group record including the group identification information from the group table 175 stored in the HDD 116. Then, the reference permission level included in the read group record is acquired as the group reference permission level. If the destination record does not define group identification information, the process proceeds to step S54.

  In step S49, the authority level defined in the user record is compared with the group reference permission level acquired in step S48. As a result of the comparison, if the authority level is equal to or higher than the reference permission level, the process proceeds to step S50. If not, the process proceeds to step S51. In step S50, the destination record read in step S43 is set to be displayable, and the process proceeds to step S51. Thereby, when group identification information is defined in the destination record, a destination record whose reference permission level associated with the group identification information is equal to or lower than the authority level assigned to the user identification information is set to be displayable.

  In step S51, it is determined whether or not the user of the user identification information received in step S41 belongs to the group. Specifically, it is determined whether or not the user record read in step S42 defines group identification information. If the group identification information is defined, the process proceeds to step S52. If the group identification information is not defined, the process proceeds to step S54.

  In step S52, the group identification information defined in the user record is compared with the group identification information defined in the destination record read in step S43. As a result of comparison, if both group identification information are the same, the process proceeds to step S53. If not, the process proceeds to step S54. In step S53, the destination record read in step S43 is set to be displayable, and the process proceeds to step S54. Thereby, the destination record of the destination belonging to the same group as the group to which the user belongs is set to be displayable.

  In step S54, it is determined whether there is an unprocessed destination record. If there is an unprocessed destination record, the process returns to step S43; otherwise, the process proceeds to step S55. In step S55, the destination record set to be displayable in step S46, step S50 or step S53 is output. If the user identification information is received from the operation unit 115, the destination record is displayed on the display unit 114. If the user identification information is received from the data communication control unit 117, the data communication control unit 117 is controlled and the user identification information is transmitted. Send the destination record to the device.

  FIGS. 16A to 16C are diagrams illustrating an example of a destination display screen. 9 shows a destination display screen when the user table 171 and the destination table 173 shown in FIG. 8 and the group table 175 shown in FIG. FIG. 16A is a diagram showing a destination display screen for user identification information “user 41”. Since the authority level “1” is associated in the user table 171 with the user identification information “user 41”, the destination identification information “destination A0”, “destination A1”, “destination 0A” whose reference permission level is “1” or less. And “Destination 1A” are displayed, and the group identification information “G4” is associated with the user identification information “User 41” in the user table 171, so that “Destination 4A” with the same group identification information “G4” is displayed. The

  FIG. 16B is a diagram showing a destination display screen for the user identification information “user 55”. Since “5” having the maximum authority level is associated with the user identification information “user 55” in the user table 171, all destination identification information having a reference permission level of “5” or lower is displayed.

  FIG. 16C is a diagram showing a destination display screen for the user identification information “user 5A”. The authority level “1” is not associated with the user identification information “user 5A” in the user table 171, but the group identification information “G5” is associated with the user identification information “user 5A”. Is displayed.

  As described above, MFP 100 according to the present embodiment associates destination identification information with group identification information, so that a plurality of destinations can be grouped together. Since the reference permission level can be set for each group, the user need not set the reference permission level for each of a plurality of destinations, and the number of times of setting the reference permission level can be reduced. In addition, it is not necessary to determine the reference permission level for each of a plurality of destinations, and it is only necessary to determine the reference permission level for each group, so that setting is facilitated. Furthermore, even if the reference permission level of the group is changed, the destination included in the group can be referred to without changing the authority level of the user included in the group. As a result, even if the reference permission level or the authority level is changed, the user can refer to the destinations belonging to the same group, so that the reference permission level or the authority level can be easily changed.

  The embodiment disclosed this time should be considered as illustrative in all points and not restrictive. The scope of the present invention is defined by the terms of the claims, rather than the description above, and is intended to include any modifications within the scope and meaning equivalent to the terms of the claims.

It is a figure showing the whole information processing system outline in an embodiment of the invention. 1 is a perspective view showing an appearance of an MFP. 2 is a block diagram illustrating an example of a hardware configuration of an MFP. FIG. 2 is a functional block diagram showing an outline of functions of a control unit of an MFP together with information stored in an HDD. It is a figure which shows an example of the format of the user table. It is a figure which shows an example of the format of a destination table. It is a figure which shows an example of a format of a group table. It is a figure which shows the specific example of the destination which a user can refer. It is a figure which shows an example of a group table. It is a flowchart which shows an example of the flow of a user registration process. (A) is a figure which shows an example of a user registration screen, (B) is a figure which shows an example of a 1st group setting screen, (C) is a figure which shows an example of an authority level setting screen. It is a flowchart which shows an example of the flow of a destination registration process. (A) is a figure which shows an example of a destination registration screen, (B) is a figure which shows an example of a 2nd group setting screen, (C) is a figure which shows an example of a 1st reference permission level setting screen. . (A) is a figure which shows an example of a group registration screen, (B) is a figure which shows an example of a 2nd reference permission level setting screen. It is a flowchart which shows an example of the flow of an object process determination process. It is a flowchart which shows an example of the flow of a destination display process. It is a figure which shows an example of a destination display screen.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 Information processing system 2 Network 9 Operation panel 10 ADF 20 Image reading part 30 Image forming part 40 Paper feed part 50 Post-processing part 60 Facsimile part 61 Communication control part 100 MFP, 101 Main circuit 111 CPU, 112 RAM, 113 ROM, 114 display unit, 115 operation unit, 116 HDD, 117 data communication control unit, 118 LAN terminal, 119 serial communication interface terminal, 119A memory card, 151 user identification information receiving unit, 153 access Authority acquisition unit, 155 access control unit, 157 destination information output unit, 171 user table, 173 destination table, 175 group table.

Claims (6)

Destination table storage means for storing destination records for associating destination information relating to destinations for data transmission and group identification information for identifying groups;
User table storage means for storing a user record for associating user identification information for identifying a user, the group identification information and the authority level;
Group table storage means for storing a group record for associating the group identification information with a reference permission level;
User identification information receiving means for receiving the user identification information;
Access control means for making accessible destination information accessible based on a user record including the received user identification information, and
When the user record including the received user identification information defines group identification information, the access authority acquisition unit extracts first destination extraction unit that extracts the destination information associated with the group identification information and the destination record. When,
When the user record including the received user identification information defines an authority level, the group identification information associated with the reference permission level below the authority level and the group table is extracted, and the extracted group identification information And second destination extraction means for extracting the destination information associated with the destination record.   The information processing apparatus according to claim 1, wherein the user table storage unit stores a user record in which a plurality of the group identification information is associated with one piece of the user identification information. User identification information display means for displaying the user identification information;
User identification information selection receiving means for receiving selection of the displayed user identification information;
Group identification information display means for displaying the group identification information in a state where the user identification information is selected;
Group identification information selection accepting means for accepting selection of the displayed group identification information;
The information processing apparatus according to claim 1, further comprising: a group association unit that associates the selected user identification information with the selected group identification information. Authority level display means for displaying the authority level in a state where the user identification information is selected;
Authority level selection receiving means for receiving selection of the displayed authority level;
The information processing apparatus according to claim 3, further comprising authority level association means for associating the selected user identification information with the selected authority level. An access control method executed by an information processing apparatus,
The information processing apparatus includes a destination table storage unit that stores a destination record that associates destination information related to a destination for data transmission and group identification information for identifying a group;
User table storage means for storing a user record for associating user identification information for identifying a user, the group identification information and the authority level;
Group table storage means for storing a group record that associates the group identification information with a reference permission level, and
Receiving the user identification information;
A first extraction step of extracting destination information associated with the group identification information and the destination record when a user record including the received user identification information defines group identification information;
When the user record including the received user identification information defines an authority level, the group identification information associated with the reference permission level below the authority level and the group table is extracted, and the extracted group identification information And a second extraction step for extracting destination information associated with the destination record;
An access control method for causing the information processing apparatus to execute the step of making the destination information extracted in the first extraction step and the destination information extracted in the second extraction step accessible. An access control program executed by the information processing apparatus,
The information processing apparatus includes a destination table storage unit that stores a destination record that associates destination information related to a destination for data transmission and group identification information for identifying a group;
User table storage means for storing a user record for associating user identification information for identifying a user, the group identification information and the authority level;
Group table storage means for storing a group record that associates the group identification information with a reference permission level, and
The access control program is:
Receiving the user identification information;
A first extraction step of extracting destination information associated with the group identification information and the destination record when a user record including the received user identification information defines group identification information;
When the user record including the received user identification information defines an authority level, the group identification information associated with the reference permission level below the authority level and the group table is extracted, and the extracted group identification information And a second extraction step for extracting destination information associated with the destination record;
An access control program for causing the information processing apparatus to execute the step of making the destination information extracted in the first extraction step and the destination information extracted in the second extraction step accessible.

Images