JP2008217740A - Erp user information management method and device, and erp system and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To attain efficiency in management processing of user information in an ERP (enterprise resource planning) system and improvement of a security function for the user information. <P>SOLUTION: The user information is acquired from a user master 114b managed by an LDAP server 114a to carry out automatic registration of a user ID and authority change in the ERP system 1. Particularly, whenever a user logs in the ERP system 1, the user information is acquired from the LDAP server 114a and updated to deliver again only the authority originally permitted to the user. Even when authority information granted to the user is changed out of malice, log-in by altering the authority by the malicious user is prevented. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a user information management technique in an ERP system constructed by installing an ERP (Enterprise Resource Planning) package represented by R / 3 (registered trademark) of SAP (registered trademark) in a computer, In particular, the present invention relates to a technique suitable for automating the management of user information and efficiently ensuring the reliability of user information.

  The ERP package is called an integrated business package, and is software that integrates systems related to the core business of a company, such as financial / accounting systems, production systems, sales systems, procurement systems, inventory systems, and personnel systems. Management of data by grasping business details in real time, speeding decision-making, dealing with consolidated settlement and management accounting, and the SOX Act (Sarbanes-Oxley act, US to deal with fraudulent accounting In order to take measures such as internal control related to financial reporting under the law in Japan, introduction is being promoted in small and medium-sized enterprises, mainly large enterprises.

  As a technique for managing user information in such a plurality of business systems, for example, there is one described in Patent Document 1.

  The purpose of this technology is to reduce the burden of developing individual user authentication functions in multiple business systems, and to enable multiple business systems to use common security functions, that is, user authentication functions. Thus, it is a technology that enables each business system to eliminate the need to develop a user authentication function individually.

  Specifically, in a management server system for managing a plurality of business systems connected to an intranet, identification information set in association with an operator authority provided corresponding to each of the plurality of business systems; Prepare a search table showing the correspondence with the business system that can be accessed by the operator authority. On the client terminal, the business system selected on the browsed selection screen and the operator authority entered in the input field. Based on the identification information, the above-mentioned search table is referred to determine whether to allow the operator authority to access the selected business system, and based on the determination result, the selected business A technology that allows or disallows access to a system.

  However, in this technique, the contents of the search table are changed by a high-level authorized person managed by the search table itself, and user management is complicated and takes time. Furthermore, it is not possible to prevent an unauthorized operation of changing the contents of the search table by a high-level authorized person, and the correspondence with the recent “internal control (SOX method)” and “personal information protection law” is not sufficient.

JP 2002-278937 A

  The problem to be solved is that, in the prior art, the user management of the ERP system is performed manually by the system administrator, and the user management operation is complicated and time-consuming, and “internal control (SOX method) ”And“ Personal Information Protection Law ”.

  An object of the present invention is to solve these problems of the prior art and to improve the efficiency of user information management processing in the ERP system and improve the security function for user information.

  In order to achieve the above object, in the present invention, (1) a system administrator obtains user information managed by the LDAP server from the LDAP server, automatically registers a user ID in the ERP system, and changes authority. Reduce man-hours for user management. (2) Each time a user logs on to the system (also referred to as “login”), the user information is acquired from the LDAP server and the user information in the own system is updated. Even if the authority information given to the user is changed by malicious redistribution, logon by falsifying the authority by the malicious user can be prevented.

  According to the present invention, maintenance of a user master can be automatically performed, the number of man-hours of a system administrator for user management can be significantly reduced, and a security function for a malicious user can be provided. It is possible to improve.

  The best mode for carrying out the present invention will be described below with reference to the drawings. FIG. 1A is a block diagram showing a configuration example of an ERP user management system according to the present invention. In FIG. 1A, reference numeral 1 denotes an SAP (registered trademark) system (hereinafter referred to as “ERP system”), 101 as an ERP system. Is a terminal used for communication etc. by the applicant for user registration (described as “User ID Applicant” in the figure), and 102 is a terminal used by the superior of the applicant for communication (“Superior of Applicant” in the figure) ), 103 is a terminal used by the supervisor for communication or the like (described as “main supervisor” in the figure), 104 is a terminal used by the user for communication or the like (denoted as “user” in the figure), and 114 is an LDAP that executes a directory service. Each of which has a computer configuration including a CPU (Central Processing Unit), a main memory, a display device, an input device, an external storage device, etc. Each processing means is provided by installing a program or data recorded in a storage medium such as a CD-ROM via a disk drive or the like in the external storage device, then reading the program or data from the external storage device into the main memory and processing by the CPU. The function of (processing unit) is executed. The ERP system 1, each of the terminals 101 to 104, and the LDAP system 114 are connected via a network, and send and receive data via the network.

  The LDAP system 114 includes an LDAP server 114a and a user master 114b as functions realized by a programmed computer. The LDAP system 114 is an LDAP (Lightweight Directory Access Protocol), that is, a TCP / IP network such as the Internet or an intranet, in a directory database. A protocol for access is executed, and the LDAP server 114a stores the personal information of the entire organization managed by the user master 114b (LDAP / ID of each individual, name, e-mail address, department, organization, etc.) Access (read processing, write processing) control is performed.

  Each of the terminals 101 to 104 includes browsers 101a, 102a, 103a, and 104a as functions realized by a programmed computer, respectively, and the ERP system 1 via the browsers 101a, 102a, 103a, and 104a. Exchange information.

  The ERP system 1 has an application / approval function 2, an LDAP cooperation function 3, a data storage unit 4, an LDAP server search function 109, and a mail transmission function 110 as means realized by processing by a programmed computer.

  The application / approval function 23 includes a user application acceptance function 105, a superior approval function 106, a supervisory approval function 107, and a user authentication function 108. The LDAP linkage function 3 includes a user registration function 111, an authority addition function 112, and a user. An information synchronization function 113 is provided.

  In addition, the data management unit 4 uses a storage device such as a hard disk device, in the application list table 4a, the additional application list table 4b, the authority management table 4c, the additional authority management table 4d, the supervisor management table 4e, and the user master 4f. Data registration (generation / deletion) is managed.

  Hereinafter, each of these functions of the ERP system 1 will be described.

  In the application / approval function 2, as shown in FIG. 1B, the user application acceptance function 105 includes an LDAP information acquisition unit 105a, an authority information acquisition unit 105b, an LDAP information storage unit 105c, an authority addition processing unit 105d, and a notification processing unit 105e. And processing for accepting a user registration application (including the ID of the user and the senior manager's ID) from the terminal 101 used by the user registration applicant and a process for notifying the application content to the terminal 102 used by the senior manager.

  As shown in FIG. 1C, the superior approval function 106 includes an application information processing unit 106a, a user registration processing execution unit 106b, an additional authority processing unit 106c, a notification processing unit 106d, and an application information deletion processing unit 106e. If the application is rejected by the superior terminal 102, the user registration application is sent back to the terminal 101. If the user registration application is approved, the user registration function 111 is used to The user information (user master 4f) to which the authority corresponding to the department to which the user with the ID entered from the user is assigned and the authority corresponding to the job system is created, and the additional authority is included in the user registration application, the mail transmission function 110 Is used to notify the terminal 103 used by the authority managing authority of the additional authority application.

  As shown in FIG. 1D, the supervisor approving function 107 includes an addition application processing unit 107a, an authority addition processing unit 107b, a notification processing unit 107c, and an information deletion processing unit 107d, and is added to the main terminal 103. When an authority application is made and the additional authority application is approved by the managing terminal 103, the authority is added using the authority adding function 112. When the authority is rejected, the additional authority is given to the terminal 101. Execute the process of sending back the request.

  As shown in FIG. 1E, the user authentication function 108 includes an LDAP information processing unit 108a and a logon processing unit 108b. When the user logs on to the system via the user terminal 104, the user information synchronization function 113 is provided. The information registered in the user master 4f is updated in synchronization with the information registered in the user master 114b managed and controlled by the LDAP server 114a in the LDAP system 114.

  As a result, when a user logs on from the user terminal 104, the information (user information) in the user master 4f is always the latest information (affiliation, department, etc.), and an intentional unauthorized authority is assigned. Even if it is, it is refreshed (updated) to an appropriate authority, so that security measures can be efficiently taken.

  The LDAP server search function 109 acquires various information from the LDAP system 114 using the LDAP ID as a key, and the mail transmission function 110 uses the LDAP server search function 109 based on the LDAP ID of the destination, for example, Get the email address of the recipient, and notify the application details, send back notification, etc.

  In the LDAP cooperation function 3, the user registration function 111 executes user registration processing in accordance with an instruction from the superior approval function 106 in the application / approval function 2. At this time, since all necessary information is acquired from the LDAP system 114, it is not necessary to manage user information on the ERP system 1.

  Further, the authority addition function 112 executes addition of authority to the user in accordance with an instruction from the supervisory approval function 107 in the application / approval function 2, and the user information synchronization function 113 is used in the application / approval function 2. In response to an instruction from the user authentication function 108, the user master 4f is updated based on the information of the user master 114b in the LDAP system 114.

  In the LDAP system 114, the LDAP server 114a performs registration management control of personal information (LDAP / ID, name, e-mail address, department, organization, etc.) of the entire organization using the user master 114b.

  Next, the operation of each processing means (function) of the ERP system 1 will be described in detail using the flowcharts of FIGS. 2 to 8 and the tables of FIGS. 9A to 9F. The operation of each processing means (function) described below includes data processing such as processing for temporarily storing acquired data using a storage device such as a main memory, processing for reading data to be processed from the storage device, and the like. including.

  2 is a flowchart showing an example of the processing operation of the user application acceptance function 105 in FIG. 1, FIG. 3 is a flowchart showing an example of the processing operation of the superior approving function 106 in FIG. 1, and FIG. FIG. 5 is a flowchart showing an example of the processing operation of the user authentication function 108 in FIG. 1, FIG. 6 is a flowchart showing an example of the processing operation of the user registration function 111 in FIG. 7 is a flowchart showing an example of processing operation of the authority addition function 112 in FIG. 1, and FIG. 8 is a flowchart showing an example of processing operation of the user information synchronization function 113 in FIG.

  9A is an explanatory diagram illustrating a specific content example of the authority management table 4c in FIG. 1, and FIG. 9B is an explanatory diagram illustrating a specific content example of the main management table 4e in FIG. 9C is an explanatory diagram illustrating a specific content example of the application list table 4a in FIG. 1, FIG. 9D is an explanatory diagram illustrating a specific content example of the additional application list table 4b in FIG. 1, and FIG. FIG. 9F is an explanatory diagram showing a specific example of contents of the additional authority management table 4d in FIG. 9, and FIG. 9F is an explanatory diagram showing a specific example of contents of the user master 4f in FIG.

  As shown in FIG. 2, the user application acceptance function 105 that has received the application for user registration (including the user ID and the superior ID of the applicant) from the browser 101a of the terminal 101, first, the LDAP information acquisition unit 105a. Thus, as the processing in step S201, the LDAP server search function 109 is used to access the LDAP server 114a of the LDAP system 114, and the user master 114b managed by the LDAP server 114a (the user master 4f whose details are shown in FIG. 9A). Referring to the content), information such as the department and position corresponding to the user ID input from the terminal 101 and the e-mail address corresponding to the superior ID of the applicant is acquired.

  Next, the authority information acquisition unit 105b searches the authority management table 4c registered in advance as shown in FIG. 9A using the department and position acquired in the process of step S201 as keys as the process in step S202. The authority No (authorization number) to be assigned to the application user is selected.

  Then, by the LDAP information storage means 105c, as the process in step S203, the authority No. selected in the process of step S202, the user ID (LDAP / ID) of the application user, and the upper ID (LDAP / ID) of the application user Is stored in the application list table 4a whose details are shown in FIG. 9C.

  Further, the authority addition processing unit 105d determines whether or not an authority other than the authority selected in the process of step S202 is required from the terminal 101 for the application user as the process in step S204. .

  If a new authority request is made, the authority addition processing means 105d displays a list of all authority information registered in the authority management table 4c shown in detail in FIG. It is displayed on the screen of the apparatus via the browser 101a, and the selection from the operator (applicant) in the terminal 101 is accepted.

  Thereafter, the authority addition processing unit 105d adds the authority No. additionally selected by the terminal 101 in the process of step S205 and the LDAP ID of the application user as shown in FIG. 9D as the process in step S206. Store in the list table 4b.

  Then, the notification processing unit 105e sets the mail transmission function 110 as a process in step S207 in the case where the determination process in step S204 indicates that no additional authority is required (N) or after the process in step S206. The application contents are notified to the superior terminal 102 by e-mail. Thereafter, in step S208, the process of the upper manager approval function 106 shown in FIG. 3 is started.

  The terminal 102 that has received the application content email from the user application acceptance function 105 starts up the browser 102a based on the operation of the upper manager and accesses the ERP system 1. In response to this access, the ERP system 1 The approval function 106 executes the process shown in FIG. 3 as follows.

  As shown in FIG. 3, the superior approval function 106 uses the application information processing means 106 a to register the user application reception function 105 as data in step S <b> 301 using the applicant's superior LDAP / ID as a key. The application list table 4a shown in detail in FIG. 9C is searched, the superior ID is identified, a related application list is extracted to the identified superior, and transmitted to the terminal 102 for the superior, and the browser 102a is displayed, and the superior is inquired as to whether or not the application content is appropriate.

  In step S302, when a response “valid (Y)” is received from the browser 102a of the superior terminal 102, the additional authority processing means 106c includes the additional authority in the user registration application as the process in step S303. Check whether it exists.

  If the additional authority is included (Y), the additional authority processing unit 106c stores the data of the contents shown in FIG. 9A in advance using the authority No. of the additional authority as a key as the process in step S304. A supervisory management table 4e in which data of contents shown in Table 4c and a detailed example in FIG. 9B is stored in advance is searched to obtain the person in charge LDAP / ID of the supervisory authority.

  Then, the notification processing means 106d uses the mail transmission function 110 as processing in step S305 to notify the application contents to the terminal 103 used by the supervisor, and in step S306, the supervisor approval function 107 shown in FIG. Start up.

  If the determination processing result in step S303 is a result that (N) does not include additional authority, or after the processing in step 305, the user registration processing execution means 106b performs the user registration function as the processing in step S307. 111 is started and the processing shown in FIG. 5 is executed. At this time, the user registration processing execution unit 106b delivers the LDAP ID of the user registration applicant input from the terminal 101 to the user registration function 111 as an argument.

  Further, when the determination processing result in step S302 is a result that the application content is not valid (N), the notification processing means 106d uses the mail transmission function 110 as the processing in step S308 to address the terminal 101. Then, as the processing in step S309, the application information deletion processing means 106e causes the application list table 4a shown in detail in FIG. 9C and the additional application list table 4b shown in detail in FIG. All entries related to the input LDAP ID are deleted.

  The terminal 103 that has received the application content email from the superior approval function 106 activates the browser 103a based on the operation of the supervisor and accesses the ERP system 1. In response to this access, the ERP system 1 recognizes the supervisor. The function 107 executes the process shown in FIG.

  As shown in FIG. 4, the supervisor approving function 107 first adds the authority management table 4c shown in FIG. 9A as a process in step S401 by the additional application processing means 107a using the person in charge LDAP / ID of the supervisor as a key. 9B and the additional application list table 4b shown in FIG. 9D are searched to generate a list of additional applications, which are sent to the main terminal 103 and sent by the browser 103a. The information is displayed on the screen of the display device, and as an operation in step S402, the operator of the terminal 103 (supervising authority) is inquired as to whether or not the application content is appropriate.

  If the answer from the terminal 103 (supervising source) is “valid (Y)”, the authority addition processing unit 107b activates the authority addition function 112 in the LDAP cooperation function 3 as processing in step S403. At this time, the authority addition processing unit 1207b delivers the LDAP ID of the user registration applicant input from the terminal 101 and the authority No. of the additional authority as arguments to the authority adding function 112.

  When the determination processing result in step S402 is “N”, the notification processing unit 107c uses the mail transmission function 110 as the processing in step S404 to notify the return information to the terminal 101, and then deletes the information. The means 107d deletes all the entries related to the LDAP / ID of the user registration applicant from the additional application list table 4b as the processing in step S405.

  FIG. 5 shows the processing operation of the user authentication function 108. If there is a user logon request from the terminal 104 via the browser 104a, the user authentication function 108 performs processing in step S501 by the LDAP information processing means 108a. The user information synchronization function 113 is activated and the latest user information is acquired. At this time, the LDAP information processing unit 108 a delivers the LDAP ID of the registration target user input from the terminal 104 to the user information synchronization function 113 as an argument.

  In step S502, the logon processing unit 108b causes the terminal 104 to log on to the ERP system 1 based on the user information updated by the user information synchronization function 113 and the authority associated therewith.

  FIG. 6 shows the processing operation of the user registration function 111 in the LDAP cooperation function 3. The user registration function 111 first responds to an instruction from the superior approval function 106 in step S 601, the LDAP server search function 109. Is used to access the LDAP system 114, and in cooperation with the LDAP server 114a, various information corresponding to the LDAP ID of the registration target user inherited from the superior approval function 106 is acquired from the user master 114b.

  Next, in step S602, data related to the user is registered in the user master 4f using various information acquired in the process of step S601 and the authority No. stored in the application list table 4a.

  In step S603, the mail transmission function 110 is used to notify the terminal 101 of information indicating completion of user ID registration. In step S604, the entry related to the user's LDAP ID is deleted from the application list table 4a. To do.

  FIG. 7 shows the processing operation of the authority addition function 112 in the LDAP cooperation function 3, and the authority addition function 112 first responds to an instruction from the supervisor approving function 107 in step S701. The user master 4 f is searched using the LDAP ID of the registration target user inherited from the key as a key, and the authority No. of the additional authority inherited from the supervisory approval function 107 is added to the entry of the user in the user master 4 f.

  Next, in step S702, the LDAP / ID of the registration target user inherited from the supervisory approval function 107 is associated with the added authority No. and stored in the additional authority management table 4d.

  After that, in step S703, the mail transmission function 110 is used to notify the terminal 101 of information indicating the completion of authority addition. In step S704, the registration target user inherited from the supervisor approving function 107 from the additional application list table 4b. The entry related to the LDAP ID and the added authority No. is deleted.

  FIG. 8 shows an example of the processing operation of the user information synchronization function 113 in the LDAP cooperation function 3, and the user information synchronization function 113 first responds with an instruction from the user authentication function 108 in step S801. The search function 109 is used to access the LDAP system 114, and in cooperation with the LDAP server 114a, various information corresponding to the LDAP / ID of the user of the terminal 104 taken over from the user authentication function 108 is acquired from the user master 114b.

  Next, in step S802, it is checked whether or not there is a difference between the various information acquired in the process of step S801 and the information in the user master 4f.

  If there is a difference (in the case of “Y”), in step S803, the information in the user master 4f is updated using the information acquired in the process of step S801.

  After that, or when the determination result in step S802 is “N” (when there is no difference), in step S804, the user's LDAP / ID of the terminal 104 handed over from the user authentication function 108 and the department to which the user master 4f belongs The authority management table 4c is searched using the job title as a key, and the authority No. given to the user is acquired.

  Further, in step S805, the additional authority management table 4d is searched using the user LDAP ID of the terminal 104 as a key, and the authority No. of the additional authority given to the user is acquired. In step S806, the process of step S804 is performed. Each of the acquired authority No. and the authority No. acquired in the process of step S805 (described as “circle 1, 2” in the figure) is compared with the authority No. given to the user in the user master 4f. Determine whether there is a difference.

  If there is a difference (in the case of “Y”), in step S807, all authority Nos. Are excluded (deleted) from the user master 4f, and authority Nos. Acquired in the respective processes in steps S804 and S805 are newly given. To finish the process.

  As described above with reference to FIGS. 1 to 9F, in the ERP user information management technology of this example, the user application reception function 105 receives a user registration application request from the communication terminal 101 operated by the user registration applicant. Then, the LDAP information acquisition unit 105a and the LDAP server search function 109 access the LDAP server 114a in the LDAP system 114, and the LDAP server 114a receives and refers to the user information stored and managed in advance as the user master 114b. User information including at least the department, position and authority corresponding to the user identifier (user ID) included in the user registration application request is acquired, and the user registration function 111 associates the acquired user information with the user ID and ERP. Raw as user master information of the system And storing, to the storage device (user master 4f).

  In the superior approval function 106, before the user registration function 111 generates and stores the user master 4f, the superior of the user registration applicant operates the user registration application request received from the communication terminal 101. After notifying the communication terminal 102, requesting the validity determination of the user registration application request by the superior, and receiving the determination result from the superior communication terminal 102, the user master by the user registration function 111 4f is generated and stored.

  In addition, the user application acceptance function 105 adds an additional authority other than the authority acquired from the LDAP server 114a to the user registration application request received from the communication terminal 101 before the user registration function 111 generates and stores the user master 4f. It is determined whether there is a request, and if there is an additional authority request, the predetermined authority is notified to the communication terminal 103 operated by a person in charge of a predetermined supervisor, and the validity by the supervisor is confirmed. If a determination result is requested and a determination result indicating that it is appropriate is received from the managing communication terminal 103, the user registration function 111 generates and stores the user master 4f after adding the additional authority to the user information. It is characterized by that.

  If there is a user logon request from the communication terminal 104 operated by the user, the user authentication function 108 accesses the LDAP server 114a via the LDAP server search function 109, and logs on from the user master 114b of the LDAP server 114a. User information corresponding to the requesting user identifier is acquired, and the user master information associated with the user identifier stored by the user registration function 111 is updated.

  The ERP system 1 (SAP (registered trademark) system) equipped with such an ERP user information management technology acquires user information managed by the user master 114b by the LDAP server 114a from the LDAP server 114a, and automatically manages the user ID. Register and change authority. Thereby, the man-hour with respect to the user management of a system administrator can be reduced.

  In particular, whenever the user logs on to the ERP system 1, the LDAP server 114a acquires user information managed by the user master 114b, thereby redistributing only the authority originally granted to the user. Thereby, even when the authority information given to the user is changed maliciously, it is possible to prevent the logon beyond the authority of the user having such malicious intention.

  As described above, according to this example, the maintenance of the user master 4f in the ERP system 1 can be automatically performed, and the man-hours of the system administrator for the user management can be greatly reduced and malicious. It is possible to improve the security function for the user.

  In addition, this invention is not limited to the example demonstrated using FIGS. 1-9F, In the range which does not deviate from the summary, various changes are possible. For example, in this example, the SAP (registered trademark) system has been described as an example of the ERP system, but the present invention can also be applied to other ERP systems.

  Further, in this example, the user registration application request from the terminal 101 by the user applicant includes the upper user identifier (user ID) together with the user identifier to be registered (user ID), but the LDAP server 114a In the user master 114b to be managed (the user master 4f in FIG. 9F), the upper user identifier (user ID) at the time of the user registration application request is obtained by associating the upper user identifier (user ID) with the user ID. Notification may be unnecessary.

  Moreover, the data example in each table shown by each of FIG. 9A-FIG. 9F including the user master 4f in such FIG. 9F is set suitably according to the implementation condition.

  Also, the computer configuration example of this example may have a computer configuration without a keyboard or optical disk drive. In this example, an optical disk is used as a recording medium, but FD or the like may be used as a recording medium. As for the program installation, the program may be downloaded and installed via a network via a communication device.

It is a block diagram which shows the structural example of the ERP user management system which concerns on this invention. It is a block diagram which shows the detailed structural example of the user application reception function in FIG. It is a block diagram which shows the detailed structural example of the upper manager approval function in FIG. It is a block diagram which shows the detailed structural example of the main management origin approval function in FIG. It is a block diagram which shows the detailed structural example of the user authentication function in FIG. It is a flowchart which shows the process operation example of the user application reception function in FIG. It is a flowchart which shows the processing operation example of the upper manager approval function in FIG. It is a flowchart which shows the example of a processing operation of the main authority approval function in FIG. It is a flowchart which shows the processing operation example of the user authentication function in FIG. It is a flowchart which shows the processing operation example of the user registration function in FIG. It is a flowchart which shows the processing operation example of the authority addition function in FIG. It is a flowchart which shows the processing operation example of the user information synchronization function in FIG. It is explanatory drawing which shows the specific example of a content of the authority management table in FIG. It is explanatory drawing which shows the example of a specific content of the main management management table in FIG. It is explanatory drawing which shows the specific example of a content of the application list table in FIG. It is explanatory drawing which shows the specific example of a content of the additional application list table in FIG. It is explanatory drawing which shows the example of a specific content of the additional authority management table in FIG. It is explanatory drawing which shows the example of a specific content of the user master in FIG.

Explanation of symbols

  1: ERP system (SAP (registered trademark) system) 2: Application / approval function 3: LDAP link function 4: Data storage unit 4a: Application list table 4b: Additional application list table 4c: Authority management table 4d: additional authority management table, 4e: supervisor management table, 4f: user master, 101-104: terminal, 101a-104a: browser, 105: user application reception function, 105a: LDAP information acquisition means, 105b: authority information Acquisition means, 105c: LDAP information storage means, 105d: authority addition processing means, 105e: notification processing means, 106: superior approval function, 106a: application information processing means, 106b: user registration processing execution means, 106c: additional authority processing Means 106d: Notification processing means 106e Application information deletion processing means 107 107 107a: addition application processing means, 107b: authority addition processing means, 107c: notification processing means, 107d: information deletion processing means, 108: user authentication function, 108a: LDAP information processing means, 108b: logon processing means, 109 : LDAP server search function, 110: Mail transmission function, 111: User registration function, 112: Authority addition function, 113: User information synchronization function, 114: LDAP system, 114a: LDAP server, 114b: User master.

Claims (7)

A method for registering / updating user information of an ERP system by a programmed computer,
A first step of receiving a user registration application request from a communication terminal operated by a user registration applicant;
Access the LDAP server, refer to the user information stored and managed in advance by the LDAP server, and determine the department, position and authority corresponding to the user identifier included in the user registration application request received in the first step. A second step of acquiring at least user information including:
And a third step of storing the user information acquired in the second step in the storage device as user master information of the ERP system in association with the user identifier. The ERP user information management method according to claim 1,
Before the third step,
A fourth step of notifying the user registration application request to a communication terminal operated by a superior of the user registration applicant and receiving a determination result of the validity of the user registration application request by the superior;
An ERP user information management method, wherein the third step is executed after receiving the determination result that is appropriate from the superior communication terminal in the fourth step. The ERP user information management method according to claim 1, wherein:
Before the third step,
A fifth step for determining whether the user registration application request received in the first step includes a request for additional authority other than the authority acquired from the LDAP server in the second step;
If there is an additional authority request, the communication terminal operated by a person in charge of a predetermined supervisor is notified of the additional authority request, and determination of the validity of the additional authority request by the supervisor in charge from the communication terminal A sixth step of receiving results;
And a seventh step of adding the additional authority to the user information acquired in the second step when receiving a determination result that the additional authority request is valid from the managing communication terminal. ERP user information management method. An ERP user information management method according to any one of claims 1 to 3,
If there is a user logon request from the communication terminal, the user identifier is accessed by accessing the LDAP server, obtaining user information corresponding to the identifier of the user who has requested the logon from the LDAP server, and storing the user identifier stored in the third step. An ERP user information management method comprising an eighth step of updating the user master information associated with the ERP.   The program which makes a computer perform the process in each step in the ERP user information management method in any one of Claims 1-4. A system for registering and updating ERP system user information by a programmed computer,
5. An ERP user information management apparatus comprising means for executing processing at each step in the ERP user information management method according to claim 1.   An ERP system comprising the ERP user information management device according to claim 6.

Images