JP2018142928A - Image processing device, control method therefor, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a structure allowing the use of personalization functions without requiring a complicated operation to a user while ensuring security.SOLUTION: In the present image processing device, a first authentication method in accessing to the image processing device via an operation to an operation unit and a second authentication method in accessing to the image processing device from an external device via a network are set. In the image processing device, when it is determined, according to settings, that the first authentication method is not in a situation where a password is used for authentication, an access from the external device via the network is restricted.SELECTED DRAWING: Figure 5

Description

  The present invention relates to an image processing apparatus, a control method thereof, and a program.

  An MFP (Multi Function Peripheral) having a plurality of image processing functions such as copying, printing, and transmission of scanned images is known. Many MFPs have a Web server function, and can set MFPs from a PC connected via a network, and can also refer to documents stored in the MFPs.

  Further, the MFP can accept input of a user name and password as authentication information via the touch panel, or can read authentication information from the card using a card authentication function. In such an MFP, a technique for providing a personalized function to an authenticated user when authentication is successful is known.

  However, inputting a user name, a password, or the like from a touch panel on the MFP or introducing a card authentication function is troublesome in terms of cost and operability for a user who wants to use the MFP immediately. Therefore, there is a case where an authentication function is not introduced because strict security is not required. On the other hand, since the authentication function is not introduced, the personalization function of the MFP cannot be used, and there are some users who have lost convenience.

  In Japanese Patent Laid-Open No. 2004-260260, a user operation is reduced, and an icon image associated with the user is displayed on the MFP screen so that the user can easily use the personalization function, and the user selects his / her own icon image displayed. An MFP has been proposed.

JP 2012-254618 A

  However, the above prior art has the following problems. In the above prior art, a password is not registered when a user is registered. That is, while convenience is improved, since user authentication is not performed when a registered icon is selected, the system can be used by any user and has low security. The MFP is not easy to move and is often installed in an office where it is locked. Therefore, it is considered that the security risk is low when it is limited to use from the operation panel. However, when enabling use from the network, unless the user authentication function is enabled, the user is exposed to various threats.

  The present invention has been made in view of the above-described problems, and an object of the present invention is to provide a mechanism that enables the use of a personalization function without requiring complicated operations from a user while ensuring security. .

  The present invention provides an image processing apparatus that provides a personalized function to an authenticated user or a user who has accessed without entering a password, and the image processing is performed through an operation on an operation unit provided in the image processing apparatus. According to a setting means for setting a first authentication method for accessing the apparatus and a second authentication method for accessing the image processing apparatus from an external device via a network, and setting contents by the setting means, A determination unit that determines whether or not the first authentication method is in a situation of using a password for authentication, and the determination unit determines that the first authentication method is not in a situation of using a password for authentication. And limiting means for limiting access from the external device via the network.

  According to the present invention, it is possible to use a personalization function while ensuring security and without requiring a complicated operation from a user.

1 is a system configuration diagram related to an MFP 101 according to an embodiment. FIG. 2 is a block diagram showing a hardware configuration of the MFP 101 according to an embodiment. 2 is a block diagram showing a software configuration of the MFP 101 according to an embodiment. FIG. The figure which shows the example of management of the option in the structure management part 302 which concerns on one Embodiment. The figure which shows the example of management of the user in the user authentication part 304 which concerns on one Embodiment. The figure which shows the example of UI of the user button selection which concerns on one Embodiment. The flowchart of the access control via a network which concerns on one Embodiment. The flowchart of the access control via a network which concerns on one Embodiment. The flowchart of the access control via a network which concerns on one Embodiment. The figure which shows the example of management of the setting value in the setting management part 303 which concerns on one Embodiment. FIG. 5 is a diagram showing a procedure for automatic user creation by submitting a print job according to an embodiment. The figure which shows the example of a setting of the password policy managed by the setting management part 303 which concerns on one Embodiment. 10 is a flowchart of control in a setting editing UI according to an embodiment.

  An embodiment of the present invention is shown below. The individual embodiments described below will help to understand various concepts, such as superordinate concepts, intermediate concepts and subordinate concepts of the present invention. Further, the technical scope of the present invention is established by the claims, and is not limited by the following individual embodiments.

<First Embodiment>
<System configuration>
Hereinafter, a first embodiment according to the present invention will be described. First, a configuration example of a system related to the MFP 101 according to the present embodiment will be described with reference to FIG. Each device included in this system is connected to the LAN 100.

  As an embodiment, this system includes an MFP (Multi Function Peripheral) 101, a PC 102, and a mail server 103 that are image processing apparatuses. The PC 102 can access the MFP 101 and transmit a print job to the MFP 101. The mail server 103 is a server that manages transmission / reception of electronic mail. Note that the present invention is not limited to the type and number of these apparatuses, and can be applied in various forms.

<Hardware configuration>
Next, a hardware configuration example of the MFP 101 according to the present embodiment will be described with reference to FIG. The MFP 101 includes a control unit 200, an operation unit 209, a printer 210, a scanner 211, and an IC card R / W 213. The control unit 200 includes a CPU 201, ROM 202, RAM 203, HDD 204, operation unit I / F (interface) 205, printer I / F 206, scanner I / F 207, USB I / F 212, and network I / F 208.

  A control unit 200 including a CPU 201 controls the overall operation of the MFP 101. The CPU 201 performs various controls such as reading and transmission by reading and executing a control program stored in the ROM 202. The RAM 203 is used as a temporary storage area such as a main memory and a work area for the CPU 201. The HDD 204 stores image data and various programs. The operation unit I / F 205 connects the operation unit 209 and the control unit 200.

  A printer I / F 206 connects the printer 210 and the control unit 200. Image data to be printed by the printer 210 is transferred from the control unit 200 via the printer I / F 206 and printed on a recording medium by the printer 210. A scanner I / F 207 connects the scanner 211 and the control unit 200. The scanner 211 reads an image on a document to generate image data, and inputs the image data to the control unit 200 via the scanner I / F 207. A network I / F 208 connects the control unit 200 (MFP 101) to the LAN 100. The network I / F 208 transmits / receives various information to / from an external device on the LAN 100 (for example, reception of a print job from the PC 102). The USB I / F 212 connects the USB device and the control unit 200. In this embodiment, it connects with IC card R / W213.

<Software configuration>
Next, a software configuration example of the MFP 101 according to the present embodiment will be described with reference to FIG. The MFP 101 includes a screen display management unit 301, a configuration management unit 302, a setting management unit 303, a user authentication unit 304, a copy unit 310, a print unit 311, a scan transmission unit 312, and a Web server unit 313 as software configurations.

  The screen display management unit 301 controls display on the display unit of the operation unit 209. A configuration management unit 302 manages a configuration installed as an option in the MFP 101. Some options are set up as hardware at the time of purchase, and others are activated by software by entering a license. FIG. 4 shows an example of a table managed by the configuration management unit 302.

  In the table 400 shown in FIG. 4, option names 401 and valid / invalid 402 are managed in association with each other. The option name 401 indicates the name of an optional device or optional function. Valid / invalid 402 defines whether the corresponding option is currently valid. Optional functions include FAX for facsimile transmission, feeder for automatic document conveyance, finisher for performing post-processing such as stapling and bookbinding on sheets such as printed recording media, remote function for remotely operating MFP 101, and There is a user button selection function. The user button selection function is a function in which a user-specific button is displayed in the operation screen information upon registration by the user, and the user button selection function is changed to a screen and specifications customized for the user. The user can easily access. Simple access refers to, for example, that the user can customize the screen and specifications of the MFP 101 according to the user without entering a password in the MFP 101.

  Returning to the description of FIG. The web server unit 313 controls the provision of a web UI provided by each function of the MFP 101 to an information processing apparatus such as the PC 102 connected to the LAN 100. A setting management unit 303 has a database for managing various settings related to the MFP 101 and provides a UI for editing setting values. The setting management unit 303 provides not only a UI on the operation panel but also a Web UI as a UI for editing a setting value.

  A copy unit 310, a print unit 311, and a scan transmission unit 312 are applications that operate on the MFP 101. The copy unit 310 controls so-called copying. The print unit 311 is an application that receives and accumulates print jobs submitted from the PC 102, displays a list of submitted jobs for the logged-in user, and prints the user after confirming the contents. The scan transmission unit 312 is an application that transmits an image scanned by the scanner 211 to an external device by e-mail or the like.

  A user authentication unit 304 manages a list of users who can use the MFP 101 and provides a UI for user authentication. FIG. 5 shows an example of a user attribute list managed by the user authentication unit 304. The user attribute list 500 illustrated in FIG. 5 includes information on a password 502, a personal identification number (pin) 503, a card ID 504, an authority 505, and an e-mail 506 for each user ID 501. The user ID 501 is identification information unique to each individual. The password 502 is a password associated with each user ID 501 and can be set by each user. The pin 503 is a personal identification number assigned to each user. The card ID 504 is identification information assigned to a card held by each user. The authority 505 indicates the authority assigned to each user, and “manager” or “general” is set. The e-mail 506 is an e-mail address assigned to each user.

  Returning to the description of FIG. The MFP 101 according to the present embodiment provides “keyboard authentication”, “IC card authentication”, and “user button selection” as user authentication methods (first authentication methods) that can be provided when using the MFP 101 from the operation unit 209. "I will provide a. The keyboard authentication provides the user with a UI for inputting the user name / password, and determines that the authentication is successful if the input values match the uid / password of the user attribute list 500 of FIG. In the IC card authentication, a UI that prompts the user to hold the IC card owned by each user over the IC card R / W 213 is displayed on the operation unit 209. Thereafter, a user whose card information acquired by the IC card R / W 213 matches the card ID 504 in the user attribute list 500 of FIG. 5 is defined as a login user. In the user button selection, a UI 600 for selecting a user as shown in FIG. 6 is displayed on the operation unit 209, and the user is allowed to select and log in with the selected user. On the UI 600, user buttons 601, 602, and 603 of currently registered users are displayed so as to be selectable. Further, in the present embodiment, a UI for inputting a personal identification number is displayed on the operation unit 209 for a user for whom the pin 503 in the user attribute list in FIG. 5 is set as the user attribute corresponding to the selected user button. . The selection of the user button is not a security purpose for preventing operations other than the user, but can be said to be a user identification function for personalization purposes such as sending scanned data to the mail address of the logged-in user. As described above, the MFP 101 according to the present embodiment can provide a personalized function to an authenticated user or a user who simply accesses the MFP 101.

  On the other hand, only “keyboard authentication” is provided as an authentication method (second authentication method) for accessing the Web UI. That is, the user needs to input uid / password. As the authentication mode, three levels of “normal authentication mode”, “administrator authentication mode”, and “guest authentication mode” are provided. In the normal authentication mode, all users existing in the user attribute list 500 of FIG. 5 can be accessed if the user authentication is successful. The administrator authentication mode is a mode that exists in the user attribute list 500 and can be accessed only by a user having the administrator authority with the authority 505 even if the user authentication is successful. The guest authentication mode is a mode in which some functions can be accessed without authentication. Each method of user authentication via the operation unit 209 of the MFP 101 and each authentication mode of user authentication using the Web UI are preferably managed by the setting management unit 303 using a table as shown in FIG. In the table 1000, information of setting 1002 and value 1003 is set for each category 1001. The category 1001 is divided into “operation panel authentication” that is user authentication via the operation unit 209, “Web UI authentication” that is authentication using the Web UI, and “user management”. The set values for authentication on the operation panel are “keyboard authentication”, “IC card authentication”, and “user button selection”, which respectively indicate the authentication methods described above. In addition, Web UI authentication setting values are “normal authentication mode”, “administrator authentication mode”, and “guest authentication mode”, which indicate the above-described authentication modes. The setting value for user management is “automatic registration”. A value 1003 is set for each set value, and invalid or valid is set. When set to valid, the authentication method in the setting is valid. In the example of FIG. 10, user button selection for authentication on the operation panel, normal authentication mode for Web UI authentication, and automatic registration for user management are enabled. Note that automatic registration for user management is a setting different from the setting of the authentication method. The automatic registration of user management, which will be described in detail later, is a function for automatically registering user information of the user when a job is submitted.

<Access control via network>
Next, an access control processing procedure according to the present embodiment will be described with reference to FIG. The process described below can be realized by, for example, the CPU 201 reading a control program stored in advance in the ROM 202 into the RAM 203 and executing it.

  When the MFP 101 is powered on, a startup process is started. In step S701, the CPU 201 determines whether a password is used for operation panel authentication. Specifically, the value 1003 of each setting 1002 in the authentication category 1001 of the operation panel of the table 1000 is referred to. For example, if keyboard authentication or IC card authentication is set to be valid, it is determined that a password is used for authentication on the operation panel, and the process is terminated. If any of the above values 1003 is set to invalid, it is determined that a password is not used for authentication of the operation panel, and the process proceeds to S702. Alternatively, if the user button selection value 1003 of the setting 1002 is set to be valid, it is determined that the password is not used for authentication of the operation panel, and if it is set to be invalid, authentication of the operation panel is performed. It may be determined that the password is being used. Therefore, neither keyboard authentication or IC card authentication nor user button selection is set to be valid.

  In step S <b> 702, the CPU 201 stops the function of the web server unit 313. That is, here, by stopping the function of the Web server unit 313, the use of the Web UI is stopped and the use of the MFP 101 from the external device is restricted.

  As described above, the image processing apparatus according to the present embodiment includes the first authentication method when accessing the image processing apparatus via an operation on the operation unit, and the image processing from the external apparatus via a network. A second authentication method for accessing the apparatus is set. In addition, when the image processing apparatus determines that the first authentication method does not use a password for authentication according to the setting contents, the image processing apparatus restricts access from an external apparatus via the network. Thus, according to the present embodiment, it is possible to provide an image processing apparatus that can use the personalization function while ensuring security and without requiring a complicated operation from the user.

  The present invention is not limited to the above embodiment, and various modifications can be made. For example, in the first embodiment, the flowchart of FIG. 7 has been described as the processing performed when the MFP 101 is activated. However, the flowchart may be executed when the setting of the authentication method is changed.

<Second Embodiment>
Hereinafter, a second embodiment according to the present invention will be described. A description will be given of access control via the network when automatic registration is valid. A mechanism for automatically registering a user when a print job is input will be described with reference to FIG. The automatic registration is a function for automatically registering the user based on the user information of the submitted job.

  For example, submitter information is assigned to a print job submitted from the PC 102. The submitter information includes identification information of the user who submitted the print job. The print unit 311 that has received the print job notifies the user authentication unit 304 of the submitter information before the printing process. The user authentication unit 304 registers the user using the received input information as a user ID 501. That is, in the automatic registration function, the initial user password is not set. This automatic registration function functions when the automatic registration value 1003 is valid in the setting value management in the setting management unit 303 illustrated in FIG.

  According to the present embodiment, as the determination in S701 in the access control via the network described in FIG. 7 in the first embodiment, the CPU 201 uses for determination whether or not automatic registration is enabled. This is because an initial password is not set for a user created by automatic registration. Specifically, if automatic registration is enabled, it is determined that a password is not used for operation panel authentication, and if automatic registration is disabled, it is determined that a password is used for operation panel authentication. .

  As described above, the image processing apparatus according to the present embodiment determines that the password is not used for authentication of the operation panel if the automatic registration function is valid, and performs access control via the network. The configuration of the present embodiment may be applied in combination with the configuration of the above embodiment. As a result, it is possible to provide an image processing apparatus that can use the personalization function without requiring a complicated operation from the user while ensuring more security.

<Third Embodiment>
Hereinafter, a third embodiment according to the present invention will be described. In the present embodiment, it is determined whether or not the password is used for the authentication of the operation panel using the password policy setting information indicating the standard of the complexity of the password set by the user.

  With reference to FIG. 12, the setting relating to the password policy will be described. The policy table 1200 illustrated in FIG. 12 is managed by the setting management unit 303. The policy table 1200 includes information on setting values 1202 for each setting policy 1201. The setting policy 1201 includes a minimum number of characters, a condition that prohibits the use of three or more consecutive characters, a condition that always uses at least one uppercase letter, a condition that always uses at least one lowercase letter, and a number. Includes conditions that always use one or more characters and conditions that always use one or more characters. As the setting value 1202 of each condition, the number of characters is set as the minimum number of characters, and the setting value of whether to enable or disable the condition is set as the other conditions.

  The user authentication unit 304 checks whether or not the password input when the user manually creates a password or logs in satisfies the password policy. If the password is not satisfied, an error occurs. In the present embodiment, the CPU 201 uses the setting value 1202 of the minimum number of characters in the policy table 1200 to determine whether or not a password is used for operation panel authentication in the determination in S701. Specifically, when the setting value 1202 of the minimum number of characters is set to “0”, the CPU 201 determines that there is no situation in which a password is used for authentication of the operation panel, and performs access control via the network. The configuration of the present embodiment may be applied in combination with the configuration of each of the above embodiments. As a result, it is possible to provide an image processing apparatus that can use the personalization function without requiring a complicated operation from the user while ensuring more security.

<Fourth Embodiment>
Hereinafter, a fourth embodiment according to the present invention will be described. In the present embodiment, the processing after the determination (S701) in the access control via the network described in FIG.

  With reference to FIG. 8, a processing procedure of access control according to the present embodiment will be described. The process described below can be realized by, for example, the CPU 201 reading a control program stored in advance in the ROM 202 into the RAM 203 and executing it. Note that the same steps as those in the flowchart of FIG. 7 are denoted by the same step numbers and description thereof is omitted.

  If it is determined in step S701 that the password is not used for operation panel authentication, the process advances to step S801, and the CPU 201 changes the setting of the authentication mode related to Web UI authentication in the table 1000 managed by the setting management unit 303. Specifically, the CPU 201 changes the setting of the authentication mode of the Web UI to “administrator authentication mode”. In other words, the CPU 201 sets the “normal authentication mode” and “guest authentication mode” values 1003 in the Web UI authentication to be invalid, and sets the “administrator authentication mode” value 1003 to be valid. As a result, in this embodiment, even when it is determined that a password is not used for authentication of the operation panel, access via the network is permitted instead of completely restricting access via the network. Can provide a more flexible system. The configuration of the present embodiment may be applied in combination with the configuration of each of the above embodiments.

  Further, the present invention is not limited to the above embodiment, and various modifications can be made. For example, in step S801, the CPU 201 may change the setting value 1202 of the minimum number of characters in the policy table 1200 to a value other than 0, for example, 6 or the like. As a result, without restricting access control via the network, it is possible to maintain security by changing to a situation where a password is used for authentication of the operation panel.

<Fifth Embodiment>
The fifth embodiment according to the present invention will be described below. In this embodiment, when an access request is received from the MFP 101, in addition to the determination corresponding to S701 in each of the above embodiments, a user who has not set a password in the user attribute list 500 managed by the user authentication unit 304 Confirm the existence of.

  With reference to FIG. 9, a processing procedure of access control according to the present embodiment will be described. The process described below can be realized by, for example, the CPU 201 reading a control program stored in advance in the ROM 202 into the RAM 203 and executing it. Note that the same steps as those in the flowchart of FIG. 7 are denoted by the same step numbers and description thereof is omitted.

  In step S <b> 901, the CPU 201 functions as an accepting unit, and accepts an access request to the MFP 101 from the external PC 102 or the like via, for example, a Web UI. Thereafter, the determination in S701 is performed. If it is determined that the password is not used for authentication of the operation panel, the process proceeds to S902. In step S902, the CPU 201 determines whether there is even one user who has not actually set a password. If there is only one person, the process proceeds to step S903, and if there is no one, the process ends without restricting access via the network.

  In step S903, the CPU 201 executes access restriction similar to that in step S702 or S801 described above, and ends the process. Thus, according to the present embodiment, even if it is determined that the password is not used for the authentication of the operation panel, if there is no user who does not actually set the password, Does not restrict access control. That is, in such a situation, access via the Web UI can be permitted, finer control can be performed, and a more flexible system can be provided. The configuration of the present embodiment may be applied in combination with the configuration of each of the above embodiments.

<Sixth Embodiment>
The sixth embodiment according to the present invention will be described below. In the present embodiment, a control procedure when the setting of the Web UI authentication mode is changed in the settings related to the user authentication unit 304 will be described.

  With reference to FIG. 13, a processing procedure of access control according to the present embodiment will be described. The process described below can be realized by, for example, the CPU 201 reading a control program stored in advance in the ROM 202 into the RAM 203 and executing it. Note that the same steps as those in the flowchart of FIG. 7 are denoted by the same step numbers and description thereof is omitted.

  In step S <b> 1301, the CPU 201 receives a change request for setting the authentication mode of the Web UI. In step S <b> 1302, the CPU 201 determines whether the received change request is a change request other than “administrator authentication mode”. If it is a change request other than “administrator authentication mode”, the process advances to step S701; otherwise, the process ends. In S701, the same processing as in the above embodiments is performed, and if it is determined that the password is not used for authentication of the operation panel, the process proceeds to S1303. In step S1303, the CPU 201 displays a security warning for prompting appropriate password operation, and ends the process.

  As described above, when the Web UI authentication mode setting is changed, the image processing apparatus according to the present embodiment performs the same determination as in step S701 if the change request is other than “administrator authentication mode”. If no password is used for operation panel authentication, a warning is displayed. As a result, it is possible to provide an image processing apparatus that can use the personalization function without requiring a complicated operation from the user while ensuring more security.

  Further, the present invention is not limited to the above embodiment, and various modifications can be made. In the above embodiment, instead of displaying a warning in step S1303, a process is executed in which the change operation itself is regarded as an error and the change request is discarded. In addition, by making it possible for only password-registered users to access the MFP 101 via the Web UI, it is possible to reduce the time and effort of user operations and ensure security while using the personalization function easily. It can be.

<Other embodiments>
The present invention supplies a program that realizes one or more functions of the above-described embodiments to a system or apparatus via a network or a storage medium, and one or more processors in a computer of the system or apparatus read and execute the program This process can be realized. It can also be realized by a circuit (for example, ASIC) that realizes one or more functions.

  100: LAN, 101: MFP, 102: PC, 103: mail server, 200: control unit, 201: CPU, 202: ROM, 203: RAM, 204: HDD, 205: operation unit I / F, 206: printer I / F, 207: Scanner I / F, 208: Network I / F, 209: Operation unit, 210: Printer, 211: Scanner, 212: USB I / F, 213: IC card R / W

Claims (14)

An image processing apparatus that provides a personalized function to an authenticated user or a user who has accessed without entering a password,
A first authentication method for accessing the image processing apparatus via an operation on an operation unit provided in the image processing apparatus, and a second authentication method for accessing the image processing apparatus from an external device via a network Setting means for setting the authentication method of
Determining means for determining whether the first authentication method is in a situation of using a password for authentication according to the setting content by the setting means;
And limiting means for restricting access from the external device via the network when the determining means determines that the first authentication method does not use a password for authentication. Image processing device. The setting means includes, as the first authentication method, keyboard authentication for executing authentication by inputting a user name and a password using the operation unit, and acquiring the user name and password from an IC card for authentication. Each of the authentication functions including IC card authentication to be performed and user button selection that does not require a user name and password and that allows the user to select a button for each user displayed on the screen of the operation unit and access the image processing apparatus Enable or disable
2. The image according to claim 1, wherein if the keyboard authentication and the IC card authentication are invalid, the determination unit determines that the first authentication method does not use a password for authentication. Processing equipment.   The image processing apparatus according to claim 2, wherein the determination unit determines that the first authentication method does not use a password for authentication if the user button selection is valid. The setting means sets whether to enable or disable an automatic registration function for automatically registering a user without a password,
4. The method according to claim 1, wherein if the automatic registration function is valid, the determination unit determines that the first authentication method does not use a password for authentication. The image processing apparatus described. The setting means sets a minimum number of characters for a password as a policy for registering a user password,
5. The method according to claim 1, wherein if the minimum number of characters is set to 0, the determination unit determines that the first authentication method does not use a password for authentication. The image processing apparatus according to item. A web server for controlling access from the external device via the network;
The image processing apparatus according to claim 1, wherein the restricting unit restricts access from the external apparatus via the network by stopping the Web server.   The image according to any one of claims 1 to 5, wherein the restricting means restricts access from the external device via the network by restricting the second authentication method. Processing equipment. The setting means includes, as the second authentication method, a normal authentication mode in which all successfully authenticated users can access the image processing apparatus, and only a user who has successfully authenticated and has administrator authority. Each of the authentication modes including an administrator authentication mode that allows access to the image processing apparatus and a guest authentication mode that allows access to the image processing apparatus without authentication for some functions. ,
The image processing apparatus according to claim 7, wherein the restriction unit restricts the second authentication method by effectively changing only the administrator authentication mode.   The image processing apparatus according to claim 5, wherein the restriction unit restricts access from the external apparatus via the network by changing the minimum number of characters to 1 or more.   The restricting unit determines whether the first authenticating method does not use a password for authentication by the determining unit, and when a user for whom no password is set is registered, The image processing apparatus according to claim 1, wherein access from the external apparatus is restricted. Accepting means for accepting a setting change of the second authentication method;
When the setting change of the second authentication method is received by the receiving means, if the change is made to an authentication mode other than the administrator authentication mode, the determination means makes a determination, and the determination means causes the first authentication method to be changed. The image processing apparatus according to claim 8, further comprising a control unit that displays a warning when it is determined that the one authentication method does not use a password for authentication. Accepting means for accepting a setting change of the second authentication method;
When the setting change of the second authentication method is received by the receiving means, if the change is made to an authentication mode other than the administrator authentication mode, the determination means makes a determination, and the determination means causes the first authentication method to be changed. The image processing apparatus according to claim 8, further comprising a control unit that discards the received setting change when it is determined that the authentication method is not in a situation where a password is used for authentication. A method of controlling an image processing apparatus that provides a personalized function to an authenticated user or a user who has accessed without entering a password,
The setting unit accesses the image processing apparatus from a first authentication method when accessing the image processing apparatus via an operation to an operation unit provided in the image processing apparatus, and an external apparatus via a network. A setting step for setting a second authentication method at the time,
A determination step of determining whether or not the first authentication method is in a situation of using a password for authentication according to the setting content of the setting step;
When it is determined in the determining step that the first authentication method does not use a password for authentication, the restricting unit executes a restricting step of restricting access from the external device via the network. And a control method for the image processing apparatus. A program for causing a computer to execute each step in a control method of an image processing apparatus for providing a personalized function to an authenticated user or a user who has accessed without entering a password, the control method comprising:
The setting unit accesses the image processing apparatus from a first authentication method when accessing the image processing apparatus via an operation to an operation unit provided in the image processing apparatus, and an external apparatus via a network. A setting step for setting a second authentication method at the time,
A determination step of determining whether or not the first authentication method is in a situation of using a password for authentication according to the setting content of the setting step;
When it is determined in the determining step that the first authentication method does not use a password for authentication, the restricting unit executes a restricting step of restricting access from the external device via the network. A program characterized by that.

Images