JP2011186675A - Information reference control system, apparatus and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To control reference to information in a plurality of systems while ensuring security. <P>SOLUTION: On the basis of first and second reference keys indicative of section and position in reference key information 11b corresponding to an employee code in employee mapping information 21a corresponding to a login ID received from a telephone directory information management system 30, a reference control apparatus 20 extracts first and second reference keys subordinate to the above first and second reference keys from reference security tree information 21b, and transmits referable login IDs corresponding to the subordinate first and second reference keys to the telephone directory information management system 30. The telephone directory information management system 30 transmits referable data corresponding to the login IDs as view information 31b to a client apparatus 40. Each information management system 30, 30' is thus configured to refer to referable data corresponding to login IDs subordinate in section and position to the login user. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to an information reference control system, apparatus, and program. For example, the present invention relates to an information reference control system, apparatus, and program that can perform reference control of information on a plurality of systems while ensuring security.

  Conventionally, as a method of controlling the reference of information, for example, a method of controlling access to personal information using an access control list (for example, refer to Patent Document 1), or a department and a job position that are personnel information of an organization. A method for determining the presence or absence of an access right (see, for example, Patent Document 2) has been proposed.

JP 2005-196699 A, paragraph 39. Japanese Patent Laying-Open No. 2009-104646, paragraph 79.

  However, the methods described in Patent Documents 1 and 2 described above are limited to one system, and the integration of a plurality of systems is not mentioned.

  Further, when integrating a plurality of systems, it is necessary to secure security of each system in consideration of security for each system. For this reason, the combination of the system and the security becomes enormous, and it becomes extremely difficult to perform reference control of information of a plurality of systems.

  The present invention has been made in view of the above circumstances, and an object thereof is to provide an information reference control system, apparatus, and program capable of performing reference control on information of a plurality of systems while ensuring security.

  One aspect of the present invention is an information reference control system including a reference control device that can communicate from a plurality of information management systems that can log in from a client device, and a personnel management device that can communicate from the reference control device. The personnel management device includes a reference key for storing reference key information in which a member number, a first reference key indicating the organization to which the member belongs, and a second reference key indicating the position of the member are associated with each other. Information storage means, reference key transmission means for transmitting the first reference key and the second reference key in the reference key information storage means corresponding to the member number received from the reference control device to the reference control device, and Member number transmission for transmitting each member number in the reference key information storage means corresponding to each first reference key and each second reference key received from the reference control device to the reference control device A member mapping information storage means for storing member mapping information in which a login ID of each information management system and a member number of the personnel management device are associated with each other as the reference control device; A reference security tree information storage unit that stores reference security tree information that includes a plurality of first reference keys that rank each other with reference authority and a plurality of second reference keys that rank each other with reference authority. A member number transmitting means for transmitting a member number in the member mapping information corresponding to the login ID received from the information management system to the personnel management device; a first reference key received from the personnel management device; Based on the two reference keys, the first reference key and the second reference key are respectively lower in rank than the first reference key and the second reference key. Reference key extraction means for extracting a reference key from the reference security tree information, and each member received from the personnel management device that transmits the extracted first reference key and each second reference key to the personnel management device. Login ID transmission means for transmitting each login ID in the member mapping information corresponding to the number to any one of the information management systems, and each information management system includes a login ID and referenceable data The referenceable information storage means for storing the referenceable information associated with each other and the login ID received from the client device to the reference control device, and the referenceable information corresponding to each login ID received from the reference control device Information reference control comprising: referenceable data transmitting means for transmitting referenceable data in the client device to the client device System.

  In addition, although one aspect of the present invention represents a collection of devices as a system, the present invention is not limited thereto, and a computer that stores a collection of devices or a single device as a device, a method, a program, or a program. It may be expressed as a readable storage medium.

(Function)
In one aspect of the present invention, when the reference control device receives a login ID from any of the information management systems, the reference control device includes the reference key information corresponding to the member number in the member mapping information corresponding to the login ID. Based on the first and second reference keys indicating the organization and job title, the first and second reference keys with lower rank than the first and second reference keys are extracted from the reference security tree information, and the rank is lower. Each login ID that can be referred to corresponding to the first and second reference keys is transmitted to the information management system. Thereafter, the information management system transmits the referenceable data corresponding to each login ID to the client device.

  As described above, the member mapping information for integrating the login IDs of the plurality of information management systems into the member numbers, and the first and second reference keys indicating the organization and job title of the members of the integrated member numbers. By using the reference security tree information indicating the order, it is possible to refer to the referenceable data corresponding to each login ID whose order is lower than the organization and position of each logged-in member for each information management system. Therefore, it is possible to reference and control information of a plurality of systems while ensuring security.

  As described above, according to the present invention, it is possible to reference and control information of a plurality of systems while ensuring security.

It is a schematic diagram which shows the structure of the information reference control system which concerns on the 1st Embodiment of this invention. It is a schematic diagram for demonstrating the structure of the memory | storage part of the personnel management apparatus in the embodiment. It is a schematic diagram for demonstrating the structure of the memory | storage part of the reference control apparatus in the embodiment. It is a schematic diagram for demonstrating the reference security tree information in the embodiment. It is a schematic diagram for demonstrating the structure of the memory | storage part of the telephone directory information management system in the embodiment. It is a sequence diagram for demonstrating the operation | movement in the embodiment. It is a schematic diagram for demonstrating the reference security tree information in the 2nd Embodiment of this invention. It is a sequence diagram for demonstrating the operation | movement in the embodiment. It is a mimetic diagram for explaining a modification of reference security tree information in the embodiment. It is a schematic diagram for demonstrating the employee mapping information for complementation in the 3rd Embodiment of this invention. It is a sequence diagram for demonstrating the operation | movement in the embodiment.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. Each of the following devices can be implemented for each device with either a hardware configuration or a combination configuration of hardware resources and software. As the software of the combined configuration, a program that is installed in advance on a computer of a corresponding device from a network or a storage medium and that realizes the function of the corresponding device is used.

<First Embodiment>
First, the outline of the first embodiment will be described.

  In the first embodiment, items serving as security keys such as an organization and a job title are set based on employee information as personnel information. The set item is called a reference key. The reference key is appropriately changed according to the change or change of the personnel organization.

  On the other hand, a reference control apparatus that performs reference control of information of each system (hereinafter also referred to as an information management system) manages logical security tree information (hereinafter also referred to as reference security tree information) for the reference key.

  For example, it manages reference security tree information indicating an order between reference keys such that an upper organization can refer to information of a lower organization, and a post can refer to information of a general person. When referring to the information of each system, information that can be referred to is extracted from the reference key of the logged-in member (such as an employee) and the reference security tree information.

  Thereby, it is possible to refer to data of a plurality of systems related to individuals while ensuring security based on personnel information managed by personnel.

  The above is the outline of the first embodiment. Next, details of the first embodiment will be described.

  FIG. 1 is a schematic diagram showing the configuration of the information reference control system according to the first embodiment of the present invention, and FIGS. 2 to 5 are schematic diagrams for explaining the configuration or information of each storage unit.

  As shown in FIG. 1, the information reference control system includes a personnel management device 10, a reference control device 20, a telephone directory information management system 30,..., Another information management system 30 ′, and a client device 40.

  Here, in the personnel management apparatus 10, a storage unit 11, a communication unit 12, an input / output unit 13, a CPU 14, and an HDD (hard disk drive) 15 are connected to each other via a bus.

  The storage unit 11 is a main memory that can be read / written from the CPU 14, and stores employee information 11a, reference key information 11b, announcement information 11c, and a management program 11p.

  Here, as shown in FIG. 2, the employee information 11a includes an employee code (member number), an announcement date, an organization code indicating the organization to which the employee (member) belongs, and the title of the employee. This is information that associates the job title code shown with other personnel management information (birth date, address, telephone number, salary account number, resume information, pension number, etc.) of the employee concerned. An employee is an example of a member. Other examples of the member include a staff member, a clerk, a staff member, a member member, a committee member, a member member, and the like, and any name is included in the sense of a member member of the group. The employee code may be read as an employee number.

  The reference key information 11b is information that associates an employee code, a first reference key that indicates the organization to which the employee belongs, and a second reference key that indicates the position of the employee. The first reference key is an organization code value, and the second reference key is a post code value. The term “reference key” may be read as “security key”.

  The announcement information 11c is information for managing a person's transfer. Specifically, for example, the employee code, the announcement date, the organization code indicating the organization to which the employee belongs, and the title of the employee are shown. This information is associated with the post code.

  When the management program 11p is executed by the CPU 14, the following functions (f11p-1) to (f11p-3) in addition to the normal function for creating / editing personnel information such as employee information 11a and announcement information 11c Is a program for causing the personnel management device 15 to realize the above.

  (F11p-1) A function of writing, in the storage unit 11, reference key information 11b that associates an employee code, a first reference key indicating the organization to which the employee belongs, and a second reference key indicating the position of the employee.

  (F11p-2) A reference key transmission function for transmitting the first reference key and the second reference key in the reference key information 11b corresponding to the employee code received from the reference control device 20 to the reference control device 20.

  (F11p-3) An employee code transmission function for transmitting each employee code in the reference key information 11b corresponding to each first reference key and each second reference key received from the reference control device 20 to the reference control device 20. Here, “each employee code in the reference key information 11b corresponding to each first reference key and each second reference key” means “each employee code in the reference key information 11b corresponding to each first reference key”. And “each employee code in the reference key information 11b corresponding to each second reference key” means each employee code common to each employee code (each employee code that satisfies the AND condition of both “… each employee code”). ing.

  The communication unit 12 is a communication interface with the reference control device 20. Note that, from the viewpoint of simplifying the description, in the subsequent description of the operation, the description that the communication unit 12 is passed during transmission / reception is omitted. This description is omitted in the same manner for the other communication units 22 and 32.

  The input / output unit 13 is an input / output function unit having functions of an input device such as a keyboard and a mouse and a function of a display device such as a liquid crystal display.

  The CPU 14 has a function of executing the management program 11 p in the storage unit 11 in accordance with the operation of the input / output unit 13 and the received data from the reference control device 20.

  The HDD 15 is an auxiliary memory that can be read / written by the CPU 14, and stores the above-described information 11a, 11b, 11c and the management program 11p.

  On the other hand, in the reference control device 20, a storage unit 21, a communication unit 22, a CPU 23, and an HDD (hard disk drive) 24 are connected to each other via a bus.

  The storage unit 21 is a main memory that can be read / written from the CPU 23, and stores a reference agent program 21p including employee mapping information 21a and reference security tree information 21b.

  Here, the employee mapping information (member mapping information) 21a includes, as shown in FIG. 3, the login ID and personnel management device 30 of the telephone directory information management system 30 and other information management systems 30 ′ (each information management system). This is information that associates employee codes with each other.

  As shown in FIG. 4, the reference security tree information 21b is information including a plurality of first reference keys that rank each other with reference authority and a plurality of second reference keys that rank each other with reference authority. In the example shown in FIG. 4, a person whose organization code is A001 as the first reference key can refer to data of people whose organization codes are A011 and A021. In addition, a person whose position code is 001 as the second reference key can refer to the data of all the position codes 002, 003 and 004.

  Here, “information composed of a plurality of first reference keys with reference authority ordered to each other” means, for example, the value of each first reference key and the order of reference authority of each first reference key value. This is information that associates the values of the order tree shown.

  The order tree indicates, for example, the lower digit (the lower three digits in the example of FIG. 4) indicating the identification number of the first reference key and the identification number of the upper layer key having the authority to refer to the data of the first reference key. It consists of the remaining upper digits. The order tree value “001” having no remaining upper digits indicates the highest first reference key “000”.

  As the reference security tree information 21b, arbitrary security can be set by associating a plurality of first reference keys indicating each belonging organization with the same or different order as the actual organization. For example, it is possible to set so that information of employees belonging to an organization subordinate to his / her own organization can be referred to, or to allow all employees of the personnel department to refer to all data. Further, as can be seen from these examples, the second reference key indicating the title is not essential and may be omitted from the reference key information 11b and the reference security tree information 21b. The term “reference security tree information” may be read as “logical security tree information”.

  The reference agent program 21p is a program for causing the reference control device 20 to realize the following functions (f21p-1) to (f21p-3) by being executed by the CPU 23.

  (F21p-1) An employee code transmission function for transmitting the employee code in the employee mapping information 21a corresponding to the login ID received from any one of the information management systems 30 or 30 'to the personnel management apparatus 30.

  (F21p-2) On the basis of the first reference key and the second reference key received from the personnel management device 30, the first reference key and each of the first reference keys which are lower than the first reference key and the second reference key, respectively. 2. Reference key extraction function for extracting reference keys from the reference security tree information 21b.

  (F21p-3) Each login ID in the employee mapping information 21a corresponding to each employee code received from the personnel management apparatus 30 is transmitted to the personnel management apparatus 30 by extracting each extracted first reference key and each second reference key. Login ID transmission function for transmitting the information to any one of the information management systems 30 or 30 ′.

  The communication unit 22 is a communication interface between the personnel management device 10 and the telephone directory information management system 30.

  The CPU 23 has a function of executing the reference agent program 21p in the storage unit 21 in accordance with the received data from the telephone directory information management system 30 and the personnel management apparatus 10.

  The HDD 24 is an auxiliary memory that can be read / written from the CPU 23, and stores the reference agent program 21p including the above-described information 21a and 21b.

  On the other hand, in the telephone directory information management system 30, a storage unit 31, a communication unit 32, a CPU 33, and an HDD (hard disk drive) 34 are connected to each other via a bus.

  The storage unit 31 is a main memory that can be read / written from the CPU 33, and stores telephone directory information 31a, view information 31b, and a reference program 31p.

  Here, the telephone directory information 31a is information in which a login ID and an emergency contact telephone number (referenceable data) are associated with each other as shown in FIG. The term “phone book information” may be read as “referenceable information”.

  The view information 31b is information transmitted to the client device 40 out of the phone book information 31a. Specifically, the view information 31b is stored in the phone book information 31a corresponding to each login ID received from the reference control device 20. It is information consisting of referenceable data. The term “view information” may be read as “reference information”.

  The reference program 31p is a program for causing the telephone directory information management system 30 to implement the following function (f31p-1) by being executed by the CPU 33.

  (F31p-1) The login ID received from the client device 40 is transmitted to the reference control device 20, and the referenceable data in the telephone directory information (referenceable information) 31a corresponding to each login ID received from the reference control device 20 A referenceable data transmission function for transmitting the message to the client device 40. In the following description of the operation, the referenceable data transmitted to the client device 40 is also referred to as view information 31b.

  The communication unit 32 is a communication interface between the client device 40 and the reference control device 20.

  The CPU 33 has a function of executing the reference program 31p in the storage unit 31 in accordance with data received from the client device 40 or the reference control device 20.

  The HDD 34 is an auxiliary memory that can be read / written by the CPU 33, and stores the above-described information 31a, 31b and the reference program 31p.

  On the other hand, the other information management system 30 ′ has the same configuration as the phone book information management system 30, but instead of the phone book information 31a in which the login ID and the emergency contact telephone number (referenceable data) are associated, Other referenceable information associated with the login ID and other referenceable data (e.g., e-mail address, work product, work evaluation, etc.) is stored. The other information management system 30 ′ operates in the same manner as the telephone directory information management system 30 except that the contents of the referenceable data are different. However, in the following description, the operation and the like will be described using the telephone book information management system 30 as a representative example, not the other information management system 30 '.

  On the other hand, the client device 40 has a function of logging in to the telephone book information management system 30 or another information management system 30 ′ by a user operation in addition to a normal computer function, and a logged-in telephone book information management system 30 or When the view information is received from another information management system 30 ′, the view information is displayed.

Next, the operation of the information reference control system configured as described above will be described.
(Preparation)
In the personnel management device 10, the CPU 14 executing the management program 11p creates and edits normal personnel management information such as employee information 11a and announcement information 11c by the operation of the input / output unit 13 by the user. Thereby, for example, employee information 11 a is written in the storage unit 11.

  In the personnel management device 10, the CPU 14 executing the management program 11p by the operation of the input / output unit 13 by the user refers to the employee information 11a and refers to the employee code and the first organization indicating the employee's organization. Reference key information 11b in which the reference key is associated with the second reference key indicating the position of the employee is written in the storage unit 11. As a result, the information reference control system can be executed.

  When there is a personnel change at a later date, in the personnel management apparatus 10, the CPU 14 executing the management program 11p creates and edits the announcement information 11c by the operation of the input / output unit 13 by the user, and the announcement information 11c. Is written in the storage unit 11.

  After that, in the personnel management apparatus 10, the CPU 14 executing the management program 11p by the operation of the input / output unit 13 by the user edits the employee code and the reference key information 11b based on the announcement information 11c. Then, the reference key information 11b in which the first reference key indicating the organization to which the employee belongs and the second reference key indicating the position of the employee is associated is written in the storage unit 11. As a result, the information reference control system can be executed in response to the latest personnel change.

  In the personnel management apparatus 10, reference key information 11b is first created from the employee information 11a, and reference key information 11b is edited from the announcement information 11c from the next personnel change. 11b can be maintained.

  Next, an information reference control operation using the reference key information 11b created and edited in this way will be described with reference to the sequence diagram of FIG.

(Information reference control operation)
The client device 40 transmits a login ID and a password to the telephone directory information management system 30 by a user login operation (ST1). The password may be information that can be authenticated by the user, and may be replaced with biometric information such as fingerprint information, for example.

  In the telephone directory information management system 30, the CPU 33 compares the login ID and password received from the client device 40 with a verification login ID and verification password (not shown) in the storage unit 31, and authenticates that they match. (ST2). If this authentication fails, the telephone directory information management system 30 refuses login.

  When the authentication in step ST2 is successful, in the telephone directory information management system 30, the CPU 33 executing the reference program 31p transmits the login ID received from the client device 40 to the reference control device 20 (ST3).

  In the reference control device 20, the CPU 23 executing the reference agent program 21p extracts the employee code from the employee mapping information 21a based on the login ID (ST4), and transmits the employee code to the personnel management device 10 ( ST5).

  In the personnel management apparatus 10, the CPU 13 executing the management program 11p extracts the first reference key and the second reference key from the reference key information 11b based on the employee code, and the first reference key and the second reference. The key is transmitted to the reference control device 20 (ST6).

  In the reference control device 20, the CPU 23 that is executing the reference agent program 21p collates the first reference key and the second reference key with the reference security tree information 21b (ST7). The first reference key and the second reference key, each having a lower rank than the two reference keys, are extracted from the reference security tree information 21b, and the first reference key and the second reference key are transmitted to the personnel management apparatus 10. (ST8). Here, the first reference key and the second reference key that are extracted and transmitted “lower in order” become the first reference key and the second reference key corresponding to the “referenceable” data. Yes.

  In the personnel management apparatus 10, the CPU 13 executing the management program 11p extracts each employee code from the reference key information 11b based on each first reference key and each second reference key, and refers to each employee code. It transmits to the control apparatus 20 (ST9). Here, each employee code extracted and transmitted is each employee code corresponding to “referenceable” data.

  In the reference control device 20, the CPU 23 executing the reference agent program 21p extracts each login ID from the employee mapping information 21a based on each employee code (ST10), and each login ID is stored in the telephone directory information management system. 30 (ST11). Here, each login ID extracted and transmitted is each login ID corresponding to “referenceable” data.

  In the telephone directory information management system 30, the CPU 33 executing the reference program 31p extracts each referenceable data from the telephone directory information 31a based on each login ID and creates view information 31b (ST12). The view information 31b is transmitted to the client device 40 (ST13).

  When the client device 40 receives the view information 31b from the logged-in telephone directory information management system 30, the client device 40 displays the view information 31b.

  As described above, according to the present embodiment, when the reference control device 20 receives the login ID from the telephone directory information management system 30, the reference key information corresponding to the employee code in the employee mapping information 21a corresponding to the login ID. Based on the first and second reference keys indicating the belonging organization and post in 11b, the first and second reference keys that are lower in rank than the first and second reference keys are extracted from the reference security tree information 21b. Each login ID that can be referred to corresponding to the first and second reference keys below in the order is transmitted to the telephone directory information management system 30. Thereafter, the telephone directory information management system 30 transmits the referenceable data corresponding to each login ID to the client device 40 as view information 31b.

  As described above, the employee mapping information 21a for integrating the login IDs of the plurality of information management systems 30 and 30 ′ into the employee code, and the first and second reference keys indicating the organization and position of the employee of the integrated employee code With the configuration using the reference security tree information 21b indicating the order of each of the information management systems 30 and 30 ′, referenceable data corresponding to each login ID whose order is lower than the organization and position of the logged-in employee. Therefore, it is possible to refer to and control information of a plurality of systems while ensuring security.

  That is, referenceable data can be collected flexibly from a plurality of information management systems 30 and 30 ′ in consideration of security based on personnel information such as an organization. Supplementally, data that can be referred from each information management system 30, 30 ′ based on the user's reference authority determined by the reference key information 11b indicating the holding organization and position and the reference security tree information 21b indicating the order between the reference keys. Can be referred to.

  Further, regarding the person to be referred to and the person to be referred to, it is possible to extract employee information that can be referred to based on information managed by the personnel management apparatus 10. For example, the security (reference authority) can be determined from the relationship between the referring person and the referring person, such as a general manager and a subordinate. For this reason, when viewed from the client device 400, the information reference control system can be constructed as one huge personnel database that integrates the information of the referring person and the referred person. This kind of personnel database makes it possible to refer to the qualifications / special skills (goods) of the referenced people, and analyze the qualifications / special skills (goods) of the referenced people, and arrange the locations of the referenced people. It can also be called a human resource integration database because it is useful when making decisions.

  Further, since security is determined based on personnel information, it is only necessary to change the reference key information 11b from the announcement information 11c according to the change of the organization, and change the security information such as logical security tree information and password. There is no need to do.

  Further, a reference agent program p21 is arranged in each information management system 30,..., 30 ′ by interposing a common reference control device 20 between each information management system 30,. Compared to the configuration described above, the information management systems 30, ..., 30 'can be integrated with a simplified configuration.

<Second Embodiment>
FIG. 7 is a schematic diagram for explaining reference security tree information applied to the information reference control system according to the second embodiment of the present invention.

  That is, the second embodiment is a modified example of the first embodiment, and is different in order according to the system IDs “s001”, “s002”, “s003” of the information management systems 30,. This is a form using reference security tree information 21b1 and 21b2 (different hierarchical structures).

  Specifically, as illustrated in FIG. 7, the storage unit 21 of the reference control device 20 replaces the reference security tree information 21 b of the first embodiment with one or more system IDs of a plurality of system IDs. And a plurality of reference security tree information 21b1 and 21b2 composed of a plurality of first reference keys that rank each other with reference authority and a plurality of second reference keys that rank each other with reference authority.

  Here, since the reference security tree information 21b1 and 21b2 are set according to the system, the key values are common, but the system IDs associated with the key values are different from each other. Since each reference security tree information 21b1, 21b2 represents a different order, the values of one or more of the order trees in the order tree corresponding to the common key value are different. Further, from the viewpoint of simplifying the configuration as compared with the case where security is set for each system, the number of each reference security tree information 21b1, 21b2 is preferably smaller than the number of system IDs.

  Along with this, the reference key extraction function (f21p-2) of the reference agent program 21p performs the information management together with the login ID received from the client device 40 by any information management system (for example, the telephone directory information management system 30). When the system ID indicating the system 30 is transmitted, the reference security tree information 21b1 or 21b2 in the storage unit 21 is selected based on the system ID received from the information management system 30, and the selected reference security tree information 21b1 or 21b2 is selected. The above-described extraction function is provided.

  Next, the operation of the information reference control system configured as described above will be described with reference to the sequence diagram of FIG. Note that steps ST3 'and ST7' surrounded by a broken line are main operations different from those of the first embodiment.

(Preparation)
The preparation operation is executed in the same manner as in the first embodiment.

(Information reference control operation)
First, the operations of steps ST1 and ST2 are executed as described above.

  If the authentication in step ST2 is successful, in the telephone directory information management system 30, the CPU 33 executing the reference program 31p, together with the login ID received from the client device 40, the system ID “s001” indicating the telephone directory information management system 30 Is transmitted to the reference control apparatus 20 (ST3 ′).

  In the reference control device 20, as described above, the CPU 23 executing the reference agent program 21p transmits the employee code in the employee mapping information 21a corresponding to this login ID to the personnel management device 10 (ST4 to ST5).

  In the personnel management device 10, as described above, the CPU 13 executing the management program 11p transmits the first reference key and the second reference key in the reference key information 11b corresponding to the employee code to the reference control device 20. (ST6).

  Here, in the reference control device 20, the CPU 23 executing the reference agent program 21p selects the reference security tree information 21b1 in the storage unit 21 based on the system ID “s001” received in step ST3 ′, and The selected reference security tree information 21b1 is collated with the first reference key and the second reference key received in step ST6 (ST7 ′).

  Further, the CPU 23 of the reference control device 20 extracts, from the reference security tree information 21b1, the first reference key and the second reference key, which are lower than the first reference key and the second reference key, respectively, as a result of the collation. Then, the first reference key and the second reference key are transmitted to the personnel management apparatus 10 (ST8).

  Hereinafter, the operations of steps ST9 to ST13 are performed as described above.

  As described above, according to the present embodiment, the security setting for each system is expressed by the reference security tree information 21b1 and 21b2, and in addition to the effects of the first embodiment, information on a plurality of systems can be more flexibly added. You can refer to it.

  The reference security tree information 21b1 and 21b2 shown in FIG. 7 can be modified as shown in FIG. 9 such as system / tree related information 21c and reference security tree information 21b1 'and 21b2'.

  The system / tree related information 21c is information in which one or more system IDs of a plurality of system IDs are associated with tree IDs indicating the reference security tree information 21b1 'and 21b2'.

  The reference security tree information 21b1 'and 21b2' is information including a tree ID, a plurality of first reference keys that rank each other with reference authority, and a plurality of second reference keys that rank each other with reference authority.

  Even if it deform | transforms in this way, 2nd Embodiment can be implemented similarly and the same effect can be acquired.

<Third Embodiment>
FIG. 10 is a schematic diagram for explaining employee mapping information applied to the information reference control system according to the third embodiment of the present invention.

  That is, the third embodiment is a modification of the first embodiment, and corresponds to a case where the telephone directory information management system 30 uses a login ID different from the login IDs of many information management systems 30 ′,. The reference agent program 21a further includes supplementary employee mapping information 21a ′ in which the different login ID is associated with the employee code.

  Accordingly, the employee code transmission function (f21p-1) of the reference agent program 21p uses the employee code in the employee mapping information 21a or 21a ′ corresponding to the login ID received from any of the information management systems 30 or 30 ′. An employee code transmission function for transmitting to the personnel management device 30 is provided.

  Similarly, the login ID transmission function (f21p-3) of the reference agent program 21p transmits each extracted first reference key and each second reference key to the personnel management apparatus 30 and receives each received from the personnel management apparatus 30. A login ID transmission function for transmitting each login ID in the employee mapping information 21a or 21a ′ used in the function (f21p-1) corresponding to the employee code to any one of the information management systems 30 or 30 ′. .

  Next, the operation of the information reference control system configured as described above will be described with reference to the sequence diagram of FIG. Note that steps ST4 'and ST10' surrounded by a broken line are main operations different from those of the first embodiment.

(Preparation)
The preparation operation is executed in the same manner as in the first embodiment.

(Information reference control operation)
First, the operations in steps ST1 to ST3 are executed in the same manner as in the first embodiment.

  In the reference control device 20, the CPU 23 executing the reference agent program 21p extracts the employee code from the employee mapping information 21a or 21a 'based on the login ID (ST4').

  Supplementally, in step ST4 ′, if the extraction of the employee code from the employee mapping information 21a based on the login ID fails (for example, when the login ID is not in the employee mapping information 21a), the supplement is performed based on the login ID. The employee code is extracted from the employee mapping information 21a ′.

  Thereafter, in the reference control device 20, the CPU 23 that is executing the reference agent program 21p transmits the employee code extracted in step ST4 'to the personnel management device 10 (ST5).

Further, the operations in steps ST6 to ST9 are executed in the same manner as in the first embodiment.
Subsequently, in the reference control device 20, the CPU 23 that is executing the reference agent program 21p uses the complementary employee mapping information 21a ′ used in step ST4 ′ based on each employee code received from the personnel management device 10. Each login ID is extracted (ST10 ′), and each login ID is transmitted to the telephone directory information management system 30 (ST11).

  Hereinafter, the operations in steps ST12 to ST13 are performed as described above.

  As described above, according to the present embodiment, even when the information management system 30 uses a different login ID, the supplementary employee mapping information 21a ′ in which the different login ID is associated with the employee code is referred to as the reference agent program. In addition to the effects of the first embodiment, the configuration further provided by 21p makes it possible to refer to information on a plurality of systems more flexibly.

  The third embodiment can be combined with the second embodiment, and in this case, the effects of the second and third embodiments can be obtained simultaneously.

  Note that the method described in the above embodiment includes a magnetic disk (floppy (registered trademark) disk, hard disk, etc.), an optical disk (CD-ROM, DVD, etc.), a magneto-optical disk (MO) as programs that can be executed by a computer. ), And can be distributed in a storage medium such as a semiconductor memory.

  In addition, as long as the storage medium can store a program and can be read by a computer, the storage format may be any form.

  In addition, an OS (operating system) running on a computer based on an instruction of a program installed in the computer from a storage medium, MW (middleware) such as database management software, network software, and the like realize the above-described embodiment. A part of each process may be executed.

  Further, the storage medium in the present invention is not limited to a medium independent of a computer, but also includes a storage medium in which a program transmitted via a LAN, the Internet, or the like is downloaded and stored or temporarily stored.

  Further, the number of storage media is not limited to one, and the case where the processing in the above embodiment is executed from a plurality of media is also included in the storage media in the present invention, and the media configuration may be any configuration.

  The computer according to the present invention executes each process in the above-described embodiment based on a program stored in a storage medium, and is a single device such as a personal computer or a system in which a plurality of devices are connected to a network. Any configuration may be used.

  In addition, the computer in the present invention is not limited to a personal computer, but includes an arithmetic processing device, a microcomputer, and the like included in an information processing device, and is a generic term for devices and devices that can realize the functions of the present invention by a program. .

  Note that the present invention is not limited to the above-described embodiment as it is, and can be embodied by modifying the constituent elements without departing from the scope of the invention in the implementation stage. Moreover, various inventions can be formed by appropriately combining a plurality of constituent elements disclosed in the embodiment. For example, some components may be deleted from all the components shown in the embodiment. Furthermore, constituent elements over different embodiments may be appropriately combined.

  DESCRIPTION OF SYMBOLS 10 ... Personnel management apparatus, 11, 21, 31 ... Memory | storage part, 11a ... Employee information, 11b ... Reference key information, 11c ... Declaration information, 11p ... Management program, 12, 22, 32 ... Communication part, 13 ... Input / output part 14, 23, 33 ... CPU, 15, 24, 34 ... HDD, 20 ... reference control device, 21a, 21a '... employee mapping information, 21b, 21b1, 21b1', 21b2, 21b2 '... reference security tree information, 21c ... system / tree related information, 21p ... reference agent program, 30, 30 '... information management system, 31a ... telephone directory information, 31b ... view information, 31p ... reference program, 40 ... client device.

Claims (5)

An information reference control system comprising a reference control device that can communicate from a plurality of information management systems that can log in from a client device, and a personnel management device that can communicate from the reference control device,
The personnel management device is:
Reference key information storage means for storing reference key information in which a member number, a first reference key indicating a member organization of the member, and a second reference key indicating a position of the member are associated;
Reference key transmitting means for transmitting the first reference key and the second reference key in the reference key information storage means corresponding to the member number received from the reference control device to the reference control device;
Member number transmitting means for transmitting each member number in the reference key information storage means corresponding to each first reference key and each second reference key received from the reference control device to the reference control device;
With
The reference control device includes:
Member mapping information storage means for storing member mapping information in which a login ID of each information management system and a member number of the personnel management device are associated with each other;
Reference security tree information storage means for storing reference security tree information including a plurality of first reference keys that rank each other with reference authority and a plurality of second reference keys that rank each other with reference authority.
Member number transmitting means for transmitting a member number in the member mapping information corresponding to the login ID received from any of the information management systems to the personnel management device;
Based on the first reference key and the second reference key received from the personnel management device, the first reference key and the second reference key which are lower in rank than the first reference key and the second reference key, respectively, A reference key extracting means for extracting from the reference security tree information;
Each of the extracted first reference key and each second reference key is transmitted to the personnel management apparatus, and each login ID in the member mapping information corresponding to each member number received from the personnel management apparatus is Login ID transmission means for transmitting to the information management system,
With
Each of the information management systems is
Referenceable information storage means for storing referenceable information associated with a login ID and referenceable data;
Referenceable data transmission for transmitting a login ID received from the client device to the reference control device and transmitting referenceable data in the referenceable information corresponding to each login ID received from the reference control device to the client device Means,
An information reference control system comprising: In the information reference control system according to claim 1,
The reference security tree information storage means refers to one or more system IDs of a plurality of system IDs, a plurality of first reference keys that rank each other with reference authority, instead of the reference security tree information. It stores a plurality of reference security tree information composed of a plurality of second reference keys that rank authority.
The reference data transmission means of each information management system transmits a system ID indicating the information management system to the reference control device together with the login ID received from the client device,
The reference key extraction unit of the reference control device selects reference security tree information in the reference security tree information storage unit based on a system ID received from the information management system, and extracts the extracted from the selected reference security tree information An information reference control system characterized by: Reference key information in which a member number, a first reference key indicating a member organization of the member, and a second reference key indicating a position of the member are associated with each other is stored in the reference key information storage unit and received. The first reference key and the second reference key in the reference key information storage unit corresponding to the member number are transmitted, and the received in the reference key information storage unit corresponding to each received first reference key and each second reference key A personnel management device that transmits each member number;
Referenceable information associated with the login ID and referenceable data is stored in the referenceable information storage unit, the login ID received from the client device is transmitted, and the reference in the referenceable information corresponding to each received login ID A reference control device capable of communicating with a plurality of information management systems for transmitting possible data to the client device,
Member mapping information storage means for storing member mapping information in which a login ID of each information management system and a member number of the personnel management device are associated with each other;
Reference security tree information storage means for storing reference security tree information including a plurality of first reference keys that rank each other with reference authority and a plurality of second reference keys that rank each other with reference authority.
Member number transmitting means for transmitting a member number in the member mapping information corresponding to the login ID received from any of the information management systems to the personnel management device;
Based on the first reference key and the second reference key received from the personnel management device, the first reference key and the second reference key which are lower in rank than the first reference key and the second reference key, respectively, A reference key extracting means for extracting from the reference security tree information;
Each of the extracted first reference key and each second reference key is transmitted to the personnel management apparatus, and each login ID in the member mapping information corresponding to each member number received from the personnel management apparatus is Login ID transmission means for transmitting to the information management system,
A reference control device comprising: The reference control device according to claim 3,
The reference security tree information storage means refers to one or more system IDs of a plurality of system IDs, a plurality of first reference keys that rank each other with reference authority, instead of the reference security tree information. It stores a plurality of reference security tree information composed of a plurality of second reference keys that rank authority.
The reference key extracting means, when one of the information management systems transmits a system ID indicating the information management system together with a login ID received from the client device, based on the system ID received from the information management system A reference control apparatus, wherein reference security tree information in the reference security tree information storage means is selected, and the extraction is performed from the selected reference security tree information. Reference key information in which a member number, a first reference key indicating a member organization of the member, and a second reference key indicating a position of the member are associated with each other is stored in the reference key information storage unit and received. The first reference key and the second reference key in the reference key information storage unit corresponding to the member number are transmitted, and the received in the reference key information storage unit corresponding to each received first reference key and each second reference key A personnel management device that transmits each member number;
Referenceable information associated with the login ID and referenceable data is stored in the referenceable information storage unit, the login ID received from the client device is transmitted, and the reference in the referenceable information corresponding to each received login ID A program of a reference control device capable of communicating with a plurality of information management systems for transmitting possible data to the client device and comprising member mapping information storage means and reference security tree information storage means;
The reference control device;
Means for writing in the member mapping information storage means member mapping information in which a login ID of each information management system and a member number of the personnel management device are associated with each other;
Means for writing, in the reference security tree information storage means, reference security tree information comprising a plurality of first reference keys that rank each other with reference authority and a plurality of second reference keys that rank each other with reference authority;
Member number transmitting means for transmitting a member number in the member mapping information corresponding to the login ID received from any of the information management systems to the personnel management device;
Based on the first reference key and the second reference key received from the personnel management device, the first reference key and the second reference key which are lower in rank than the first reference key and the second reference key, respectively, Reference key extraction means for extracting from reference security tree information,
Each of the extracted first reference key and each second reference key is transmitted to the personnel management apparatus, and each login ID in the member mapping information corresponding to each member number received from the personnel management apparatus is Login ID transmission means for transmitting to the information management system,
Program to function as.

Images