JP2010020525A - Retrieval device, computer program, and retrieval method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To enhance a retrieval speed, and to flexibly deal with the change of access authority. <P>SOLUTION: A user attribute decision part 141 decides the attributes of a user who includes designated retrieval conditions. A user role decision part 142 decides the role of the user on the basis of attributes decided by the user attribute decision part 141. A user authority decision part 143 decides the access authority of the user on the basis of the role decided by the user role decision part 142. A retrieval object extraction part 144 extracts retrieval object data whose access authority lies in the user from among the retrieval object data stored in a retrieval object storage part 122 on the basis of the access authority decided by the user authority decision part 143. A data retrieval part 152 retrieves the retrieval object data satisfying the retrieval conditions from among the retrieval object data extracted by the retrieval object extraction part 144. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a search device for searching for data that has a user's access right and meets search conditions from data to be searched.

With the shift to IT in business, the digitization of documents has progressed, and data such as electronic document files managed by the electronic document management system has reached a huge amount. When searching for data matching the search conditions from such a large number of data, it takes time to search.
Also, there are cases where users who can access data are restricted from the viewpoint of security. In that case, since the data for which the user who has searched does not have access authority must be excluded from the search result, it is necessary to add processing for checking the access authority for the data.
As a technique for solving such a problem, for example, there is a technique described in Patent Document 1.
JP 2004-164555 A JP 2005-85113 A JP 2006-99736 A JP 2001-167113 A JP 2003-67250 A JP 2006-268700 A

The relationship between a user and data to which the user has access authority may change due to various factors.
For example, when a user is removed from a project due to personnel changes, the user loses the access authority to data that could be browsed until then, and cannot browse.
In addition, data that can only be viewed by a specific user of a project may be viewable by a general user when the project is made public. In addition, since the data confidentiality period has expired, it may be possible for general users to browse.
The present invention has been made, for example, in order to solve the above-described problems. The present invention improves the speed of searching for data that matches a search condition from a large amount of data, and also provides a user and a user thereof. The purpose is to be able to respond flexibly even if the relationship with the data to which the user has access authority changes.

A search device according to the present invention includes a storage device that stores data, a processing device that processes data, a search target storage unit, a user attribute determination unit, a user role determination unit, and a user authority determination unit. A search object extraction unit, a search condition input unit, a data search unit, and a search result output unit,
The search target storage unit stores search target data to be searched using the storage device,
The search condition input unit inputs the search condition specified by the user using the processing device,
The user attribute determination unit determines an attribute of the user who specified the search condition using the processing device,
The user role determination unit determines the role of the user who specified the search condition based on the attribute determined by the user attribute determination unit using the processing device,
The user authority determination unit determines the access authority of the user who specified the search condition based on the role determined by the user role determination unit using the processing device,
The search target extraction unit specifies the search condition from the search target data stored in the search target storage unit based on the access authority determined by the user authority determination unit using the processing device. Extract search target data to which the user has access authority,
The data search unit uses the processing device to search for search target data satisfying the search condition input by the search condition input unit from the search target data extracted by the search target extraction unit,
The search result output unit outputs the search result searched by the data search unit using the processing device.

  According to the search device according to the present invention, the range in which the data search unit searches for the search target data that meets the search condition is limited to the search target data to which the user who has specified the search condition has access authority. Time can be shortened. In addition, the user attribute determination unit determines the user attribute, the user role determination unit determines the role from the user attribute, and the user authority determination unit determines the access authority from the user role. When the range of the search target data to which the user has access authority changes due to various factors, it is possible to respond flexibly.

Embodiment 1 FIG.
The first embodiment will be described with reference to FIGS.

FIG. 1 is a system configuration diagram showing an example of the overall configuration of a search system 800 in this embodiment.
The search system 800 includes a search device 100, an administrator terminal device 810, and a user terminal device 820.
The search device 100 stores management information data and search target data. The management information data is data representing management information used to determine whether the user has the authority to access the search target data.
The administrator operates the administrator terminal device 810 to specify management information. The administrator terminal device 810 inputs management information designated by the administrator according to the operation of the administrator. The administrator terminal device 810 transmits management information data representing the input management information to the search device 100.
The search device 100 receives the management information data transmitted by the administrator terminal device 810, and updates the stored management information data based on the received management information data.
The user operates the user terminal device 820 to specify a search condition. The user terminal device 820 inputs search conditions specified by the user in accordance with the user's operation. The user terminal device 820 transmits data representing the input search condition (hereinafter referred to as “search condition data”) to the search device 100.
The search device 100 receives the search condition data transmitted from the user terminal device 820 and, based on the search condition represented by the received search condition data, searches the search target data satisfying the search condition from the stored search target data. Search for. At this time, based on the management information represented by the stored management information data, the search apparatus 100 determines whether or not the user has access authority for each search target data, and the search for which the user has access authority. Only the target data is searched, and the search target data for which the user does not have access authority is not searched. The search device 100 transmits data representing the search result (hereinafter referred to as “search result data”) to the user terminal device 820.
The user terminal device 820 receives the search result data transmitted from the search device 100 and presents the search result represented by the received search result data to the user by displaying it.

FIG. 2 is a diagram showing an example of the appearance of the search device 100, the administrator terminal device 810, and the user terminal device 820 in this embodiment.
The search device 100, the administrator terminal device 810, and the user terminal device 820 include a system unit 910, a display device 901 having a CRT (Cathode / Ray / Tube) or LCD (liquid crystal) display screen, and a keyboard 902 (Key / Board: K / B), mouse 903, FDD904 (Flexible / Disk / Drive), compact disk device 905 (CDD), printer device 906, scanner device 907, and other hardware resources, which are connected by cables and signal lines. Yes.
The system unit 910 is a computer, and is connected to the facsimile machine 932 and the telephone 931 via a cable, and is connected to the Internet 940 via a local area network 942 (LAN) and a gateway 941.

FIG. 3 is a diagram illustrating an example of hardware resources of the search device 100, the administrator terminal device 810, and the user terminal device 820 in this embodiment.
The search device 100, the administrator terminal device 810, and the user terminal device 820 include a CPU 911 (also referred to as a central processing unit, a central processing unit, a processing unit, a processing unit, a microprocessor, a microcomputer, or a processor) that executes a program. I have. The CPU 911 is connected to the ROM 913, the RAM 914, the communication device 915, the display device 901, the keyboard 902, the mouse 903, the FDD 904, the CDD 905, the printer device 906, the scanner device 907, and the magnetic disk device 920 via the bus 912, and the hardware. Control the device. Instead of the magnetic disk device 920, a storage device such as an optical disk device or a memory card read / write device may be used.
The RAM 914 is an example of a volatile memory. The storage media of the ROM 913, the FDD 904, the CDD 905, and the magnetic disk device 920 are an example of a nonvolatile memory. These are examples of a storage device or a storage unit.
A communication device 915, a keyboard 902, a scanner device 907, an FDD 904, and the like are examples of an input unit and an input device.
Further, the communication device 915, the display device 901, the printer device 906, and the like are examples of an output unit and an output device.

The communication device 915 is connected to a facsimile machine 932, a telephone 931, a LAN 942, and the like. The communication device 915 is not limited to the LAN 942, and may be connected to the Internet 940, a WAN (wide area network) such as ISDN, or the like. When connected to a WAN such as the Internet 940 or ISDN, the gateway 941 is unnecessary.
The magnetic disk device 920 stores an operating system 921 (OS), a window system 922, a program group 923, and a file group 924. The programs in the program group 923 are executed by the CPU 911, the operating system 921, and the window system 922.

The program group 923 stores a program for executing a function described as “˜unit” in the description of the embodiment described below. The program is read and executed by the CPU 911.
The file group 924 includes information, data, signal values, variable values, and parameters that are described as “determination results of”, “calculation results of”, and “processing results of” in the description of the embodiments described below. Are stored as items of “˜file” and “˜database”. The “˜file” and “˜database” are stored in a recording medium such as a disk or a memory. Information, data, signal values, variable values, and parameters stored in a storage medium such as a disk or memory are read out to the main memory or cache memory by the CPU 911 via a read / write circuit, and extracted, searched, referenced, compared, and calculated. Used for CPU operations such as calculation, processing, output, printing, and display. Information, data, signal values, variable values, and parameters are temporarily stored in the main memory, cache memory, and buffer memory during the CPU operations of extraction, search, reference, comparison, operation, calculation, processing, output, printing, and display. Is remembered.
In addition, the arrows in the flowcharts described in the following description of the embodiments mainly indicate input / output of data and signals. The data and signal values are the RAM 914 memory, the FDD 904 flexible disk, the CDD 905 compact disk, and the magnetic field. The data is recorded on a recording medium such as a magnetic disk of the disk device 920, another optical disk, a mini disk, or a DVD (Digital Versatile Disk). Data and signals are transmitted online via a bus 912, signal lines, cables, or other transmission media.

  In the description of the embodiments described below, what is described as “to part” may be “to circuit”, “to device”, and “to device”, and “to step” and “to”. “Procedure” and “˜Process” may be used. That is, what is described as “˜unit” may be realized by firmware stored in the ROM 913. Alternatively, it may be implemented only by software, or only by hardware such as elements, devices, substrates, and wirings, by a combination of software and hardware, or by a combination of firmware. Firmware and software are stored as programs in a recording medium such as a magnetic disk, a flexible disk, an optical disk, a compact disk, a mini disk, and a DVD. The program is read by the CPU 911 and executed by the CPU 911. That is, the program causes the computer to function as “to part” described below. Alternatively, the procedure or method of “to part” described below is executed by a computer.

FIG. 4 is a block configuration diagram showing an example of a functional block configuration of the search device 100 according to this embodiment.
The search apparatus 100 includes a management information input unit 111, a management information update unit 112, a user attribute storage unit 113, a role condition storage unit 114, a role authority storage unit 115, a group condition storage unit 116, a search target update unit 121, and a search target. Storage unit 122, affiliation extraction unit 123, affiliation update unit 124, group affiliation storage unit 125, replication storage unit 126, authentication storage unit 131, authentication input unit 132, authentication determination unit 133, user identification storage unit 134, user attribute It has a determination unit 141, a user role determination unit 142, a user authority determination unit 143, a search target extraction unit 144, a search condition input unit 151, a data search unit 152, and a search result output unit 153.

  The management information input unit 111 receives management information data transmitted from the administrator terminal device 810 using the communication device 915. The management information input unit 111 uses the CPU 911 to output the received management information data.

The management information update unit 112 uses the CPU 911 to input the management information data output from the management information input unit 111. The management information update unit 112 uses the CPU 911 to update the management information data stored in the search device 100 based on the input management information data.
The management information data stored by the search device 100 includes user attribute data, role condition data, role authority data, group condition data, and the like.

  The user attribute storage unit 113 uses the magnetic disk device 920 to store user attribute data among the management information data. User attribute data is data representing a combination of a user and the attributes of the user.

FIG. 5 is a diagram showing an example of user attribute data 510 stored in the user attribute storage unit 113 in this embodiment.
User attribute data 510 (user information) includes, for example, user identification data 511, affiliation organization data 512, post data 513, employee division data 514, assignment division data 515, and other attribute data 516 as a set of data (hereinafter ""User information data") includes one or more user information data.

The user identification data 511 is character string data representing a character string that uniquely identifies a user, such as a user ID.
Affiliated organization data 512 is character string data representing an organization to which the user belongs.
The post data 513 is character string data representing the post of the user.
The employee classification data 514 is character string data representing the employee classification of the user.
The assignment category data 515 is character string data representing the assignment category of the user.
The other attribute data 516 is character string data representing attributes other than those described above that the user has.
The user's organization, job title, employee classification, assignment classification, etc. are examples of attributes that the user has.

The user attribute data 510 in this example indicates that, for example, a user whose user identification data 511 is “sato” is in charge of the A section A1 and is a regular employee.
In addition, the user whose user identification data 511 is “tanaka” indicates that he / she is a general manager of the B section and a section manager of the A section A1 and participates in the project A.

  Returning to FIG. 4, the description of the functional blocks of the search device 100 will be continued.

  The role condition storage unit 114 uses the magnetic disk device 920 to store role condition data among the management information data. The role condition data is data representing a combination of a condition regarding a user attribute (hereinafter referred to as “attribute condition”) and a role (role) possessed by the user who satisfies the attribute condition.

FIG. 6 is a diagram illustrating an example of role condition data 520 stored in the role condition storage unit 114 according to this embodiment.
The role condition data 520 (role information) includes role identification data 521, role name data 522, and attribute condition data 523 as a set of data (hereinafter referred to as “role information data”). Including.

The role identification data 521 (role ID) is character string data representing a character string that uniquely identifies a role.
The role name data 522 is character string data representing the name of the role.
The attribute condition data 523 is character string data representing an attribute condition for the user to have that role. That is, when the user satisfies the attribute condition represented by the attribute condition data 523, the user has the role.

In the role condition data 520 in this example, for example, in order for the user to have a role whose role identification data 521 is “ROL001”, the “title” attribute represented by the title data 513 of the user attribute data 510 is “in charge”. This means that it is a condition. When this is applied to the user attribute data 510 shown in FIG. 5, a user having a role whose role identification data 521 is “ROL001” is a user or user whose user identification data 511 is “sato”. It can be seen that the user whose identification data 511 is “suzuki” and the user whose user identification data 511 is “takahashi”.
In addition, for example, in order for a user to have a role whose role identification data 521 is “ROL006”, the “employee” data 514 represented by the employee classification data 514 of the user attribute data 510 may be combined. This indicates that it is a condition that the “classification” attribute is “employee” and the “other” attribute represented by the other attribute data 516 is not “vacant”. When this is applied to the user attribute data 510 shown in FIG. 5, a user having a role whose role identification data 521 is “ROL006” indicates that the user identification data 511 has “sato”, “saito”, “yamada”, “yamada”, “ It can be seen that the user is any one of “tanaka”.

  Returning to FIG. 4, the description of the functional blocks of the search device 100 will be continued.

  The role authority storage unit 115 uses the magnetic disk device 920 to store role authority data among the management information data. The role authority data is data representing a combination of a role possessed by the user and an access authority possessed by the user having the role.

FIG. 7 is a diagram showing an example of role authority data 530 stored in the role authority storage unit 115 according to this embodiment.
The role authority data 530 (access control information) includes one or more access controls using the authority identification data 531, authority role data 532, and authority group data 533 as a set of data (hereinafter referred to as “access control information data”). Contains information data.

The authority identification data 531 (access control ID) is character string data representing a character string that uniquely identifies an access authority.
The authority role data 532 (role ID) is character string data representing a list of role identification data indicating a role possessed by a user having the access authority.
Authority group data 533 (group ID) is character string data representing a list of group identification data indicating groups to which search target data that can be accessed by a user having the access authority belongs.

In the role authority data 530 in this example, for example, an access authority whose authority identification data 531 is “ACL001” is possessed by a user having a role whose role identification data is “ROL001”, and the user has a group identification. This indicates that the search target data belonging to the group whose data is “GRP001” may be accessed.
Further, a plurality of roles may correspond to one access authority. For example, an access authority whose authority identification data 531 is “ACL002” has a role whose role identification data is “ROL002” or “ROL003”. It represents what the user has.
On the other hand, a plurality of groups may correspond to one access authority. For example, a user having an access authority whose authority identification data 531 is “ACL003” has one of group identification data “GRP003” and “GRP005”. This indicates that access to search target data belonging to a certain group is permitted.

  Returning to FIG. 4, the description of the functional blocks of the search device 100 will be continued.

  The group condition storage unit 116 uses the magnetic disk device 920 to store group condition data in the management information data. The group condition data is data representing a combination of a group to which the search target data belongs and a condition to be satisfied by the search target data belonging to the group (hereinafter referred to as “affiliation condition”).

FIG. 8 is a diagram showing an example of the group condition data 540 stored in the group condition storage unit 116 in this embodiment.
The group condition data 540 (group information) includes one or more group identification data 541, group name data 542, affiliation condition data 543, and group index data 544 as a set of data (hereinafter referred to as “group information data”). Including group information data.

The group identification data 541 (group ID) is character string data representing a character string that uniquely identifies a group.
The group name data 542 is character string data representing the name of the group.
The affiliation condition data 543 is character string data representing an affiliation condition for the search target data to belong to the group. That is, when the search target data satisfies the membership condition represented by the membership condition data 543, the search target data belongs to the group.
The group index data 544 (index ID) is character string data representing the file name of an index file that records an index (for example, path name + file name) indicating the location of search target data determined to belong to the group.

In the group condition data 540 in this example, for example, a group whose group identification data 541 is “GRP001” includes search target data whose “target” attribute is “in charge” among the attributes of the search target data. Represents.
In addition, the group whose group identification data 541 is “GRP002” indicates that the search target data whose search target data path is “// file / saiyou /” belongs.

  Returning to FIG. 4, the description of the functional blocks of the search device 100 will be continued.

  The search target storage unit 122 uses the magnetic disk device 920 to store one or more search target data.

  The group affiliation storage unit 125 uses the magnetic disk device 920 to represent data representing a combination of the search target data stored in the search target storage unit 122 and the group to which the search target data belongs (hereinafter referred to as “group affiliation data”). .) Is memorized.

FIG. 9 is a diagram showing an example of group affiliation data 550 stored in the group affiliation storage unit 125 in this embodiment.
The group affiliation data 550 is composed of one or more index files 551. The index file 551 is a file in which affiliation index data 552 is recorded.

  The affiliation index data 552 is character string data representing a list of indexes indicating the location of search target data belonging to the group associated with the file name of the index file 551 in the group condition data 540 stored in the group condition storage unit 116. It is.

The group affiliation data 550 in this example is, for example, a search in which the index is “//file/position/tanto/file34.doc” in a group associated with the index file 551 whose file name is “grp001.idx”. This indicates that the target data and search target data whose index is “//file/general/file82.pdf” belong.
According to the group condition data 540 shown in FIG. 8, a group whose group identification data is “GRP001” is associated with the index file 551 whose file name is “grp001.idx”.
Therefore, the group affiliation data 550 in this example includes a group whose group identification data is “GRP001”, search target data whose index is “//file/position/tanto/file34.doc”, and an index “// file / general / file82.pdf ”to which search target data belongs.

  Returning to FIG. 4, the description of the functional blocks of the search device 100 will be continued.

  The replica storage unit 126 stores substantially the same data as the group affiliation data 550 stored by the group affiliation storage unit 125 (hereinafter referred to as “replication group affiliation data”) using the magnetic disk device 920. For example, the duplicate storage unit 126 uses the magnetic disk device 920 to copy the data that is the same as the group affiliation data 550 or the data that is different in data format from the group affiliation data 550 but has the same contents to be represented as the duplicate group affiliation data. Remember as. For example, the replica storage unit 126 uses the magnetic disk device 920 to combine all the index files 551 included in the group affiliation data 550, and from the file name of the index file 551 or corresponding group identification data to the index file 551. The copy group affiliation data configured to be able to acquire the recorded affiliation index data 552 is stored.

  Using the CPU 911, the search target update unit 121 adds new search target data to the search target storage unit 122, updates the search target data stored in the search target storage unit 122, and stores the search target storage unit 122. Delete search target data. Using the CPU 911, the search target update unit 121 outputs data (hereinafter referred to as “update notification data”) indicating the added / updated / deleted search target data.

Using the CPU 911, the affiliation extraction unit 123 inputs the update notification data output by the search target update unit 121. Using the CPU 911, the affiliation extraction unit 123 analyzes the input update notification data and identifies the search target data added, updated, or deleted by the search target update unit 121.
Using the CPU 911, the affiliation extraction unit 123 inputs the group condition data 540 stored in the group condition storage unit 116. The affiliation extraction unit 123 uses the CPU 911 to input the specified search target data from the search target data stored in the search target storage unit 122. The affiliation extraction unit 123 uses the CPU 911 to determine a group to which the input search target data belongs based on the input group condition data 540. The affiliation extraction unit 123 uses the CPU 911 to generate a list of groups determined to belong to the input search target data. Using the CPU 911, the affiliation extraction unit 123 outputs data representing the generated list (hereinafter referred to as “affiliation group list data”). The affiliation group list data includes, for example, zero or more group identification data (or character string data representing the file name of the index file).

Using the CPU 911, the affiliation update unit 124 inputs the affiliation group list data output from the affiliation extraction unit 123 and the copy group affiliation data stored in the replication storage unit 126. The affiliation update unit 124 uses the CPU 911 to generate a list of groups to which the search target data specified by the affiliation extraction unit 123 belongs based on the input copy group affiliation data. Using the CPU 911, the affiliation update unit 124 compares the generated group list with the group list represented by the input affiliation group list data, and specifies the index file 551 to be updated.
For example, if there is a group in which the search target data newly satisfies the affiliation condition due to addition or update of the search target data, the group is included in the list represented by the affiliation group list data, but belongs to the duplicate group It is not included in the list generated from the data. Conversely, if there is a group whose search target data no longer satisfies the membership condition due to update or deletion of the search target data, the group is not included in the list represented by the belonging group list data. It is included in the list generated from. In any case, it is necessary to update the index file 551 for the group to the latest state. In this way, the affiliation update unit 124 uses the CPU 911 to identify the index file 551 to be updated by comparing the two lists.
The affiliation update unit 124 uses the CPU 911 to generate affiliation index data to be recorded in the identified index file 551 based on the input copy group affiliation data and affiliation group list data. Using the CPU 911, the affiliation update unit 124 updates the identified index file 551 in the group affiliation data 550 stored by the group affiliation storage unit 125, and stores the generated affiliation index data 552. Using the CPU 911, the affiliation update unit 124 updates the duplicate group affiliation data stored in the duplicate storage unit 126 so as to represent the same content as the updated group affiliation data 550.

  Further, when the management information update unit 112 updates the group condition data stored in the group condition storage unit 116, the affiliation extraction unit 123 uses the CPU 911 to search among all the search target data stored in the search target storage unit 122. From this, the search target data that satisfies the updated affiliation condition is extracted. The affiliation extraction unit 123 uses the CPU 911 to generate a list of extracted search target data. Using the CPU 911, the affiliation extraction unit 123 outputs data representing the generated list (hereinafter referred to as “affiliation data list data”).

Using the CPU 911, the affiliation update unit 124 inputs the affiliation data list data output from the affiliation extraction unit 123 and the replication group affiliation data stored in the replication storage unit 126. The affiliation update unit 124 uses the CPU 911 to generate a list of search target data belonging to the group whose affiliation conditions are updated based on the input copy group affiliation data. Should the affiliation update unit 124 use the CPU 911 to compare the generated list with the list represented by the input affiliation data list data and update the index file 551 for the group stored in the group affiliation storage unit 125? Determine whether or not. If the two lists are exactly equal, there is no need to update, but if there is a difference between the two lists, the affiliation update unit 124 uses the CPU 911 to determine that it should be updated.
When it is determined that it should be updated, the affiliation update unit 124 uses the CPU 911 to generate affiliation index data to be recorded in the updated index file 551 based on the input affiliation data list data. Using the CPU 911, the affiliation update unit 124 updates the index file 551 for the group whose affiliation conditions are updated among the group affiliation data 550 stored by the group affiliation storage unit 125, and stores the generated affiliation index data. Let Using the CPU 911, the affiliation update unit 124 updates the duplicate group affiliation data stored in the duplicate storage unit 126 so as to represent the same content as the updated group affiliation data 550.

As described above, when the search target data stored in the search target storage unit 122 or the group condition data stored in the group condition storage unit 116 is updated, the group affiliation data stored in the group affiliation storage unit 125 is updated. The unit 124 is updated and always kept up to date.
Regardless of whether the search target data stored in the search target storage unit 122 or the group condition data stored in the group condition storage unit 116 has been updated, the search target data belonging to the group is The affiliation update unit 124 may update the group affiliation data periodically extracted by the affiliation extraction unit 123 and stored in the group affiliation storage unit 125.

  The authentication storage unit 131 uses the magnetic disk device 920 to store authentication data. The authentication data is data representing a combination of a user and information (for example, a password) for authenticating the user. The authentication data is, for example, data composed of one or more sets of user identification data indicating a user and character string data representing the password of the user.

  When a user attempts to log in to the search system 800, the user terminal device 820 inputs user identification data and a password using the keyboard 902 or the like. The user terminal device 820 transmits the input user identification data and password to the search device 100 using the communication device 915.

  The authentication input unit 132 receives the user identification data and password transmitted from the user terminal device 820 using the communication device 915. Using the CPU 911, the authentication input unit 132 outputs the received user identification data and password.

  The authentication determination unit 133 uses the CPU 911 to input the user identification data and password output from the authentication input unit 132. The authentication determination unit 133 uses the CPU 911 to determine whether the combination of the input user identification data and the password is correct based on the authentication data stored in the authentication storage unit 131. Using the CPU 911, the authentication determination unit 133 determines that the authentication is successful if the combination of the input user identification data and the password is correct, and determines that the authentication fails if the combination is not correct. Using CPU 911, authentication determination unit 133 outputs data representing the determined result (hereinafter referred to as “authentication result data”). If it is determined that the authentication is successful, the authentication determination unit 133 uses the CPU 911 to output the input user identification data.

  The user identification storage unit 134 uses the CPU 911 to input user identification data output by the authentication determination unit 133. The user identification storage unit 134 stores input user identification data using the magnetic disk device 920.

  The user attribute determination unit 141 uses the CPU 911 to input user identification data stored in the user identification storage unit 134. The user attribute determination unit 141 uses the CPU 911 to determine the attribute of the user identified by the input user identification data based on the user attribute data 510 stored by the user attribute storage unit 113. Using the CPU 911, the user attribute determination unit 141 outputs data representing the determined attribute (hereinafter referred to as “search user attribute data”).

  The user role determination unit 142 uses the CPU 911 to input the search user attribute data output from the user attribute determination unit 141. The user role determination unit 142 uses the CPU 911 to determine a role possessed by a user having an attribute represented by the input search user attribute data based on the role condition data stored in the role condition storage unit 114. Using the CPU 911, the user role determination unit 142 outputs data representing the determined role (hereinafter referred to as “search user role data”).

  The user authority determination unit 143 uses the CPU 911 to input the search user role data output from the user role determination unit 142. Using the CPU 911, the user authority determining unit 143 determines the access authority of the user having the role represented by the input search user role data based on the role authority data stored in the role authority storage unit 115, A group to which the user may access is determined. Using the CPU 911, the user authority determination unit 143 outputs data representing the determined group (hereinafter referred to as “search user group data”).

The search target extraction unit 144 uses the CPU 911 to input the search user group data output by the user authority determination unit 143. Using the CPU 911, the search target extraction unit 144 is associated with the group identification data 541 that identifies the group represented by the input search user group data, based on the group condition data 540 stored in the group condition storage unit 116. Group index data 544 is acquired. Using the CPU 911, the search target extraction unit 144 selects the index file 551 having the file name represented by the acquired group index data 544 from the group affiliation data stored in the group affiliation storage unit 125. The search target extraction unit 144 uses the CPU 911 to search, based on the belonging index data 552 recorded in the selected index file 551, the search target data belonging to the group represented by the input search user group data. The data is extracted from the search target data stored in 122. Using the CPU 911, the search target extraction unit 144 outputs data representing a list of extracted search target data (hereinafter referred to as “search target list data”).
The search target list data output by the search target extraction unit 144 represents a list of search target data to which the user has access authority.

  When the authentication is successful, the user terminal device 820 uses the keyboard 902 or the like to input search conditions specified by the user. Using the communication device 915, the user terminal device 820 transmits search condition data representing the input search condition to the search device 100.

  The search condition input unit 151 uses the CPU 911 to input the authentication result data output from the authentication determination unit 133. The search condition input unit 151 analyzes the input authentication result data, determines the authentication result by the authentication determination unit 133, and if the authentication is successful, the search transmitted by the user terminal device 820 using the communication device 915. Receive condition data. Using the CPU 911, the search condition input unit 151 outputs the received search condition data.

  The data search unit 152 uses the CPU 911 to input the search condition data output from the search condition input unit 151 and the search target list data output from the search target extraction unit 144. Using the CPU 911, the data search unit 152 acquires search target data included in the list represented by the input search target list data from the search target data stored in the search target storage unit 122. The data search unit 152 uses the CPU 911 to search for search target data satisfying the search condition represented by the input search condition data from the acquired search target data. Using the CPU 911, the data search unit 152 outputs search result data representing the search result. The search result data may be, for example, the searched search target data itself, or may be an index indicating the location of the searched search target data.

  Using the CPU 911, the search result output unit 153 inputs the search result data output from the data search unit 152. The search result output unit 153 transmits the input search result data to the user terminal device 820 using the communication device 915.

  In this way, when searching for search target data satisfying the search conditions, the search is performed only for the search target data for which the user has access authority, so if the number of search target data is enormous, Even if the size of the target data is large, it is possible to search quickly.

It is possible to increase the confidentiality of data not to disclose the contents of the data to users who do not have access authority, but to disclose the existence of the data itself.
Since the search result of the data search unit 152 includes only search target data to which the user has access authority, there is no need to check again whether or not the user has access authority. Even if the search apparatus 100 outputs the search result of 152 as it is, it is possible to prevent the existence of data for which the user does not have access authority from being disclosed to the user.

  Next, the operation of the search device 100 will be described.

FIG. 10 is a flowchart showing an example of the flow of search processing in which the search device 100 in this embodiment searches for search target data.
The search process includes a user authentication step S610, a user attribute determination step S620, a user role determination step S630, a user authority determination step S640, a search target extraction step S650, a search condition input step S660, a data search step S670, and a search result. It has output process S680.

In the user authentication step S610, the authentication input unit 132 receives, from the user terminal device 820, the user identification data and password of the user who is searching for the search target data using the communication device 915. Using the CPU 911, the authentication input unit 132 outputs the received user identification data and password.
The authentication determination unit 133 uses the CPU 911 to input the user identification data and password output from the authentication input unit 132. Using the CPU 911, the authentication determination unit 133 searches the authentication data stored in the authentication storage unit 131, and acquires a password that forms a pair with the user identification data that matches the input user identification data. Using the CPU 911, the authentication determination unit 133 compares the input password and the acquired password to determine whether they match. Here, if the passwords match, authentication succeeds, and if they do not match, authentication fails.
If the CPU 911 determines that the passwords do not match, that is, if the authentication fails, the authentication determination unit 133 ends the search process.
If the CPU 911 determines that the passwords match, that is, if the authentication is successful, the authentication determination unit 133 outputs the input user identification data. The user identification storage unit 134 uses the CPU 911 to input the user identification data output from the authentication determination unit 133. The user identification storage unit 134 stores input user identification data using the magnetic disk device 920.

In the user attribute determination step S620, the user attribute determination unit 141 uses the CPU 911 to input the user identification data stored in the user identification storage unit 134 in the user authentication step S610.
Using the CPU 911, the user attribute determination unit 141 searches the user attribute data 510 stored in the user attribute storage unit 113, and forms a group with the user identification data 511 that matches the input user identification data. Data representing the attributes of the user, such as organization data 512, job title data 513, employee category data 514, assignment category data 515, and other attribute data 516, is obtained as search user attribute data.
The user attribute determination unit 141 uses the CPU 911 to output the acquired search user attribute data.

  In the user role determination step S630, the user role determination unit 142 uses the CPU 911 to have a role that the user identified by the user identification data stored in the user identification storage unit 134 in the user authentication step S610 has. judge.

FIG. 11 is a flowchart showing an example of the flow of the user role determining step S630 in which the user role determining unit 142 determines the role of the user in this embodiment.
User role determination step S630 includes user attribute input step S631, role list initialization step S632, role condition input step S633, attribute condition determination step S634, role list addition step S635, role condition repetition step S636, and user role output. Step S637 is included.

  In the user attribute input step S631, the user role determination unit 142 uses the CPU 911 to input the search user attribute data output by the user attribute determination unit 141 in the user attribute determination step S620.

  In the role list initialization step S632, the user role determination unit 142 uses the CPU 911 to initialize search user role data. The search user role data includes zero or more role identification data. Each role identification data included in the search user role data indicates the role that the user has, and the same number of role identification data as the number of roles the user has is included in the search user role data. . By using the CPU 911, the user role determination unit 142 deletes all role identification data included in the search user role data so that no role identification data is included in the search user role data. Initialize search user role data. The user role determination unit 142 uses the magnetic disk device 920 to store the initialized search user role data.

  In the role condition input step S633, the user role determination unit 142 uses the CPU 911 to input one piece of role information data that has not yet been processed from the role condition data 520 stored in the role condition storage unit 114. Using the CPU 911, the user role determination unit 142 determines that all role information data included in the role condition data 520 stored in the role condition storage unit 114 has been processed, and there is no role information data that can be input. In this case, the process proceeds to the user role output step S637.

In the attribute condition determination step S634, the user role determination unit 142 uses the CPU 911 to set the user attribute input step S631 to the attribute condition represented by the attribute condition data 523 included in the role information data input in the role condition input step S633. By applying the attribute represented by the search user attribute data input in step, it is determined whether or not the attribute condition is satisfied. Here, if the attribute condition is satisfied, the user has the role.
If the user role determination unit 142 determines that the attribute condition is satisfied using the CPU 911, that is, if the user has the role, the user role determination unit 142 proceeds to the role list addition step S635.
If the user role determination unit 142 determines that the attribute condition is not satisfied using the CPU 911, that is, if the user does not have the role, the user role determination unit 142 proceeds to the role condition repetition step S636.

  In the role list addition step S635, the user role determination unit 142 uses the CPU 911 to include the search user role data initialized in the role list initialization step S632 in the role information data input in the role condition input step S633. Role identification data 521 to be added is added. The user role determination unit 142 uses the magnetic disk device 920 to store search user role data to which role identification data 521 is added.

  In the role condition repetition step S636, the user role determination unit 142 uses the CPU 911 to return to the role condition input step S633 and input the next role information data.

  In the user role output step S637, the user role determination unit 142 uses the CPU 911 to output search user role data that is initialized in the role list initialization step S632 and added with the role identification data 521 in the role list addition step S635. To do.

  Returning to FIG. 10, the description of the flow of search processing will be continued.

  In the user authority determining step S640, the user authority determining unit 143 uses the CPU 911 to access authority that the user identified by the user identification data stored in the user identification storage unit 134 in the user authentication step S610. Determine.

FIG. 12 is a flowchart showing an example of the flow of the user authority determining step S640 in which the user authority determining unit 143 determines the access authority of the user in this embodiment.
The user authority determination process S640 includes a user role input process S641, a group list initialization process S642, a role authority input process S643, an access authority determination process S644, a group list addition process S645, a role authority repetition process S646, and a user authority output. Step S647 is included.

  In the user role input step S641, the user authority determination unit 143 uses the CPU 911 to input the search user role data output by the user role determination unit 142 in the user role output step S637.

  In the group list initialization step S642, the user authority determination unit 143 uses the CPU 911 to initialize the search user group data. The search user group data includes zero or more group identification data. Each group identification data included in the search user group data indicates a group to which the user has access authority, and the same number of group identification data as the number of groups to which the user has access authority is searched. Included in user group data. The user authority determination unit 143 uses the CPU 911 to delete all the group identification data included in the search user group data so that no group identification data is included in the search user group data. Initialize search user group data. The user authority determination unit 143 uses the magnetic disk device 920 to store the initialized search user group data.

  In the role authority input step S643, the user authority determination unit 143 uses the CPU 911 to input one piece of access authority information data that has not yet been processed from the role authority data 530 stored in the role authority storage unit 115. . The user authority determination unit 143 uses the CPU 911 to complete the processing for all access authority information data included in the role authority data 530 stored in the role authority storage unit 115 and there is no access authority information data that can be input. When it determines, it progresses to user authority output process S647.

In the access authority determination step S644, the user authority determination unit 143 uses the CPU 911 to include the search user role data input in the user role input step S641 and the access authority information data acquired in the role authority input step S643. To determine whether there is role identification data included in both of them. Here, if there is role identification data included in both, the user has the access authority.
The user authority determination unit 143 uses the CPU 911 to determine that there is role identification data included in both the search user role data and the authority role data 532, that is, the user has the access authority. If there is, the process proceeds to the group list adding step S645.
The user authority determination unit 143 uses the CPU 911 to determine that there is no role identification data included in both the search user role data and the authority role data 532, that is, the user has the access authority. If not, the process proceeds to the role authority repetition step S646.

  In the group list addition step S645, the user authority determination unit 143 uses the CPU 911 to add the search user group data initialized in the group list initialization process S642 to the access authority information data input in the role authority input process S643. The group identification data included in the included authority group data 533 is added. The user authority determination unit 143 uses the magnetic disk device 920 to store search user group data to which group identification data has been added.

When a user has a plurality of roles, the user may have a plurality of access authorities for one group based on different roles. Even if the underlying roles are different, as a result, the search target data belonging to the group can still be accessed. Therefore, the search user group data includes one group identification data indicating the group. Just do it.
Therefore, when the user authority determining unit 143 uses the CPU 911 to add the group identification data to the search user group data, the group identification data that matches the group identification data to be added is included in the search user group data. It is determined whether it is already included, and if it is already included, the group identification data is not added to the search user group data.
Alternatively, when adding, the group identification data is added to the search user group data without determining whether there is duplicate group identification data, and later (for example, in the user authority output step S647). The user authority determination unit 143 uses the CPU 911 to check the group identification data included in the search user group data and delete the duplicate group identification data (for example, before outputting the search user group data). It is good also as a structure.

  In the role authority repeating step S646, the user authority determining unit 143 uses the CPU 911 to return to the role authority input step S643 and input the next access authority information data.

  In the user authority output step S647, the user authority determination unit 143 uses the CPU 911 to output search user authority data that is initialized in the group list initialization process S642 and added with the group identification data in the group list addition process S645. .

  Returning to FIG. 10, the description of the flow of search processing will be continued.

  In the search target extraction step S650, the search target extraction unit 144 uses the CPU 911 to extract search target data for which the user has access authority from the search target data stored in the search target storage unit 122.

FIG. 13 is a flowchart showing an example of a flow of a search target extraction step S650 in which the search target extraction unit 144 extracts search target data in this embodiment.
The search object extraction process S650 includes a user authority input process S651, a search object list initialization process S652, a group affiliation input process S653, a group authority determination process S654, a search object list addition process S655, a group affiliation repetition process S656, and an extraction search object. An output step S657.

  In the user authority input step S651, the search target extraction unit 144 uses the CPU 911 to input the search user group data output by the user authority determination unit 143 in the user authority output step S647.

  In the search target list initialization step S652, the search target extraction unit 144 uses the CPU 911 to initialize the search target list data. The search target list data includes zero or more indexes indicating the location of the search target data to which the user has access authority. The search target list data includes the same number of indexes as the number of search target data to which the user has access authority. Using the CPU 911, the search target extraction unit 144 deletes all the indexes included in the search target list data so that no index is included in the search target list data, thereby initializing the search target list data. Turn into. The search target extraction unit 144 uses the magnetic disk device 920 to store the initialized search target list data.

  In the group identification input step S653, the search target extraction unit 144 uses the CPU 911 to identify the group identification data not yet processed from the group identification data included in the search user group data input in the user authority input step S651. Enter one piece of data. When the search target extraction unit 144 determines that the processing for all the group identification data included in the search user group data is completed and there is no group identification data that can be input using the CPU 911, the search target extraction process S657 Proceed to

  In the affiliation index input step S654, the search target extraction unit 144 is associated with the group identification data input in the group identification input step S653 based on the group condition data stored in the group condition storage unit 116 using the CPU 911. Group index data 544 representing the file name of the index file 551 is acquired. The search target extraction unit 144 uses the CPU 911 to select an index file 551 having the acquired group index data 544 as a file name from the group affiliation data stored in the group affiliation storage unit 125. The search target extraction unit 144 uses the CPU 911 to input the belonging index data 552 recorded in the selected index file 551.

In the search target list addition step S655, the search target extraction unit 144 uses the CPU 911 to add the search target list data initialized in the search target list initialization step S652 to the belonging index data 552 input in the belonging index input step S654. Add included index. The search target extraction unit 144 uses the magnetic disk device 920 to store search target list data to which an index has been added.
One search target data may belong to a plurality of groups by satisfying a plurality of affiliation conditions. If the user has access authority for the multiple groups, even if the access authority or group that is the basis is different, as a result, the search target data can still be accessed. It is only necessary to include one index indicating the location of the search target data.
Therefore, the search target extraction unit 144 uses the CPU 911 to determine duplication of the index when trying to add an index, and prevents the same index from being duplicated in the search target list data.

  In the group affiliation repetition step S656, the search target extraction unit 144 uses the CPU 911 to return to the group affiliation input step S653 and input the next group affiliation data.

In the extraction search target output step S657, the search target extraction unit 144 uses the CPU 911 to output the search target list data initialized in the search target list initialization step S652 and added with the index in the search target list addition step S655.
In addition, instead of outputting the search target list data, the search target extraction unit 144 inputs the search target data itself indicated by the index included in the search target list data from the search target storage unit 122, and outputs the input search target data It is good also as composition to do.

  Returning to FIG. 10, the description of the flow of search processing will be continued.

  In the search condition input step S <b> 660, the search condition input unit 151 uses the communication device 915 to receive search condition data representing the search conditions specified by the user who has succeeded in authentication from the user terminal device 820. Using the CPU 911, the search condition input unit 151 outputs the received search condition data.

  In the data search step S670, the data search unit 152 uses the CPU 911 to select the search condition input unit 151 in the search condition input step S660 from the search target data extracted by the search target extraction unit 144 in the search target extraction step S650. Search target data satisfying the search condition represented by the input search condition data.

FIG. 14 is a flowchart showing an example of the flow of the data search step S670 in which the data search unit 152 searches for search target data in this embodiment.
The data search step S670 includes a data search condition input step S671, a search result list initialization step S672, an extraction search target input step S673, a search condition determination step S674, a search result list addition step S675, an extraction search target repetition step S676, a data search A result output step S677 is included.

  In the data search condition input step S671, the data search unit 152 uses the CPU 911 to input the search condition data output from the search condition input unit 151 in the search condition input step S660.

  In the search result list initialization step S672, the data search unit 152 uses the CPU 911 to initialize the search result list data. The search result list data is data representing a list of search target data satisfying the search condition among the search target data to which the user has access authority, and an index indicating the location of the search target data satisfying the search condition is 0. Contains more than one. The search result list data includes the same number of indexes as the number of search target data satisfying the search condition. The data search unit 152 uses the CPU 911 to delete all the search target data included in the search result list data and make the search result list data not include any search target data. Is initialized. The data search unit 152 uses the magnetic disk device 920 to store the initialized search result list data.

In the extraction search target input step S673, the data search unit 152 uses the CPU 911 to input the search target list data output by the search target extraction unit 144 in the extraction search target output step S657.
The data search unit 152 uses the CPU 911 to acquire one unprocessed index from the input search target list data. If the data search unit 152 determines that there is no index that can be acquired by using the CPU 911 for all indexes included in the input search target list data, the data search unit 152 proceeds to the data search result output step S677.
Using the CPU 911, the data search unit 152 inputs search target data indicated by the acquired index from the search target data stored in the search target storage unit 122.

In the search condition determination step S674, the data search unit 152 uses the CPU 911 so that the search target data input in the extraction search target input step S673 satisfies the search conditions represented by the search condition data input in the data search condition input step S671. It is determined whether or not.
If the data search unit 152 determines using the CPU 911 that the search target data satisfies the search condition, the data search unit 152 proceeds to the search result list adding step S675.
If the CPU 911 determines that the search target data does not satisfy the search condition, the data search unit 152 proceeds to the extraction search target repetition step S676.

  In the search result list addition step S675, the data search unit 152 uses the CPU 911 to add the index acquired in the extraction search target input step S673 to the search result list data initialized in the search result list initialization step S672. The data search unit 152 uses the magnetic disk device 920 to store search result list data to which an index has been added.

  In the extraction search target repetition step S676, the data search unit 152 uses the CPU 911 to return to the extraction search target input step S673 and obtain the next index.

In the data search result output step S677, the data search unit 152 uses the CPU 911 to output the search result list data initialized in the search result list initialization step S672 and added with the index in the search result list addition step S675.
Note that the data search unit 152 may output the search target data itself indicated by the index included in the search result list data, instead of outputting the search result list data.

  Returning to FIG. 10, the description of the flow of search processing will be continued.

In the search result output step S680, the search result output unit 153 uses the CPU 911 to input the search result list data output from the data search unit 152 in the data search result output step S677. The search result output unit 153 transmits the input search result list data to the user terminal device 820 using the communication device 915.
Note that instead of transmitting the search result list data, the search result output unit 153 inputs the search target data itself indicated by the index included in the search result list data from the search target storage unit 122, and transmits the input search target data. It is good also as composition to do.

  In this example, before the user specifies the search condition, the user attribute determination step S620 to the search target extraction step S650 are performed in advance, and immediately after the search condition input step S660 is completed, the data The search process S670 can be started, but the user attribute determination process S620 to the search object extraction process S650 may be performed after the search condition input process S660. Also, the user authentication process S610 to the search object extraction process S650 including the user authentication process S610 may be performed after the search condition input process S660.

  Next, the flow of search processing will be described using a specific example.

In the following example, the user attribute storage unit 113 has the user attribute data 510 shown in FIG. 5, the role condition storage unit 114 has the role condition data 520 shown in FIG. 6, and the role authority storage unit 115 has 7, the group condition storage unit 116 stores the group condition data 540 shown in FIG. 8, and the group affiliation storage unit 125 stores the group affiliation data 550 shown in FIG. It shall be.
In addition, it is assumed that the user operating the user terminal device 820 is a user whose user identification data is “suzuki” and has been successfully authenticated. Therefore, the user identification storage unit 134 stores “suzuki” as user identification data.

  The user attribute determination unit 141 refers to the user attribute data 510 stored in the user attribute storage unit 113 illustrated in FIG. 5, determines user information data including the user identification data “suzuki”, and determines Acquired organization data 512 “A section A2”, job title data 513 “in charge”, employee category data 514 “dispatch”, assignment category data 515 “main duty”, other attribute data 516 “project A” included in the user information data Thus, search user attribute data representing the attribute of the user who is operating the user terminal device 820 is used.

  The user role determination unit 142 refers to the role condition data 520 stored in the role condition storage unit 114 illustrated in FIG. 6, and the role that satisfies the attribute condition represented by the attribute condition data 523 included in the role information data. The role identification data 521 “ROL001”, “ROL004”, and “ROL007” included in the determined role information data is determined, and a list of roles of users operating the user terminal device 820 is obtained. Search user role data.

  The user authority determination unit 143 refers to the role authority data 530 stored in the role authority storage unit 115 illustrated in FIG. 7 and accesses role identification data that matches the role identification data included in the search user role data. The access authority information data included in the authority role data 532 included in the authority information data is determined, and the group identification data “GRP001”, “GRP003”, “GRP005”, and “GRP007” included in the authority group data 533 included in the determined access authority information data. Is obtained as search user group data representing a list of groups to which the user operating the user terminal device 820 has access authority.

The search target extraction unit 144 refers to the group condition data 540 stored in the group condition storage unit 116 illustrated in FIG. 8 and stores the index file 551 associated with the group identification data included in the search user group data. The names “grp001.idx”, “grp003.idx”, “grp005.idx”, and “grp007.idx” are acquired.
The search target extraction unit 144 refers to the group affiliation data 550 stored in the group affiliation storage unit 125 illustrated in FIG. 9 and inputs the affiliation index data 552 recorded in the index file 551 having the acquired file name. Index “//file/position/tanto/file34.doc” “//file/general/file82.pdf” “//file/dept/A/file65.xls” included in any of the input affiliation index data 552 Obtain “//file/dept/AorB/file93.dxf”, “/file/projectA/file06.xml”, “//file/confidential/file18.rtf”, and operate the user terminal device 820. Search the target list data representing a list of the search target data you have access to a user you are.

  As described above, based on the access authority of the user, the range of search target data to be searched is limited in advance, and the data search unit 152 searches the search target data satisfying the search condition from the limited search target data. To do. Thereby, it is not necessary to determine for each search target data whether or not the user has access authority, and the time required for the search can be shortened.

When the attribute of the user changes due to personnel changes or the start of a new project, the administrator operates the administrator terminal device 810 to instruct updating of the user attribute data 510. The management information update unit 112 updates the user attribute data 510 stored in the user attribute storage unit 113 based on an instruction from the administrator.
As the user attribute data 510 stored in the user attribute storage unit 113 is updated, the role of the user determined by the user role determination unit 142 changes, and accordingly, the user authority determination unit 143 The access authority of the user to be determined also changes. Therefore, the range of search target data that can be searched by the user also changes.
In this way, since the user and the search target data to which the user has access authority are not directly linked, but are linked through the attribute of the user, the attribute of the user has changed. Thus, when the access authority of a user changes, the range of search target data that can be searched for by the user can be changed only by updating the user attribute data stored in the user attribute storage unit 113. As a result, the workload of the administrator can be reduced, and the occurrence of an accident due to an administrator's mistake such as setting the access to search target data that should not be accessible by the user can be prevented. .

When the role given to the user is changed due to organizational change or the like, the administrator operates the administrator terminal device 810 to instruct updating of the role condition data 520. The management information update unit 112 updates the role condition data 520 stored in the role condition storage unit 114 based on an instruction from the administrator.
As the role condition data 520 stored in the role condition storage unit 114 is updated, the role of the user determined by the user role determination unit 142 changes, and accordingly, the use determined by the user authority determination unit 143 is performed. The access authority of the person also changes. Therefore, the range of search target data that can be searched by the user also changes.
In this way, the user is not directly linked to the search target data to which the user has access authority, but is linked through the condition about the attribute that the user should have to have a role. Therefore, when the role given to the user changes, it is possible to change the range of search target data that can be searched by the user only by updating the role condition data stored in the role condition storage unit 114. As a result, the workload of the administrator can be reduced, and the occurrence of an accident due to an administrator's mistake such as setting the access to search target data that should not be accessible by the user can be prevented. .

When the relationship between the role of the user and the access authority of the user having the role changes due to a change in the security policy or the like, the administrator operates the administrator terminal device 810 to update the role authority data 530. Instruct. The management information update unit 112 updates the role authority data 530 stored in the role authority storage unit 115 based on an instruction from the administrator.
As the role authority data 530 stored in the role authority storage unit 115 is updated, the access authority of the user determined by the user authority determination unit 143 changes, and the range of search target data that can be searched by the user changes. .
In this way, since the user and the search target data to which the user has access authority are not directly associated, but are associated through the access authority possessed by the user having a certain role, And the access authority change, the range of search target data that can be searched by the user can be changed only by updating the role authority data stored in the role authority storage unit 115. As a result, the workload of the administrator can be reduced, and the occurrence of an accident due to an administrator's mistake such as setting the access to search target data that should not be accessible by the user can be prevented. .

When the access authority to the search target data changes due to a change in the security level of the search target data, the administrator or the like operates the administrator terminal device 810 or the like to instruct a change in the path or attribute of the search target data. The search target update unit 121 updates the search target data stored in the search target storage unit 122 based on the instruction.
When the search target data stored in the search target storage unit 122 is updated, the group to which the search target data determined by the affiliation extraction unit 123 belongs is changed, and the group affiliation data 550 stored in the group affiliation storage unit 125 is updated. Therefore, the range of users who can search for the search target data changes.
In this way, instead of directly linking a user and search target data to which the user has access authority, it is linked through a group determined based on the path and attribute of the search target data. By simply updating the path and attributes of the search target data, the range of users who can search the search target data can be changed. As a result, the workload of the administrator can be reduced, and the occurrence of an accident due to an administrator's mistake such as setting the access to search target data that should not be accessible by the user can be prevented. .

When the classification criteria of the search target data changes due to a change in security policy or the like, the administrator operates the administrator terminal device 810 to instruct change of the group condition data 540. The management information update unit 112 updates the group condition data 540 stored by the group condition storage unit 116 based on an instruction from the administrator.
When the group condition data 540 stored in the group condition storage unit 116 is updated, the group to which the search target data determined by the affiliation extraction unit 123 belongs is changed, and the group affiliation data 550 stored in the group affiliation storage unit 125 is updated. Therefore, the range of search target data that can be searched by the user changes.
In this way, the search target data is not directly linked to the search target data to which the user has access authority, but via the condition for belonging to the group with the search target data. In this case, the range of search target data that can be searched for by the user can be changed simply by updating the group condition data 540 stored in the group condition storage unit 116. As a result, the workload of the administrator can be reduced, and the occurrence of an accident due to an administrator's mistake such as setting the access to search target data that should not be accessible by the user can be prevented. .

The search device 100 in this embodiment includes a storage device (magnetic disk device 920) for storing data, a processing device (CPU 911) for processing data, a search target storage unit 122, a user attribute determination unit 141, A user role determination unit 142, a user authority determination unit 143, a search target extraction unit 144, a search condition input unit 151, a data search unit 152, and a search result output unit 153 are included.
The search target storage unit 122 stores search target data to be searched using the storage device (magnetic disk device 920).
The search condition input unit 151 inputs search conditions specified by the user using the processing device (CPU 911).
The user attribute determination unit 141 uses the processing device (CPU 911) to determine the attribute of the user who specified the search condition.
The user role determining unit 142 uses the processing device (CPU 911) to determine the role of the user who specified the search condition based on the attribute determined by the user attribute determining unit 141.
The user authority determining unit 143 uses the processing device (CPU 911) to determine the access authority of the user who specified the search condition based on the role determined by the user role determining unit 142.
The search target extraction unit 144 uses the processing device (CPU 911) to search from the search target data stored in the search target storage unit 122 based on the access authority determined by the user authority determination unit 143. The search target data to which the user who specified the search condition has access authority is extracted.
The data search unit 152 uses the processing device (CPU 911) to search for search target data satisfying the search condition input by the search condition input unit 151 from the search target data extracted by the search target extraction unit 144. Search for.
The search result output unit 153 outputs the search result searched by the data search unit 152 using the processing device (CPU 911).

  Thereby, the range in which the data search unit 152 searches the search target data that meets the search condition is limited to the search target data to which the user who has specified the search condition has an access right, so that the time required for the search can be shortened. it can. Further, the user attribute determining unit 141 determines the user attribute, the user role determining unit 142 determines the role from the user attribute, and the user authority determining unit 143 determines the access authority from the user role. Therefore, when the range of the search target data to which the user has access authority changes due to various factors, it is possible to respond flexibly.

The search device 100 in this embodiment further includes a role authority storage unit 115.
The role authority storage unit 115 stores role authority data 530 representing a combination of a role possessed by the user and an access authority possessed by the user having the role, using the storage device (magnetic disk device 920). .
The user authority determining unit 143 uses the processing device (CPU 911) to determine the access authority possessed by the user who specified the search condition, based on the role authority data 530 stored in the role authority storage unit 115. To do.

  Thereby, the relationship between the role possessed by the user and the access authority possessed by the user having the role can be changed only by changing the role authority data 530 stored in the role authority storage unit 115. It is possible to reduce the work load and prevent information leakage due to an administrator error.

The search device 100 in this embodiment further includes a group affiliation storage unit 125.
The group affiliation storage unit 125 stores group affiliation data 550 representing a combination of search target data and a group to which the search target data belongs, using the storage device (magnetic disk device 920).
Based on the group affiliation data 550 stored in the group affiliation storage unit 125, the search target extraction unit 144 uses the processing device (CPU 911) to assign a group to which the user who specified the search condition has access authority. Extract the search target data to which it belongs.

  Thereby, based on the group affiliation data 550 stored in advance by the group affiliation storage unit 125, the search target extraction unit 144 extracts the search target data to which the user has access authority. It can be shortened.

The search device 100 in this embodiment further includes a group condition storage unit 116 and an affiliation extraction unit 123.
The group condition storage unit 116 uses the storage device (magnetic disk device 920) to generate group condition data 540 representing a combination of a group to which the search target data belongs and a membership condition satisfied by the search target data belonging to the group. Remember.
Based on the group condition data stored in the group condition storage unit 116, the affiliation extraction unit 123 uses the processing device (CPU 911) to search from the search target data stored in the search target storage unit 122. Search target data satisfying the affiliation condition is extracted, and the group affiliation data 550 is generated based on the extracted search target data.
The group affiliation storage unit 125 stores the group affiliation data 550 generated by the affiliation extraction unit 123 using the storage device (magnetic disk device 920).

  As a result, the grouping of the search target data can be changed simply by changing the group condition data 540 stored in the group condition storage unit 116, the administrator's workload is reduced, and information leakage due to an administrator's mistake or the like Can be prevented.

The search device 100 in this embodiment further includes an affiliation update unit 124.
The affiliation update unit 124 uses the processing device (CPU 911) and, based on the group condition data 540 stored by the group condition storage unit 116, when the search target storage unit 122 stores new search target data. Then, the affiliation condition satisfied by the search object data newly stored in the search object storage unit 122 is extracted, and the group affiliation data 550 stored in the group affiliation storage unit 125 is updated based on the extracted affiliation condition.

  Thereby, when the search target storage unit 122 stores new search target data, the group update data 124 stored in the group affiliation storage unit 125 is updated by the affiliation update unit 124. Therefore, the search target storage unit 122 is newly updated. Can be included in the range searched by the data search unit 152.

  In the search device 100 according to this embodiment, the affiliation update unit 124 stores the group condition storage when the search target data stored in the search target storage unit 122 is updated using the processing device (CPU 911). Based on the group condition data 540 stored by the unit 116, the belonging conditions satisfied by the updated search target data are extracted, and the group belonging data 550 stored by the group belonging storage unit 125 is updated based on the extracted belonging conditions. To do.

  Thereby, when the search target data stored in the search target storage unit 122 is updated, the group update data 124 stored in the group affiliation storage unit 125 is updated by the affiliation update unit 124. Therefore, the group to which the search target data belongs. In response to this change, the range searched by the data search unit 152 can be changed.

The search device 100 in this embodiment further includes a user attribute storage unit 113.
The user attribute storage unit 113 uses the storage device (CPU 911) to store user attribute data 510 representing a combination of a user and the attributes of the user.
The user attribute determination unit 141 uses the processing device (CPU 911) to determine the attribute of the user who specified the search condition based on the user attribute data 510 stored in the user attribute storage unit 113. judge.

  As a result, the relationship between the user and the attribute of the user can be changed only by changing the user attribute data 510 stored in the user attribute storage unit 113, thereby reducing the workload of the administrator. Information leakage due to an administrator's mistake can be prevented.

The search device 100 in this embodiment further includes a role condition storage unit 114.
The role condition storage unit 114 uses the storage device (magnetic disk device 920) to represent role condition data representing a combination of an attribute condition for an attribute possessed by the user and a role possessed by the user satisfying the attribute condition. 520 is stored.
The user role determination unit 142 uses the processing device (CPU 911) to determine the role of the user who specified the search condition based on the role condition data 520 stored in the role condition storage unit 114. .

  As a result, the relationship between the attributes possessed by the user and the roles possessed by the user can be changed simply by changing the role condition data 520 stored in the role condition storage unit 114, thereby reducing the workload of the administrator. In addition, information leakage due to an administrator's mistake can be prevented.

The search device 100 in this embodiment further includes a duplicate storage unit 126.
The duplicate storage unit 126 stores duplicate group affiliation data representing the same contents as the group affiliation data 550 stored by the group affiliation storage unit 125 using the storage device (magnetic disk device 920).
Whether the affiliation update unit 124 updates the group affiliation data 550 stored in the group affiliation storage unit 125 based on the replication group affiliation data stored in the replication storage unit 126 using the processing device (CPU 911). If it is determined whether or not to update, the group affiliation data 550 stored in the group affiliation storage unit 125 is updated.

  According to the search device 100 in this embodiment, the affiliation update unit 124 determines whether or not to update the group affiliation data 550 stored in the group affiliation storage unit 125 based on the replication group affiliation data stored in the replication storage unit 126. Therefore, the number of times the affiliation update unit 124 accesses the group affiliation data 550 stored in the group affiliation storage unit 125 can be reduced. Since the group affiliation data 550 stored in the group affiliation storage unit 125 is often read for retrieval, the group affiliation update unit 124 attempts to read for retrieval by reducing the number of times the affiliation update unit 124 accesses for updating. The possibility of waiting without being able to access is reduced, and the search speed can be improved.

  Note that the search device 100 may not have the replication storage unit 126 that stores the replication group affiliation data. In that case, the affiliation update unit 124 reads the group affiliation data 550 stored in the group affiliation storage unit 125 and determines whether the group affiliation data 550 needs to be updated. When updating the group affiliation data 550, it is necessary to lock the group affiliation data 550, and the search target extraction unit 144 or the like is kept waiting until the update is completed. Since it is not necessary to wait for the target extraction unit 144 or the like, the affiliation update unit 124 frequently reads the group affiliation data 550 in order to determine whether or not the group affiliation data 550 needs to be updated. There is little decrease in speed.

  The search device 100 in this embodiment can be realized by a computer executing a computer program that causes the computer to function as the search device 100.

  According to the computer program that causes a computer to function as the search device 100 according to this embodiment, a search in which the data search unit 152 searches the search target data that meets the search condition has access authority to the user who has specified the search condition. Since it is limited to the target data, the time required for the search can be shortened, the user attribute determination unit 141 determines the user attribute, and the user role determination unit 142 determines the role from the user attribute. Since the user authority determination unit 143 determines the access authority from the role of the user, a search that can flexibly cope with a change in the range of search target data to which the user has access authority due to various factors. The apparatus 100 can be realized.

The search method in which the search device 100 in this embodiment searches the search target data stored in the storage device (magnetic disk device 920) includes the following steps.
The processing device (CPU 911) inputs a search condition designated by the user.
The processing device (CPU 911) determines the attribute of the user who specified the search condition.
Based on the determined attribute, the processing device (CPU 911) determines the role of the user who specified the search condition.
Based on the determined role, the processing device (CPU 911) determines the access authority of the user who specified the search condition.
Based on the determined access authority, the processing device (CPU 911) extracts, from the search object data, search object data to which the user who has specified the search condition has access authority.
The processing device (CPU 911) searches for the search target data satisfying the input search condition from the extracted search target data.
The processing device (CPU 911) outputs the retrieved search result.

  Thereby, the search range of the search target data that meets the search condition is limited to the search target data to which the user who has specified the search condition has access authority, and therefore the time required for the search can be shortened. Also, since the user attribute is determined, the role is determined from the user attribute, and the access authority is determined from the user role, the range of the search target data to which the user has access authority varies depending on various factors. Can be flexibly dealt with.

The search apparatus 100 (document search system) described above performs the keyword search for the electronic document file (search target data) to which the user has access authority by including the following functional blocks.
A document file storage unit (search target storage unit 122) that stores electronic document files (search target data).
A user information storage unit (user attribute storage unit 113) that holds user information (user attribute data 510) that is information indicating the content of the user (user) attribute.
An index information storage unit (group affiliation storage unit 125) that stores an index file (group affiliation data 550) created for each group of files grouped according to specific conditions.
An access control information storage unit (role condition storage unit 114) that stores role information (role condition data 520) indicating a group of users.
A user information acquisition unit (user attribute determination unit 141) that acquires user information (attributes of the user) from the user information storage unit (user attribute storage unit 113).
A role information acquisition unit (user role determination unit 142) that acquires role information (role condition data 520) from a role information storage unit (role condition storage unit 114).
An access authority determination unit (user role) that uses the user information (attributes possessed by the user) and role information (role condition data 520) to determine the corresponding role information (the role possessed by the user). Determination unit 142).
-Index file associated with the role information (the role possessed by the user) corresponding to the determination result of the access authority determining unit (user role determining unit 142) (the search target data for which the user has access authority) Index information acquisition unit (search target extraction unit 144) that acquires a list from the index information storage unit (group affiliation storage unit 125).
-Search the electronic document file (search target data) corresponding to the keyword (search condition) specified by the user using the index file (list of search target data to which the user has access authority) and use the result Search unit (data search unit 152) to be provided to a person.

The search apparatus 100 (document search system) described above further includes the following functional blocks.
A group information storage unit (group condition storage unit) that stores group information (group condition data 540) indicating conditions (group conditions) for grouping electronic document files stored in the document file storage unit (search target storage unit 122) 116).
Stores access control information (role authority data 530), which is association information between role information (a role possessed by a user) and group information to which the role information is applied (a group having an access authority for a user having the role) Access control information storage unit (role authority storage unit 115).
An access control information acquisition unit (user authority determination unit 143) that acquires access control information (a list of groups to which the user has access authority) applied to role information (role that the user has).
A group information acquisition unit (search target extraction unit 144) that acquires group information (a list of search target data belonging to the group) associated with access control information (a list of groups to which the user has access authority) .
-Index information corresponding to a group of document files (search target data) grouped by group information according to the contents of group information (list of search target data belonging to the group) (search target data to which the user has access authority) Index information acquisition unit (search target extraction unit 144).

The search apparatus 100 (document search system) described above further includes the following functional blocks.
An index information management unit that changes the document file constituting the group according to the attribute information of the document file (search target data) according to the contents of the group information (group condition data 540), and regenerates the index information (group affiliation data 550). (Affiliation extraction unit 123).

The document search system (search apparatus 100) performs a keyword search of an electronic document file (search target data).
The user information storage unit (user attribute storage unit 113) stores user information (user attribute data 510) that is attribute information of all users.
The role information storage unit (role condition storage unit 114) defines role information (role condition data 520) that defines conditions (attribute conditions) for grouping users according to the contents of user information (attributes the user has). ).
The access control information storage unit (role authority storage unit 115) is access control information that defines conditions for associating role information (a role possessed by a user) and group information (a group having an access authority for a user having the role). (Role authority data 530) is stored.
The group information storage unit (group condition storage unit 116) stores group information (group condition data 540) defining conditions (grouping conditions) for grouping document files (search target data).
The document file storage unit (search target storage unit 122) stores a document file (search target data) that is a document search target.
The index information storage unit (group affiliation storage unit 125) is created for each document file group grouped according to the contents of group information (affiliation conditions) stored in the document file storage unit (search target storage unit 122). An index file (group affiliation data 550) is stored.
The user information acquisition unit (user attribute determination unit 141) acquires user information (attributes possessed by the user) of the specified user (user) from the user information storage unit (user attribute storage unit 113). To the access authority determination unit (user role determination unit 142).
The role information acquisition unit (user role determination unit 142) acquires the role information (attribute condition) stored in the role information storage unit (role condition storage unit 114), and the access authority determination unit (user role determination unit). 142).
The access authority determination unit (user role determination unit 142) includes user information (attributes possessed by the user) acquired from the user information acquisition unit (user attribute determination unit 141) and role information acquisition unit (user role determination). Using the role information (attribute condition) acquired from the section 142), role information (role possessed by the user) to which the user (user) designated by the search section belongs is determined.
The access control information acquisition unit (user authority determination unit 143) is access control information associated with role information (the role possessed by the user) specified by the access authority determination unit (user role determination unit 142). (A list of groups to which the user has access authority) is acquired from the access control information storage unit (role authority storage unit 115).
The group information acquisition unit (search target extraction unit 144) is linked to access control information (a list of groups to which the user has access authority) specified by the access control information acquisition unit (user authority determination unit 143). Group information (group index data 544) is acquired from the group information storage unit (group condition storage unit 116).
The index information acquisition unit (search target extraction unit 144) accesses an index file (accessing the user) associated with the group information (group index data 544) specified by the group information acquisition unit (search target extraction unit 144). The search target data list belonging to the authorized group is acquired from the index information storage unit (group affiliation storage unit 125).
The search unit (data search unit 152) calls the access authority determination unit (user role determination unit 142) in response to a keyword (search condition) input from the keyword input unit (search condition input unit 151) to obtain index information. The index file is acquired from the search unit (search target extraction unit 144), and the result of the keyword search using the index file is provided to the keyword input unit (search result output unit 153).
In the keyword input unit (search condition input unit 151), the user inputs a keyword (search condition) and provides the content to the search unit (data search unit 152).

  The user information (user attribute data 510) is information belonging to the user (user), and includes identification information (user identification data 511) for uniquely identifying the user and a plurality of attribute information possessed by the user. The For example, the identification information (user identification data 511) includes a user ID, the attribute information includes the organization (affiliation organization data 512) that is the name of the organization to which the organization belongs, and the title (title data) that is the name of the title of the organization. 513), employee classification (employee classification data 514) indicating whether it is an employee, allocation classification (assignment classification data 515) indicating whether the assignment is the main duty or concurrent duties, and other (other attribute data 516) indicating other attribute information Use one piece of information. Further, for example, user information may be provided for each user affiliation, and a user having a plurality of affiliations may have a plurality of attribute information for one user ID.

  The role information (role condition data 520) is information for grouping users (users), identification information for uniquely identifying role information (role identification data 521), and users grouped by the role (role). (Attribute condition data 523) and other information. For example, a role ID is used for the identification information (role identification data 521), and a condition (attribute condition) that defines the attribute value that the user should have in the grouping for the user condition (attribute condition data 523). ) For other information, the name of the role (role name data 522) is used.

  The access control information (role authority data 530) is group information of electronic document files (data to be searched) that can be accessed by users (users having a role) corresponding to the role information (users having that role have access authority). Information that can uniquely identify access control information (authority identification data 531), information that can uniquely identify corresponding role information (role) (authority role data 532), It consists of information (authority group data 533) that can uniquely identify the corresponding group information. For example, an access control ID is assigned to information (authority identification data 531) that can uniquely identify access control information, and a role ID (role identification data) is assigned to information (authority role data 532) that can uniquely identify role information. A group ID (group identification data) is used as information (authority group data 533) that can uniquely identify group information.

  The group information (group condition data 540) is information for grouping document files (search target data), information that can uniquely identify group information (group identification data 541), and electronic documents to be grouped. It consists of information (affiliation condition data 543) indicating file conditions (affiliation conditions), information (group index data 544) that can uniquely identify an index file corresponding to group information, and other information. For example, the group ID is included in information (group identification data 541) that can uniquely identify group information, and the path and attribute information of the electronic document file are included in information indicating the conditions of the electronic document file (affiliation condition data 543). The condition (affiliation condition) indicating the used conditional expression, the index ID for information (group index data 544) that can uniquely identify the index file, and the group information name (group name data 542) for other information. use.

  First, when a user inputs a keyword (search condition) in the keyword input unit (search condition input unit 151), a keyword character string (search condition) is provided to the search unit (data search unit 152). When receiving the keyword character string (search condition), the search unit (data search unit 152) calls the access authority determination unit (user role determination unit 142).

The access authority determination unit (user role determination unit 142), through the user information acquisition unit (user attribute determination unit 141), the user ID of the user stored in the user information storage unit (user attribute storage unit 113). User information (attributes possessed by the user) is acquired. Next, the access authority determination unit (user role determination unit 142), the role information acquisition unit (user role determination unit 142), the role information data stored in the role information storage unit (role condition storage unit 114). All (role condition data 520) are acquired.
Then, the access authority determination unit (user role determination unit 142) compares the content of the user information of the user (attributes possessed by the user) with the value of the role information data condition (attribute condition), and the user information Judge whether to satisfy.
As a result of the determination, when the condition is satisfied, the access authority determining unit (user role determining unit 142) sets the role ID (role identification data 521) of the role information data to the corresponding role information list (search user role data). ).
This process is performed for all role information data, and the access authority determination unit (user role determination unit 142) uses the access control information for the role ID stored in the corresponding role information list created as a result. This is provided to the acquisition unit (user authority determination unit 143).
Note that the role information (role possessed by the user) need not be determined for each call from the search unit (data search unit 152), and the access authority determination unit (user role determination unit 142) The relevant role information list (search user role data) that is executed when the user logs in to the system is retained, and the saved role is stored when called from the search unit (data search unit 152) The role information in the information list (search user role data) may be provided to the access control information acquisition unit (user authority determination unit 143).

The access control information acquisition unit (user authority determination unit 143) first acquires the role ID (search user role data) provided from the access authority determination unit. Next, the access control information acquisition unit (user authority determination unit 143) receives all access control information data (role authority data 530) registered therein from the access control information storage unit (role authority storage unit 115). To get.
Subsequently, the access control information acquisition unit (user authority determining unit 143) performs the role ID (search user) provided from the access authority determining unit (user role determining unit 142) for all access control information data. (Role data) is checked, and if it is held, the authority group data 533 of the access control information data is added to the corresponding access control information list (search user group data).
After checking all access control information data, the access control information acquisition unit (user authority determination unit 143) uses the access control information stored in the corresponding access control information list (search user group data). Is provided to the group information acquisition unit (search target extraction unit 144).

  The group information acquisition unit (search target extraction unit 144) first acquires the access control information (search user group data) provided from the access control information acquisition unit (user authority determination unit 143). Next, the group information acquisition unit (search target extraction unit 144) acquires a group ID from all the acquired access control information, and deletes the overlapping portion of the group ID. Subsequently, the group information acquisition unit (search target extraction unit 144) searches the group information storage unit (group condition storage unit 116) using the group ID (s) as a key, and has any group ID. All group information (group condition data 540) is acquired, and index IDs of all acquired group information are provided to the index information acquisition unit (search target extraction unit 144).

  The index information acquisition unit (search target extraction unit 144) acquires the index file 551 corresponding to the index ID acquired from the group information acquisition unit (search target extraction unit 144) from the index information storage unit (group affiliation storage unit 125). To the search unit (data search unit 152). When there are a plurality of index IDs, the index information acquisition unit (search target extraction unit 144) provides all corresponding index files 551.

  The search unit (data search unit 152) uses the index file 551 (plural) provided from the index information acquisition unit (search target extraction unit 144) to enter the keyword input from the keyword input unit (search condition input unit 151). A document file (search target data) corresponding to (search condition) is searched, and the result is provided to the keyword input unit (search result output unit 153).

  In this way, access control is performed using the user ID of the user, only the index file accessible by the user is extracted, and keyword search is performed using it. As a result, a keyword search narrowed down to a document file (search target data) accessible by the user can be performed.

  As described above, an index file that can be accessed with the user's authority is acquired, and a keyword search is performed using the index file, enabling a document search narrowed down to the user's accessible document file (search target data). It becomes.

By using the role information (the role possessed by the user) that is the group definition of the user, it is possible to eliminate the need to modify the index file when the user's authority changes such as personnel changes.
That is, the user is linked to the index file by using role information (a role possessed by the user) that is the group definition information of the user. The role information can be defined as a condition (attribute condition) by combining not only the user ID but also attribute information such as the user's belonging organization and post. When attribute information is used, role information corresponding to the new attribute information is automatically applied when the attribute information of the user is changed. Therefore, it is possible to narrow down a document file (search target data) according to the new authority of the user without changing the index information, group information, access control information, and role information.

The group information management unit (affiliation extraction unit 123 / affiliation update unit 124) manages the index file 551 used for the search.
The group information management unit (affiliation update unit 124) regenerates the affiliation index data 552 and changes the index information storage unit (group affiliation storage unit 125) when there is a change in the content of the document file group corresponding to the group information condition. The index file 551 in () is updated.

  The group information management unit (affiliation extraction unit 123) acquires all group information (group condition data 540) stored in the group information storage unit (group condition storage unit 116). Next, the group information management unit (affiliation update unit 124) acquires the index file 551 associated with those index IDs from the index information storage unit (group affiliation storage unit 125). Similarly, the group information management unit (affiliation extraction unit 123) acquires a document file (search target data) corresponding to the group information condition (affiliation condition) from the document file storage unit (search target storage unit 122). Thereafter, the group information management unit (affiliation update unit 124) checks whether the corresponding file of the index file data matches the document file corresponding to the condition, and if different, regenerates the belonging index data 552. The index file 551 in the index information storage unit (group affiliation storage unit 125) is updated.

The group information management unit (affiliation extraction unit 123) periodically searches the document file storage unit (search target storage unit 122) for a document file (search target data) corresponding to the group information condition (affiliation condition), If there is a change in the content or attribute of the document file by checking whether it matches the target document file of the index information, the change content is immediately updated by updating the index file (group affiliation data 550). Is applied to the document file search.
By periodically performing this, it is possible to automatically reflect changes in the contents of the document file in the keyword search.

  As a result, when performing a keyword search, the index file is updated according to the contents of the document file depending on the date and time of access. Therefore, only the optimal document file can be searched for at the time of access. .

  As described above, the search target can be narrowed down according to not only the contents of the user information of the user but also the contents of the document file at the time of access.

Embodiment 2. FIG.
The second embodiment will be described with reference to FIGS.
Note that portions common to the search system 800 and the search device 100 described in the first embodiment are denoted by the same reference numerals, and description thereof is omitted.

  FIG. 15 is a diagram showing an example of role authority data 530 stored in the role authority storage unit 115 in this embodiment.

The role authority data stored in the role authority storage unit 115 in this embodiment includes a role possessed by the user, an access authority possessed by the user having the role, and a condition for validating the access authority (hereinafter referred to as “effective condition”). ")."
The role authority data 530 is data composed of one or more sets of authority identification data 531, authority role data 532, authority group data 533, and valid condition data 534.

  The valid condition data 534 is character string data representing a valid condition for which the access authority is valid.

In the role authority data 530 in this example, for example, an access authority whose authority identification data 531 is “ACL001” represents that it is always effective because the valid condition data 534 is blank.
The access authority whose authority identification data 531 is “ACL002” represents that it is valid only from 8:00 to 17:00 on weekdays.
The access authority whose authority identification data 531 is “ACL003” and the access authority whose authority identification data 531 is “ACL013” are paired, and the access authority whose authority identification data 531 is “ACL003” is 3 The access authority that is valid until the 10th of the month and whose authority identification data 531 is “ACL013” indicates that it is effective from March 11th.

  The user authority determination unit 143 uses the CPU 911 to input the search user role data output from the user role determination unit 142. Using the CPU 911, the user authority determining unit 143 determines the access authority of the user having the role represented by the input search user role data based on the role authority data stored in the role authority storage unit 115, Further, it is determined whether or not a valid condition for enabling the access authority is satisfied, and a group that the user may access is determined. Using the CPU 911, the user authority determination unit 143 outputs search user group data representing the determined group.

FIG. 16 is a flowchart showing an example of the flow of the user authority determining step S640 in which the user authority determining unit 143 determines the access authority of the user in this embodiment.
The user authority determining step S640 includes an authority validity determining step S644b in addition to the steps described in the first embodiment.

  In the role authority input step S643, the user authority determination unit 143 uses the CPU 911 to select from the role authority data 530 stored in the role authority storage unit 115 a set of authority identification data 531 that has not yet been processed, authority Role data 532, authority group data 533, and valid condition data 534 are input. Using the CPU 911, the user authority determining unit 143 determines that all data sets included in the role authority data 530 stored in the role authority storage unit 115 have been processed, and there is no data set that can be input. In this case, the process proceeds to the user authority output step S647.

  In the access authority determination step S644, the user authority determination unit 143 uses the CPU 911 to determine that there is role identification data included in both the search user role data and the authority role data 532, that is, If the user has the access authority, the process proceeds to the authority validity determination step S644b.

In the authority validity determination step S644b, the user authority determination unit 143 uses the CPU 911 to determine whether the effective condition represented by the effective condition data input in the role authority input step S643 is satisfied. If the valid condition is satisfied, the access authority is valid.
If the user authority determining unit 143 uses the CPU 911 to determine that the validity condition is satisfied, that is, if the access authority is valid, the user authority determining unit 143 proceeds to the group list adding step S645.
If the user authority determining unit 143 uses the CPU 911 to determine that the validity condition is not satisfied, that is, if the access authority is invalid, the user authority determining unit 143 proceeds to the role authority repeating step S646.

  As described above, the user authority determining unit 143 can determine only the effective access authority among the access authorities of the user by determining the validity of the access authority in the authority validity determining step S644b. .

  Next, the flow of search processing will be described using a specific example.

  In the following example, it is assumed that the role authority storage unit 115 stores the role authority data 530 illustrated in FIG.

  It is assumed that a user having a role whose role identification data 521 is “ROL002” intends to search for search target data at 3:00 pm on weekdays. The user authority determining unit 143 determines that “ROL002” is included in the authority role data 532 of the access authority whose authority identification data 531 is “ACL002”, and that the effective condition represented by the effective condition data 534 is satisfied, “GRP002” is added to the search user group data. Therefore, the user can search for search target data belonging to a group whose group identification data 541 is “GRP002”.

  It is assumed that the same user is searching for search target data at 10:00 am on Saturday. The user authority determination unit 143 determines that “OLOL002” is included in the authority role data 532 of the access authority whose authority identification data 531 is “ACL002”, but the effective condition represented by the effective condition data 534 is not satisfied. Therefore, “GRP002” is not added to the search user group data. Therefore, the user cannot search the search target data belonging to the group whose group identification data 541 is “GRP002”.

  Thus, since the access authority can be limited based on the day of the week or the time zone, the range of search target data that can be searched by the user can be changed on the condition that it is a working hour zone.

  Further, it is assumed that a user having a role whose role identification data 521 is “ROL004” is going to search the search target data on March 5. The user authority determining unit 143 determines that “ROL004” is included in the authority role data 532 of the access authority whose authority identification data 531 is “ACL003”, and that the effective condition represented by the effective condition data 534 is satisfied, “GRP003” and “GRP005” are added to the search user group data. Therefore, the user can search for search target data belonging to a group whose group identification data 541 is either “GRP003” or “GRP005”.

  It is assumed that the same user is going to search the search target data on March 13. The user authority determining unit 143 determines that “ROL004” is included in the authority role data 532 of the access authority whose authority identification data 531 is “ACL013”, and that the effective condition represented by the effective condition data 534 is satisfied, “GRP003” is added to the search user group data. Therefore, the user can continue to search for search target data belonging to a group whose group identification data 541 is “GRP003”, but cannot search for search target data belonging to a group whose group identification data 541 is “GRP005”.

  As described above, when the access authority is changed after a certain day, if the role authority storage unit 115 stores the role authority data 530 in which the administrator sets the effective condition based on the date in advance, The access authority can be automatically changed on the day before or the day when the access authority is changed without any work. Therefore, the administrator's workload can be reduced, and information leakage due to an administrator's mistake can be prevented.

  In this example, conditions relating to date and time are taken up as valid conditions for access authority. However, valid conditions are not limited to conditions relating to date and time, and various other conditions may be valid conditions.

In the search device 100 according to this embodiment, the role authority storage unit 115 uses the storage device (magnetic disk device 920), the role possessed by the user, the access authority possessed by the user having the role, Role authority data 530 representing a combination with an effective condition that enables the access authority is stored.
Based on the role authority data stored in the role authority storage unit 115, the user authority determination unit 143 uses the processing device (CPU 911) to determine the effective access authority that the user who specified the search condition has. judge.

  Thereby, since the access authority of the user can be changed based on various conditions, the workload of the administrator can be reduced, and information leakage due to an administrator's mistake or the like can be prevented.

The search apparatus 100 (document search system) described above further includes the following functional blocks.
An access control information acquisition unit that changes the association between role information and group information according to the date according to the contents of the access control information (role authority data 530).

The access control information storage unit (role authority storage unit 115) is effective in associating the role information (the role possessed by the user) with the group information (the group having the access authority for the user having the role) and this information. The access control information (role authority data 530) that defines the conditions (valid conditions) to become is stored.
The access control information acquisition unit (user authority determination unit 143) is access control information associated with role information (the role possessed by the user) specified by the access authority determination unit (user role determination unit 142). Among them, only those satisfying the valid conditions (valid conditions) defined in the access control information are acquired and provided to the group information acquisition unit (search target extraction unit 144).

  The access control information (role authority data 530) includes the conditions for enabling the access control information (valid condition data 534) in addition to the information of the access control information (role authority data 530) of the first embodiment. . For example, when a date is used as a valid condition and the condition is set, the access control information is valid only when the date falls under the condition.

The access control information acquisition unit (user authority determination unit 143) first acquires the role ID (search user role data) provided from the access authority determination unit (user role determination unit 142).
Next, the access control information acquisition unit (user authority determination unit 143) receives all access control information data (role authority data 530) registered therein from the access control information storage unit (role authority storage unit 115). To get.
Subsequently, the access control information acquisition unit (user authority determination unit 143) assigns any of the role IDs provided from the access authority determination unit (user role determination unit 142) to all access control information data. Check if it has, and if so, check the conditions for valid access control information. If the condition is satisfied as a result of the check, the access control information acquisition unit (user authority determination unit 143) adds the access control information (authority group data) to the effective access control information list (search user group data). To do. After checking all access control information, the access control information acquisition unit (user authority determination unit 143) displays the access control information stored in the effective access control information list (search user group data). To the group information acquisition unit (search target extraction unit 144).

Since the access control information is valid only when a valid condition is satisfied, the period during which the access control information can be used can be limited.
As a result, for example, a restriction that only the working hours can be searched can be applied to the document file (search target data).
Also, since access control information that becomes valid at a later date can be registered in advance, it is not necessary to add or change access control information on that day, and the management load can be reduced.
Thereby, it is possible to reduce the work of the day.
Similarly, by setting the expiration date to the valid condition, the access control information is automatically invalidated on the current day, so it is not necessary to delete or change the access control information on the current day. Management load can be reduced.
The effective condition is not limited to the date and time, but other information such as an implementation location may be used.

  As described above, the search target can be narrowed down according to not only the contents of the user information of the user but also conditions such as the time when the user performed the keyword search. In addition, the administrator of the access control information can register information in advance and change / delete information afterwards, thereby reducing the management load.

1 is a system configuration diagram illustrating an example of an overall configuration of a search system 800 according to Embodiment 1. FIG. FIG. 3 is a diagram illustrating an example of the appearance of a search device 100, an administrator terminal device 810, and a user terminal device 820 in the first embodiment. FIG. 3 is a diagram illustrating an example of hardware resources of the search device 100, the administrator terminal device 810, and the user terminal device 820 in the first embodiment. FIG. 3 is a block configuration diagram illustrating an example of a functional block configuration of the search device 100 according to the first embodiment. 6 is a diagram showing an example of user attribute data 510 stored in a user attribute storage unit 113 according to Embodiment 1. FIG. FIG. 6 is a diagram illustrating an example of role condition data 520 stored in a role condition storage unit 114 according to the first embodiment. 6 is a diagram illustrating an example of role authority data 530 stored in the role authority storage unit 115 according to Embodiment 1. FIG. 6 is a diagram showing an example of group condition data 540 stored in the group condition storage unit 116 according to Embodiment 1. FIG. 6 is a diagram illustrating an example of group affiliation data 550 stored in the group affiliation storage unit 125 according to Embodiment 1. FIG. The flowchart figure which shows an example of the flow of the search process in which the search device 100 in Embodiment 1 searches search object data. The flowchart figure which shows an example of the flow of user role determination process S630 in which the user role determination part 142 in Embodiment 1 determines a user's role. The flowchart which shows an example of the flow of user authority determination process S640 in which the user authority determination part 143 in Embodiment 1 determines a user's access authority. The flowchart figure which shows an example of the flow of search object extraction process S650 in which the search object extraction part 144 in Embodiment 1 extracts search object data. The flowchart figure which shows an example of the flow of data search process S670 in which the data search part 152 in Embodiment 1 searches search object data. FIG. 10 is a diagram illustrating an example of role authority data 530 stored in a role authority storage unit 115 according to the second embodiment. The flowchart which shows an example of the flow of user authority determination process S640 in which the user authority determination part 143 in Embodiment 2 determines a user's access authority.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 100 Search apparatus, 111 Management information input part, 112 Management information update part, 113 User attribute storage part, 114 Role condition storage part, 115 Role authority storage part, 116 Group condition storage part, 121 Search target update part, 122 Search target Storage unit, 123 affiliation extraction unit, 124 affiliation update unit, 125 group affiliation storage unit, 126 replication storage unit, 131 authentication storage unit, 132 authentication input unit, 133 authentication determination unit, 134 user identification storage unit, 141 user attribute Determination unit 142 User role determination unit 143 User authority determination unit 144 Search target extraction unit 151 Search condition input unit 152 Data search unit 153 Search result output unit 510 User attribute data 511 User identification Data, 512 organization data, 513 post data, 514 employee classification data, 51 5 Assignment classification data, 516 Other attribute data, 520 Role condition data, 521 Role identification data, 522 Role name data, 523 Attribute condition data, 530 Role authority data, 531 Authority identification data, 532 Authority role data, 533 Authority group data, 534 valid condition data, 540 group condition data, 541 group identification data, 542 group name data, 543 affiliation condition data, 544 group index data, 550 group affiliation data, 551 index file, 552 affiliation index data, 800 search system, 810 management User terminal device, 820 user terminal device, 901 display device, 902 keyboard, 903 mouse, 904 FDD, 905 CDD, 906 printer device, 907 Scanner device, 910 system unit, 911 CPU, 912 bus, 913 ROM, 914 RAM, 915 communication device, 920 magnetic disk device, 921 OS, 922 window system, 923 program group, 924 file group, 931 telephone, 932 facsimile machine 940 Internet, 941 Gateway, 942 LAN.

Claims (11)

A storage device for storing data, a processing device for processing data, a search target storage unit, a user attribute determination unit, a user role determination unit, a user authority determination unit, a search target extraction unit, and a search It has a condition input part, a data search part, and a search result output part,
The search target storage unit stores search target data to be searched using the storage device,
The search condition input unit inputs the search condition specified by the user using the processing device,
The user attribute determination unit determines an attribute of the user who specified the search condition using the processing device,
The user role determination unit determines the role of the user who specified the search condition based on the attribute determined by the user attribute determination unit using the processing device,
The user authority determination unit determines the access authority of the user who specified the search condition based on the role determined by the user role determination unit using the processing device,
The search target extraction unit specifies the search condition from the search target data stored in the search target storage unit based on the access authority determined by the user authority determination unit using the processing device. Extract search target data to which the user has access authority,
The data search unit uses the processing device to search for search target data satisfying the search condition input by the search condition input unit from the search target data extracted by the search target extraction unit,
The search apparatus according to claim 1, wherein the search result output unit outputs the search result searched by the data search unit using the processing device. The search device further includes a role authority storage unit,
The role authority storage unit stores role authority data representing a combination of a role possessed by the user and an access authority possessed by the user having the role, using the storage device,
The user authority determining unit determines an access authority of a user who has specified the search condition based on the role authority data stored in the role authority storage unit using the processing device. The search device according to claim 1. The role authority storage unit uses the storage device to store role authority data representing a combination of a role possessed by the user, an access authority possessed by the user having the role, and an effective condition for enabling the access authority. Remember
The user authority determining unit determines effective access authority of a user who has specified the search condition based on the role authority data stored in the role authority storage unit using the processing device. The search device according to claim 2. The search device further includes a group affiliation storage unit,
The group affiliation storage unit stores group affiliation data representing a combination of search target data and a group to which the search target data belongs, using the storage device,
The search target extraction unit extracts, using the processing device, search target data belonging to a group to which the user who has specified the search condition has access authority based on the group affiliation data stored in the group affiliation storage unit The search device according to any one of claims 1 to 3, wherein The search device further includes a group condition storage unit and an affiliation extraction unit,
The group condition storage unit uses the storage device to store group condition data representing a combination of a group to which the search target data belongs and an affiliation condition satisfied by the search target data belonging to the group,
The affiliation extraction unit is a search target that satisfies the affiliation condition from the search target data stored in the search target storage unit based on the group condition data stored in the group condition storage unit using the processing device. Extract the data, generate the above group affiliation data based on the extracted search target data,
The search apparatus according to claim 4, wherein the group affiliation storage unit stores group affiliation data generated by the affiliation extraction unit using the storage device. The search device further includes an affiliation update unit,
The affiliation update unit uses the processing device to store the search target storage unit based on the group condition data stored in the group condition storage unit when the search target storage unit stores new search target data. 6. The search according to claim 5, wherein the affiliation condition satisfied by the newly stored search target data is extracted, and the group affiliation data stored in the group affiliation storage unit is updated based on the extracted affiliation condition. apparatus.   When the search target data stored in the search target storage unit is updated using the processing device, the affiliation update unit is updated based on the group condition data stored in the group condition storage unit 7. The search apparatus according to claim 6, wherein the belonging conditions satisfied by the target data are extracted, and the group belonging data stored in the group belonging storage unit is updated based on the extracted belonging conditions. The search device further includes a user attribute storage unit,
The user attribute storage unit uses the storage device to store user attribute data representing a combination of a user and the attributes of the user,
The user attribute determination unit is configured to determine an attribute of a user who has specified the search condition based on user attribute data stored in the user attribute storage unit using the processing device. The search device according to any one of claims 1 to 7. The search device further includes a role condition storage unit,
The role condition storage unit stores role condition data representing a combination of an attribute condition for an attribute possessed by the user and a role possessed by the user satisfying the attribute condition using the storage device,
The user role determination unit determines the role of the user who specified the search condition based on the role condition data stored in the role condition storage unit using the processing device. The search device according to any one of claims 1 to 8.   A computer program for causing a computer to function as the search device according to any one of claims 1 to 9. In a search method in which a search device having a storage device for storing data and a processing device for processing data searches for search target data stored in the storage device,
The above processing device inputs the search conditions specified by the user,
The processing device determines the attribute of the user who specified the search condition,
Based on the determined attribute, the processing device determines the role of the user who specified the search condition,
Based on the determined role, the processing device determines the access authority that the user who specified the search condition has,
Based on the determined access authority, the processing device extracts from the search object data search object data that the user who specified the search condition has access authority,
The processing device searches for the search target data satisfying the input search condition from the extracted search target data,
A search method, wherein the processing device outputs a search result searched.

Images