JP2009230249A - Control device, program, and control method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a control device for increasing safety, and for establishing a flexible security policy according to the significance of the object of processing. <P>SOLUTION: A determination means determines whether or not a manager who performs processing to a storage part by logging-in has logged-out. A storage means stores processing content to be reduced according to the increase of an elasped time since it is determined that the manager has logged-out by the determination means in association with information related with a managed person who is allowed to log-in by the manager in a database. When it is determined that the manager has logged-out by the determination means, a reading means reads the processing content of the managed person from the processing content database based on the elasped time from the logging-out of the manager. The processing of the managed person to the storage part is controlled based on the processing content. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a control device that controls processing for a storage unit that stores data, a program for causing the control device to function as a computer, and a control method.

  Various processes such as database construction, web site construction, and in-house system construction are accompanied by an increase in work load as the amount of information increases. In recent years, from the viewpoint of improving processing efficiency, in-house employees are comprehensively managing processes as managers, and cases in which other processes are outsourced are increasing. In other words, there are an increasing number of cases where specific processing is performed not only in-house managers but also in cooperation with outside managers.

As described above, when processing is outsourced to an outside manager, security becomes a problem. In particular, when the work is on a holiday or late at night, it is necessary to perform the work only by the managed person except the manager. Therefore, an authority transfer method for safely transferring the authority of an administrator is known (for example, see Patent Documents 1 to 3).
JP 2006-221506 A JP 2007-249912 A JP 2002-328907 A

  However, the methods described in Patent Documents 1 to 3 merely determine the scope and expiration date of authority at the time of authority transfer, and do not consider security within this expiration date.

  The present invention has been made in view of such circumstances, and an object thereof is to improve safety by reducing the processing content of the storage unit of the managed person as time passes from the logout of the administrator. It is another object of the present invention to provide a control device capable of establishing a flexible security policy according to the importance of a processing target, a program for causing the control device to function as a computer, and a control method.

  The control device disclosed in the present application includes: a determination unit that determines whether or not an administrator has logged out in the control device that controls processing for a storage unit that stores data; and a manager who is permitted to log in to the administrator In association with information related to the storage unit, the storage unit stores processing contents for the storage unit that is reduced as the elapsed time after the determination unit determines that the administrator has logged out, and the determination unit includes: When it is determined that the administrator has logged out, based on an elapsed time since logout of the administrator, the means for reading the process contents of the managed person from the database, and based on the process contents of the managed person read by the means And means for controlling processing for the storage unit.

  According to the control device disclosed in the present application, the determination unit determines whether or not the administrator has logged out. The storage means correlates with the information on the managed person who is permitted to log in to the administrator, and the processing content for the storage unit that is reduced as the elapsed time after the determination means determines that the administrator has logged out is increased. Store in the database. When the determination unit determines that the administrator has logged out, the processing contents of the managed person are read from the database based on the elapsed time since the administrator logged out. The managed person controls the process for the storage unit based on the contents of the process.

  In addition, the storage unit of the control device disclosed in the present application is associated with information on the managed person and another managed person permitted to log in by the one managed person, and the administrator logs out by the judging part. The processing contents that are reduced as the elapsed time from the determination increases are stored in the database.

  According to such a configuration, by detecting an increase in the elapsed time since it was determined that the administrator has logged out, the authority of the managed person when the administrator is absent due to the logout of the administrator is obtained. It is possible to limit in stages, and it is possible to effectively prevent abuse of authority by the managed person while ensuring the convenience in the absence of the administrator, resulting in security safety Can be secured.

  In addition, the storage unit of the control device disclosed in the present application stores, in the database, processing contents whose processing contents corresponding to information about other managed persons are equal to or less than the processing contents corresponding to information related to one managed person.

  According to such a configuration, a restriction is imposed that the second managed person who is given authority by the managed person (first managed person) can only be given the authority of the first managed person or less. Thus, even when the first manager is temporarily away from the office, the second manager who is authorized by the first manager can work as well, and the second manager When the authority is given to the administrator, the burden on the first managed person can be reduced, and as a result, security safety can be ensured.

  The control device disclosed in the present application, after determining that the administrator has logged out by the determining unit, determines that the administrator has logged in again, and determined that the administrator has logged in again by the means. In this case, there is provided means for changing the processing contents of one managed person and another managed person to predetermined processing contents stored in advance in the database.

  According to such a configuration, when the administrator logs out temporarily and then logs in again, all the managers are re-authorized and allowed until the administrator logs out under the supervision of the administrator. It is possible to perform work within the processing range.

  In addition, what applied the component of the control apparatus disclosed in this application, or arbitrary combinations of a component to a method, an apparatus, a circuit, a system, a computer program, a recording medium, a data structure, etc. is effective as another aspect. .

  According to one aspect of the control apparatus, when the determination unit determines that the administrator has logged out, the processing contents of the managed person are read from the database based on the elapsed time from the administrator's logout. And since a control apparatus controls the process which concerns on a to-be-managed person based on this read-out process content, even if an administrator is absent for a long period of time, it becomes possible to ensure safety. In addition, by appropriately setting the degree of reduction according to the importance of the processing target, it is possible to flexibly construct a security policy according to the specific circumstances of the case, and the present invention has excellent effects. .

Embodiment 1
Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 is a schematic diagram showing an outline of a control system. The control system includes a control device 1, an information processing device 2 of an administrator who logs in and performs processing on a storage unit in the control device, an information processing device 3 of a manager who is permitted to log in by the administrator, and the like. Composed. The information processing apparatuses 2 and 3 are, for example, a personal computer, a mobile phone, or a PDA (Personal Digital Assistant). The control device 1 is, for example, a server computer. In the following, the information processing device 2 of the administrator is the administrator computer 2 and the information processing device 3 of the managed person (hereinafter referred to as a worker) is the worker computer 3A, 3B, 3C (hereinafter referred to as the worker computer 3 in some cases). The control device 1 will be described as the server computer 1.

  In this embodiment, the administrator grants access to the server computer 1 to three workers A, B, and C, and executes various file editing processes and application program creation processes in the server computer 1. An example will be described. The processing content is an example and is not limited to this. The server computer 1, the administrator computer 2, and the worker computer 3 are connected to each other via a communication network N such as a LAN (Local Area Network), and necessary information can be obtained by a protocol such as HTTP (HyperText Transfer Protocol). Send and receive. The administrator computer 2 and the worker computer 3 may be connected via the Internet, a mobile phone network, etc., and remote access may be permitted.

  The manager and each worker are given in advance unique identification information (hereinafter referred to as ID) and a password for identifying each person. The administrator can access the shared folder of the server computer 1 by inputting the ID and password from the administrator computer 2. Similarly, the operator can access the server computer 1 by inputting the ID and password. In the following, an authentication example using an ID and a password will be described, but biometric authentication such as a fingerprint may be used. The worker performs various processes under the supervision of the manager. When the administrator logs out, the range that can be processed by the worker computer 3 by the processing described below, that is, the processing content is reduced in order of elapsed time and generation.

  FIG. 2 is a block diagram showing a hardware configuration of the administrator computer 2. The administrator computer 2 includes a CPU (Central Processing Unit) 21 as a control unit, a RAM (Random Access Memory) 22, an input unit 23, a display unit 24, a communication unit 26, a storage unit 25, and the like. The CPU 21 is connected to each hardware unit of the administrator computer 2 via the bus 27 and controls them. An OS (Operating System) 251 such as Windows (registered trademark) and a browser 252 such as Internet Explorer (registered trademark) are stored in the storage unit 25 configured by a hard disk or a large-capacity memory.

  The display unit 24 is, for example, a liquid crystal display, and the input unit 23 includes a keyboard and a mouse. The communication unit 26 is a modem or a LAN card and transmits / receives information to / from the server computer 1 and the worker computer 3 using a protocol such as HTTP. When accessing a shared folder or the like of the server computer 1 via the communication unit 26, the administrator inputs an ID and password from the input unit 23. The CPU 21 transmits the input ID and password to the server computer 1. When the authentication at the server computer 1 is successful, various processes can be executed on the shared folder of the server computer 1 through the input unit 23.

  FIG. 3 is a block diagram showing a hardware configuration of the worker computer 3. The worker computer 3 includes a CPU 31 as a control unit, a RAM 32, an input unit 33, a display unit 34, a communication unit 36, a storage unit 35, and the like. The CPU 31 is connected to each part of the hardware of the worker computer 3 via the bus 37 and controls them. An OS 351 and a browser 352 are stored in the storage unit 35 configured by a hard disk or a large-capacity memory. Note that the worker computer 3 has substantially the same configuration as the administrator computer 2 and will not be described in detail.

  FIG. 4 is a block diagram showing a hardware configuration of the server computer 1. The server computer 1 includes a CPU 11 as a control unit, a RAM 12, a communication unit 16, an input unit 13, a display unit 14, a clock unit 18, a storage unit 15, and the like. The CPU 11 is connected to the hardware units of the server computer 1 via the bus 17 and controls them, and executes various software functions according to the control program 15P stored in the storage unit 15.

  The communication unit 16 is a gateway or the like that functions as a firewall. The display unit 14 is, for example, a liquid crystal display, and the input unit 13 includes a keyboard and a mouse. The clock unit 18 outputs date information to the CPU 11. The storage unit 15 is configured by a hard disk, for example, and stores therein an ID file 151, a database (hereinafter referred to as a processing content DB) 152, a history file 153, and a business DB 19 in addition to the control program 15P described above. The ID file 151 stores an ID and a password in association with an administrator or a worker. Note that the administrator name, operator name, ID, and password may be input by the administrator or the like from the input unit 13 or the input unit 23 of the administrator computer 2.

  Details of the business DB 19 and the processing content DB 152 will be described later. The CPU 11 performs processing such as storage and retrieval of necessary information by interacting with the schema associated with the field keys of the business DB 19 and the processing content DB 152 using SQL (Structured Query Language). In the present embodiment, the processing content DB 152 and the business DB 19 are stored in the storage unit 15. However, the present invention is not limited to this. For example, the business DB 19 and the processing content DB 152 may be stored in a database server (not shown) connected via the communication unit 16, and processing such as storage and retrieval may be executed as necessary.

  FIG. 5 is an explanatory diagram showing a record layout of the business DB 19. The business DB 19 stores the update date and time and the files in the folder in association with the folder name. In the following, an example will be described in which an administrator and an operator construct a Web site related to online shopping for pharmaceuticals and the like as work contents. The folder A, which is the work target, stores drug price files, inventory files, and the like. The storage contents of the price file and the inventory file in the folder A are read and written by the administrator computer 2 or the worker computer 3. As the update date and time, the date and time when the information was finally stored in one of the files in the folder is written according to an instruction from the CPU 11.

  In the folder B, application programs such as a CGI (Common Gateway Interface) program for Web sites are stored. Various programs created by the administrator computer 2 or the operator computer 3 are stored in the folder B. Folder C stores an HTML (HyperText Markup Language) file for a Web site, image data of a medicine, and the like. The administrator can execute all processes for the storage unit 15 by the administrator computer 2 after logging in. The contents of this processing include, for example, writing to various files (hereinafter referred to as W or write), data reading (hereinafter referred to as R or read), folder creation, deletion, change of access permission, network setting, printer Setting and execution of a program. In the following, for ease of explanation, description will be made by taking reading and writing with respect to files and programs in folders A to C as an example of processing contents, but the present invention is not limited to this. The administrator performs the following processing to determine the processing content of the worker.

  FIG. 6 is an explanatory diagram showing an image when determining the processing content. The CPU 21 of the administrator computer 2 transmits an initial setting command to the server computer 1 in accordance with an instruction from the input unit 23 after the administrator logs in. When the CPU 11 of the server computer 1 receives this initial setting command, it reads out the input screen shown in FIG. The CPU 11 transmits the read input screen to the administrator computer 2. The display unit 24 of the administrator computer 2 displays the folders A to C to be processed, the elapsed time since logout, and the processing contents. The administrator inputs processing contents for each folder from the input unit 23 for each elapsed time.

  This elapsed time indicates the elapsed time since the administrator logged out. As processing contents, there are three stages for each file in folder A: RW, that is, “permitting read and write”, R, that is, “permitting only read”, and x, that is, “not permitting both read and write”. To do. The administrator selects one processing content of RW, R, or X for each folder from the input unit 23 for each elapsed time. A check box indicated by a white square is displayed along with each processing content, and the administrator selects the processing content by clicking the check box related to the corresponding processing with the input unit 23.

  The input screen shown in FIG. 6 is a screen for determining a processing content for an already logged-in worker (hereinafter referred to as a first generation worker) when the administrator logs out and the administrator is permitted to log in directly. is there. For example, when the manager A logs out and the worker A has already logged in with the manager and has performed the task, the worker A becomes the first generation worker. In the input screen example of FIG. 6, RW is selected for the folder A whose elapsed time is less than 60 minutes, and R is selected for the folder A that is 60 minutes or more and less than 120 minutes. When selected in this way, the first generation worker can both read and write each file in folder A if the elapsed time after logout of the administrator is less than 60 minutes. However, when the elapsed time is 60 minutes or more and less than 120 minutes, each file in folder A can only be read and cannot be written.

  When the administrator finishes selecting all the folders, the administrator clicks the end button 141 or the button 142 for determining the second generation from the input unit 23. When the CPU 21 receives a click on the end button 141 from the input unit 23, the CPU 21 transmits the selected processing content corresponding to the number of generations, the folder, and the elapsed time to the server computer 1. The CPU 11 of the server computer 1 stores the processing content corresponding to the generation number, folder, and elapsed time in the processing content DB 152. On the other hand, when the CPU 21 receives a click of the button 142 for determining the second generation from the input unit 23, the CPU 21 sends a request for acquisition of the second generation input screen and the selected processing content corresponding to the number of generations, the folder, and the elapsed time. It transmits to the server computer 1.

  The CPU 11 of the server computer 1 stores the processing content corresponding to the number of generations, the folder, and the elapsed time in the processing content DB 152, and transmits the second generation input screen stored in the storage unit 15 to the administrator computer 2. The CPU 21 of the administrator computer 2 displays the second generation input screen on the display unit 24. FIG. 7 is an explanatory diagram showing an image of the second generation input screen. When the administrator logs out and the first generation worker A (one worker) is working, the worker A himself may permit another worker B (other worker) to log in. . Thus, hereinafter, a worker who is not permitted to log in directly by the first generation worker A is referred to as a second generation worker. Hereinafter, similarly, a worker who is permitted to log in by an nth generation worker is referred to as an (n + 1) th generation worker.

  The administrator inputs the processing content for each folder for the second generation worker from the input unit 23 every elapsed time. When the administrator finishes selecting all the folders for the second generation, the administrator clicks the end button 141 or the button 143 for determining the third generation from the input unit 23. When the CPU 21 receives a click on the end button 141 from the input unit 23, the CPU 21 transmits the selected processing content corresponding to the generation number (second generation), the folder, and the elapsed time to the server computer 1. The CPU 11 of the server computer 1 stores the processing content corresponding to the number of generations, the folder, and the elapsed time in the processing content DB 152. On the other hand, when the CPU 21 receives a click of the button 143 for determining the third generation from the input unit 23, the CPU 21 sends a request for acquisition of the number of generations, the selected processing content corresponding to the folder and the elapsed time, and the input screen of the third generation. It transmits to the server computer 1. By repeating the above, the processing content for each generation of workers is determined.

  FIG. 8 is an explanatory diagram showing a record layout of the processing content DB 152. The processing content DB 152 includes an elapsed time field, a folder field, a first generation field, a second generation field, and a third generation field. The elapsed time field stores the elapsed time since the administrator logged out. In this example, 0 minute or more and less than 60 minutes, 60 minutes or more and less than 120 minutes, 120 minutes or more and less than 180 minutes, and 180 minutes or more are stored. Folders A to C as work targets stored in the business DB 19 are stored in the folder field.

  In the first generation field, information related to read / write permission for each folder is stored in association with the folder and the elapsed time. This first generation is information relating to a worker who is permitted to log in by the administrator. That is, the first generation means a worker who is permitted to log in directly by the administrator. The same information as the first generation field is stored for the second generation field and the third generation field. The second generation is information relating to a worker (other worker) permitted to log in by the first generation worker (one worker). Further, the third generation is information on a worker (other worker) permitted to log in by a second generation worker (one worker). When the CPU 11 of the server computer 1 receives the generation information, the folder, the elapsed time, and the processing content (RW, R, x) from the administrator computer 2, these information is stored in the processing content DB 152.

  The processing content of the worker is restricted according to the processing content DB 152. For example, when 30 minutes have passed since the administrator logged out, the first generation worker is RW regarding the folder B. The second generation worker is R for folder B. If more time elapses and 100 minutes elapse after logout, the processing content is reduced as time elapses and becomes as follows. The first generation worker is R for the folder B, and the second generation worker is X for the folder B.

  FIG. 9 is an explanatory diagram showing a record layout of the history file 153. The history file 153 includes an ID field, a login date / time field, a logout date / time field, a login permitted person field, and a status field. The history file 153 stores the history such as the ID and the login date after the authentication by the CPU 11 using the ID file 151. The ID field stores the ID of the administrator or worker who logs in to the server computer 1. In the example of FIG. 9, ID “AD” is an administrator, ID “AA” is worker A, ID “BB” is worker B, and ID “CC” is worker C.

  The log-in date and time field stores the date and time output from the clock unit 18 when the CPU 11 logs in the administrator related to the administrator computer 2 or the worker related to the worker computer 3. The logout date / time stores the date / time output from the clock unit 18 when information indicating logout is transmitted from the administrator computer 2 or the worker computer 3. In the present embodiment, an example is shown in which the CPU 11 determines that the user has logged out when the information indicating the logout transmitted from the administrator computer 2 or the worker computer 3 is received. However, the present invention is not limited to this.

  For example, if the CPU 11 does not receive any information from the administrator computer 2 or the worker computer 3 within a certain time (for example, within 10 minutes), it is determined that the user has logged out. Alternatively, the CPU 11 transmits information related to a screen that prompts the administrator computer 2 and the worker computer 3 to input a command (for example, letter A). The screen is popped up on the display unit 24 of the administrator computer 2 and the display unit 34 of the worker computer 3. For example, a message such as “Please enter the letter A” pops up. Here, when a command is input to the screen from the input unit 23 of the administrator computer 2 or the input unit 33 of the worker computer 3, the command is transmitted to the server computer 1. The CPU 11 of the server computer 1 determines that the administrator or the operator is continuously logged in. On the other hand, if the CPU 11 does not receive a command within a predetermined time (for example, within 5 minutes), it is determined that the administrator or the worker has logged out.

  In the example of FIG. 9, it can be understood that the administrator has logged in at 11:50, and worker A has logged in at 11:55, five minutes later. The administrator logs out at 12:00:00, and the worker A logs out at 12:50. In the login permitted person field, information on a person who is permitted to log in is stored in association with the ID. Since the administrator can log in freely, no information is stored in the login permitter field. On the other hand, for the ID “AA” indicating the worker A, information on the administrator as a login permitter is stored. This indicates that the worker A is permitted to log in by the administrator. Note that the record layouts of the various data in the history file 153, the business DB 19 and the processing content DB 152 described above are merely examples, and other layouts may be adopted depending on the design if mutual relationships can be maintained. Of course.

  FIG. 10 is an explanatory diagram showing an image when a login permission is requested. When the ID and password are transmitted from the worker computer 3, the CPU 11 refers to the ID file 151 and performs authentication. If the authentication is successful, the highest ID among the logged-in users whose status to be described later is extracted with reference to the history file 153. In this example, since the administrator is the highest level, the ID “AD” is extracted. The CPU 11 refers to the IP address of the administrator computer 2 related to the ID “AD”, reads the permission / refusal screen shown in FIG. 10 from the storage unit 15, and transmits it together with the information of the worker A corresponding to the ID and password.

  The CPU 21 of the administrator computer 2 receives an input of “permit” or “reject” from the input unit 23. When the CPU 21 receives “permit” or “reject” information, the CPU 21 transmits the information and ID to the server computer 1. When the CPU 11 of the server computer 1 receives the “permitted” information and the ID, the CPU 11 permits the login of the worker A and stores the administrator information corresponding to the ID in the login permitted person field. When the CPU 11 receives the “reject” information, the CPU 11 does not permit the worker A to log in.

  The status field stores the status of the logged-in administrator or worker. When the administrator logs in, the status “administrator” is stored. When the login permitter is an administrator, the status is the first generation. In this example, the worker A is the first generation. The worker who is permitted to log in by the first generation worker is the second generation. In this example, the second generation is worker B. Furthermore, the worker permitted to log in from the second generation worker is the third generation, and the information is stored in the status field. In this example, the third generation is worker C. As described above, the information stored in the status field has rank information as an attribute. The order is lower in the order of administrator, first generation, second generation, third generation,.

  The example of FIG. 9 will be further described. The worker B desires to log in at 12:15, and logs in with the permission of the worker A who has the highest status among those logged in. That is, since the administrator has already logged out as of 12:15, the login permitted person is the worker A with the ID “AA” (status is the first generation). Thus, the CPU 11 stores “AA” in the login permitted person field in association with the ID “BB”, and stores “second generation” in the status field. Further, the worker C desires to log in at 13:00, and logs in with the permission of the worker B who is the highest among the logged-in people. In other words, since the administrator and the worker A have already logged out as of 13:00:00, the login permitted person is the worker B with the ID “BB” (status is the second generation). Accordingly, the CPU 11 stores “BB” in the login permitted person field in association with the ID “CC”, and stores “third generation” in the status field.

  Various software processing procedures in the above hardware configuration will be described with reference to flowcharts. FIG. 11 to FIG. 13 are flowcharts showing the procedure when the administrator registers the processing contents. When the administrator logs in to the server computer 1, the administrator inputs the ID and password from the input unit 23 of the administrator computer 2. The CPU 21 of the administrator computer 2 transmits the ID and password input from the input unit 23 to the server computer 1 (step S111). The CPU 11 of the server computer 1 receives the ID and password via the communication unit 16 (step S112). The CPU 11 determines whether or not the received ID and password match the administrator ID and password stored in the ID file 151 (step S113).

  If the CPU 11 determines that it does not match the stored administrator ID and password (NO in step S113), the CPU 11 terminates the process as an unauthorized process. On the other hand, if the CPU 11 determines that it matches the administrator's ID and password (YES in step S113), it reads the menu screen stored in advance in the storage unit 15 and transmits it to the administrator computer 2 (step S114). The CPU 21 of the administrator computer 2 receives the transmitted menu screen and displays the menu screen on the display unit 24 (step S115). On this menu screen, menus such as registration of worker names, IDs and passwords, registration of processing contents, and changes in the manager's own IDs and passwords are displayed in a selectable manner.

  First, the administrator clicks a link related to worker registration from the input unit 23 to register the worker ID and password. When receiving a request for worker registration from the input unit 23, the CPU 21 transmits a worker registration request to the server computer 1 (step S116). The CPU 11 receives the worker registration request (step S117). The CPU 11 reads out the worker registration screen stored in advance in the storage unit 15 by receiving the worker registration request as a trigger, and transmits it to the administrator computer 2 (step S118). The CPU 21 of the administrator computer 2 receives the worker registration screen and displays it on the display unit 24 (step S119). This worker registration screen is provided with boxes for inputting a worker name, a worker-specific ID, and a password.

  CPU21 receives a worker name, worker ID, and a password from the input part 23 (step S121). CPU21 transmits the worker name, worker ID, and password which were received from the input part 23 to the server computer 1 (step S122). The CPU 11 of the server computer 1 receives the worker name, worker ID, and password (step S123). The CPU 11 stores the received worker name, worker ID, and password in the ID file 151 in association with the administrator ID (step S124). In this embodiment, the number of managers is one for ease of explanation. However, there may be a plurality of managers, and each manager is accompanied by a worker, The range of processing contents will also be different.

  After storing the worker ID and password, the CPU 11 transmits the menu screen again (step S125). The CPU 21 of the administrator computer 2 receives the transmitted menu screen and displays it on the display unit 24 (step S126). Next, the administrator clicks a link relating to processing content registration from the input unit 23 in order to register the processing content of each worker by generation. When the information related to the link is input from the input unit 23, the CPU 21 accepts the information and transmits a processing content registration request to the server computer 1 (step S127).

  The CPU 11 receives the processing content registration request (step S128). The CPU 11 reads out the first generation registration screen from the storage unit 15 and receives the processing content registration request as a trigger, and transmits it to the administrator computer 2 (step S129). The CPU 21 of the administrator computer 2 receives the first generation registration screen and displays it on the display unit 24 as shown in FIG. 6 (step S131). The administrator inputs RW, R, or x, which is the processing content, for each folder and elapsed time from the input unit 23. CPU21 receives the processing content input through the input part 23 (step S132).

  The administrator inputs processing contents for all folders and elapsed time. When only the first generation is set, the end button 141 is clicked from the input unit 23. Subsequently, when setting the second generation or later, the button 142 for determining the second generation is clicked from the input unit 23. The CPU 21 determines whether or not an input of a button for determining the next generation has been received (step S133). When the CPU 21 receives an input of a button for determining the next generation (YES in step S133), the CPU 21 requests generation information (first generation), processing contents for each folder and elapsed time, and a registration screen for the next generation. Therefore, a request for the next generation registration screen is transmitted to the server computer 1 (step S134).

  On the other hand, when input of a button for determining the next generation is not received (NO in step S133), that is, when the end button 141 is clicked, generation information (first generation), processing for each folder and elapsed time The contents are transmitted to the server computer 1 (step S135). The CPU 11 of the server computer 1 receives the information transmitted in step S134 or S135. The CPU 11 stores the processing content in the processing content DB 152 as shown in FIG. 8 in association with the generation, folder, and elapsed time (step S136). The CPU 11 determines whether or not a request for a next generation registration screen has been received (step S137).

  When the CPU 11 determines that the request for the next generation registration screen has been received (YES in step S137), the CPU 11 reads the next generation registration screen from the storage unit and transmits it to the administrator computer 2 (step S138). For example, if a request for a second generation registration screen has been made, the registration screen shown in FIG. 7 is transmitted. The CPU 21 of the administrator computer 2 receives the next generation registration screen and displays it on the display unit 24 (step S139). Then, the process returns to S132 again. By repeating these processes, registration of processing contents of a plurality of generations is executed. On the other hand, if the CPU 11 of the server computer 1 has not received the request for the next generation registration screen (NO in step S137), it means that the registration is completed at the generation, and thus the series of processes is terminated.

  When storing the processing content in the processing content DB, the CPU 11 may execute the following determination processing as a subroutine of step S136. 14 and 15 are flowcharts showing the procedure of the determination process. The CPU 11 of the server computer 1 receives the generation, the elapsed time, and the processing content for each folder (step S141). The CPU 11 reads the processing content for each elapsed time of one folder (for example, folder A) (step S142). The CPU 11 determines whether or not the processing content having a long elapsed time is equal to or less than the processing content having a short elapsed time (step S143).

  If the CPU 11 determines that the processing content having a long elapsed time is not less than or equal to the processing content having a short elapsed time (NO in step S143), the CPU 11 reads the first error information read from the storage unit 15 and transmits it to the administrator computer 2. (Step S144). On the display unit 24 of the administrator computer 2, for example, “Please set to reduce the processing content as the elapsed time becomes longer” is displayed as the first error information. The process is returned to S126 or S132 again, and the processing contents are registered again. For example, it is assumed that the processing content of the folder A is R, that is, “read permission” and “write rejection” when the elapsed time is 0 minute or more and less than 60 minutes. Here, when the elapsed time is 60 minutes or more and less than 120 minutes and the processing content of the folder A is RW, that is, “read permission” and “write permission”, the first error information is transmitted. In this case, “read permission” and “write rejection” (R), or “read rejection” and “write rejection” (×) are required.

  In this way, since the determination to reduce the processing range is performed according to the passage of time since the administrator logged out, it is possible to prevent the administrator from inadvertently expanding the processing range. It becomes. Here, the scope of processing contents in the present embodiment will be added. The range of processing contents is reduced in the order of RW, R, and x. That is, when the processing content when the elapsed time is short is R, the processing content when the elapsed time is long is R or x which is less than this. In other words, registration in which the processing contents are expanded from x to R and from R to RW despite the increase in elapsed time is rejected by transmission of the first error information.

  When the CPU 11 determines that the processing content having a long elapsed time is equal to or less than the processing content having a short elapsed time (YES in step S143), the CPU 11 sets a determined flag for the folder as appropriate registration (step S145). . In the process of step S143, all processing contents having the next longest elapsed time with respect to one elapsed time are determined. That is, in the example of FIG. 8, the folder A is compared between 0 minutes and less than 60 minutes and between 60 minutes and less than 120 minutes, and between 60 minutes and less than 120 minutes is compared with between 120 minutes and less than 180 minutes. Similarly, 120 minutes or more and less than 180 minutes and 180 minutes or more are compared. The CPU 11 determines whether or not the determination process of step S143 has been executed for all folders with reference to the flag set for the folder (step S146).

  If the CPU 11 determines that determination has not been made for all folders (NO in step S146), the processing contents for each elapsed time of a different folder (folder B in this example) to proceed to the next folder. Is read (step S147). Then, the CPU 11 returns the process to step S143. By repeating these processes, reduction of the processing contents is ensured as the elapsed time increases for all folders.

  If the CPU 11 determines that all folders have been determined (YES in step S146), it determines whether the generation received in step S141 is the first generation (step S148). When the CPU 11 determines that the generation is the first generation (YES in step S148), the CPU 11 stores the generation, the elapsed time, and the processing content for each folder in the processing content DB 152 (step S149). On the other hand, when the CPU 11 determines that the generation is not the first generation (NO in step S148), the CPU 11 performs the following processing to verify the range of processing contents between generations.

  The CPU 11 reads from the processing content DB 152 the elapsed time of one higher generation (for example, the first generation) than the generation (for example, the second generation) received in step S141 and the processing content for each folder (step S151). The CPU 11 reads out the processing content of each elapsed time of the one upper generation folder (for example, folder A) from the read information (step S152). Subsequently, the CPU 11 reads out the processing contents of each elapsed time of one folder of the generation to be determined (step S153).

  The CPU 11 determines whether or not the read processing content of the determination target generation is equal to or less than the processing content of one higher generation in the same elapsed time zone (step S154). In the above example, it is determined whether or not the processing contents of the second generation in the same elapsed time zone are equal to or less than the processing contents of the first generation. When the CPU 11 determines that the processing content of the determination target generation is not less than or equal to the processing content of the one higher generation in the same elapsed time zone (NO in step S154), the CPU 11 reads the second error information stored in the storage unit 15, and 2 (step S155). The second error information may be a text sentence such as “the input processing content exceeds the processing content of the upper worker”. In this case, the process is returned to S126 or S132 again, and the process contents are registered again.

  For example, it is assumed that the processing content of the first generation folder A is R, that is, “read permission” and “write rejection” when the elapsed time is 0 minute or more and less than 60 minutes. Here, when the processing content of the folder A in the second generation in the same elapsed time zone of 0 minute or more and less than 60 minutes is RW, that is, “read permission” and “write permission”, the processing content is expanded because the processing content is expanded. Error information is sent. Note that the process of step S154 is performed for all elapsed time zones. That is, the processing contents of one folder in the same elapsed time period such as 60 minutes or more and less than 120 minutes, 120 minutes or more and less than 180 minutes, and 180 minutes or more are compared between two adjacent generations.

  In this way, the worker B who is permitted to log in by the worker A executes a process whose processing content does not exceed that of the worker A who is permitted to log in. Therefore, the administrator carelessly processes each worker. It is possible to prevent an error that expands the range. When the CPU 11 determines that the read processing content of the generation to be determined is equal to or lower than the processing content of one higher generation in the same elapsed time zone (YES in step S154), the auxiliary determination flag is set for the folder (step S154). S156). The CPU 11 determines whether all folders have been determined by referring to the auxiliary flag set for the folder (step S157).

  If the CPU 11 has not made a determination for all folders (NO in step S157), the processing contents of each elapsed time of a different folder of one higher generation are read in order to determine a different folder (for example, folder B) (step S158). ). Similarly, the CPU 11 reads out the processing contents of each elapsed time for folders of different generations to be determined (step S159). Then, the CPU 11 returns the process to step S154. On the other hand, if the CPU 11 determines that all folders have been determined (YES in step S157), the generation, the elapsed time, and the processing content for each folder are stored in the processing content DB 152 (step S1510). With the above processing, it is possible to appropriately reduce the processing range against both the increase in generation accompanying permission of login by the worker and the increase in elapsed time based on logout by the administrator.

  16 to 18 are flowcharts showing the log-in history recording processing procedure. When the administrator logs in to the server computer 1, the administrator inputs the ID and password from the input unit 23. The CPU 11 of the server computer 1 receives the administrator's ID and password (step S161). The CPU 11 refers to the ID file 151 and determines whether or not the received ID and password match the administrator's ID and password stored in the ID file 151 (step S162). If the CPU 11 determines that they do not match (NO in step S162), the CPU 11 ends the series of processes as an illegal process.

  On the other hand, if the CPU 11 determines that they match (YES in step S162), the administrator ID, the login date and time, and the status “manager” are stored in the history file 153 (step S163). The date / time information is stored based on the output from the clock unit 18. The CPU 11 determines whether or not the administrator has logged out (step S164). Note that, as described above, this determination is based on whether a command indicating logout is transmitted from the administrator computer 2 to the server computer 1, or when an Ack command is transmitted from the server computer 1 to the administrator computer 2, but there is no response. Alternatively, it may be determined that the user has logged out, for example, when information related to operation for a certain period of time is not transmitted from the administrator computer 2 to the server computer 1. If the CPU 11 determines that the user has not logged out (NO in step S164), the CPU 11 determines whether or not the ID and password of a worker who wishes to log in are received (step S165).

  If the CPU 11 determines that the worker ID and password have not been received (NO in step S165), the process returns to step S164. On the other hand, if the CPU 11 determines that it has been received (YES in step S165), the CPU 11 refers to the ID file 151 and determines whether or not the received ID and password match the worker's ID and password stored in the ID file 151. Judgment is made (step S166). If the CPU 11 determines that they do not match (NO in step S166), the CPU 11 ends the series of processes as an illegal process.

  On the other hand, if the CPU 11 determines that they match (YES in step S166), the administrator determines whether or not the operator is permitted to log in (step S167). Specifically, the CPU 11 refers to the IP address of the administrator computer 2, reads the permission / refusal screen shown in FIG. 10 from the storage unit 15, and transmits it to the administrator computer 2 including the worker ID in the rejection screen. The CPU 21 of the administrator computer 2 displays a permission / denial screen including the worker ID on the display unit 24. The CPU 21 receives an operation signal related to “permit” or “reject” corresponding to the permission / denial screen from the input unit 23. When the CPU 21 receives an operation signal “permit” or “reject” from the input unit 23, the CPU 21 transmits the information to the server computer 1. When the server computer 1 receives the “permit” information, the server computer 1 permits the login. On the other hand, if the information of “reject” is received, the login is rejected.

  If the CPU 11 determines that the administrator does not permit the operator to log in (NO in step S167), the process returns to step S164. On the other hand, when the CPU 11 determines that the administrator permits login of the worker (YES in step S167), the CPU 11 sets the worker ID, the login date and time, the login authorized person (administrator in this example), and the status “first generation”. Stored in the history file 153 (step S168). Thereafter, the process returns to step S164.

  If the CPU 11 determines that the administrator has logged out (YES in step S164), the logout date and time of the administrator is stored in the history file 153 with reference to the output of the clock unit 18 (step S172). CPU11 substitutes 1 to the variable n (step S173). Note that the variable n is an integer. The CPU 11 determines whether or not the nth generation worker is logged in (step S174). If the nth generation worker is not logged in (NO in step S174), the CPU 11 is logged out, and the upper worker who is permitted to log in is logged out. This is not possible, and the series of processing is terminated. Of course, there may be a plurality of workers of each generation.

  If the CPU 11 determines that the nth generation worker is logging in (YES in step S174), the CPU 11 obtains the ID and password of the n + 1 generation worker from the worker computer 3 to permit the n + 1 generation login. It is determined whether or not it has been received (step S175). When the CPU 11 has not received the ID and password of the (n + 1) th generation worker (NO in step S175), the process of step S175 is repeated. On the other hand, when the CPU 11 receives the ID and password of the (n + 1) th generation worker (YES in step S175), the received ID and password of the (n + 1) th generation worker match the ID and password stored in the ID file 151. Whether or not (step S176). When the CPU 11 refers to the ID file 151 and determines that the received ID and password do not match the worker's ID and password stored in the ID file 151 (NO in step S176), a series of processing is assumed to be unauthorized processing. Exit.

  On the other hand, if the CPU 11 determines that they match (YES in step S176), the nth generation worker determines whether or not to permit the login of the (n + 1) th generation worker (step S177). The process is determined by referring to the IP address, transmitting the permission / denial screen together with the (n + 1) th generation worker ID to the worker computer 3A, and receiving permission / denial information from the worker computer 3A, as in step S167. To do. If the CPU 11 determines that login is not permitted (NO in step S177), the process returns to step S175. On the other hand, if the CPU 11 determines that login is permitted (YES in step S177), the worker ID of the (n + 1) th generation worker, the login date and time, the login permitted person "nth generation", and the status "n + 1 generation" are shown in FIG. As described above, the history file 153 is stored (step S178).

  The CPU 11 determines whether or not the nth generation worker is still logged in (step S179). If the nth generation worker is logging in (YES in step S179), the CPU 11 returns the process to step S175 and repeats the above process. On the other hand, when the CPU 11 determines that the nth generation worker is not logged in (NO in step S179), the CPU 11 stores the logout date and time of the nth generation worker in the history file 153 (step S181). The CPU 11 increments the variable n (step S182). Thereafter, the CPU 11 determines whether or not the administrator has logged in again (step S183). If the CPU 11 determines that the administrator is not logged in (NO in step S183), the process returns to step S175, and the same process is repeated under the next generation of workers. On the other hand, if the CPU 11 determines that the administrator has logged in again (YES in step S183), the series of processing ends.

  FIG. 19 is a flowchart showing the processing restriction processing procedure for the worker. The server computer 1 refers to the history file 153 and determines whether or not the administrator has logged out (step S191). When the CPU 11 determines that the administrator has not logged out (NO in step S191), the CPU 11 repeatedly executes the process of step S191. On the other hand, when the CPU 11 determines that the administrator has logged out (YES in step S191), the CPU 11 performs the following processing to limit processing on the folder in the storage unit 15 of the server computer 1 from the worker computer 3.

  The CPU 11 determines whether or not an operator command and an operation command for a folder (for example, an operation to open a specific folder) transmitted from the worker computer 3 have been received (step S192). When the CPU 11 determines that the operation command for the worker ID and the folder has not been received (NO in step S192), the CPU 11 repeatedly executes the process of step S192. On the other hand, when the CPU 11 determines that the operation command for the worker ID and folder has been received (YES in step S192), the CPU 11 determines whether or not the worker associated with the worker ID is logged in (step S193). Specifically, the CPU 11 refers to the ID field, login date / time field, and logout date / time field of the history file 153 to determine whether or not the user is logged in.

  If the CPU 11 determines that the worker is not logged in (NO in step S193), the CPU 11 ends the process to deny access to the server computer 1. On the other hand, when the CPU 11 determines that the worker is logged in (YES in step S193), the CPU 11 reads the generation number (status) corresponding to the received worker ID from the history file 153 (step S194). The CPU 11 stores the worker ID in the processing content DB 152 in association with the read number of generations (step S195).

  FIG. 20 is an explanatory diagram showing a record layout of the processing content DB 152 after the operator logs in. When the worker is permitted to log in by the processing described in steps S161 to S183 and the number of generations is determined, the CPU 11 reads the number of generations stored in the worker ID and the status field of the history file 153. Then, the CPU 11 associates the read generation number with the worker ID to determine the processing contents of the worker. In the example of FIG. 20, worker A (worker ID “AA”) is the first generation, worker B (worker ID “BB”) is the second generation, and worker C (worker ID “worker ID“ AA ”). CC ") is the third generation. As described below, the CPU 11 refers to the processing content DB 152 and determines the processing content of each worker as RW, R, or X based on the number of generations and the elapsed time.

  The CPU 11 calculates the elapsed time since it was determined that the administrator logged out in step S191 based on the output from the clock unit 18 and the logout date and time of the administrator stored in the history file 153 (step S196). Based on the calculated elapsed time, the read generation number, and the received folder, the CPU 11 refers to the processing content DB 152 and reads the corresponding processing content (step S197). For example, if the elapsed time is 100 minutes, the second generation (worker B), and the folder A, the processing content is R.

  The CPU 11 performs control to limit processing for the folder based on the read processing content (step S198). For example, in the above example, the CPU 11 permits only the reading of the folder A to the worker computer 3B related to the worker B, and refuses the writing. When the elapsed time is 200 minutes, all the processing contents are x, so any worker is denied both read and write processes for folders A to C. Subsequently, the CPU 11 determines whether or not the administrator has logged in again (step S199). If the CPU 11 determines that the administrator is not logged in (NO in step S199), the process returns to step S192, and the same process is repeated when more time has passed. On the other hand, if the CPU 11 determines that the administrator has logged in again (YES in step S199), the series of processing ends. In this way, due to the limitation of the processing contents of the workers accompanying the increase in generation and the limitation of the processing contents accompanying the increase in the elapsed time after logout, the administrator can be assured that each worker is in accordance with a predetermined security policy even when absent. It is possible to request a job. In addition, since the server computer 1 manages the processing contents so as to reduce the processing contents due to the increase in generation and the elapsed time, it is possible to prevent an error in setting the processing contents of the administrator.

Embodiment 2
The second embodiment relates to a mode in which an administrator logs in again to perform work again after logging out. When the administrator logs in again, the CPU 11 changes to the predetermined processing content stored in the processing content DB 152 in advance regardless of the generation and elapsed time of the currently logged-in worker. Specifically, the processing content of each worker is changed to the processing content in the time zone that is the most advanced generation of the processing content DB 152 and has the shortest elapsed time. For example, as shown in FIG. 8, the elapsed time is already 150 minutes, and the processing contents of the first generation worker are R for folder A, x for folder B, and R for folder C. The second generation workers are further reduced, and only folder A is R, and folders B and C are both x. In the third generation worker, all of the folders A to C are “x”.

  When the administrator logs in again, the CPU 11 refers to the processing content DB 152 and changes the processing content of all workers to the specific processing content. Specifically, all the processing contents for each folder in the highest generation, that is, the first generation permitted to log in by the administrator and when the elapsed time is the shortest or the elapsed time is zero Change the processing contents of the worker. That is, in the example of FIG. 8, the processing contents corresponding to the first generation and the elapsed time from 0 minutes to less than 60 minutes are all folders A to C are RW. Accordingly, the processing contents of all workers of the first generation, the second generation, and the third generation are changed in an expanded form.

  FIG. 21 is a flowchart showing the procedure of the change process when the administrator logs in again. The CPU 11 determines whether or not the user has logged in again after logging out (step S201). When the CPU 11 determines that the administrator has not logged in again (NO in step S201), the above processing is repeated. On the other hand, if the CPU 11 determines that the administrator has re-logged in (YES in step S201), the CPU 11 refers to the processing content DB 152 and reads the processing content of each folder corresponding to the highest generation and the shortest elapsed time (step S202). . The CPU 11 changes the processing content of the logged-in worker to the processing content read in step S202 (step S203). As a result, as described in the first embodiment, the worker can perform the work within the expanded processing range under the supervision of the manager until the manager logs out. In addition, since the administrator can change the processing contents of each worker without only setting or permitting only by logging in again, the operation can be resumed more smoothly.

  The second embodiment is configured as described above, and the other configurations and operations are the same as those of the first embodiment. Therefore, corresponding parts are denoted by the same reference numerals, and detailed description thereof is omitted.

Embodiment 3
The third embodiment relates to a mode in which the server computer 1 determines the processing content according to the security policy. FIG. 22 is an explanatory diagram showing an image when determining the processing contents according to the third embodiment. A processing content registration screen shown in FIG. 22 is displayed on the display unit 24 of the administrator computer 2. In addition to the display items of the first embodiment, a security policy selection box 145, a button 144 to be automatically determined, and sentences relating to these descriptions are displayed. Depending on the work, an enormous number of folders, a large number of generations, finer time settings, and the like are required. In this embodiment, the administrator displays the security policy selection box 145 from the input unit 23. Select one of the levels.

  In the present embodiment, three levels of high, medium, and low are used for ease of explanation, but the present invention is not limited to this. By clicking the button 144 to be automatically determined, the security level is transmitted to the server computer 1. The server computer 1 determines the processing content by the processing described below, and stores the determined processing content in the processing content DB 152.

  FIG. 23 is a block diagram illustrating a hardware configuration of the server computer 1 according to the third embodiment. In addition to the configuration of the first embodiment, the storage unit 15 stores a rule file 154. FIG. 24 is an explanatory diagram showing a record layout of the rule file 154. The rule file 154 stores the amount of change in the processing content accompanying the increase in elapsed time and generation for each level. The rule file 154 includes a level field, an elapsed time field, and a generation field. The level field stores a security level related to the security policy, high, medium, and low. In the elapsed time field, a reduction amount of the processing content corresponding to the elapsed time is stored.

  For example, when the level is high, it is stored as one step reduction every 60 minutes. For example, when the processing content is RW at the time of logout, the processing content is reduced to R when the elapsed time exceeds 60 minutes. On the other hand, in the case of the level, it is stored as one step reduction every 120 minutes. For example, when the processing content is RW at the time of logout, the processing content is reduced to R when the elapsed time exceeds 120 minutes. As described above, the amount of reduction of the processing content corresponding to the elapsed time is stored for each level in the elapsed time field. Similarly, the generation field stores the amount of reduction of processing content for each generation drop. When the level is high, it is stored as one step reduction every time one generation is lowered.

  For example, when the processing content of the first generation is RW, the processing content of the second generation that has been reduced by one generation is reduced to R. On the other hand, in the case of the level, it is stored as one step reduction every time two generations decrease. For example, when the processing content of the first generation is RW, the second generation that has been reduced by one generation is also RW, but the processing content of the third generation that has been reduced by two generations is reduced to R. The CPU 11 refers to the rule file 154 according to the selected level, reads the reduction amount relating to the elapsed time and the reduction amount relating to the generation, and changes the processing content accordingly. The CPU 11 stores the changed processing content in the processing content DB 152. The rule file 154 can be set as appropriate by the administrator from the input unit 23 of the administrator computer 2 or the input unit 13 of the server computer 1.

  FIG. 25 is an explanatory diagram showing a record layout of the processing content DB 152 when the level is high. In the following example, the processing contents for the first generation folders immediately after logout are all assumed to be RW. When the elapsed time is 0 minute or more and less than 60 minutes, the processing contents of each folder are all RW. The CPU 11 stores the contents of 60 minutes or more and less than 120 minutes by reducing it by one step according to the reduction amount stored in the elapsed time field of the rule file 154 as R. For 120 minutes or longer, it is further reduced by one step, so it becomes x. The CPU 11 reads the reduction amount stored in the generation field. Then, the processing contents of the second generation are changed. Specifically, in the case of the second generation at 0 minutes or more and less than 60 minutes, R is reduced by one step from RW. CPU11 is reduced by one step from R for x for 60 minutes or more and less than 120 minutes.

  For 120 minutes or more, the first generation is already x, so the second generation and later are also x. The CPU 11 performs the same processing for the third generation, and when it is 0 minute or more and less than 60 minutes, it is reduced by one step from R and becomes x. Since the CPU 11 is already x for 60 minutes or more and less than 120 minutes, the third generation is also x. FIG. 26 is an explanatory diagram showing a record layout of the processing content DB 152 when the level is set. The CPU 11 reads one step reduction from the elapsed time field of the rule file 154 every 120 minutes. The CPU 11 changes the processing content of each elapsed time zone of the first generation according to the read rule. Focusing on the first generation, it can be understood that the RW is reduced by one step after 120 minutes.

  Subsequently, the CPU 11 reads the one-stage reduction from the generation field of the rule file 154 every time two generations decrease. The CPU 11 changes the processing content of each generation based on the processing content of the first generation according to the read rule. If attention is paid to the second generation, it can be understood that the processing contents are the same as those of the first generation, and if attention is paid to the third generation, RW is reduced to R and R is reduced to one step respectively.

  27 and 28 are flowcharts showing the procedure of the processing content determination process. The CPU 21 of the administrator computer 2 receives the first generation registration screen through the processing of step S129 described in the first embodiment (step S271). A screen shown in FIG. 22 is displayed on the display unit 24. The CPU 21 receives input of the security level and automatic determination from the input unit 23 (step S272). The CPU 21 transmits the received security level and automatic determination request to the server computer 1 (step S273). The CPU 11 of the server computer 1 receives the security level and automatic determination request transmitted from the administrator computer 2 (step S274).

  CPU11 reads the initial value of the processing content with respect to each folder from the memory | storage part 15 (step S275). This initial value stores, for example, RWs that permit both reading and writing for all folders. The initial value can be changed as appropriate from the input unit 23 of the administrator computer 2. The CPU 11 assigns 1 to a variable n indicating the number of generations (step S276). N is an integer. The CPU 11 reads the reduction amount for the elapsed time corresponding to the security level received from the rule file 154 (step S277). Further, the CPU 11 reads out the reduction amount based on the generation from the rule file 154 (step S278).

  For the nth generation, the CPU 11 determines the processing content of each elapsed time zone based on the initial value read in step S275 and the reduction amount in steps S277 and S278 (step S279). This process is performed for all folders. The CPU 11 stores the processing contents of the nth generation in the processing content DB 152 as shown in FIG. 25 or FIG. 26 (step S281). The CPU 11 determines whether or not the variable n exceeds the maximum value stored in advance in the storage unit 15 (step S282). This maximum value is, for example, 5. When the maximum value is 5, the processing content is determined up to the fifth generation. The administrator inputs a desired maximum value on the menu screen displayed in step S115 from the input unit 23 of the administrator computer 2. Note that the maximum value may be input from the input unit 13 of the server computer 1. The input maximum value is received by the CPU 21 and transmitted to the server computer 1. The CPU 11 stores the received maximum value or the maximum value received from the input unit 13 in the storage unit 15. When the manager's absence time is long or when the operator is frequently changed, the maximum value may be set to a large value.

  When the variable n does not exceed the maximum value stored in the storage unit 15 (NO in step S282), the CPU 11 increments n indicating the number of generations (step S283). Then, the process returns to step S279. By repeatedly executing the processing described above, the processing content up to the desired number of generations is stored in the processing content DB 152 in a form that is reduced as the generation increases and the elapsed time increases. When the variable n exceeds the maximum value stored in the storage unit 15 (YES in step S282), the CPU 11 ends the series of processes.

  The third embodiment is configured as described above, and the other configurations and operations are the same as those of the first and second embodiments. Therefore, corresponding parts are denoted by the same reference numerals, and detailed description thereof is omitted. To do.

Embodiment 4
FIG. 29 is a block diagram showing a configuration of the server computer 1 according to the fourth embodiment. A program for operating the server computer 1 according to the first to third embodiments is provided with a recording medium 1A such as a CD-ROM in a recording medium reading device (not shown) as in the fourth embodiment. It can also be read and stored in the storage unit 15 or downloaded from another computer (not shown) connected via the communication network N or the Internet. The contents will be described below.

  The server computer 1 shown in FIG. 29 determines whether or not the user has logged out, and downloads a program for storing the processing contents from the other computer (not shown) by the recording medium 1A or via the communication unit 16, It installs as the control program 15P of the memory | storage part 15. FIG. Such a program is loaded into the RAM 12 and executed. Thereby, it functions as the server computer 1 described above.

  The fourth embodiment is configured as described above, and the other configurations and operations are the same as those of the first to third embodiments. Therefore, the corresponding parts are denoted by the same reference numerals and detailed description thereof is omitted. To do.

It is a schematic diagram which shows the outline | summary of a control system. It is a block diagram which shows the hardware constitutions of an administrator computer. It is a block diagram which shows the hardware constitutions of an operator computer. It is a block diagram which shows the hardware constitutions of a server computer. It is explanatory drawing which shows the record layout of business DB. It is explanatory drawing which shows the image at the time of determining the processing content. It is explanatory drawing which shows the image of the 2nd generation input screen. It is explanatory drawing which shows the record layout of process content DB. It is explanatory drawing which shows the record layout of a history file. It is explanatory drawing which shows the image at the time of calculating | requiring login permission. It is a flowchart which shows the procedure at the time of an administrator registering the processing content. It is a flowchart which shows the procedure at the time of an administrator registering the processing content. It is a flowchart which shows the procedure at the time of an administrator registering the processing content. It is a flowchart which shows the procedure of a judgment process. It is a flowchart which shows the procedure of a judgment process. It is a flowchart which shows the recording processing procedure of login history. It is a flowchart which shows the recording processing procedure of login history. It is a flowchart which shows the recording processing procedure of login history. It is a flowchart which shows the restriction | limiting process procedure of the process with respect to an operator. It is explanatory drawing which shows the record layout of process content DB after an operator logs in. It is a flowchart which shows the procedure of the change process when an administrator logs in again. FIG. 10 is an explanatory diagram showing an image when determining the processing content according to the third embodiment. FIG. 10 is a block diagram illustrating a hardware configuration of a server computer according to a third embodiment. It is explanatory drawing which shows the record layout of a rule file. It is explanatory drawing which shows the record layout of process content DB in the case of high level. It is explanatory drawing which shows the record layout of process content DB in the case of level. It is a flowchart which shows the procedure of the determination process of a processing content. It is a flowchart which shows the procedure of the determination process of a processing content. FIG. 10 is a block diagram illustrating a configuration of a server computer according to a fourth embodiment.

Explanation of symbols

1 server computer 1A recording medium 2 administrator computer 3 worker computer 11 CPU
13 Input unit 14 Display unit 15 Storage unit 15P Control program 16 Communication unit 18 Clock unit 19 Business DB
21 CPU
22 RAM
23 Input unit 24 Display unit 25 Storage unit 26 Communication unit 31 CPU
32 RAM
33 Input unit 34 Display unit 35 Storage unit 36 Communication unit 151 ID file 152 Processing content DB
153 History file 154 Rule file N Communication network

Claims (7)

In a control device that controls processing for a storage unit that stores data,
A determination means for determining whether the administrator has logged out,
Corresponding to information on a managed person who is permitted to log in to the administrator, the processing content for the storage unit is reduced as the elapsed time from the determination that the administrator has logged out is increased. Storage means for storing in a database;
Means for reading out the processing contents of the managed person from the database based on the elapsed time from the logout of the administrator when the determination means determines that the administrator has logged out;
A control device comprising: means for controlling processing on the storage unit based on the processing contents of the manager read by the means. The storage means
Corresponding to information related to the managed person and other managed persons who are allowed to log in by the one managed person, as the elapsed time after the judging means judges that the manager has logged out increases. The control device according to claim 1, wherein the processing content to be reduced is configured to be stored in the database. The storage means
The processing content corresponding to the information related to the other managed person is configured to store the processing content that is equal to or less than the processing content corresponding to the information related to the one managed person in the database. Control device. After determining that the administrator has logged out by the determining means, auxiliary determining means for determining whether the administrator has logged in again;
The means for changing the processing contents of the one managed person and the other managed person to predetermined processing contents stored in advance in the database when the means determines that the administrator has logged in again. 3. The control device according to 3. In a program for controlling processing on a storage unit for storing data in a computer,
On the computer,
A determination step for determining whether the administrator has logged out,
Corresponding to information on a managed person who is permitted to log in to the administrator, the processing content for the storage unit is reduced as the elapsed time from the determination of the administrator logging out by the determining step increases. A storage step for storing in a database;
When it is determined that the administrator has logged out by the determining step, reading the process contents of the managed person from the database based on the elapsed time from the logout of the administrator;
And a step of controlling a process for the storage unit on the basis of the process contents of the manager read in the step. The storing step includes
Corresponding to the information related to the managed person and other managed persons who are permitted to log in by the one managed person, as the elapsed time from the determination that the administrator logged out by the determining step increases. The program according to claim 5, wherein processing contents to be reduced are stored in a database. In a control method in which processing for a storage unit that stores data in a computer is controlled by the control unit of the computer,
A determination step of determining whether or not the administrator has logged out by the control unit;
Corresponding to information on a managed person who is permitted to log in to the administrator, the processing content for the storage unit is reduced as the elapsed time from the determination of the administrator logging out by the determining step increases. Storing in the database by the control unit;
When it is determined that the administrator has logged out by the determination step, the process of reading the process details of the manager from the database by the control unit based on the elapsed time from the logout of the administrator;
A control method comprising: controlling the process for the storage unit by the control unit based on the process contents of the manager read in the step.

Images