JP2011198064A - Program, apparatus and system for processing information - Google Patents

Abstract

PROBLEM TO BE SOLVED: To allow operation of the document by a user who is permitted to operate the document substitutionally performed by another user who is not permitted to operate the document without changing operation authority set for the document.SOLUTION: An authority delegation ticket issue part 106 generates an authority delegation ticket representing the permission of execution of the operation to the document by a representative in accordance with the proxy request including the information showing that the client requests the representative to substitutionally operate the document, and registers it to an authority delegation ticket repository 108. An access control part 114 permits execution of operation requested by document operation request specifying the authority delegation ticket in accordance with the document operation request when the representative and the target document shown by the authority delegation ticket are the user who performs the document operation request and the target document of the document operation request, respectively.

Description

  The present invention relates to a program, an information processing apparatus, and an information processing system.

  In a document management system, a user is registered in the system in advance, and the use authority of each document is set for the user or a group of users to restrict the use of the document.

  In Patent Document 1, in order to make the use restriction of a document efficient when there are a plurality of systems for managing user accounts, the document and the access right of the document are managed in association with each other, and at least one or more An electronic document management system is disclosed that obtains a list of account information registered in the account management system and makes it possible to use this account information as part of document access right information.

  Also, in Patent Document 2, an access password is set for each type of access right for each document, and when accessing a document, the document is stored based on the type of access right corresponding to the entered password. A technique for controlling access is disclosed. In the technique described in Patent Document 2, documents are managed without managing user accounts.

JP 2002-73419 A JP 2002-288043 A

  By the way, a user of a document management system may desire to request another user to perform an operation for a document (for example, updating the contents of a document). In this case, if the authority to operate the document is not given to the other user, the other user cannot perform the operation. In order to allow the other user to perform document operations on behalf of the user, it is necessary to perform a setting to give the operation authority of the document to the other user. On the other hand, changing the operating authority of a document is not permitted for general users and may be permitted only for a limited number of persons such as system administrators. An operation for a document by a user who is not permitted to change the document operation authority cannot be performed by another user who does not have the operation authority for the document.

  The present invention makes it possible for another user who is not permitted to operate a document to act on the document by a user who is permitted to operate the document without changing the operation authority already set for the document. An object is to provide a program and an information processing apparatus.

  According to the first aspect of the present invention, a first user who is permitted to perform an operation on a document performs a second user who is not permitted to perform the operation on the document to execute the operation on the document. In response to a proxy request including information indicating that the request is to be made, authority information indicating that the second user is permitted to perform the operation on the document is generated and stored in the authority information storage unit. In response to the document operation request specifying the authority information stored in the authority information storage means, and determining whether or not to execute the operation on the document based on the authority information specified in the document operation request. In the step, the second user and the document indicated in the specified authority information are the user who made the document operation request and the document that is the target of the document operation request, respectively. Case, a program for executing the steps of permitting the execution of the requested operation by the document operation request, to the computer.

  The invention according to claim 2 is the invention according to claim 1, wherein the authority information further includes information indicating that the first user is a requester of the proxy request, and in the step of determining The operation restriction information storage means storing operation restriction information including the operation subject and the type of operation permitted or prohibited for the operation subject with respect to the document is further referred to, and is represented by the specified authority information. Even if the second user and the document are the user who made the document operation request and the document that is the target of the document operation request, respectively, the operation of the document that is the target of the document operation request In the restriction information, when the type of operation requested in the document operation request is an operation type not permitted for the requester represented by the specified authority information, the document operation is performed. Do not allow the execution of the requested operation in the request.

  The invention according to claim 3 is a step of outputting display control information for causing the display device to display the document stored in the document storage means in the invention according to claim 1 or 2, wherein the authority to operate the document is temporarily The temporary user storage means stored in association with the temporary user given to the user and the authority information included as the second user, and the temporary user starts a document operation request. Only the document represented by the authority information associated with the temporary user who made the start request in the temporary user storage unit among the documents stored in the document storage unit A step of outputting display control information to be displayed on the computer.

  The invention according to claim 4 is the invention according to claims 1 to 3, wherein the proxy request further includes information indicating an approver who approves a result of an operation on the document by the second user, and the authority The information further includes information representing the approver, and when the operation requested in the document operation request is permitted in the determining step, the approver represented by the specified authority information is sent to the approver On the other hand, when the information indicating that the result of the operation is approved and the information indicating that the result of the operation is approved according to the notification in the notifying step is received, the document of the result of the operation is stored in the document storage unit. When the information indicating that the result of the operation is not approved is received, the computer is further caused to execute a step of discarding the document resulting from the operation.

  According to a fifth aspect of the present invention, a first user who is permitted to perform an operation on a document performs a second user who is not permitted to perform the operation on the document to execute the operation on the document. In response to a proxy request including information indicating that the request is to be made, authority information indicating that the second user is permitted to perform the operation on the document is generated and stored in the authority information storage unit. In response to the document operation request specifying the authority information stored in the authority information storage unit, whether to execute the operation on the document is determined based on the authority information specified in the document operation request. The second user and the document indicated in the specified authority information are the user who made the document operation request and the document that is the target of the document operation request, respectively. If, to allow the user to perform the action requested by the document operation request, and determining means, an information processing apparatus, characterized in that it comprises a.

  The invention according to claim 6 includes a terminal device and an information processing device, and the terminal device is permitted to execute the operation on the document by a first user who is permitted to perform the operation on the document. A proxy request transmitting unit configured to transmit to the information processing apparatus a proxy request including information indicating that a second user who does not request execution of the operation on the document is provided, and the information processing apparatus includes the terminal In response to the proxy request from the apparatus, output that generates authority information indicating that the second user is allowed to execute the operation on the document and outputs the authority information to the authority information storage unit And the terminal device further identifies the specified authority information when receiving an input for instructing execution of an operation on the document after specifying the authority information stored in the authority information storage means. A document operation request transmitting means for transmitting the document operation request to the information processing apparatus, and the information processing apparatus is further identified by the document operation request in response to the document operation request from the terminal apparatus. Determining means for determining whether or not to execute an operation on the document based on the authority information, wherein the second user and the document indicated in the specified authority information each issue the document operation request. An information processing system comprising: a determination unit that permits execution of an operation requested by the document operation request when the document is a user who performed the document operation request and the document operation request.

  According to the first, fifth, or sixth aspect of the invention, the operation of the document is not permitted by the user who is permitted to operate the document without changing the operation authority set for the document. It becomes possible for the user of this to act.

  According to the invention which concerns on Claim 2, it can restrict | limit that an agent performs operation exceeding the range of the operation authority given with respect to the requester of operation agent.

  According to the third aspect of the present invention, it is possible to prevent other documents that are the target of the requested operation from being presented to the operation agent.

  According to the invention of claim 4, when the approver approves the result of the operation performed by the agent, the operation result document can be registered in the document storage unit.

It is a block diagram which shows the example of schematic structure of a document management system. It is a block diagram which shows the example of the outline of an internal structure of a document management server. It is a figure which shows the example of the data content of a regular account repository. It is a figure which shows the example of the data content of an access right repository. It is a figure which shows the example of a part of data content of an authority transfer ticket repository. It is a figure which shows the example of a part of data content of an authority transfer ticket repository. It is a figure which shows the example of the data content of a temporary account repository. It is a figure which shows the example of the data content of an approver information repository. It is a flowchart which shows the example of the procedure of the process of the client terminal which performs a substitute request. It is a flowchart which shows the example of the procedure of the process of the document management server which received the proxy request. It is a flowchart which shows the example of the procedure of a temporary account creation process. 10 is a flowchart illustrating an example of a processing procedure of the document management server when login to the system is performed using a temporary account. It is a flowchart which shows the example of the procedure of a process of the client terminal which receives the operation instruction accompanied with designation | designated of an authority transfer ticket. 10 is a flowchart illustrating an example of a processing procedure of a document management server that has received a document operation request specifying an authority delegation ticket. It is a flowchart which shows the example of the process sequence of the document management server which received the registration request of a document. It is a block diagram which shows the example of the hardware constitutions of a computer.

  FIG. 1 is a block diagram illustrating an example of a schematic configuration of a document usage management system. This system includes a document management server 10 and client terminals 20-1, 20-2,... (Hereinafter collectively referred to as client terminal 20) connected via a network 30 such as the Internet or a local area network. Composed.

  The client terminal 20 is a terminal device used for a user to operate a document. The client terminal 20 includes a document operation unit 200 and a proxy request unit 202.

  The document operation unit 200 executes an operation on a document in accordance with a user operation instruction. Examples of operations on a document include document display (“browsing” from the user's perspective), editing, printing, and new creation. Although only one document operation unit 200 is shown in FIG. 1, individual operations may be performed by different operation units (for example, an editing application, a reading control application, etc.). For example, if the document operation unit 200 is software for creating and editing an electronic document such as a word processor, the document operation unit 200 displays the electronic document according to a user instruction or edits the electronic document. Or In addition, when the document operation unit 200 of the example of the present embodiment receives a user operation instruction, the document operation unit 200 issues a document operation request to the document management server 10 to inquire whether the operation can be executed, and to permit the execution. Only when a response is received from the document management server 10, the operation according to the operation instruction is executed. When the document operation unit 200 performs an operation (such as new creation or editing) that changes the contents of the document, the document operation unit 200 transmits a document as a result of the operation to the document management server 10 together with a registration request. Register the document. For example, a newly created document or an updated version of a document registered in the document management server 10 is transmitted to the document management server 10 to be registered.

  The proxy request unit 202 transmits to the document management server 10 a proxy request indicating that the user requests another user to perform a document operation proxy in accordance with a user instruction. In response to this proxy request, the document management server 10 gives the operation authority for the operation target document to other users who are requested to perform the proxy operation, as will be described later.

  1 illustrates the document operation unit 200 and the proxy request unit 202 only in the client terminal 20-1, but the client terminals 20-2... Similarly include the document operation unit 200 and the proxy request unit 202. And

  The document management server 10 functions as an information processing apparatus according to an embodiment of the present invention. Referring to FIG. 2, the document management server 10 in the example of the present embodiment includes a document repository 100, a regular account repository 102, an access right repository 104, an authority delegation ticket issuance processing unit 106, an authority delegation ticket repository 108, and a temporary account management unit. 110, a temporary account repository 112, an access control unit 114, a document registration processing unit 116, a temporary registration repository 118, a temporary registration notification unit 120, an approver information repository 122, an approval information reception unit 124, and a temporary registration reflection unit 126.

  The document repository 100 is a storage unit that stores documents managed by this system. The document stored in the document repository 100 may include various data such as text data, image data, and audio data. Each document is given a document ID which is identification information of the document.

  The regular account repository 102 is a storage unit that stores information on users registered in the system. FIG. 3 shows an example of data contents of the regular account repository 102.

  In the example table of FIG. 3, the values of the items of the password and the e-mail address are registered in association with the account ID of each user. The account ID is identification information of each user. In the password item, a password for a user with a corresponding account ID to log in to the system (start use of the system) is registered. In the item of the e-mail address, the e-mail address of the user with the corresponding account ID is registered. In addition to the items illustrated in FIG. 3, the regular account repository 102 stores information on the user such as each user's name, telephone number, facsimile number, password expiration date, and history of passwords used in the past. You may register. In addition to the table in the example of FIG. 3, the regular account repository 102 may store information (not shown) regarding the user group. For example, the identification information of each group and the account IDs of users belonging to the group are stored in association with each other.

  In the following description, an account ID registered in the regular account repository 102 is referred to as a “regular account”, and a user having a regular account is referred to as a “regular user”.

  Returning to the description of FIG. 2, the access right repository 104 is a storage unit that stores information representing the access right of the document stored in the document repository 100. The access right repository 104 of the example of this embodiment stores the access right set for the document for each document. FIG. 4 shows an example of data contents of the access right repository 104.

  In the table of the example of FIG. 4, the access right including the values of the items of the operation subject, the permitted operation, and the valid period is registered in association with the document ID of each document. The operation subject represents a subject that performs an operation on the document. For example, the user's account ID is set as the value of the operation subject. The operating subject may be represented using not only the user account ID but also the identification information of the user group. The permitted operation represents the type of operation that is permitted to be executed by the corresponding operation subject. Examples of operation types include document browsing, printing, editing, updating (registered in the document repository 100 as an updated version), new creation (registered in the document repository 100 as a new document), and the like. In the example of the present embodiment, “edit” and “update” of a document are operations for changing the contents of a document already registered in the document repository 100. ) Is also changed, but “edit” is different in that the document version is not changed. The effective period represents a period during which the operation subject is permitted to execute the permission operation. The table in the example of FIG. 4 shows that a user with an account ID “userJ”, “userK”, or “userL” has a validity period “2009/10/1 to 2010/3/31” for a document with a document ID “doc11”. The permission operation “view” can be executed during the period, and the user with the account ID “userM” performs the permission operation “view, print, update” during the validity period “2009/10/1 to 2010/3/31”. Indicates what can be done.

  Referring again to FIG. 2, the authority delegation ticket issuance processing unit 106 represents the operation authority given to the user who has been requested for the proxy in response to the above-described proxy request transmitted by the proxy request unit 202 of the client terminal 20. An authority delegation ticket that is information is generated. The authority delegation ticket includes a user (requester) who requested the substitution, a user (substitute) who requested the substitution, a document to be operated, and information indicating the type of the requested operation. An approver who approves the result of the operation may be set. In this case, the authority transfer ticket further includes information representing the approver. When the authority delegation ticket issuance processing unit 106 generates an authority delegation ticket including information representing an approver, the authority delegation ticket issuance processing unit 106 registers information related to the approver in the approver information repository 122 described later. The authority delegation ticket issuance processing unit 106 registers the generated authority delegation ticket in the authority delegation ticket repository 108. The authority delegation ticket issuance processing unit 106 of the example of this embodiment also notifies the proxy of the contents of the authority delegation ticket.

  In the following description, the authority transfer ticket may be simply referred to as “ticket”. In the following description, the generation of the authority delegation ticket by the authority delegation ticket issuance processing unit 106 and the registration in the authority delegation ticket repository 108 are referred to as “issue” of the authority delegation ticket.

  The authority delegation ticket repository 108 is a storage unit that stores the ticket generated by the authority delegation ticket issuance processing unit 106. The authority delegation ticket repository 108 stores tickets in the form of tables shown in FIGS. 5 and 6, for example.

  One row of the table in the example of FIG. 5 represents information of one ticket. Each ticket includes values of items of a ticket ID, a requester ID, an agent ID, a target document ID, an issue date, an expiration date, and an approver ID. The ticket ID is ticket identification information. The ticket ID is given by the authority delegation ticket issuing processing unit 106 to a ticket issued in response to one proxy request. The requester ID represents the account ID of a legitimate user who has requested the operation. The authority delegation ticket issuance processing unit 106 receives the account ID of the authorized user who made the proxy request together with the proxy request, and registers this account ID as the requester ID. The agent ID is the account ID of the user who has requested the operation. The authority delegation ticket issuance processing unit 106 uses the account ID of the agent represented by the agent request received from the client terminal 20 as the agent ID. The agent ID may be a regular account or a temporary account described later. The target document ID is the document ID of the document that is the target of the operation requested for substitution. The authority delegation ticket issuance processing unit 106 registers the document ID included in the proxy request received from the client terminal 20 as the target document ID. The issue date is the date of ticket issue. For example, the authority delegation ticket issuance processing unit 106 registers the date and time when the ticket is registered in the authority delegation ticket repository 108 as the issue date and time. In the table of the example of FIG. 5, the date and time (hour, minute, second) are registered as the issue date and time. However, as long as the information indicates the issue time of the ticket, information of other aspects (date only, Date and time represented in hours and minutes) may be registered. The expiration date represents a time limit during which the corresponding proxy is permitted to operate the target document. As the value of the expiration date, for example, the authority delegation ticket issuance processing unit 106 accepts designation of the date and time by the user who has made the substitution request, and the accepted date and time may be registered. Or it is good also considering the time when the preset period passed from issue date as an expiration date. The expiration date may be expressed as a date and time instead of being expressed as a date as in the example of FIG. 5, or may be expressed as an elapsed time from the issue date. The approver ID is an account ID of a regular user who approves an operation for the document with the target document ID. The value of the approver ID is set by the authority delegation ticket issuance processing unit 106 receiving, for example, designation by the user who has made the proxy request. If the approver ID is not specified by the user who made the substitution request, the value of the approver ID is set to “Null”. When the value of the approver ID is not “Null”, as will be described in detail later, the operation on the document with the target document ID is completed only after the approval by the authorized user of the approver ID. Note that the approver ID may be the same as or different from the requester ID.

  The table in the example of FIG. 6 represents information on operations that can be performed on the target document by the agent for each ticket. In the table of the example of FIG. 6, the values of the items of operation ID, valid count, and execution count are registered in association with the ticket ID of each ticket. The ticket ID is the same as the ticket ID in the table in the example of FIG. The operation ID is identification information of an operation that is permitted to be executed. The operation ID represents an operation necessary for executing the type of operation included in the proxy request received from the client terminal 20. The effective number represents the upper limit of the number of times that the operation with the corresponding operation ID is permitted to be executed. The number of executions represents the number of times the operation with the corresponding operation ID is actually performed. For example, the authority delegation ticket issuance processing unit 106 determines and sets the operation ID and the number of valid times according to the type of operation included in the proxy request received from the client terminal 20.

  Hereinafter, specific examples of the operation ID and the valid number will be described with reference to the ticket IDs “ticket1”, “ticket2”, “ticket3”, and “ticket4” in the table of the example of FIG.

  The operation IDs “browse”, “checkout”, and “checkin” associated with the ticket ID “ticket1” are examples of operation IDs when the type of operation included in the proxy request is “update”. The operation ID “checkout” represents an operation for editing the document in a state where other users who have performed the operation cannot edit the document. The operation ID “check-in” is an operation corresponding to “check-out”, and represents an operation of registering a document as a result of editing performed during the “check-out” operation in the document repository 100 as an updated version. In order to “update” a document, it is necessary to execute operations of “view”, “check-out”, and “check-in”. In the example of FIG. 6, the valid counts of the “browse” operation, the “checkout” operation, and the “checkin” operation are set to “unlimited”, “5”, and “1”, respectively. This is because the agent related to the ticket with the ticket ID “ticket1” can browse the document without limitation, can edit only five times by the “checkout” operation, and can be updated by the “checkin” operation. This means that registration of a version document can be performed only once.

  The operation IDs “browse”, “lock”, and “unlock” associated with the ticket ID “ticket2” need to be executable when the type of operation included in the proxy request is “edit”. It is an example of operation ID of operation. “Lock” represents an operation for editing a document in a state where other users who have performed the operation cannot edit the document. “Unlock” is an operation corresponding to “lock” and represents an operation of registering a document as a result of editing performed during the “lock” operation in the document repository 100. In the “unlock” operation, the content of the operation target document is changed in the document repository 100, but the version of the document is not changed. In FIG. 6, the valid numbers of “viewing”, “locking”, and “unlocking” are set to unlimited, 5 times, and 5 times, respectively.

  The operation IDs “view” and “print” associated with the ticket ID “ticket3” are examples of operation IDs of operations that need to be executable when the type of operation included in the substitution request is “print”. It is. Each effective number is set to unlimited and one time in FIG.

  The operation ID “replacement” associated with the ticket ID “ticket4” is an example of an operation ID of an operation that needs to be executable when the type of operation included in the proxy request is “new creation”. “Replacement” means an operation of replacing the document contents. In FIG. 6, the effective number is set to one. When the type of operation included in the proxy request is “new creation”, the authority delegation ticket issuance processing unit 106 generates a document whose document content is empty, assigns a new document ID to the generated document, and creates a document repository. When the substitute performs the “new creation” operation, the document content (empty) of this document is replaced with the document content of the newly created document.

  As described above, the operation authority given to the agent in the ticket includes information indicating that one or more operations necessary for the agent to perform the requested operation are permitted.

  Returning to the description of FIG. 2, the temporary account management unit 110 gives a temporary account to the proxy when the proxy in the proxy request received by the authority delegation ticket issuing processor 106 from the client terminal 20 is not a regular user. Process. For example, when the temporary account management unit 110 receives notification from the authority delegation ticket issuance processing unit 106 that the substitute is not a regular user, the temporary account management unit 110 generates a new account ID. This account ID becomes the temporary account of the agent. The temporary account is generated so as not to overlap with the account ID registered in the regular account repository 102. Further, the temporary account may include a character string set in advance as a character string indicating that it is a temporary account ID. Further, the temporary account management unit 110 generates an initial password corresponding to the temporary account. As the initial password, a random character string may be generated, or may be generated according to a preset rule. The temporary account management unit 110 further obtains the ticket ID and requester ID of the ticket related to the agent corresponding to the temporary account from the authority transfer ticket issuance processing unit 106. Then, the temporary account and the initial password are registered in the temporary account repository 112 in association with the acquired ticket ID and requester ID. In the example of this embodiment, when the temporary account management unit 110 registers a temporary account in the temporary account repository 112, information indicating that the temporary account is invalid is further registered in the temporary account repository 112. The temporary account is validated after performing the validation process described later.

  The temporary account repository 112 is a storage unit that stores information on temporary accounts. FIG. 7 shows an example of data contents of the temporary account repository 112. In the table of the example of FIG. 7, the values of the items of parent ID, ticket ID, password, and valid flag are registered in association with the account ID of each temporary account. The parent ID is a requester ID related to the ticket corresponding to the temporary account. The access right to the user's document of the temporary account is limited within the range of the access right of the user of the corresponding parent ID. The ticket ID is the ticket ID of the ticket corresponding to the temporary account. The user of the temporary account is permitted to log in to the system only until the expiration date of the ticket with the corresponding ticket ID. The password is a password used when logging in with a temporary account having a corresponding account ID. When the temporary account is registered in the temporary account repository 112, the initial password generated by the temporary account management unit 110 is registered. The valid flag is information indicating whether or not the temporary account of the corresponding account ID is valid. When the temporary account is registered in the temporary account repository 112, the valid flag is set to a value indicating “invalid” (“no” in FIG. 7). In addition to the items illustrated in FIG. 7, the temporary account management unit 110 obtains information related to the representative such as the name, telephone number, and facsimile number of the representative of the temporary account in the temporary account repository 112. You may register. Further, a password expiration date, a history of passwords used in the past, and the like may be further registered.

  Returning to the description of FIG. 2, the access control unit 114 controls access to a document registered in the document repository 100. For example, the access control unit 114 receives a document operation request for a document from the client terminal 20, determines whether the operation can be executed, and returns it to the requesting client terminal 20. The document operation request from the client terminal 20 includes, for example, the account ID of the user who instructed the execution of the operation, the document ID of the operation target document, and the type of operation requested. The document operation request may further include a ticket ID of the authority transfer ticket. If the ticket operation request does not include a ticket ID, the access control unit 114 refers to the access right repository 104 and determines whether or not the operation related to the document operation request can be executed. For example, in the access right registered in the access right repository 104 in association with the document ID included in the document operation request, the type of operation included in the document operation request is permitted for the user with the account ID included in the document operation request. If it is determined that the operation is permitted, the user is determined not to be permitted to execute the operation if the type of the operation is not permitted for the user having the account ID in the access right. . If the document operation request includes a ticket ID, the access control unit 114 further refers to the contents of the ticket with the ticket ID to determine whether the operation can be executed. Details of processing for determining whether or not to execute an operation for a document operation request including a ticket ID will be described later. Further, the access control unit 114 can access only the target document of the ticket associated with the temporary account among the documents registered in the document repository 100 for the user who has logged into the system with the temporary account. Control to be.

  In response to an operation result document registration request from the client terminal 20, the document registration processing unit 116 performs processing for registering the operation result document in the document repository 100. For example, in the case of a registration request for a newly created document, if a document related to the registration request is not registered in the document repository 100, the document registration processing unit 116 assigns a document ID to the document, and then the document repository 100 Register with. Further, for example, in the case of a document registration request as a result of editing or updating a document registered in the document repository 100, the document registration processing unit 116 stores the contents of the registered document in the client terminal in the document repository 100. The operation result received from the document 20 is changed to the content of the document. In the document registration processing unit 116 of the example of the present embodiment, the operation related to the registration request is performed with the operation authority defined by the authority delegation ticket, and the approver ID in the authority delegation ticket is “Null”. Otherwise, the document relating to the registration request is registered in the temporary registration repository 118 without registering in the document repository 100. The document registration processing unit 116 also registers an approver ID in association with the operation result document in the temporary registration repository 118.

  The temporary registration repository 118 is a storage unit that stores a document as a result of an operation set by an approver until approval of the document as a result of the operation is performed. The temporary registration repository 118 of this example stores the operation result document and the approver ID of the approver in association with each other.

  The temporary registration notifying unit 120 monitors the temporary registration repository 118, and when the operation result document is registered in the temporary registration repository 118, the operation result document is sent to the user of the approver ID associated with the document. Notification of requesting approval for. For example, the provisional registration notification unit 120 describes that the approval is requested to the e-mail address of the user of the approver ID, and sends the e-mail with the operation result document attached thereto to perform the above-described notification. . Instead of attaching the operation result document to the e-mail, reference information of the operation result document (for example, information indicating the storage location in the temporary registration repository 118) may be described in the body of the e-mail. The approver's e-mail address is acquired from the approver information repository 122.

  The approver information repository 122 is a storage unit that stores information on the approver. The approver information repository 122 of the example of the present embodiment stores the approver ID and the e-mail address of the user of the approver ID in association with each other. For example, when the authority delegation ticket issuance processing unit 106 issues a ticket whose approver ID is not “Null”, the authority delegation ticket issuance processing unit 106 sends the e-mail of the authorized user of the approver ID from the authorized account repository 102. The address is acquired, and the acquired e-mail address is registered in the approver information repository 122 in association with the approver ID.

  The approval information receiving unit 124 receives the approval information transmitted from the approver's client terminal 20 in response to the approval request from the temporary registration notification unit 120. The approval information is information indicating whether the approver approves or rejects the operation result document. The approval information reception unit 124 passes the contents (approval or rejection) of the received approval information to the temporary registration reflection unit 126.

  When the temporary registration reflection unit 126 acquires the approval information indicating that the operation result document is approved from the approval information reception unit 124, the temporary registration reflection unit 126 registers the document registered in the temporary registration repository 118 in the document repository 100, thereby performing the operation. The result is reflected in the document repository 100. When the approval information indicating that the operation result document is rejected is acquired from the approval information receiving unit 124, the temporary registration reflection unit 126 does not register the rejected operation result document in the document repository 100, but the temporary registration repository 118. Delete from.

  The configuration of the document management system has been described above. Hereinafter, the operation of the document management system will be described.

  FIG. 9 is a flowchart illustrating an example of a processing procedure in the proxy request unit 202 of the client terminal 20. The process in the example of FIG. 9 is started, for example, at the client terminal 20 when the user instructs to perform a proxy request via an input device (not shown). It is assumed that the user has logged in to the system using a regular account and password before issuing the instruction.

  When the processing of the example of FIG. 9 is started, the proxy request unit 202 of the client terminal 20 accepts selection of a target document that is a target document of an operation requested for proxy (step S1). In step S1, for example, a list of documents stored in a folder in the document repository 100 of the document management server 10 is acquired by the client terminal 20 from the document management server 10 and displayed on a display device (not shown) of the client terminal 20. In this state, the user accepts specification of the document via the input device. The specified document is the target document.

  Next, the proxy request unit 202 accepts selection of request contents (step S3). The proxy request unit 202 displays, for example, a plurality of types of operations on a document and information prompting the user to select a type of operation to request a proxy on the display device, and a selection instruction by the user who confirmed the display is displayed. Accept. In step S3, an approver setting may be accepted. For example, it accepts the input of the authorized account of the approver.

  Further, the proxy request unit 202 receives selection of a proxy (step S5). The proxy request unit 202 displays information prompting the user to select a proxy on the display device, and accepts input of the proxy information. In the example of the present embodiment, an input of an authorized user's account ID or an agent's e-mail address is accepted as agent information.

  The proxy request unit 202 transmits the proxy request including the information received in steps S1 to S5 to the document management server 10 together with the account ID of the user (requester) instructed to perform the proxy request (step S7). ). The proxy request includes the document ID of the target document selected in step S1, the type of operation selected in step S3, and the information on the proxy input in step S5. If the approver's regular account input is accepted in step S3, the proxy request further includes the entered regular account as the approver ID. After step S7, the process of the procedure in the example of FIG. 9 ends.

  FIG. 10 shows an example of a processing procedure of the document management server 10 that has received the proxy request transmitted by the client terminal 20 in step S7 of FIG. The document management server 10 issues an authority delegation ticket corresponding to the received proxy request by the processing of the procedure in the example of FIG.

  Referring to FIG. 10, the authority delegation ticket issuance processing unit 106 acquires a proxy request received from the client terminal 20 by the document management server 10 (step S <b> 10), and newly generates a ticket ID of the ticket corresponding to the proxy request. (Step S12).

  Next, the authority delegation ticket issuance processing unit 106 determines whether or not the agent information included in the agent request acquired in step S10 is a regular account (step S14). If the information of the agent is an account ID, the authorized account repository 102 is referred to, and if the information is registered in the authorized account repository 102, it is determined that the authorized account is authorized. If it is not registered in the regular account repository 102, it is determined that it is not a regular account. Further, when the information of the agent included in the proxy request is an e-mail address, it is determined that the account is not a regular account.

  If the agent information is a regular account (YES in step S14), the process proceeds to step S22. If the agent information is not a regular account (NO in step S14), the process proceeds to step S20, and a temporary account creation process is performed by the temporary account management unit 110.

  FIG. 11 is a flowchart illustrating an example of a detailed procedure of temporary account creation processing. When step S20 in FIG. 10 is started, first, in step S200 in FIG. 11, the temporary account management unit 110 acquires an e-mail address of the substitute. If the proxy e-mail address included in the proxy request acquired by the authority delegation ticket issuance processing unit 106 in step S10 in FIG. 10 is included, the temporary account management unit 110 sends the e-mail from the authority delegation ticket issuance processing unit 106. Get the address. If the proxy request does not include the email address of the proxy, in step S200, the temporary account management unit 110 inputs the email address of the proxy to the user to the client terminal 20 that has transmitted the proxy request. Send prompting information. When the user inputs an e-mail address of the agent at the client terminal 20 that has received this information, this e-mail address is returned from the client terminal 20 to the document management server 10 and acquired by the temporary account management unit 110.

  After step S200, the temporary account management unit 110 refers to the regular account repository 102 and determines whether there is a regular account corresponding to the acquired e-mail address (step S202).

  If there is an account ID registered in the regular account repository 102 in association with the acquired e-mail (YES in step S202), the account ID is set as a substitute ID (step S204), and the procedure of the example of FIG. .

  If there is no account ID registered in the regular account repository 102 in association with the acquired e-mail (NO in step S202), the temporary account management unit 110 generates an account ID serving as a temporary account for the agent (step S202). S206). The temporary account management unit 110 registers the temporary account generated in step S206 and the ticket ID generated in step S12 of FIG. 10 in the temporary account repository 112 in association with each other. At this time, the temporary account management unit 110 sets the validity flag of the temporary account to a value “no” representing invalidity in the temporary account repository 112.

  The temporary account management unit 110 also registers in the temporary account repository 112 in association with the temporary account, using the account ID of the requesting requester as a parent ID (step S208).

  Further, the temporary account management unit 110 generates an initial password for the temporary account and registers it in the temporary account repository 112 in association with the temporary account (step S210).

  The temporary account management unit 110 transmits an email including the temporary account generated in step S206 and the initial password generated in step S210 to the email address acquired in step S200 (step S212). This e-mail may include, for example, information that prompts the agent to log in to the system using the temporary account and the initial password and change the password. When the user (proxy) who has received this e-mail logs in to the system using the temporary account and the initial password and changes the password, the temporary account management unit 110 validates the temporary account (step S214). . That is, the validity flag associated with the temporary account in the temporary account repository 112 is set to a value representing “valid”, and the password value is set to a value after change. After step S214, the process of the procedure in the example of FIG. 11 ends.

  When the temporary account generation process in the procedure of the example of FIG. 11 ends, the process proceeds to step S22 of FIG. Note that after step S212 (e-mail transmission) in FIG. 11, the process may proceed to step S22 in FIG. 10 without waiting for completion of the process in step S214 (validation of temporary account).

  Referring to FIG. 10 again, after YES is determined in step S14 or after step S20, the authority delegation ticket issuance processing unit 106 sets the expiration date of the ticket (step S22). The user may be allowed to specify an expiration date, or the time when a preset time has elapsed from the current time may be set as the expiration date. When the user specifies the expiration date, the authority delegation ticket issuing processing unit 106 transmits information prompting the user to input the expiration date of the ticket to the client terminal 20 that has transmitted the proxy request, and accordingly, The expiration date input at the client terminal 20 is received from the client terminal 20.

  Next, the authority delegation ticket issuance processing unit 106 sets the effective number of operations (step S24). In step S24, first, an operation ID of an operation necessary for executing the type of operation included in the proxy request is specified, and the number of effective times of the specified type of operation is set. The operation ID of an operation necessary for executing a certain type of operation is stored in a storage device (not shown) that can be set in advance by a system administrator and referenced by the authority delegation ticket issuing processing unit 106, for example. Just keep it. As for the number of effective times for each operation ID, the specified operation ID may be transmitted to the client terminal 20 that is the transmission source of the proxy request to accept the user's setting, or the types of operations that can be included in the proxy request Each time, a system administrator or the like may set it in advance and store it in the aforementioned storage device. Specific examples of the operation ID and the effective number are as described above with reference to FIG.

  After step S24, the authority delegation ticket issuance processing unit 106 issues an authority delegation ticket (step S26). For example, the authority delegation ticket issuance processing unit 106, in the authority delegation ticket repository 108, associates with the ticket ID generated in step S12, and performs the processing up to step S24 as the value of each item in the tables illustrated in FIGS. Register the value determined by.

  When the authority delegation ticket is issued, the authority delegation ticket issuance processing unit 106 notifies the proxy of the request content in the issued ticket (step S28). That is, the agent is notified of the requester, the target document, the requested operation type, and the expiration date. In the example of this embodiment, the ticket ID is further notified to the agent in step S28. The notification in step S28 is performed, for example, by sending an e-mail including the request content and the ticket ID to the e-mail address of the substitute. If the agent is a regular user, an e-mail address may be acquired from the regular account repository 102. If the agent is a temporary user, it may be transmitted to the e-mail address of the agent acquired by the temporary account management unit 110 in step S200 of FIG. After step S28, the process of the procedure in the example of FIG. 10 ends.

  The agent who has received the notification in step S28 of FIG. 10 uses the client terminal 20 to log in to the system and gives an operation instruction to execute the requested operation on the target document. When the agent is a regular user and logs in with a regular account, the document management server 10 waits for a document operation request including a ticket ID from the client terminal 20. When the agent is a temporary user and logs in with a temporary account, the access control unit 114 of the document management server 10 starts processing of the procedure in the example of FIG.

  Referring to FIG. 12, the access control unit 114 refers to the temporary account repository 112 and acquires the parent ID of the temporary account used for login (step S30).

  Next, the access control unit 114 determines whether or not the acquired parent ID account is valid (step S32). In the example of this embodiment, if the parent ID is registered in the regular account repository 102, it is determined to be valid, and if not registered, it is determined to be invalid. The regular account may be deleted from the regular account repository 102 by a system administrator, for example, and the use of the document in the document management system is not permitted for the user with the deleted account ID. In order to allow access to the document of the user of the temporary account only within the range of the access right of the user of the parent ID, it is confirmed in step S32 whether or not the parent ID is a regular user.

  If the parent ID account is invalid (NO in step S32), the process proceeds to step S44. If the parent ID account is valid (YES in step S32), the access control unit 114 issues a ticket corresponding to the temporary account. Obtain (step S34). In step S34, the contents of the ticket with the ticket ID registered in the temporary account repository 112 in association with the temporary account may be acquired from the authority transfer ticket repository 108.

  The access control unit 114 determines whether or not the current date and time is within the expiration date of the acquired ticket (step S36). If the current date and time are not within the validity period of the ticket (NO in step S36), the process proceeds to step S44. If the current date and time is within the validity period of the ticket (YES in step S36), it is determined whether or not there is an allowable operation on the ticket (step S38). The determination in step S38 is performed, for example, by confirming whether or not there is an operation ID whose execution count is less than the valid count in the table of the example of FIG. An operation with an operation ID whose execution count is less than the valid count can be permitted, and an operation with an operation ID whose execution count reaches the valid count cannot be permitted.

  If there is an allowable operation (YES in step S38), the access control unit 114 searches the document repository 100 for a document with the target document ID of the ticket (step S40).

  When the document having the target document ID is searched in step S40, the access control unit 114 generates display information of a dedicated GUI (Graphical User Interface) for displaying the searched target document on the display device of the client terminal 20, and logs in. It transmits with respect to the performed client terminal 20 (step S42). The target document is displayed by the dedicated GUI on the display device of the client terminal 20 that has received the display information. Here, the term “dedicated” in the dedicated GUI means a GUI that displays only the target document and does not display information about other documents stored in the document repository 100. A temporary user who confirms the display of the dedicated GUI does not know what document is registered in the document repository 100 in addition to the target document. Further, the dedicated GUI in the example of the present embodiment does not include information on the storage position (target document path) of the target document in the document repository 100. Therefore, the temporary user does not know the storage location of the target document. In step S42, the access control unit 114 transmits the ticket ID together with the display information described above to the client terminal 20.

  If the parent ID of the temporary account is invalid (NO in step S32), if the current date and time is not within the expiration date of the ticket (NO in step S36), or if there is no operation permitted in the ticket (in step S38) NO), the access control unit 114 displays on the client terminal 20 that the login is invalid (step S44). Then, the temporary account and the corresponding ticket are invalidated (step S46). The temporary account may be invalidated by setting the validity flag of the temporary account to a value representing “invalid” in the temporary account repository 112. The ticket invalidation may be performed, for example, by deleting the ticket ID and information associated therewith from the authority transfer ticket repository 108. Alternatively, for example, the ticket may be invalidated by setting the valid count of all operation IDs associated with the ticket ID to “0”.

  After step S42 or step S46, the process of the procedure in the example of FIG. 12 ends. In the example of the present embodiment, one temporary account is associated with one ticket, and according to the processing of the procedure in the example of FIG. 12, the user of the temporary account is a document that has been given operation authority with the corresponding ticket. You cannot access other documents.

  In the dedicated GUI displayed on the display device of the client terminal 20 by the processing of step S42 in FIG. 12, when the user gives an instruction to operate the document via the input device, the client terminal 20 receives the ticket ID received in step S42. The document operation request including the request is transmitted to the document management server 10.

  In addition, a user who has logged in to the system with a regular account may give an operation instruction on the client terminal 20 after specifying the ticket ID notified in step S28 of FIG. Also in this case, the client terminal 20 transmits a document operation request including the ticket ID to the document management server 10.

  FIG. 13 shows an example of a processing procedure in the client terminal 20 associated with transmission of a document operation request including a ticket ID.

  Referring to FIG. 13, the client terminal 20 receives a ticket ID designation (step S <b> 51). When the user of the client terminal 20 is logged in with a temporary account, an operation instruction for the target document displayed with the dedicated GUI can be designated as a ticket ID. When the user of the client terminal 20 is logged in with a regular account, the client terminal 20 accepts designation of a ticket ID by the following procedure, for example. First, the document management server 10 is requested to transmit a ticket ID of a ticket having the authorized account as a substitute ID, and the ticket ID transmitted from the document management server 10 is received in response to this request. Then, the received ticket ID and information indicating prompting the selection are displayed on the display device. In response to this display, the ticket ID selected by the user via the input device is accepted as the designated ticket ID. The ticket ID may be displayed by displaying an image icon corresponding to the ticket ID. In another example of the procedure for accepting designation of a ticket ID by an authorized user, “input ticket ID” may be displayed as a part of a document operation menu, and selection of this menu and entry of a ticket ID may be accepted. In the case of this example, the user inputs the ticket ID included in the e-mail transmitted from the document management server 10 in step S28 of FIG.

  Upon receiving the designation of the ticket ID, the document operation unit 200 of the client terminal 20 waits for an operation instruction for the document (step S53).

  When an operation instruction is input (YES in step S53), the document operation unit 200 transmits a document operation request including the ticket ID specified in step S51 to the document management server 10 (step S55). The document operation request includes, in addition to the ticket ID, the document ID of the document to be operated, the account ID of the user who has input the operation instruction, and the type of operation instructed.

  The document operation unit 200 receives information indicating whether or not the operation can be performed, which is returned by the document management server 10 to the client terminal 20 in response to the document operation request in step S55, and if the operation is permitted by the received information. (YES in step S57), the operation is executed (step S59). For example, if the instructed operation is “browse”, the contents of the document are displayed on the display device. If an “edit” operation is instructed, the contents of the document are changed according to the instruction.

  If the content of the document has not been changed as a result of the execution of the operation in step S59 (NO in step S61), the process returns to step S53 and waits for input of a further operation instruction. If the content of the document has been changed as a result of the operation (YES in step S61), the document operation unit 200 transmits a document registration request as the operation result to the document management server 10 (step S63). After step S63, the process returns to step S53 and waits for input of a further operation instruction.

  When information indicating that the operation related to the document operation request is not permitted is received from the document management server 10 (NO in step S57), the document operation unit 200 displays information indicating that the operation cannot be performed. Then, the process of the procedure in the example of FIG.

  FIG. 14 is a flowchart illustrating an example of a procedure of processing performed by the document management server 10 that has received the document operation request including the ticket ID (step S55 in FIG. 13) from the client terminal 20.

  The access control unit 114 of the document management server 10 receives the document operation request including the ticket ID (step S70), and acquires the ticket with the ticket ID included in the received document operation request from the authority transfer ticket repository 108 (step S72). ).

  When the ticket is acquired, the access control unit 114 determines whether or not the current date and time is within the validity period of the ticket (step S73).

  If the current date and time is within the validity period of the ticket (YES in step S73), it is determined whether or not the ticket is permitted to execute the operation requested by the received document operation request (step S74). In step S74, the access control unit 114 determines that the document ID included in the document operation request is the target document ID of the ticket, the account ID included in the document operation request is the agent ID of the ticket, and the document operation When the type of operation included in the request corresponds to one of the operation IDs of the ticket, it is determined that the execution of the operation is permitted. If even one of the document ID, the account ID, and the operation type in the document operation request does not meet the above condition, it is determined that the operation is not permitted.

  If execution of the operation is permitted (YES in step S74), it is determined whether or not the number of executions associated with the operation ID of the permitted operation in the ticket is less than the valid number (step S76). ).

  If the execution count is less than the valid count (YES in step S76), the access control unit 114 refers to the access right repository 104 and confirms the access right of the target document ID of the ticket for the requester ID of the ticket. (Step S78). When the access right associated with the target document ID in the access right repository 104 indicates that the user with the requester ID is allowed to execute the operation with the operation ID (YES in step S80), the access control unit 114 In the authority delegation ticket repository 108, the number of executions associated with the operation ID of the ticket is increased by 1 (step S82), and information indicating that the operation related to the document operation request is permitted is sent to the requesting client. It transmits with respect to the terminal 20 (step S84).

  If NO is determined in step S73, step S74, step S76, or step S80, the access control unit 114 sends information indicating that the operation related to the document operation request is rejected to the requesting client terminal 20. Transmit (step S86).

  After step S84 or step S86, the process of the procedure in the example of FIG. 14 ends.

  In the procedure of the example of FIG. 14, step S73, step S74, and step S76 are processes for determining whether or not the document operation request is a request within the range of operation authority defined by the ticket. Steps S78 and S80 are processes for determining whether the document operation request is a request within the access right range of the ticket requester. According to the processing of steps S78 and S80, for example, after the ticket is issued, the account ID of the requester of the ticket is deleted from the regular account repository 102, or the access right of the target document is changed in the access right repository 104. When the requester loses the operation authority for the target document, the operation of the target document by the substitute in such a ticket is not permitted.

  FIG. 15 illustrates a case where the access control unit 114 of the document management server 10 is permitted to execute an operation, and the client terminal 20 transmits a document registration request as an operation result to the document management server 10 (step S63 in FIG. 13). An example of a processing procedure in the document management server 10 that has received this registration request is shown.

  The document registration processing unit 116 of the document management server 10 receives an operation result document registration request from the client terminal 20 (step S90), and determines whether or not an approver is set for the operation related to the received registration request. (Step S92). The determination in step S92 is performed by, for example, confirming whether the value of the approver ID is “Null” in the ticket referred to when the access control unit 114 permits the execution of the operation.

  When the approver is not set, that is, when the value of the approver ID is “Null” (NO in step S92), the document registration processing unit 116 stores the operation result document included in the registration request in the document repository 100. Registration is performed (step S106).

  If there is an approver setting, that is, if the value of the approver ID is not “Null” (YES in step S92), the document registration processing unit 116 sets the operation result document included in the registration request as the approver ID. In association with the temporary registration repository 118 (step S94).

  The temporary registration notifying unit 120 that has detected that the operation result document and the approver ID are registered in the temporary registration repository 118 requests the user of the approver ID to approve the operation result document. Notification is made (step S96). In step S96, for example, the temporary registration notifying unit 120 indicates that the e-mail address registered in the approver information repository 122 in association with the approver ID is acquired and approval is requested to the e-mail address. An e-mail containing information and an operation result document attached is transmitted.

  The approval information reception unit 124 of the document management server 10 waits for the approval information transmitted from the client terminal 20 of the approver in response to the notification in step S96. When the approval information is received, the received approval information is temporarily registered and reflected on the temporary registration reflection unit 126. To pass. When the approval information acquired from the approval information receiving unit 124 indicates approval (YES in step S98), the temporary registration reflection unit 126 performs an operation associated with the approver ID of the transmission source of the approval information in the temporary registration repository 118. The resulting document is registered in the document repository 100 (step S100), and the document is deleted from the temporary registration repository 118 (step S102).

  If the approval information indicates rejection (NO in step S98), the temporary registration reflection unit 126 deletes the corresponding operation result document from the temporary registration repository 118 by omitting the process of step S100 (step S102).

  By the processing from step S94 to step S102, the operation result document is registered in the document repository 100 only after approval by the approver is obtained.

  After step S102 or step S106, the document management server 10 notifies the preset notification destination of the completion of the operation (step S104). This notification may be made, for example, to one or more of the requester of the operation, the agent who performed the operation, and the approver who approved the operation result (when the approver is set). The notification is performed by, for example, sending an e-mail to an e-mail address registered in the regular account repository 102 or the temporary account repository 112 in association with each of the requester ID, the agent ID, and the approver ID. After step S104, the process of the procedure in the example of FIG.

  In the processing of the procedure of the example of FIG. 15 described above, in step S100 or step S106, the document registration processing unit 116 performs registration in the document repository 100 in a different manner depending on the operation ID of the executed operation. Do. For example, if the operation ID is “replacement” (in the case of “new creation”), the document content (empty) of the target document ID is replaced with the document content of the operation result document. If the operation ID is “unlocked” (in the case of “edit”), the document content of the target document ID is changed according to the document content of the operation result. If the operation ID is “check-in” (in the case of “update”), the document content of the target document ID is changed according to the document content of the operation result, and the version of the document is changed.

  When issuance of authority delegation ticket and access control using the authority delegation ticket as in the example of the embodiment described above, the access authority repository 104 performs the proxy without changing the access authority already set for the document. The user is authorized to operate the document, and the execution of the operation by the substitute is permitted. In addition, when a temporary account is generated as in the example of the above-described embodiment, a user who is not registered in the system is given the authority to operate the document defined by the authority transfer ticket, and the document by the user Delegation of operations is permitted.

  The embodiment described above is an example of the embodiment of the present invention, and does not limit the embodiment of the present invention. Hereinafter, various modifications of the embodiment of the present invention will be described.

  In the example of the above-described embodiment, the access right items registered in the access right repository 104 include the operation subject, the permission operation, and the validity period (see FIG. 4). May be included. For example, it includes the necessity of approval for the operation, and processing performed when executing a specific type of operation (such as printing the account ID and the information indicating the security level together with the document content during the “print” operation). Also good. In addition, a prohibited operation (operation prohibited from being executed) may be set instead of the permitted operation, or both a permitted operation and a prohibited operation may be set. The access right may be defined in the form of a security policy, and the document ID and the security policy identification information may be associated and registered in the access right repository 104. The document access right may be stored in the document repository 100 as part of the document attribute information instead of being registered in the access right repository 104. In another example of the access right, instead of setting the document access right for each document, it may be set for each document group based on the document attribute information (document type, file format, etc.). .

  In the example of the embodiment described above, one ticket represents the operation authority for one document, but one ticket may represent the operation authority for a plurality of documents. When a single document is composed of multiple document files (for example, when a single document is composed of a cover, body, and appendix), the operation authority for these multiple files is defined by one ticket It is good to keep. For example, in the table in the example of FIG. 5, a plurality of document IDs are registered as the values of the document ID items in the ticket in the example of FIG. The operation ID, the valid count, and the execution count may be registered for each pair with each of the plurality of document IDs. In this example, the dedicated GUI displayed when login is performed with a temporary account displays documents with a plurality of document IDs included in the ticket.

  In the example of the above-described embodiment, when the expiration date of the ticket expires or when the number of execution times reaches the valid number for all operation IDs included in the ticket, the ticket is invalidated (cannot be used). A valid ticket may be forcibly invalidated according to an instruction from a ticket requester or a system administrator. As an example of a situation where a ticket is forcibly invalidated, the valid number of “edit” operations (“lock” and “unlock”) of the ticket is set to 2 times or more and the operation by the agent is completed. When the requester confirms the notification and allows the editing contents, even if the number of executions of the operation has not reached the valid number, the requester invalidates the ticket and prevents the agent from further editing. Can be considered.

  In the example of the above-described embodiment, the access control unit 114 of the document management server 10 reads the ticket with the ticket ID included in the document operation request from the client terminal 20 from the authority transfer ticket repository 108 and determines whether or not the operation can be executed. To decide. In the modified example, a document operation request including not only the ticket ID but also the contents of the ticket including the value of each item in the table of the example of FIG. Whether or not the operation can be executed may be determined using the contents of the ticket included in the operation request. In the case of this example, the contents of the ticket are transmitted to the agent when the ticket is issued. Also in this example, the number of executions of each operation ID included in the ticket may be managed by registering in the authority transfer ticket repository 108.

  In the above-described embodiment and various modifications, the document management server 10 may record a history of operations performed on the document. For example, when execution of an operation is permitted in response to a document operation request from the client terminal 20, the operation history of the operation is recorded in a database. The operation history may include a target document, an operation execution subject, an operation type, an operation date and time, and the like. Even when an agent performs an operation using an authority delegation ticket, an operation history in which the requester of the operation is the subject of operation execution may be recorded. In this case, information indicating that the operation is performed using a ticket and information indicating an agent may be further included in the operation history.

  The document management server 10 exemplified above is typically realized by executing a program describing functions or processing contents of each unit of the document management server 10 described above on a general-purpose computer. As shown in FIG. 16, for example, the computer includes a CPU (central processing unit) 80, a memory (primary storage) 82, various I / O (input / output) interfaces 84, and the like connected via a bus 86. Circuit configuration. Also, a disk drive 90 for reading a portable nonvolatile recording medium of various standards such as a hard disk drive (HDD) 88, a CD, a DVD, or a flash memory via the I / O interface 84, for example, to the bus 86. Connected. Such a drive 88 or 90 functions as an external storage device for the memory. A program in which the processing content of the embodiment is described is stored in a fixed storage device such as the HDD 88 via a recording medium such as a CD or DVD or via a network, and is installed in a computer. The program stored in the fixed storage device is read into the memory and executed by the CPU, whereby the processing of the embodiment is realized. The same applies to the client terminal 20.

  In the above, the embodiment in which the document management server 10 is realized by a single computer has been described. However, various functions of the above-described example of the document management server 10 may be realized by being distributed to a plurality of computers. Good.

  10 document management server, 20 client terminal, 30 network, 80 CPU, 82 memory, 84 I / O interface, 86 bus, 88 HDD, 90 disk drive, 100 document repository, 102 regular account repository, 104 access right repository, 106 authority Delegation ticket issuance processing unit, 108 Authority delegation ticket repository, 110 Temporary account management unit, 112 Temporary account repository, 114 Access control unit, 116 Document registration processing unit, 118 Temporary registration repository, 120 Temporary registration notification unit, 122 Approver information repository , 124 Approval information reception unit, 126 Temporary registration reflection unit, 200 Document operation unit, 202 Proxy request unit.

Claims (6)

Information indicating that a first user who is permitted to perform an operation on a document requests a second user who is not permitted to perform the operation on the document to perform the operation on the document; Generating authority information indicating that the second user is permitted to execute the operation on the document in response to the proxy request, and outputting the authority information to the authority information storage unit;
Determining whether or not to perform an operation on a document based on the authority information specified in the document operation request in response to the document operation request specifying the authority information stored in the authority information storage unit, When the second user and the document indicated in the specified authority information are the user who made the document operation request and the document that is the target of the document operation request, respectively, the document operation request Allowing the requested operation to be performed;
A program that causes a computer to execute. The authority information further includes information indicating that the first user is a requester of the proxy request,
In the step of determining, the specified authority is further referred to by referring to operation restriction information storage means storing operation restriction information including an operation subject and an operation type permitted or prohibited for the operation subject for the document. Even if the second user and the document represented by the information are the user who made the document operation request and the document that is the target of the document operation request, respectively, the target of the document operation request In the operation restriction information of the document, the operation type requested in the document operation request is an operation type that is not permitted for the requester represented by the specified authority information. Do not allow execution of the operation requested in the document operation request,
The program according to claim 1. A step of outputting display control information for causing the display device to display a document stored in the document storage means, wherein the temporary user who is temporarily given authority to operate the document and the temporary user are the second user When referring to the temporary user storage means stored in association with the authority information included, and receiving a document operation start request from the temporary user, among the documents stored in the document storage means, Outputting display control information for causing the display device to display only the document represented by the authority information associated with the temporary user who made the start request in the temporary user storage means;
The program according to claim 1, further causing the computer to execute. The proxy request further includes information representing an approver who approves a result of an operation on the document by the second user,
The authority information further includes information representing the approver,
Notifying the approver represented by the specified authority information of the result of the operation when the operation requested in the document operation request is permitted in the determining step;
When information indicating that the operation result is approved in response to the notification in the notifying step is received, the operation result document is output to the document storage unit, and the operation result is not approved. If the information representing the effect is received, discarding the document as a result of the operation;
The program according to claim 1, further causing the computer to execute. Information indicating that a first user who is permitted to perform an operation on a document requests a second user who is not permitted to perform the operation on the document to perform the operation on the document; Output means for generating authority information indicating that the second user is permitted to execute the operation on the document in response to the proxy request, and outputting the authority information to the authority information storage means;
Determining means for determining whether or not to execute an operation on a document based on the authority information specified in the document operation request in response to the document operation request specifying the authority information stored in the authority information storage means; The document operation request when the second user and the document indicated in the specified authority information are the user who made the document operation request and the document that is the target of the document operation request, respectively. A determination means that permits execution of the operation requested in
An information processing apparatus comprising: A terminal device and an information processing device;
The terminal device is configured such that a first user who is permitted to perform an operation on a document requests a second user who is not permitted to perform the operation on the document to execute the operation on the document. A proxy request transmitting means for transmitting a proxy request including information representing the information processing apparatus to the information processing device,
In response to the proxy request from the terminal device, the information processing apparatus generates authority information indicating that the second user is permitted to execute the operation on the document. Output means for outputting to the storage means,
When the terminal device further receives an input for instructing execution of an operation on a document after specifying the authority information stored in the authority information storage unit, the terminal device requests a document operation request specifying the specified authority information. Document operation request transmission means for transmitting to the information processing apparatus,
The information processing apparatus is a determining unit that further determines whether or not to perform an operation on the document based on the authority information specified in the document operation request in response to the document operation request from the terminal device. The document operation request when the second user and the document indicated in the specified authority information are the user who made the document operation request and the document that is the target of the document operation request, respectively. A determination unit that permits execution of the operation requested in
An information processing system characterized by this.

Images