JP2009258942A - User authority management system and program thereof - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a user authority management system and a program thereof for quickly and safely changing user identification information and information related to the user identification information according to the circumstances of a user. <P>SOLUTION: In this user authority management system S, a server device 2 applies system manager identification information to a system manager, and applies unique user identification information 61 to each user of data in order to make an access from a client device 3 to the server 2, and each user information 61, 62, 63, 65, 66 and 67 of the user identification information 61 stored in the storage means 5 are classified for each partial group to which the user is belonging according to the input using the identification information for the system manager in the client device 3, and the server device 2 applies the identification information for the partial group manager having the operation authority of each user information of the user identification information 61 belonging to the partial group to the manager of the partial group. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to user authority management of a system, and more particularly to a user authority management system and a program thereof that can be operated by a plurality of users by providing user identification information for each user authority management user.

2. Description of the Related Art Conventionally, in a system that displays data stored in a Web server device on a client device connected via a network, a user who browses information stored in the Web server device in a building has a unique user ID. This user ID and user information are managed by registering on the Web server device.
By the way, the system administrator of this browsing system is one or a small number.

In addition, when there is a change in the user ID and user information registered in the Web server device, one or a few people go through the user or the group manager of the group to which the user belongs, for example, the manager of the working company. Information is transmitted to the system administrator of the system, and the system administrator is performing setting / changing on the Web server device.
In addition, there exists the following patent document 1 as literature well-known invention concerning this application.
JP 2001-337983 A (Claim 1, FIG. 3, etc.)

By the way, in the above operation method, since there are a large number of unspecified users, the registration / change work becomes enormous, and it is difficult for a small number of system administrators to deal with all of them.
In addition, even if a user is transferred or retired, the transmission of change information to the system administrator may be delayed or delayed in the process of transmission. It may occur that the user ID and user information are not transmitted and are left without the knowledge of the system administrator.

For this reason, a method of managing system administrators in groups is also conceivable, but there is only one server for managing user IDs and other information, as well as leakage of company / tenant information and personal information. It will be connected.
Also, in a Web system that displays data by inputting a user ID and password, information such as the user ID and password is managed on the server, and the work of changing the work itself is very labor intensive.

Conventionally, it has been out of the question that such user information is centrally managed by a system administrator and the group administrator has the authority to display / change user information on the Web.
SUMMARY OF THE INVENTION The present invention has been made in view of the above circumstances, and an object thereof is to provide a user authority management system and a program thereof that can change user identification information and related information quickly and safely according to the user's situation.

  A user authority management system according to a first aspect of the present invention is a user authority management system having a server device for managing data and a client device connected to the server device via a network, the server device being a client device. In order to access the server device from the server, identification information for the system administrator is given to the system administrator, and specific user identification information is given to each user of the data, and each use of the user identification information stored in the storage means The user information is classified for each subgroup to which the user belongs according to the input using the system administrator identification information in the client device, and the server device has the authority to operate each user information of the user identification information belonging to the subgroup. The identification information for the subgroup manager having is provided to the subgroup manager.

  A program for a user authority management system according to the second aspect of the present invention is a program for a user authority management system having a server device for managing data and a client device connected to the server device via a network. , A procedure for giving system administrator identification information for a system administrator for the system administrator to access the server device from the client device, and user identification information for each user of the data to access the server device from the client device Procedure for assigning to each user, Procedure for classifying each user's information in the user identification information stored in the storage means according to the input using the system administrator identification information in the client device for each subgroup to which the user belongs , And user identification information belonging to the subgroup by the manager of the subgroup And to execute the steps of imparting subpopulation administrator identification information for operating the respective user information.

  ADVANTAGE OF THE INVENTION According to this invention, the user authority management system and its program which can change user identification information and the information relevant to this quickly and safely according to a user's condition are realizable.

Embodiments of the present invention will be described below with reference to the accompanying drawings.
<< Overview of Building Management System S >>
FIG. 1 is a conceptual system configuration diagram including hardware showing an outline of a building management system S according to an embodiment of the present invention.
The building management system S according to the embodiment of the present invention is a system that performs tenant management, building facility management, and the like for tenants in a business building. In addition to one or a few system administrators such as a building manager, each tenant Group managers who can know the resident information etc. in detail, for example, the manager responsible for each tenant is the group manager, and this group manager can use the building management system S By deleting and updating the system, the system status that accurately reflects the current status is maintained.

<System configuration>
As shown in FIG. 1, the building management system S includes building facilities 1 such as power supply and air conditioning equipment, and at least one Web server device 2 connected to the building facilities 1 and operating the building management system S. And at least one client device 3 connected to the Web server device 2 via the network 4 and accessing the building management system S.

  Note that the network 4 uses a LAN (Local Area Network) in the building management system S, but is configured to be connected via a WAN (Wide Area Network), the Internet, or the like so that the Web server device 2 can be accessed from the outside. It is also possible and not limited to LAN.

<Client device 3>
The client device 3 is a general-purpose personal computer, and includes a CPU (Central Processing Unit), a main storage device, an auxiliary storage device such as a hard disk, an input device such as a mouse and a keyboard, a printer, a display, and the like (not shown). ) Output device. As long as the client device 3 can communicate with and access the Web server device 2, an information terminal device other than a personal computer such as a PDA (Personal Digital Assistants) can be applied and is not limited to a personal computer.

<Web server device 2>
The Web server device 2 is a computer that responds to requests from the client device 3, and includes a CPU, a main storage device, and an auxiliary storage device such as a hard disk in which a building management system program, an OS (Operating System), and the like are stored. When the building management system S is operated, the building management system program is loaded into the main storage device and executed.

<Database 5>
The auxiliary storage device of the Web server device 2 has a database 5 (hereinafter referred to as DB5) for storing data such as facility operation information and tenant information collected from the various facilities 1 in the building.
As shown in FIG. 1, the DB 5 includes a user ID (Identification) 61, a password 62, and a user used when displaying data stored in the DB 5 of the Web server device 2 on the Web screen of the client device 3. A user registration information table 6 such as a group No. 63n and a user group table 7 in which operation levels 71 of functions such as equipment ledger management, parts management, and maintenance management are registered are stored.

  Note that the user ID 61 for accessing the Web server device 2 can be assigned exclusively to the present system, and the user ID 61 cannot be accessed to other systems, and the user ID of the other system is used for the building management. This user ID 61 is configured to be independent of other systems by making access to the system S impossible.

The DB 5 stores a user registration information database 5a, a group / operation level combination database 5b, and an operation level database 5c which will be described later, and further, equipment ledger management / part management / maintenance related to various facilities 1 in the building. Various databases such as an equipment ledger management database, a parts management database, and a maintenance management database that enable functions such as management are stored.
The building management system program is executed using the data stored in the DB 5, so that the facilities in the building 1 can be managed using functions such as facility ledger management, parts management, and maintenance management related to the facilities 1 in the building. The current situation, data analysis and storage of parts / maintenance management, etc. and management of tenant users will be performed.

  In the building management system S, when the user displays the data stored in the DB 5 of the Web server device 2 on the display of the client device 3, the system administrator of the building management system S preliminarily displays the client device 3. Using the input screen of the building management system S, user registration information unique to each user is stored in the DB 5. When the user uses the user registration information on the client device 3, the data stored in the DB 5 can be inquired.

  Here, a system manager ID (system manager identification information) used when the system manager accesses the building management system S is registered in advance in the DB 5 by the building management system program. The system manager ID can be used to display / operate all functions / work of the building management system S.

The system administrator ID can be assigned exclusively to the system, the system administrator ID cannot be accessed to other systems, and the user ID of the other system is used for the building management system S. This system administrator ID is configured to be independent of other systems, for example, by disabling access.
Further, the DB 5 may be stored other than the Web server device 2 such as a database server, and may not necessarily be stored in the Web server device 2.

<User registration information>
The user registration information of the user who uses the building management system S uses a preset system administrator ID, a user ID 61 unique to the user, a password 62 for each user ID, and a user group to which the user belongs. It is programmed and configured so that 63 can be initialized and registered.
The user ID 61 and password 62 of the user registration information are encrypted and stored in the DB 5, and the password 62 changed by the user after the password 62 for the user ID 61 is initially set is user management (details described later). ) Using the screen G6 (see FIG. 13), only the person can change the setting and keep it private.

  For example, at the initial setting in the building management system S, the password 62 is automatically or artificially set as “999999” and stored in the DB 5, and then the user sets the password 62 as “123456” and stored in the DB 5. In this case, the password 62 encrypted with “123456” is stored in the DB 5. Therefore, the subsequent change of the password 62 can be performed only when logged in with the password 62 set by the user. It should be noted that the password 62 for each user ID 61 can be set to “999999” or the like by the system administrator and group administrator only for the initial setting.

Here, when encrypting the password 62, the input data is converted into an enumeration of numbers and encrypted, the input data is encrypted using a conversion table for encryption, commercially available encryption software is used, etc. And various encryption methods can be selected.
The user group 63 of the user registration information is configured by a combination of operation levels 71 such as registration, editing, deletion, printing, and the like for each function such as maintenance and inspection of the various facilities 1 in the building.

<User Registration Information Database 5a>
FIG. 2 is a diagram showing an example of a user registration information database 5a (hereinafter referred to as user registration information DB 5a).
As shown in FIG. 2, the user registration information DB 5a includes a user number 64 of a serial number, a user group No 63n indicating a user group 63 indicating an operation level 71 for each function, a user ID 61 for identifying a user of the building management system S, the user A password 62 for the ID 61, a user name 65 that is the name of the user, a password update date 66 that is the date when the password 62 is updated, an expiration date 67 that indicates the expiration date of the password 62, and the like. The password update date 66 can be stored using the system date of the date when the password 62 is updated.

Of course, the number of data items in the user registration information DB 5a can be increased or decreased as necessary.
User No. 64 in the user registration information DB 5a is a No assigned in ascending order by the building management system program at the time of registration in the user registration information DB 5a. When the information of the user No. 64 is deleted, only the information of the user No. 64 is deleted. When the user information is newly registered without transferring the user No. 64 in other information, the information is deleted. The user No. 64 of the information is used again.

The user ID 61 of the user registration information DB 5a can be arbitrarily set by a group administrator of a group that is a group of system administrators and tenants. Note that one group of tenants corresponds to one company, group, etc. occupying this building.
Here, when setting the user ID 61, the user ID 61 in the user registration information table 6 (see FIG. 1) is searched by the building management system program so that the user ID 61 is unique, and is not in the user registration information table 6. Only the user ID 61 can be set.

The password 62 of the user registration information DB 5a is a system manager ID or group manager ID (identification information for partial group manager) given to the system manager or group manager by the system manager or group manager only for the initial setting. After the initial setting, only the user who is the user can change the setting and keep it private. The user ID 61 and the password 62 are encrypted and registered in the DB 5 as described above.
The setting of the expiration date 67 of the user registration information DB 5a is a method of setting the number of days determined by some initial setting such as 30 days / 60 days / 90 days / indefinite period in units of 30 days. In addition to this, the expiry date 67 can be set by specifying a date and entering text, and the expiry date 67 can be arbitrarily set. Of course, it is not limited.

<< User group 63 and operation level of each function >>
<Group / operation level combination database 5b>
FIG. 3 is a diagram showing an example of a group / operation level combination database 5b (hereinafter referred to as a group / operation level combination DB 5b) in which the user group 63 and the operation level 71 of each function 10 are combined.
As shown in FIG. 3, the user group 63 registered in the group / operation level combination DB 5b is composed of combinations of the respective functions 10 and operation levels 71, and the user group name 9 is set by this combination. Yes. Corresponding to each user group name 9, user group No 63n is assigned. For example, 1, 2, 3,..., A, B, C,.

For the function 1, function 2, function 3,... In the group / operation level combination DB 5b, for example, user management, facility ledger browsing, maintenance inspection, inspection schedule reference, power consumption billing, energy management function, etc. are appropriately set. ing.
The operation level 71 for the function 1, function 2, function 3,... Indicates the respective operable range for the function 1, function 2,..., For example, “1” of the operation level 71 is registered, The level at which all editing, deletion and printing can be performed, “2” of operation level 71 is a level at which editing, deletion and printing can be performed, and “3” of operation level 71 is the level at which editing and printing can be performed and operation level 71 “4” is a level at which printing is possible.

The system administrator uses the preset system administrator ID to set the operation level of each function 10 (function 1, function 2, function 3,...) Used in the building management system S to the user group 63. It is set for each and registered in the group / operation level combination DB 5b.
For example, as shown in FIG. 3, “1” of the user group No. 63n in the group / operation level combination DB 5b is a user group for system administrators who can perform all operations with all functions, and “1” of the user group No. 63n. “2” is to set a plurality of user groups 63 by combining each function 10 with an operation level 71 such as a user group of a group administrator for general administrators who can perform operations other than user management with each function 10. Can do.

<Operation level database 5c>
FIG. 4 is a diagram illustrating an example of an operation level database 5c (hereinafter referred to as an operation level DB 5c) indicating an operation level 71 for each function of the building management system S that can be set for each user group 63.
As shown in FIG. 4, the operation level 71 in the operation level database 5c is set according to the size of a combination of work items 8 such as user management and registration / editing / deletion / creation of various data files / inquiries of building facilities. Each possible work item stores a flag “1”, and each impossible work item stores a flag “0”.
For example, as shown in the operation level DB 5c of FIG. 4, the operation level 71 “Category 1” is a system management operation level capable of performing all operations, and the operation level 71 “Category 2” is all operations other than user management. A plurality of operation levels for group managers can be set according to the number and combination of work items.

<User ID / user group and operation level of each function>
FIG. 5 is a diagram showing the configuration of the user ID 61 / user group 63 of the user registration information DB 5a and the operation level 71 of each function 10 stored in the group / operation level combination DB 5b and the operation level DB 5c.
As shown in FIG. 5, when registering user information, the system administrator uses a preset ID for the system administrator, and as shown in FIG. 3, the user group 63 is matched to the usage purpose of the user. A system administrator, a group administrator, a general user, a temporary use user, and the like are grouped into a plurality of groups and registered in the group / operation level combination DB 5b of the DB 5. For example, a system administrator corresponds to a building administrator, a DB5b administrator, a network 4 administrator, etc., and a group administrator includes a tenant company manager, a group leader, etc. A general user corresponds to an employee of a tenant company, and a temporary use user corresponds to a construction contractor, a temporary worker, or the like.

After that, as user registration information, the user group 63 registered in advance together with the user ID 61 / password 62 is set and registered.
The system administrator gives the user authority to manage each function 10 by a combination of the user ID 61 and the user group 63, and the user operates the operation level for the function 10 given by the user group 63 as shown in FIG. 71 enables display, operation, and the like on the Web screen displayed on the display of the client apparatus 3 shown in FIG.
Further, when a user management work item is set at the operation level 71 of the function 10 (see FIG. 3) in the user group 63, the user ID of the user registration information is set using the user ID set in the user group 63. Display / registration / editing / deletion can be performed.

  For example, user group No 63n A (see FIG. 3) capable of user management for function 10 is set as the user ID of a group leader of a group, and function 10 user management is performed for the user ID of the group member. If B is set for user group No 63n (see FIG. 3), if the group member changes, the group leader other than the system administrator is user group No 63n A who can manage the user. Registration information can be changed quickly.

Alternatively, a user group 63 that can manage users for the function 10 is set for the person in charge of the building, and the user ID of the temporary visitor or the user who hires for a certain period can be registered. By combining the groups 63, the authorized users of the function 10 can be set to a plurality of persons other than the system administrator.
When the number of users in the user registration information increases, the system administrator uses the system administrator ID that is set in advance, and the user ID 61 / user name 65 / user group 63 user group No 63n / password 62 expiration date 67 Etc. can be stored in the user registration information DB 5a of the DB 5.

Further, when the management authority of the function 10 is given to the group administrator and the operation level 71 in which the user management of the work item is set is set, the building management is performed with the ID for the group manager in which the user group 63 is set. By logging in to the system S, the initial information such as the expiration date 67 of the user ID 61 / user name 65 / user group 63 / password 62 can be obtained on the Web screen of the display of the client device 3 without being a system administrator. It can be registered in the registration information DB 5a.
The group manager ID can be assigned exclusively to the system, making it impossible to access the other system by the group manager ID, and using the user ID of the other system to access the building management system S. This group manager ID is configured to be independent of other systems by making access impossible.

When the system administrator confirms the current user registration information, the user registration information is displayed in a list form on the Web screen displayed on the display of the client device 3 by using a preset system administrator ID. Can be displayed and confirmed.
The user registration information includes the user ID 61 registered as initial information / the user name 65 of the user name 65 / the user group 63 / the expiration date 67 of the password 62, as well as an update date and a setting change indicating the setting change date of the password 62. The number of days elapsed since then can be displayed (see the user information display screen G7 shown in FIG. 7).
Further, user ID 61 / user name 65 / user group 63, etc. can be used as search keys, and user registration information in the user registration information DB 5a can be narrowed down to be displayed / confirmed in a list format as in FIG.

<User registration screen G1>
FIG. 6 is a diagram illustrating an example of the user registration screen G1.
At the time of user information registration, the system administrator uses a preset ID for the system administrator, and as shown in FIG. 3, the user group 63 is divided into a plurality of groups according to the usage of the user. It is registered in the operation level combination DB 5b.
Thereafter, on the user registration screen G1 shown in FIG. 6, the user ID 61 / password 62 is registered as the user registration information, and the user group 63 is registered in the pull-down menu. Further, the expiration date of the password 62 used by the user ID 61 is registered in the password expiration setting 67 from the 30th, 60th, 90th, and unlimited in the pull-down menu. Of course, the password expiration setting 67 may be a text input instead of the pull-down menu.

<User information display screen G2>
FIG. 7 is a diagram illustrating an example of the user information display screen G2.
As shown in FIG. 7, when the user registration information is displayed, the day of the deadline 77 and this day have already passed with respect to the deadline 77 that is the deadline setting of the password 62 for each registered user ID 61. By changing the color of the item of the corresponding user registration information U1, it can be displayed so that the administrator can easily confirm it. In addition, the administrator confirms by changing the color of the item of the corresponding user registration information U2 even when the password 62 is set to the expiration date 77 from the day before the time limit 77 to a predetermined number of days before the time limit 77. Can be displayed easily.

For example, the item of the user registration information U1 that has already passed the password expiration date setting 77 is displayed in red, the user registration information U2 from the previous day to 10 days before the password expiration date is displayed in orange, and the selection check box 70 is displayed. The user registration information U0 with a check mark can be displayed in various ways by a display method such as display in yellow, and the user can be alerted.
Further, when the operation level 71 in which the management authority of the function 10 is given to the group administrator and the inquiry of the work item is set is set, the user is logged into the building management system S with the user ID 61 in which the user group 63 is set. As a result, as shown in FIG. 7, the user registration information can be displayed / confirmed in a list format or the like even if it is not a system administrator. Etc. can be displayed and confirmed in a list format.

When there is a change in the user registration information such as the retirement or transfer of the user, the system administrator uses the ID for the system administrator set in advance, the user ID 61 of the user registration information DB 5a, the user name 65 of the name, It is possible to edit the data stored in the initial information such as the user group No 63n representing the user group 63 and the expiration date 67 of the password expiration date setting.
When the operation level 71 (refer to FIG. 4) in which the management authority of the function 10 is given to the group manager and the editing of the work item is set is set, the ID for the group manager in which the user group 63 is set. By logging in to the building management system S with the user ID 61, it is possible to edit the user registration information without being a system administrator.

  For example, in addition to the system administrator of the building management system S installed in the company, an OA administrator is provided for each department in the company, and the management authority of the function 10 is given to the OA administrator to set editing of the work item. Due to the change in the user group 63 due to personnel changes occurring within the department, or when the expiration date 67 (see FIG. 2) in which the password expiration date is set due to sick leave etc. has already passed, the password 62 cannot be changed, etc. The user registration information can be quickly changed by the operation of the OA administrator who can know these circumstances.

<< User management processing of building management system S >>
Next, the outline of the user management process of the building management system S will be described with reference to FIG. 8 showing the outline of the user management process flow of the building management system S.
As described above, the user management process of the building management system S is performed by executing the building management system program of the building management system S.

As shown in FIG. 8, the user management processing of the building management system S includes A. B. New user ID registration; User ID deletion, C.I. User ID information change.
Here, the operation level 71 of each function 10 registered in the user group 63 is stored in the group / operation level combination DB 5b (see FIG. 3) in advance by the system administrator (see FIG. 3). (Not shown). Note that the information of the user group 63 gives operating authority only to the system administrator. Note that, depending on the type of the function 10, it may be configured to give the operation authority to the group administrator.

<New user ID registration>
A. When a new user ID is registered (see FIG. 8), a user ID 61 given in advance in the user ID input field G3a is entered on the login screen G3 shown in FIG. 10 of the initial screen of the building management system S, and a password is entered. In the field G3b, the user's assigned password 62 is entered and the login button G3c is pressed.
Then, the menu screen G4 shown in FIG. 11 is displayed. When the user management G4a is selected from the menu G41, the user management (list) shown in FIG. 12, which is one of the user information display screen G2 shown in FIG. A screen G5 is displayed.

  On the user management (list) screen G5 (see FIG. 12), the user ID 61 and the name of the user are entered in the user ID input field G5a and the name input field G5b, respectively. Then, the affiliation name, user group 63, and password expiration date are selected and input from the pull-down menus in the affiliation name input field G5c, user group input field G5d, and password expiration date setting input field G5e, and the new button G5f is pressed. As described above, the password expiration setting input field G5e is configured to select from 30 days / 60 days / 90 days / indefinite period in units of 30 days.

  As a result, new data is recorded in the user ID 61, user name 65, affiliation name (not shown), user group No 63n, and expiration date 67 in the user registration information DB 5a shown in FIG. A-1 user ID registration, A-3 name / affiliation name registration, A-4 user ID registration for A-4, and A-5 password expiration registration. In the password registration of A-2, the default value “999999” is registered in advance in the user registration information DB 5a as an initial setting. Further, the user group No 63n is configured such that the input user group 63 is converted and registered into the user group No 63n by the function of the building management system program.

<Delete user ID>
B. When the user ID is deleted (see FIG. 8), the user ID 61 previously given to the user ID input field G3a is entered on the login screen G3 shown in FIG. 10 of the initial screen of the building management system S, and the password input field In G3b, the user's assigned password 62 is input, and the login button G3c is pressed.
Then, the menu screen G4 shown in FIG. 11 is displayed. When the user management G4a is selected from the menu G41, the user management (list) screen G5 shown in FIG. 12 is displayed.

In the user management (list) screen G5, the user ID 61 to be deleted is searched by scrolling, the selection check box G5j1 of the user ID 61 is checked, and the delete button G5h is pressed.
As a result, the user registration information DB 5a shown in FIG. 2 is searched with the input user ID 61, and the information of the corresponding user ID 61, that is, the information in one line of the user registration information DB 5a shown in FIG. .

<User ID information change>
C. When changing the user ID information (see FIG. 8), in the login screen G3 shown in FIG. 10 of the initial screen of the building management system S, the user ID 61 previously given to the user ID input field G3a is entered and the password is entered. Enter your password in the field G3b and press the login button G3c.
Then, the menu screen G4 shown in FIG. 11 is displayed. When the user management G4a is selected from the menu G41, the user management screen (list) shown in FIG. 12, which is one of the user information display screen G2 shown in FIG. ) G5 is displayed.

  On the user management (list) screen G5 (see FIG. 12), the user ID 61 to be changed is searched by scrolling, and the selection check box G5j1 of the user ID 61 is checked and selected (C-1 in FIG. 8). Then, the user ID 61 to be changed is input to the user ID input field G5a (C-2 in FIG. 8), and the name of the user to be changed is input to the name input field G5b (C-3 in FIG. 8). In the input field G5c, the user group input field G5d, and the password expiration setting input field G5e, the affiliation name of the user to be changed (C-3 in FIG. 8) and the user group name of the user to be changed (C- in FIG. 8). 4) and password expiration date setting (C-5 in FIG. 8) are selected and input from the pull-down menu, and the detail / change button G5g is pressed.

  Thus, the user registration information DB 5a shown in FIG. 2 is searched with the selected user ID 61, and the changed user ID, changed name, affiliation name, changed user group, and password expiration date setting are respectively shown in FIG. The user ID 61, the user name 65, the affiliation name field (not shown), the user group No 63n, and the expiration date 67 of the user registration information DB 5a shown in FIG. As the password update date 66, the system date on which the user ID information is changed is recorded.

<< Processing by users of building management system S >>
Next, processing by the user of the building management system S will be described with reference to FIG. FIG. 9 shows an example of possible processing functions for each user of the building management system S.
This processing by the user is performed by executing the building management system program of the building management system S.

  As described above, the operation level 71 of each function 10 registered in the user group 63 is stored in advance in the user group information screen (FIG. 3) for the system administrator to record in the user group / operation level combination DB 5b of FIG. Register at (not shown). In the building management system S, only the system administrator is authorized to operate the user group 63 information.

As user management processing of the building management system S, as shown in FIG. B. New user registration User ID deletion, C.I. Although there are three processes for changing user ID information, the system administrator is configured to perform all processes A, B, and C.
Here, group A and sub-group A ′ in the lower layer of group A are illustrated, and group A manager, sub-group A ′ manager, and sub-group A ′ user are grouped under the system administrator from the top. Suppose that there is.

<User management of system administrator>
The system administrator is configured to have all authority for processing of the building management system S by using the user ID 61 of the system administrator ID and the password 62 for the system administrator.
For example, the system administrator is given (1) user group registration and the authority of (2) user ID registration to a new user. As shown in FIG. For (2) user ID registration and (1) user group registration, the user ID 61 of the system administrator ID is entered in the user ID input field G3a of the login screen G3 shown in FIG. A password for the system administrator is input to the input field G3b, and the login button G3c is pressed.

Then, the menu screen G4 shown in FIG. 11 is displayed. When the user management G4a is selected from the menu G41, the user management (list) screen G5 shown in FIG. 12, which is one of the user information display screens G2 shown in FIG. Is displayed, the user ID 61 to be given to the new user is entered in the user ID input field G5a, and the user group 63 to be given to the new user is selected and entered from the pull-down menu in the user group input field G5d. Then, the new button G5f is pressed.
Thereby, the user ID 61 and the user group 62 are given to the new user, and the user ID 61 and the user group 62 of the new user are registered in the user registration information DB 5a (see FIG. 2).

<User management of group A administrator>
Since the group administrator is configured to have the user authority of the group to which the group belongs, as shown in FIG. 9, the group A administrator is given the group A user authority.
In other words, for the group A administrator, by using the user ID 61 and password 62 of the group A administrator ID, for example, (2) user ID registration and (3) user only for the authorized group A ID deletion, and (4) a. A user group and b. It is configured so that user ID information can be changed when the password expires.

  When the group A administrator performs (2) user ID registration, the user ID 61 of the group A administrator ID given in advance to the user ID input field G3a of the login screen G3 shown in FIG. In the password input field G3b, enter the password 62 for the group A administrator, and press the login button G3c. As the password 62, the initially set password “999999” is initially used, but thereafter, the password 62 changed by the group A administrator himself / herself using the user management (detail) screen G6 shown in FIG. use.

Subsequently, a menu screen G4 shown in FIG. 11 is displayed. When the user management G4a is selected from the menu G41, a user management (list) screen G5 shown in FIG. 12 is displayed. In the user management (list) screen G5, a user ID to be given to a new user is entered in the user ID input field G5a, and a new button G5f is pressed.
Thereby, a user ID 61 is given to a new user of group A, and a user ID 61 of a new user of group A is registered in the user registration information DB 5a (see FIG. 2).

  When the group A administrator (3) deletes a user ID, he or she scrolls from the user details list G5j on the user management (list) screen G5 shown in FIG. 12 of the (2) user ID registration operation. The user ID 61 to be deleted is searched, the selection check box G5j1 for the user ID 61 to be deleted is checked, and the delete button G5h is pressed. Thereby, the information of the corresponding user ID 61 is deleted from the user registration information DB 5a (see FIG. 2).

Group A administrator (4) a. When changing the user ID information of the user group, in the user management (list) screen G5 shown in FIG. 12 of (2) User ID registration operation, the user ID 61 to be changed by scrolling or the like is changed from the user detail list G5j. Search and check the selection check box G5j1 of the corresponding user ID 61, and press the detail / change button G5g.
Then, the user management (details) screen G6 shown in FIG. 13 is displayed. In this user management (details) screen G6, the user group 63 to be changed is selected and input from the pull-down menu in the user group input field G6f. Then, the registration button G6o is pressed. FIG. 13 is a diagram showing a user management (details) screen G6 of the building management system S.

Group A administrator (4) b. When changing the user ID information of the password expiration date, in the user management (list) screen G5 shown in FIG. 12, the user ID 61 to be changed is searched from the user detail list G5j, and a check box for selecting the corresponding user ID 61 is selected. Check G5j1, select and enter the time limit to be changed from the pull-down menu in the password time limit setting field G5e, and press the detail / change button G5g.
By this operating, the expiration date 67 of the corresponding user ID 61 in the user registration information DB 5a (see FIG. 2) is updated.

<User management of subgroup A 'administrator>
Since the administrator of the subgroup is configured to have the user authority of the subgroup, as shown in FIG. 9, the user authority of the subgroup A ′ is given to the administrator of the subgroup A ′.
That is, by using the user ID 61 and password 62 of the subgroup A ′ administrator ID for the subgroup A ′ administrator, for example, (2) the user ID only for the subgroup A ′ that has been authorized. Registration, (3) user ID deletion, and (4) a. A user group, b. It is configured so that user ID information can be changed when the password expires.

When the subgroup A ′ administrator performs (2) user ID registration, (3) user ID deletion, and (4) user ID information change, the user ID input field G3a on the login screen G3 shown in FIG. The user ID 61 of the subgroup A ′ administrator ID assigned in advance is input, the password 62 for the subgroup A ′ administrator is input in the password input field G3b, and the login button G3c is pressed. As the password 62, the password “999999” that is initially set is initially used, but after that, the subgroup A ′ administrator sets it by himself using the user management (detail) screen G 6 shown in FIG. The password 62 is used.
Since the subsequent processing is the same as the user management of the group A administrator, description thereof will be omitted.

<Sub-group A 'user operation processing>
When using the building management system S, the subgroup A ′ user first performs an operation of registering his / her own password 62 in the user registration information DB 5a (see FIG. 2).
That is, the subgroup A ′ user has a user ID 61 previously assigned to one of the system administrator, the group A administrator, and the subgroup A ′ administrator in the user ID input field G3a of the login screen G3 shown in FIG. , The password “999999” to be initialized is input to the password input field G3b, and the login button G3c is pressed.

Then, the menu screen G4 shown in FIG. 11 is displayed. When the password change G4b is selected from the menu G41, the user management (detail) screen G6 shown in FIG. 13 is displayed. In G6, the password 62 determined by the subgroup A ′ user is input in the password input field G6c, and the registration button G6o is pressed.
By this operation, the record of the corresponding user ID 61 is searched in the user registration information DB 5a (see FIG. 2), and the password 62 of the user ID 61 of the subgroup A ′ user is updated.

Thus, the subgroup A ′ user can use the building management system S by using the assigned user ID 61 and the password 62 determined by the user. The password 62 used by the subgroup A ′ user may be configured to use a password previously given by any one of the system administrator, the group A administrator, and the subgroup A ′ administrator.
When the subgroup A ′ user uses the building management system S, he / she enters the assigned user ID 61 in the user ID input field G3a of the login screen G3 shown in FIG. 10 and himself / herself in the password input field G3b. A predetermined password 62 is input and the login button G3c is pressed.

Subsequently, the menu screen G4 shown in FIG. 11 is displayed. When the user management G4a is selected from the menu G41, one user management (list) screen G5 (FIG. 12) of the user information display screen G2 shown in FIG. Browse) is displayed.
Here, for example, as shown in FIG. 7, the item of the user registration information U1 that has already passed the password expiration date setting 77 is displayed in red, and the user registration information U2 from the previous day to 10 days before the password expiration date setting. Is displayed in orange. Therefore, the subgroup A ′ user can easily recognize the expiration date of the current password 62.

Therefore, when the subgroup A ′ user updates the password 62, first, in the user management (list) screen G5 shown in FIG. 12, the user ID 61 is searched by scrolling or the like, and the user ID 61 is selected. The check box G5j1 is checked, and the time limit to be changed is selected and input from the pull-down menu in the password time limit setting field G5e, and the detail / change button G5g is pressed.
Then, the user management (detail) screen G6 shown in FIG. 13 is displayed. In this user management (detail) screen G6, the password 62 to be updated by the subgroup A ′ user is entered in the password input field G6c and registered. The button G6o is pressed.
By this operation, the user registration information DB 5a (see FIG. 2) is searched with the input user ID 61 of the subgroup A ′ user, and the password 62 and the expiration date 67 of the user ID 61 of the subgroup A ′ user are updated. .

On the other hand, in the authority table G6h of the user management (detail) screen G6 shown in FIG. 13, the function that can be performed in the building management system S by the subgroup A ′ user is indicated by “◯”, while the function that cannot be performed is “−”. ". This is because the user group No. 63n indicating the user ID 61 / user group 63 stored in the user registration information DB 5a shown in FIG. 2 related to the subgroup A ′ user, the group / operation level combination DB 5b shown in FIG. 3, and FIG. The configuration for the operation level 71 of each function 10 of the operation level DB 5c shown is displayed as the authority table G6h of the user management (detail) screen G6 (see FIG. 13).
Therefore, the subgroup A ′ user visually checks the authority table G6h on the user management (details) screen G6 (see FIG. 13), confirms the functions that can be performed by the user, and from the menu G41 shown in FIG. It is possible to select a menu that can be performed by itself, such as facility management ledger management, and to perform management, inquiry, etc. related to various facilities 1 in the building such as power supply and air conditioning.

<< Summary >>
As described above, the building management system S is a system that displays data stored in the DB 5 of the Web server device 2 on the client device 3 connected via the network 4, and manages the Web server device 2. The system administrator classifies the unique user ID 61 information given to each user to access the Web server device 2 from the system administrator into groups such as departments and sections, and the system administrator gives the group management authority. This is also given to a given group manager. When the user ID 61 is changed, not only the system manager but also the group manager can change / register / delete data.

  With this configuration, the management authority such as the user ID 61 given to access the Web server device 2 is also given to the manager of the group to which the system administrator has given the user management authority, thereby changing the information such as the user ID 61. / Registration / deletion work can now be performed not only by system administrators but also by group administrators, and can be handled quickly and safely in the event of a sudden change, retirement or entry of a user who is a group member. Can reduce the work of system administrators.

Further, by giving user management authority to the group manager, the group manager displays the setting change date / elapsed days / expiration date of the password 62 set for each user ID 61 on the Web screen of the display of the client device 3. In addition, when the expiration date has already passed, it can be easily determined by displaying it by color coding or the like. Therefore, it is possible to change information smoothly and appropriately according to the situation of the user.
In addition, when the expiration date of the password 62 has already passed due to the situation of the user, not only the system administrator but also the group administrator who has been given the user management authority for each user ID 61 classified into the group in charge It is possible to change the expiration date of the password setting set in “3” on the Web screen displayed on the display of the client apparatus 3 and register it in the DB 5.

In addition, the password 62 for each user ID 61 can be set by the system administrator and the group administrator only in the initial setting, and the setting change after the initial setting can be made private only by the user himself / herself, and the user information is displayed on the screen. Browsing is not allowed.
Further, information such as the user ID 61 and password 62 is encrypted at the time of registration in the DB 5 to prevent leakage of information such as personal information and company information, thereby enhancing the security effect.

Further, the operation level 71 of the function 10 provided on the Web screen of the client device 3 can be set on the Web screen of the client device 3 not only by the system administrator but also by a group administrator who has been given user management authority. it can.
In addition, the user ID 61 managed by users including the system administrator, group administrator, and subgroup A ′ administrator can be used in various other systems used in buildings. It is configured to be managed independently of the system.

In this embodiment, the user ID 61, the system administrator ID, the group A administrator ID, and the subgroup A ′ are used as the user identification information, system administrator identification information, and subgroup administrator identification information, respectively. The administrator ID has been described as an example, but if it can identify a user, a system administrator, a group administrator, and a subgroup A ′ administrator, it is recorded in an RFID tag (Radio Frequency Identification Tag). It is also possible to use various information and the like, and the information is not necessarily limited to the ID.
In the present embodiment, the password is exemplified as the authentication information. However, as long as authentication can be performed, it is needless to say that anything other than the password, such as human body authentication such as a fingerprint, can be applied.
Further, the user ID 61, the system manager ID, the group A manager ID, and the subgroup A ′ manager ID described in this embodiment may be assigned to a plurality of persons.

  In the present embodiment, the building management system S has been described as an example. However, the present invention can be effectively applied to a wide range of systems as long as the system manages user authority as in the present embodiment.

It is a conceptual system block diagram including the hardware which shows the outline of the building management system of embodiment of this invention. It is a figure which shows the example of the user registration information database of embodiment. It is a figure which shows the example of the group and operation level combination database which combined the user group of embodiment, and the operation level of each function. It is a figure which shows the example of the operation level database which shows the operation level for every function of the building management system which can be set for every user group of embodiment. It is a figure which shows the structure about the user ID / user group of the user registration information database of embodiment, and the operation level of each function of a group and operation level combination database, and an operation level database. It is a figure which shows an example of the user registration screen of embodiment. It is a figure which shows an example of the user information display screen of embodiment. It is a figure which shows the outline | summary of the user management processing flow of the building management system of embodiment. 1 illustrates an example of possible processing functions for each user of the building management system of the embodiment. It is a figure which shows the initial screen of the building management system of embodiment. It is a figure which shows the menu screen of the building management system of embodiment. It is a figure which shows the user management screen (list) of the building management system of embodiment. It is a figure which shows the user management (detail) screen of the building management system of embodiment.

Explanation of symbols

S Building management system (user authority management system)
2 Web server device (server device)
3 Client device 1 to Client device n
4 network 5 database (storage means)
6 User registration information table (storage means)
10 Function 1 to Function n (System authority function)
61 User ID (user identification information, user information, data)
62 Password (authentication information, user information, data)
63 User group (user authority, user information, data)
65 User name (user information, data)
66 Password update date (setting date, user information, data)
67 Expiration Date (User Information)
71 Operation level

Claims (17)

A user authority management system having a server device for managing data and a client device connected to the server device via a network,
The server device provides system administrator identification information to a system administrator and user identification information to each user of the data in order to access the server device from the client device,
Each user information of the user identification information stored in the storage means is classified according to the input using the system administrator identification information in the client device for each subgroup to which the user belongs,
The server device provides identification information for a partial group manager who has the authority to operate each user information of the user identification information belonging to the partial group to a manager of the partial group. . The user information of the user identification information classified for each of the subgroups is changed according to an input using the identification information for the subgroup manager in the client device. User authority management system. Information including the set date for setting the authentication information set for each user identification information classified for each subgroup and registered in the storage means, the number of days since the set date, and the expiration date of the authentication information, The user authority management system according to claim 1 or 2, wherein the user authority management system is displayed in accordance with an input using the identification information for the subgroup manager in the client device. When the expiration date of the authentication information set for each user identification information classified for each subgroup has passed, it is registered in the storage means according to the input using the subgroup manager identification information in the client device The user authority management system according to any one of claims 1 to 3, wherein an expiration date of the authentication information is changed or the user identification information is deleted. The authentication information can be reset according to an input using the user identification information in the client device, and the reset authentication information includes the system administrator identification information and the subgroup administrator identification information. The user authority management system according to any one of claims 1 to 4, wherein each of the used accesses is not disclosed. The user authority management system according to any one of claims 3 to 5, wherein the user identification information and the authentication information are each encrypted when registered in the storage unit. . In accordance with an input using the identification information for the system manager or an input using the identification information for the subgroup manager in the client device, a high to low operation level is set for the system authority function provided in the client device. The user authority management system according to any one of claims 1 to 6, wherein According to an input using the identification information for the system manager in the client device or an input using the identification information for the subgroup manager, any of the user information of at least the data and the user identification information provided in the client device The user authority management system according to any one of claims 1 to 7, wherein a user authority is set for each of the user identification information for the system authority function. 9. The system administrator identification information, the subgroup administrator identification information, and the user identification information are independent of other systems, respectively. 9. User authority management system. A user authority management system program comprising a server device for managing data and a client device connected to the server device via a network,
On the computer,
A procedure for giving the system administrator identification information for a system administrator for the system administrator to access the server device from the client device;
A procedure for giving user identification information for each user of the data to access the server device from the client device;
A procedure for classifying each user's information in the user identification information stored in the storage means according to an input using the system administrator identification information in the client device for each subgroup to which the user belongs; and
The program of the user authority management system for performing the procedure which provides the identification information for partial group managers for the administrator of the said partial group to operate each user information of the said user identification information which belongs to the said partial group. The procedure for changing each user information of the user identification information classified for each of the subgroups according to an input using the subgroup manager identification information in the client device. User authority management system program. Information including the set date for setting the authentication information set for each user identification information classified for each subgroup and registered in the storage means, the number of days elapsed from the set date, and the expiration date of the authentication information, The program of the user authority management system of Claim 10 or 11 for performing the procedure displayed according to the input which uses the said identification information for partial group managers in the said client apparatus. When the expiration date of the authentication information set for each user identification information classified for each subgroup has passed, it is registered in the storage means according to the input using the subgroup manager identification information in the client device. The program of the user authority management system as described in any one of Claims 10-12 for performing the procedure of changing the expiration date of the said authentication information or deleting the said user identification information. Re-setting the authentication information according to an input using the user identification information in the client device; and
14. The procedure for making the reset authentication information private for access using the system administrator identification information and the subgroup administrator identification information, respectively. The program of the user authority management system as described in any one of them. The user authority management system according to any one of claims 12 to 14, for executing a procedure of encrypting the user identification information and the authentication information when each of the user identification information and the authentication information is registered in the storage unit. program. In order to execute a procedure for setting a high to low operation level for a system authority function provided by the client device according to an input using the identification information for the system manager or an input using the identification information for the subgroup manager The program of the user authority management system as described in any one of Claims 10-15. According to an input using the identification information for the system manager in the client device or an input using the identification information for the subgroup manager, any of the user information of at least the data and the user identification information provided in the client device The program of the user authority management system as described in any one of Claims 10-16 for performing the procedure which sets the user authority for every said user identification information with respect to the system authority function concerning .

Images