JP2012027691A - Information management system and information management method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To permit accessing after organization change with access authority before organization change without requiring troublesome work.SOLUTION: The information management system stores a piece of objective information and an organization identifier for identifying an organization which has access authority to the information as access authority information. The information management system also stores a user identifier for identifying a user, an organization identifier of an organization to which the user belongs, a present organization identifier for identifying a present upper hierarchy organization of the organization and an old hierarchy organization identifier for identifying a previous upper hierarchy organization of the organization as user-organization information while being associated with each other. When an organization, which has access authority to a piece of information to which an access request is made, is an organization to which a user belongs and which makes the access request or a present or previous upper hierarchy organization of the organization to which the user belongs, the user is permitted to access to the information based on the access authority information and the user-organization information.

Description

  The present invention relates to an information management system and an information management method.

  In companies and the like composed of a plurality of organizations, it is common to use an information management device that sets access authority for information such as documents in units of organizations. In setting the access authority for each organizational unit, the hierarchical structure of the organization may be considered. For example, it is possible to set to permit access to users belonging to all organizations under a specific organization.

  In addition, information related to users and organizations is often managed by the user / organization management device. When a personnel change or organization change occurs, the organization to which the user belongs or the hierarchical structure of the organization May be switched at once.

  Here, when an organizational change is made such that the hierarchical structure of the organization is changed, the access authority that has been set for the higher-level organization and inherited by the lower-level organization in the information management device until now, It may not be granted to the organization after the change. In this way, if the access authority is immediately lost due to the organizational change, there is a case where the continuous execution of the business is hindered.

  Normally, in an information management apparatus, information on a user ID and an organization ID at the time of setting access authority is set and held for information such as a document that is an access authority setting target. When changing the organization, it is possible to change the access authority setting information stored in the document management apparatus at once. However, if the number of registered documents and the number of registered access authorities are large, the processing load is high.

  Therefore, an operation method of access authority that can cope with organizational changes is being studied. For example, Japanese Patent Application Laid-Open No. H10-228561 discloses a method that enables access authority to be changed without changing a document file held in an organization group when the organization is changed. In the method disclosed in Patent Document 1, an access authority is not directly associated with a document, but an authority group is created, an organization is assigned to the authority group, and the document is associated with the authority group. When the organization is changed, the access authority for the document is not directly changed, but the organization belonging to the authority group is changed.

  Further, for example, Patent Document 2 discloses a registration work method for enabling business operations in both the new and old organizations when the affiliation organization is changed due to personnel changes. In the method disclosed in Patent Document 2, an attribute value (authority group) to be retained after affiliation change is determined and retained. If there is a difference in attribute values before and after affiliation change, It is also valid after changing affiliation.

JP 2008-276376 A JP 2009-129289 A

  However, in the method disclosed in Patent Document 1, when an organization is changed, an operation for changing the organization belonging to the authority group is necessary. In the case of an organization change in which the hierarchical structure of the organization is changed, the operation is changed. The load becomes high. In addition, when setting a new access authority, it is necessary to newly register an authority group. This increases the workload when changing the organization, and it is difficult to set the access authority with fine variations.

  In addition, in the method disclosed in Patent Document 2, it is necessary to create a new attribute value (authority group) in addition to new account information when personnel changes, and the workload when personnel changes is high.

  Further, it is possible to change the access authority setting information stored in the document management apparatus at the same time when the organization is changed. However, if the number of registered documents and the number of registered access authorities are large, the processing load is high. When there are many old documents that are not already used, such as when the operation period of the document management device is long, there is little need to reset the access authority for all documents, and access is possible in the state before the organizational change. Of these documents, it is only necessary to reset a document that is frequently used. However, the work itself of extracting a document that needs to be reset from a large number of documents is heavy.

  Therefore, according to the present invention, when setting the access authority for information in consideration of the hierarchical structure of the organization, it is possible to access with the access authority before the organization change after the organization change without requiring a complicated work. The purpose is to.

  An information management system according to one aspect of the present invention includes an access authority storage unit that associates information to be accessed and an organization identifier that identifies an organization having an access authority for the information, and stores the information as access authority information, and a user A user identifier that identifies the organization, an organization identifier of the organization to which the user belongs, a current hierarchical organization identifier that identifies the current upper hierarchical organization of the organization, and an old hierarchical organizational identifier that identifies the previous upper hierarchical organization of the organization Are stored as user / organization information in association with each other, and an organization having access authority to the information for which an access request is made based on the access authority information and the user / organization information. The organization to which the performing user belongs, or the current or previous upper floor of the organization to which the user belongs If a tissue, and an access authority determination unit to allow access to the information to the user.

  In the present invention, the “part” does not simply mean a physical means, but includes a case where the function of the “part” is realized by software. Also, even if the functions of one “unit” or device are realized by two or more physical means or devices, the functions of two or more “units” or devices are realized by one physical means or device. May be.

  According to the present invention, when the access authority for information is set in consideration of the hierarchical structure of the organization, it is possible to access with the access authority before the organization change after the organization change without requiring complicated work. It becomes.

It is a figure which shows the structure of the document management system which is one Embodiment of this invention. It is a figure which shows an example of office information. It is a figure which shows an example of the organization hierarchy before and after an organization change. It is a figure which shows an example of login user information. It is a figure which shows an example of access authority setting information. It is a figure which shows an example of the old office use frequency storage table. It is a flowchart which shows an example of the process which acquires login user information, when login is permitted. It is a flowchart which shows an example of the process which determines access authority. It is a flowchart which shows an example of the access authority determination process based on the upper hierarchy office of the affiliation office. It is a flowchart which shows an example of the access authority determination process based on the old upper hierarchy office of the affiliation office. It is a flowchart which shows the example of an expansion of an access authority determination process. It is a flowchart which shows an example of the setting process of the access authority based on the old office use frequency storage table. It is a figure which shows an example of the access authority setting information containing the conditions added by the old office access authority setting means.

  Hereinafter, an embodiment of the present invention will be described with reference to the drawings.

== System configuration ==
First, the system configuration will be described. FIG. 1 is a diagram showing a configuration of a document management system according to an embodiment of the present invention. A document management system (information management system) 100 is an information processing system that manages access authority to documents (information) in units of offices (organizations) to which a user belongs, and includes a user / organization management apparatus 200 and a document management apparatus 300. It consists of Each of the user / organization management apparatus 200 and the document management apparatus 300 includes an information processing apparatus such as a server, and is connected to be communicable with each other via a network. Note that the user / organization management apparatus 200 and the document management apparatus 300 may be configured by a single information processing apparatus.

  The user / organization management apparatus 200 includes a user information storage unit 210, an office information storage unit 220, a user authentication unit 230, a user information acquisition unit 231, an office information acquisition unit 232, and an organization change unit 233. Note that the user / organization management apparatus 200 includes a CPU and a storage device, and the user information storage unit 210 and the office information storage unit 220 are realized using a storage device. The acquisition unit 231, the office information acquisition unit 232, and the organization change unit 233 are realized by the CPU executing a program stored in the storage device.

  The user information storage unit 210 stores user information including a user ID 211, a password 212, a user name 213, and a belonging office ID 214. The user ID 211 is an identifier for identifying the user. The password 212 is used when the user logs in to the document management apparatus 300 using the user ID. The office ID 214 is an identifier for identifying the office to which the user currently belongs.

  The office information storage unit 220 stores office information including an office ID 221, an office name 222, a belonging user ID 223, a hierarchical office ID 224, an old hierarchical office ID 225, and an old hierarchical office ID validity period 226.

  FIG. 2 is a diagram illustrating an example of office information. Note that FIG. 2 shows the office of the office-D when the organization hierarchy is changed from the organization hierarchy before the change shown on the left side to the organization hierarchy after the change shown on the right side as illustrated in FIG. It shows an example of information.

  The office ID 221 is an identifier for identifying the office. For example, “OFFICE-D” is set. The office name 222 is an office name, for example, “Office-D” is set. The belonging user ID 223 indicates the user ID of a user belonging to the office, and for example, “USER1”, “USER2”, “USER3” is set. The hierarchy office ID 224 is an identifier (current hierarchy organization identifier) for identifying the current upper hierarchy office of the office, and the office IDs of the offices from the first hierarchy to the third hierarchy above the office are set. Therefore, for example, as shown on the right side of FIG. 3, since the upper hierarchy office of the office-D is only the office A in the first hierarchy, “OFFICE-A” is set in the first hierarchy of the hierarchy office ID 224. Is done. The old hierarchy office ID 225 is an identifier (old hierarchy organization identifier) for identifying the upper hierarchy office before the organization change of the office, and the office IDs of the offices from the first hierarchy to the third hierarchy that are higher than the office are indicated. Is set. Therefore, for example, as shown on the left side of FIG. 3, the old upper hierarchy office of the office-D is the office-A in the first hierarchy and the office-B in the second hierarchy. “OFFICE-A” is set for the first layer, and “OFFICE-B” is set for the second layer. The old hierarchy office ID valid period 226 is a period during which the access authority determination based on the old hierarchy office ID is valid, and includes a start date and an end date.

  As described above, the user information storage unit 210 and the office information storage unit 220 associate the user ID 211, the belonging office ID 214 (221), the hierarchical office ID 224, and the old hierarchical office ID 225 in association with each other. The organization information storage unit is configured.

  Returning to FIG. 1, in response to a request from the document management apparatus 300, the user authentication unit 230 stores the user ID and password of the user who is attempting to log in to the document management apparatus 300 in the user information storage unit 210. Further, user authentication is performed by checking with the password 212.

  In response to a request from the document management device 300, the user information acquisition unit 231 acquires the user ID 211, the user name 213, and the office ID 214 of the user information that matches the specified user ID from the user information storage unit 210. The data is output to the document management apparatus 300. Also, the user information acquisition unit 231 acquires the office information of the user's office using the acquired office ID 214 via the office information acquisition unit 232 and outputs it to the document management apparatus 300.

  In response to a request from the user information acquisition unit 231, the office information acquisition unit 232 receives the office name 222, the hierarchical office ID 224, and the old hierarchical office ID 225 of the office information that matches the specified office ID from the office information storage unit 220. Obtain it and output it to the user information obtaining means 231. The office information acquisition unit 232 outputs the old hierarchy office ID 225 only when the current time is within the old hierarchy office ID valid period.

  The organization changing unit 233 changes the office information stored in the office information storage unit 220 in accordance with the organization change in response to an input from the organization change operator. The input from the organization change operator may be performed via an input device such as a keyboard provided in the user / organization management apparatus 200, or may be communicated with the user / organization management apparatus 200 via a network. It is good also as inputting from the information processing apparatus connected to.

  The document management apparatus 300 includes a login unit 310, an access authority setting unit 311, an access authority determining unit 312, an old office access authority setting unit 315, a login user information storage unit 320, a document information storage unit 321, and an access authority setting information storage unit 323. , And an old office use count storage table storage unit 324. The document management apparatus 300 includes a CPU and a storage device, and the login unit 310, the access authority setting unit 311, the access authority determination unit 312, and the old office access authority setting unit 315 are stored in the storage device. The login user information storage unit 320, the document information storage unit 321, the access authority setting information storage unit 323, and the old office use count storage table storage unit 324 are stored in the storage device. To be realized.

  The login unit 310 receives a login request including a user ID and a password from the user, and performs user authentication via the user authentication unit 230 of the user / organization management apparatus 200. Further, the login unit 310 stores the user information and office information of the user transmitted from the user / organization management apparatus 200 upon completion of the user authentication in the login user information storage unit 320 as login user information. FIG. 4 is a diagram illustrating an example of login user information. In the login user information, in addition to the user ID 211, the user name 213 and the belonging office ID 214 acquired from the user information, the belonging office name 222 acquired from the office information, the hierarchical office ID 224 of the belonging office, and the old name of the belonging office A hierarchical office ID 225 is included. Note that the user can access the document management apparatus 300 from, for example, an information processing apparatus that is communicably connected to the document management apparatus 300 via a network.

  Returning to FIG. 1, the access authority setting unit 311 sets the access authority for each document in response to a request from the administrator who manages the access authority or the old office access authority setting unit 315. The set access authority is stored in the access authority setting information storage unit 323 as access authority setting information (access authority information). FIG. 5 is a diagram illustrating an example of access authority setting information. As shown in FIG. 5, the access authority setting information includes a document ID 340, a condition number 341, a permission authority 342, a permission type 343, a subordinate flag 344, and a permission type value 345. The document ID 340 is an identifier for identifying a document, and is, for example, a file name. The condition number 341 is a number assigned in order when a plurality of conditions are set for the same document. The permission authority 342 is information indicating the permitted access authority, and for example, “reference + update” that enables reference and update, “reference” that enables only reference, and the like are set. The permission type 343 is information indicating a unit for permitting access authority. For example, “user” indicating permission for each user and “office” indicating permission for each office are set. The subordinate flag 344 is information indicating whether or not to permit the access authority to the office under the designated office when the permission type 343 is “office”. “YES” is set. In the permission type value 345, an ID of a user or office who is permitted access authority is set.

  Returning to FIG. 1, the access authority determining unit 312 includes a hierarchical office determining unit 313 and an old hierarchical office determining unit 314, and based on the access authority setting information stored in the access authority setting information storage unit 323, It is determined whether or not access authority for the document is set for the user who is trying to access the document. When the subordinate flag 344 of the access authority setting information is set to “YES”, the hierarchical office determination unit 313 includes the office set to the permission type value 345 as the upper hierarchical office of the office to which the login user belongs. To determine whether or not Similarly, the old hierarchy office determination unit 314 determines whether the office set to the permission type value 345 is included in the old upper hierarchy office of the office to which the login user belongs.

  The old office access authority setting means (access authority update unit) 315 changes the number of times of use of documents based on the old hierarchical office ID 225 (permitted number) after the organization change, and stores the old office usage number storage table storage unit (permitted number storage unit) 324. Is set in the old office usage count storage table. FIG. 6 is a diagram illustrating an example of the old office usage count storage table. The old office use count storage table includes a document ID 360, a condition number 361, a permission type value 362, a logged-in user's office ID 363, and a use count 364. The document ID 360, the condition number 361, and the permission type value 362 correspond to the document ID 340, the condition number 341, and the permission type value 345 of the access authority setting information. The login user's office ID 363 corresponds to the login user information office ID 214. Then, the old office access authority setting unit 315 sets the access authority for the document with high use frequency based on the old hierarchy office ID 225 for the office to which the user currently belongs.

  Returning to FIG. 1, a document managed by the document management apparatus 300 is stored in the document information storage unit 321 in association with the document ID. Here, the document is an electronic file that can be processed by the information processing apparatus, and is not limited to text information, but may be information such as an image or sound.

== Document management processing ==
Next, document management processing in the document management system 100 will be described. First, a user who uses the document management apparatus 300 accesses the document management apparatus 300 using, for example, an information processing apparatus that is communicably connected to the document management apparatus 300, and inputs a user ID and a password. The input user ID and password are received by the login unit 310 and passed to the user authentication unit 230. The user authentication unit 230 checks whether or not the user ID 211 and the password 212 that match the received user ID and password are stored in the user information storage unit 210. Notify When the login is permitted, the login unit 310 calls the user information acquisition unit 231 by designating the user ID.

  FIG. 7 is a flowchart illustrating an example of processing for acquiring login user information when login is permitted. When a user ID is specified by the login unit 310, the user information acquisition unit 231 acquires user information corresponding to the user ID from the user information storage unit 210 (501). Also, the user information acquisition unit 231 specifies the affiliated office ID 214 set in the acquired user information, calls the office information acquisition unit 232, and stores office information corresponding to the affiliated office ID 214 from the office information storage unit 220. Obtain (502).

  At this time, the office information acquisition unit 232 confirms whether the old hierarchical office ID valid period 226 is set in the acquired office information (503). If not set (504), the office name 222 and the hierarchical office ID 224 are set. Is output. As a result, the user information acquisition unit 231 returns the user name 213, the affiliated office ID 214, the affiliated office name 222, and the hierarchical office ID 224 of the affiliated office to the login unit 310 (505).

  When the old hierarchy office ID validity period 226 is set in the acquired office information (506), the office information acquisition means 232 has a current time within the range of the start date and end date of the old hierarchy office ID validity period 226. If it is within the range (508), the office name 222, the hierarchical office ID 224, and the old hierarchical office ID 225 are output. As a result, the user information acquisition unit 231 returns the user name 213, the affiliated office ID 214, the affiliated office name 222, the hierarchical office ID 224 of the affiliated office, and the old hierarchical office ID 225 of the affiliated office to the login unit 310 (509).

  When the current time is not within the range of the old hierarchy office ID validity period 226 (510), the office information acquisition unit 232 checks whether the current date and time exceeds the end date of the old hierarchy office ID validity period 226 (511). If yes (512), the old hierarchical office ID 225 is deleted (513). When the old hierarchical office ID 225 is deleted (513), or when the current date and time does not exceed the end date of the old hierarchical office ID valid period 226 (514), the office information acquisition unit 232 stores the office name 222 and the hierarchical office ID 224. Is output. As a result, the user information acquisition unit 231 returns the user name 213, the affiliated office ID 214, the affiliated office name 222, and the hierarchical office ID 224 of the affiliated office to the login unit 310 (505).

  FIG. 8 is a flowchart illustrating an example of processing for determining access authority. Here, a case where user-A (USER-A) makes an access request to a document whose document ID is “DOC1” after login is described as an example. The login user information is in the state shown in FIG. 4, and the access authority setting information is in the state shown in FIG.

  First, the access authority determining unit 312 sets “1” to the variable N for controlling the condition number 341 in the access authority setting information (601), the condition where the document ID is “DOC1” and the condition number is “1”. Is checked (602). When there is no condition with the condition number “1” (603), the access authority determination unit 312 does not permit the login user to operate the document (604).

  When there is a condition of condition number “1” (605), the access authority determination unit 312 checks whether the permission type 343 is “user” (606). When the permission type is “user” (607), the access authority determination unit 312 checks whether the permission type value 345 matches the value of the user ID 211 of the login user (608). The operation of the login user for the document is permitted within the range of the permission authority 342 (610).

  In the example of FIGS. 4 and 5, the permission type value 345 in the condition 350 with the condition number 341 being “1” is “USER-B”, and does not match “USER-A” which is the user ID 211 of the user-A. (611) The access authority determining unit 312 adds 1 to the variable N (612), and returns to the process (602) for checking the condition of the next condition number.

  The access authority determining unit 312 checks the condition whose condition number is “2” (602). In the example of FIGS. 4 and 5, since there is a condition of condition number “2”, the access authority determining unit 312 further checks whether the permission type is “user” (606), and the permission type is not “user”. Therefore (613), it is checked whether the permission type is “office” (614). Here, when the permission type is not “office” (615), the access authority determination unit 312 does not permit the login user to operate the document (604).

  When the permission type is “office” (616), the access authority determining unit 312 checks whether the permission type value 345 matches the office ID 214 of the login user (617), and if it matches (618), The operation of the login user for the document is permitted within the range of the permission authority 342 (610).

  4 and 5, the permission type value 345 in the condition 351 with the condition number 341 being “2” is “OFFICE-B” and does not match “OFFICE-D” that is the office ID 214 of the user-A. Therefore (619), the access authority determining unit 312 checks whether the subordinate flag of the condition is “YES” (620). When the subordinate flag is not “YES” (621), the access authority determining unit 312 adds 1 to the variable N (612), and returns to the process of checking the condition of the next condition number (602). In the example of FIG. 5, since the subordinate flag is “YES” (622), the access authority determination unit 312 calls the hierarchical office determination process by the hierarchical office determination unit 313.

  FIG. 9 is a flowchart illustrating an example of an access authority determination process based on an upper-layer office of the office to which the office belongs. The hierarchy office determination unit 313 sets “1” to the variable N for controlling the hierarchy in the hierarchy office ID 224 (631), and checks the information of the first hierarchy of the hierarchy office ID 224 (632).

  When there is information on the first level (633), the hierarchy office determination means 313 determines the permission type value 345 for the condition in which the subordinate flag 344 is set to “YES” in the access authority setting information, and the first level. It is checked whether the office ID values match (634). If they match (635), the hierarchical office determination unit 313 permits the login user operation on the document within the range of the authorization authority 342 (636).

  In the example of FIGS. 4 and 5, the information “OFFICE-A” of the first hierarchy of the hierarchy office ID 224 does not match the value “OFFICE-B” of the permission type in the condition 351 of the access authority setting information (637). The hierarchy office determination unit 313 adds 1 to the variable N (638), and returns to the process (632) for checking the information of the next hierarchy. In the example of FIGS. 4 and 5, since the information of the second hierarchy does not exist in the hierarchy office ID 224 (639), the hierarchy office determination unit 313 calls the old hierarchy office determination process by the old hierarchy office determination unit 314. .

  FIG. 10 is a flowchart illustrating an example of an access authority determination process based on the old upper-level office of the office to which the user belongs. The old hierarchy office determination means 314 sets “1” to a variable N for controlling the hierarchy in the old hierarchy office ID 225 (641), and checks information on the first hierarchy of the old hierarchy office ID 225 (642).

  When there is information on the first hierarchy (643), the old hierarchy office determination means 314 determines the permission type value 345 for the condition in which the subordinate flag 344 is set to “YES” in the access authority setting information, and the first hierarchy It is checked whether the eye office ID values match (644). If they match (645), the old hierarchical office determination means 314 permits the login user operation on the document within the range of the permission authority 342 (646).

  In the example of FIGS. 4 and 5, the information “OFFICE-A” of the first hierarchy of the old hierarchy office ID 225 does not match the value “OFFICE-B” of the permission type in the condition 351 of the access authority setting information (647). The old hierarchy office determination means 314 adds 1 to the variable N (648), and returns to the process (642) for checking the information of the next hierarchy. In the examples of FIGS. 4 and 5, the information “OFFICE-B” in the second hierarchy of the old hierarchy office ID 225 matches the permission type value “OFFICE-B” in the condition 351 of the access authority setting information ( 645), the old-tier office determination unit 314 permits the login user operation on the document within the range of the permission authority 342 (646).

  As described above, the old hierarchy office determination unit 314 sequentially checks the hierarchy of the old hierarchy office ID 225 from the top. If there is no information to be checked (649), the next access authority determination process shown in FIG. Control is returned to the process of adding 1 to the variable N (612) in order to determine the condition of the condition number.

  FIG. 11 is a flowchart illustrating an extended example of the access authority determination process illustrated in FIG. 10. The difference from FIG. 10 is that when the permission type value (office ID) matches the value of the N-th layer office ID (645), the old office usage count storage unit 324 stores the old office usage count storage. The point of use is set in the table.

  Specifically, when the value of the permission type (office ID) matches the value of the office ID of the Nth hierarchy (645), the old hierarchy office determination means 314 determines the document ID 340, the condition number 341, It is checked whether information having the same value as the permission type value 345 and the office ID 214 of the logged-in user has been stored in the old office use count storage table (651). If the information has been stored (652), the old-tier office determination unit 314 adds 1 to the number of uses 364 of the information (653). If not stored (654), “1” is set to the number of uses and information is added to the old office use count storage table (655). Thereafter, the operation of the login user is permitted as in the case of FIG. 10 (646).

  FIG. 12 is a flowchart showing an example of access authority setting processing based on the old office usage count storage table. This processing can be called periodically by, for example, batch processing. In the process of FIG. 11, it can be called when the old office usage count storage table is updated.

  As shown in FIG. 12, the old office access authority setting means 315 checks whether there is an unprocessed row in the old office use count storage table stored in the old office use count storage table storage unit 324 (701). If there is no unprocessed line (702), the process is terminated.

  When there is an unprocessed row in the old office usage count storage table (703), the old office access authority setting means 315 checks whether the usage count 364 set in the processing target row is equal to or greater than a certain number (704). . If the number of uses 364 is not greater than a certain number (705), the process returns to the next unprocessed row check (701).

  When the usage count 364 is equal to or greater than a certain number (706), the old office access authority setting unit 315 sets access authority setting information based on the information set in the row, and the access authority setting information storage unit 323. (707). Then, the old office access authority setting means 315 deletes the row from the old office usage count storage table and returns to the next unprocessed row check (701).

  FIG. 13 is a diagram showing an example of access authority setting information including the conditions added by the old office access authority setting unit 315. The conditions 350 and 351 in FIG. 13 are the conditions 350 and 351 shown in FIG. The condition 356 in FIG. 13 is added based on the old office usage count storage table shown in FIG. As illustrated in FIG. 13, the old office access authority setting unit 315 sets the document ID 360 “DOC1” set in the old office use count storage table as the document ID 340 of the condition 356. Further, the old office access authority setting unit 315 sets “3” obtained by adding 1 to the maximum condition number “2” for the document ID “DOC1” before adding the condition 356 to the condition number 341 of the condition 356. . Also, the old office access authority setting means 315 sets the permission authority 342 “reference” of the condition number 341 that matches the condition number 361 “2” of the document ID 360 “DOC1” set in the old office usage count storage table to the condition 356 permission authority 342 is set. Further, the old office access authority setting unit 315 sets “office” in the permission type 343 of the condition 356 and sets “− (none)” in the subordinate flag 344. Further, the old office access authority setting means 315 sets “OFFICE-D”, which is the office ID 363 of the logged-in user set in the old office use count storage table, in the permission type value 345 of the condition 356.

  The document management system 100 according to the present embodiment has been described above. In the document management system 100 described above, when there is an organizational change, a user ID, a hierarchical office ID, and an old hierarchical office ID are stored in association with each other. For this reason, when access authority is set to allow access to users belonging to an office under a certain office for a document, not only the organizational hierarchy after the organizational change but also the organizational hierarchy before the organizational change. In consideration of the above, it is possible to determine the access authority for the document. Therefore, it is possible to prevent sudden access to the document due to the organizational change. That is, it is possible to permit access with the access authority before the organization change after the organization change without requiring complicated work.

  Further, in the document management system 100, since a valid period is set for the old hierarchy office ID, it is possible to control a period during which the determination of access authority considering the organizational hierarchy before the organizational change is valid. Therefore, after the organization change, it is possible to permit access with the access authority before the organization change for the set effective period.

  In the document management system 100, the old hierarchical office ID whose validity period has expired is automatically deleted. Therefore, it is possible to reduce the storage capacity necessary for the system without requiring complicated work.

  In the document management system 100, the same access authority as the access authority before the organizational change is given to the office after the organizational change for the document whose access is permitted based on the old hierarchical office ID more than a predetermined number. Is set automatically. Thereby, it is possible to permit access with the access authority before the organization change after the organization change without requiring a complicated work. It is also possible to automatically set the access authority by taking over all the access authority granted to the office before the organization change to the office after the organization change.

  Note that this embodiment is intended to facilitate understanding of the present invention and is not intended to limit the present invention. The present invention can be changed / improved without departing from the spirit thereof, and the present invention includes equivalents thereof.

Part or all of the above-described embodiments can be described as in the following supplementary notes, but is not limited thereto.

  (Additional remark 1) The access authority memory | storage part which matches and memorize | stores the information used as access object, the organization identifier which identifies the organization which has the access authority with respect to the said information as access authority information, the user identifier which identifies a user, The user / organization is associated with the organization identifier of the organization to which the user belongs, the current hierarchical organization identifier that identifies the current upper hierarchical organization of the organization, and the old hierarchical organization identifier that identifies the previous upper hierarchical organization of the organization. An organization to which a user who makes an access request belongs to a user / organization information storage unit that stores information, and an organization that has access authority to information to which an access request is made based on the access authority information and the user / organization information Or the current or previous higher-level organization of the organization to which the user belongs Information management system and an access authority determination unit to allow access to the information to the user.

  (Supplementary note 2) The information management system according to supplementary note 1, wherein an effective period of access permission based on the old hierarchical organization identifier is stored in the user / organization information storage unit, and the access authority determination unit includes: If the access request for the information is within the validity period and the organization having the access authority for the information is a previous higher-level organization of the organization to which the user making the access request belongs, An information management system that permits access to the information.

  (Supplementary note 3) The information management system according to supplementary note 2, wherein the access authority determining unit deletes the old hierarchical organization identifier that has passed the validity period from the user / organization information storage unit. .

  (Supplementary note 4) In the information management system according to supplementary note 2 or 3, the organization having access authority to the information is a previous higher-level organization of the organization to which the user who makes the access request belongs. The permitted number storage unit that stores the number of times access to information is permitted in association with the information and the organization identifier of the organization to which the user belongs, and the number of times stored in the permitted number storage unit is a predetermined number or more An access authority update unit that adds the organization identifier corresponding to the information to the access authority storage unit as an organization identifier indicating an organization having an authority to access the information.

  (Supplementary Note 5) The information to be accessed and the organization identifier for identifying the organization having the access authority for the information are stored in association with each other as access authority information, and the user identifier for identifying the user and the organization to which the user belongs An organization identifier, a current hierarchical organization identifier that identifies the current higher-level organization of the organization, and an old hierarchical organization identifier that identifies the previous higher-level organization of the organization are stored in association with each other as user / organization information, Based on the access authority information and the user / organization information, the organization having access authority to the information for which an access request is made is the organization to which the user making the access request belongs, or the organization to which the user belongs If you are a current or previous tier organization, grant that user access to the information, Broadcast management method.

  (Additional remark 6) The function which matches the information used as access object, the organization identifier which identifies the organization which has the access authority with respect to the said information in association as an access authority information, the user identifier which identifies a user, The user / organization is associated with the organization identifier of the organization to which the user belongs, the current hierarchical organization identifier that identifies the current upper hierarchical organization of the organization, and the old hierarchical organization identifier that identifies the previous upper hierarchical organization of the organization. Based on the function to store as information and the access authority information and the user / organization information, the organization having access authority to the information for which an access request is made is an organization to which the user making the access request belongs, or , If it is the current or previous higher-level organization of the organization to which the user belongs, Program for realizing a function to allow access to the information.

DESCRIPTION OF SYMBOLS 100 Document management system 200 User / organization management apparatus 210 User information storage part 220 Office information storage part 230 User authentication means 231 User information acquisition means 232 Office information acquisition means 233 Organization change means 300 Document management apparatus 310 Login means 311 Access authority setting means 312 Access authority determination means 313 Hierarchy office determination means 314 Old hierarchy office determination means 315 Old office access authority setting means 320 Login user information storage section 321 Document information storage section 323 Access authority setting information storage section 324 Old office use count storage table storage section

Claims (6)

An access authority storage unit that associates information to be accessed with an organization identifier that identifies an organization having access authority to the information, and stores it as access authority information;
User identifier that identifies the user, organization identifier of the organization to which the user belongs, current hierarchy organization identifier that identifies the current upper hierarchy organization of the organization, and old hierarchy organization that identifies the previous upper hierarchy organization of the organization A user / organization information storage unit that stores identifiers in association with each other as user / organization information;
Based on the access authority information and the user / organization information, the organization having access authority to the information for which an access request is made is the organization to which the user making the access request belongs, or the organization to which the user belongs If the current or previous higher-level organization, the access authority determination unit that allows the user to access the information,
An information management system comprising: The information management system according to claim 1,
In the user / organization information storage unit, a validity period of access permission based on the old hierarchical organization identifier is stored,
The access authority determination unit, when the access request for the information is within the valid period, and the organization having the access authority for the information is a previous higher-level organization of the organization to which the user making the access request belongs Allow the user to access the information,
Information management system. The information management system according to claim 2,
The access authority determination unit deletes the old hierarchical organization identifier that has passed the validity period from the user / organization information storage unit.
Information management system. The information management system according to claim 2 or 3,
The information and the user belong to the number of times that access to the information is permitted because the organization having the access authority to the information is an upper hierarchical organization before the organization to which the user who makes the access request belongs. A permitted number storage unit for storing the association with the organization identifier of the organization;
An access authority for adding the organization identifier corresponding to the information whose number of times stored in the permission number storage unit is a predetermined number or more to the access authority storage unit as an organization identifier indicating an organization having an access authority for the information Update section,
An information management system further comprising: The information to be accessed and the organization identifier for identifying the organization having the access authority for the information are associated with each other and stored as access authority information.
User identifier that identifies the user, organization identifier of the organization to which the user belongs, current hierarchy organization identifier that identifies the current upper hierarchy organization of the organization, and old hierarchy organization that identifies the previous upper hierarchy organization of the organization Store the user / organization information in association with the identifier,
Based on the access authority information and the user / organization information, the organization having access authority to the information for which an access request is made is the organization to which the user making the access request belongs, or the organization to which the user belongs If you are a current or previous tier organization, grant that user access to the information,
Information management method. On the computer,
A function of associating information to be accessed with an organization identifier that identifies an organization having access authority to the information, and storing it as access authority information;
User identifier that identifies the user, organization identifier of the organization to which the user belongs, current hierarchy organization identifier that identifies the current upper hierarchy organization of the organization, and old hierarchy organization that identifies the previous upper hierarchy organization of the organization A function of storing identifiers in association with user / organization information;
Based on the access authority information and the user / organization information, the organization having access authority to the information for which an access request is made is the organization to which the user making the access request belongs, or the organization to which the user belongs If you ’re a current or previous higher-level organization, you ’ll have access to that information,
A program to realize

Images