JP2020135576A - Information processing device, management server, information processing method, and program - Google Patents

Abstract

To provide an information processing device capable of properly restricting confidential information included in history information based on the mask status of confidential information included in history information and a piece of information of a user referring to the history information.SOLUTION: The information processing device includes: determination means that determines whether a piece of user information included in a piece of history information as an acquisition object is masked against an acquisition request for the history information; and a return means that is configured so as to, when the user information is not masked, and when an organization that holds the history information and an organization to which the requesting user belongs are different, return the user information included in the history information after masking the same.SELECTED DRAWING: Figure 14

Description

The present invention relates to an information processing device, a management server, an information processing method and a program.

When introducing an information processing device (for example, a digital multifunction device), it is necessary to perform appropriate setting work according to the request of the customer at the introduction destination. Setting work includes, for example, updating firmware, changing various setting values, installing applications, etc. However, if there are many work items, it takes time and human error is likely to occur. Further, in a large-scale introduction, the same setting work may be performed on a plurality of information processing devices, which is not efficient. Therefore, an automatic setting system that creates setting data that defines the setting work contents in advance and automatically changes the setting value and installs the application based on the setting data at the time of setting work to improve the efficiency of the setting work. is there.

As a main method of using the automatic setting system, it is conceivable that a sales person who listens to a customer's request creates setting data in the office, and a setting person uses the setting data to perform setting work.

In the automatic setting system, after creating the setting data, the setting work using the setting data may be outsourced to a different organization. In addition, the organization entrusted with the setting may edit the entrusted setting data when there is a defect in the setting data or for managing the progress of the setting work. Therefore, the automatic setting system has a function for sharing one setting data among a plurality of organizations.

In addition, the automatic setting system has a function of editing the setting data and recording the history of executing the setting work as a trail of the setting work. At this time, if the above-mentioned setting data is shared, the user information of the external organization is masked when recording the history information so that confidential information and personal information are not inadvertently disclosed to other organizations. Has a function.

From the viewpoint of personal information protection, it is conceivable to mask and display the history information of another user when referring to the history information (Patent Document 1).

JP-A-2007-87002

However, in the prior art disclosed in Patent Document 1 described above, since the mask of the confidential information at the time of recording the history information is not considered, it is not possible to flexibly control the confidential information according to the recorded content of the history information.

Therefore, the present invention provides an automatic setting system that can appropriately limit the confidential information contained in the history information based on the mask status of the confidential information included in the history information and the information of the user who refers to the history information. The purpose is to do.

In order to achieve the above object, the automatic setting system according to the present invention
In an automatic setting system consisting of at least a server that manages setting data in which setting processing is described, and an image processing device that is connected to the server via a network and automatically performs setting processing according to the setting data.
The server has a function of recording the time and user information as history information when the setting data is operated.
The history information recording function has a function of masking and recording a part of the history information when a user other than the organization holding the setting data operates the setting data.
In response to the history information acquisition request for the setting data, the history information is included in the history information by the history information mask determining means (S1404) for determining whether or not the user information included in the history information is masked, and the history information mask determining means. Confidential information control means (S1407) that masks a part of the history information when it is determined that the user information is not masked and the organization that holds the history information and the organization to which the history acquisition request source user belongs are different. When,
It is characterized by having.

According to the automatic setting system according to the present invention, when the history information is acquired in the system that masks the confidential information according to the conditions at the time of recording the history information, the mask status of the history information and the user information accessing the history information are used. , Confidential information contained in history information can be appropriately restricted.

It is a figure which shows an example of the system configuration of an automatic setting system. It is a figure which shows an example of the hardware configuration of the management server. It is explanatory drawing which shows an example of the hardware configuration of a device. It is a figure which shows an example of the software configuration of a management server, a PC and a device. It is a figure which shows an example of setting data. It is explanatory drawing which shows an example of a script. It is a figure which shows an example of the screen for managing the setting data. It is a figure which shows an example of the screen for editing a setting data. It is a figure which shows an example of an alias information. It is a figure which shows an example of history information. It is a flowchart which shows an example of the setting data manipulation process of a management server. It is a figure which shows an example of the screen which confirms the list of history information. It is a figure which shows an example of a setting data management screen and history information display screen. It is a flowchart which shows an example of the history information acquisition processing of a management server. It is a flowchart which shows an example of the setting data manipulation process of a management server. It is a figure which shows an example of the confidential information control history. It is a flowchart which shows an example of the history information acquisition processing of a management server. It is a figure which shows an example of a setting data management screen and history information display screen.

Hereinafter, embodiments for carrying out the present invention will be described with reference to the drawings.

[First Embodiment]
FIG. 1 is a diagram showing an example of a system configuration of an automatic setting system.

The communication line 100 is a LAN (Local Area Network) to which the PC 102 is connected. The management server 101 is a server on the Internet 106 that manages setting data for performing automatic setting processing of the device 104. The PC 102 connects to the management server 101 to create and edit setting data. The communication line 103 is a LAN similar to the communication line 100, and the device 104 and the PC 105 are connected to each other. The device 104 is an information processing device typified by a digital multifunction device that connects to a management server 101, acquires setting data, and automatically executes setting work. Like the PC 102, the PC 105 connects to the management server 101 and operates the setting data. The communication lines 100 and 103 and the management server 101 are communicably connected via the Internet 106.

A proxy server and a firewall are generally configured between the communication lines 100 and 103 and the Internet 106, but they are omitted in FIG.

The PC 102, the device 104, and the PC 105 may be connected to the same LAN without separating the communication line 100 and the communication line 103.

FIG. 2 is a diagram showing an example of the hardware configuration of the management server 101.

In the management server 101, the hard disk (HDD) 212 stores the program of the automatic setting software.

The CPU 201 controls the entire management server 101. When the CPU 201 reads the device management program recorded in the HDD 212 into the RAM 203 or the like and executes it, the processing of the software configuration of the management server 101 shown in FIG. 4 is realized.

The BIOS program and the boot program are stored in the ROM 202.

The RAM 203 functions as a main memory, a work area, and the like of the CPU 201.

The keyboard controller (KBC) 205 controls instruction input from the keyboard (KB) 209, the pointing device (PD) 210, and the like.

The display controller (DSPC) 206 controls the display of the display (DSP) 211.

The disk controller (DKC) 207 controls access to a storage device such as a hard disk (HDD) 212 or a CDROM (CD) 213. A boot program, an operating system program, a database, an automatic setting program, data, and the like are stored in the HDD 212, the CD-ROM (CD) 213, and the like.

The interface controller (IFC) 208 performs data communication with the PC 102, 105 and the device 104 via the Internet 106.

Each of these components is located on system bus 204.

The automatic setting program according to the present embodiment may be supplied in a form stored in a storage medium such as a CD-ROM. In that case, the program is read from the storage medium by the CD 213 or the like shown in FIG. 2 and installed in the HDD 212.

Further, the hardware configurations of PC102 and PC105 are also as shown in FIG. The function of each device is realized by the CPU of each device executing the process based on the program stored in the HDD or the like of each device.

FIG. 3 is an explanatory diagram showing an example of the hardware configuration of the device 104.

In FIG. 3, the device 104 is an image forming device having a printing function, a scanning function, a network communication function, and the like as an example of an information processing device.

The CPU 401 controls the entire image forming apparatus.

The ROM 402 stores the print processing program and font data executed by the CPU 401.

The RAM 403 is used for the work area of the CPU 401, the reception buffer, and the image drawing.

The hard disk (HDD) 404 records programs, set values of the image forming apparatus 400, and the like.

The operation panel 405 is an operation panel composed of various switches and buttons, a touch panel, and a liquid crystal display unit for displaying messages. The CPU 401 can change the set value of the image forming apparatus 400 stored in the HDD 404 or the like according to the user's operation via the operation panel 405.

The network interface (network I / F) 406 is a network interface for connecting to a network.

The print engine 407 is an engine of a printer that prints on recording paper.

The scanner 408 is a scanner for reading a document.

The facsimile communication unit 409 is a communication unit for transmitting and receiving facsimiles.

When the CPU 401 executes the process based on the program stored in the ROM 402 or the HDD 404, the process of the software configuration of the device 104 shown in FIG. 4 is realized.

FIG. 4 is an explanatory diagram showing an example of software configurations of the management server 101, PC 102 and 105, and the device 104.

In the management server 101, the authentication unit 300 authenticates in response to the authentication request from the PCs 102 and 105 and the device 104, and determines whether the PCs 102 and 105 and the device 104 can use the automatic setting system. The user data managed by the authentication unit 300 includes information such as a user ID and password, and an organization to which the user belongs. The access control unit 301 controls access to the set data from the PC 102 and 105 and the device 104 according to the authentication result of the authentication unit 300 and the access right set by the data access right editing unit 312 described later. The setting data management unit 302 manages the setting data transmitted from the PCs 102 and 105, the scripts associated therewith, and the operation history information of the setting data. The confidential information control unit 303 controls whether or not to mask the confidential information at the time of recording and reading the historical information of the setting data.

In the PCs 102 and 105, the authentication request unit 310 transmits an authentication request to the management server 101. At this time, in order for the management server 101 to determine the access right to the setting data, the authentication request unit 310 performs user authentication using the ID and password. The setting data editing unit 311 acquires the setting data from the management server 101, updates the setting data, and saves the setting data in the management server 101 according to an instruction from the user. The data access right editing unit 312 sets the access right to the setting data managed by the management server 101. The access right may be set for each setting data, for each user, or for each group (for example, an organization) in which a plurality of users are grouped.

When the setting data editing unit 311 saves the setting data in the management server 101, the script generation unit 313 generates a script (command group that can be executed by the device 104) based on the content of the setting data and associates it with the setting data. Save to the management server 101. In this embodiment, the script is generated by the PC 102, but it may be generated by the management server 101. In that case, the script generation unit 313 operates on the management server 101, and when the setting data is saved from the PC 102, the script generation unit 313 is called from the setting data management unit 302 to generate a script. In either case, the configuration data and the script are stored one-to-one.

In the device 104, the authentication request unit 320 transmits an authentication request to the management server 101. At this time, since the device 104 acquires only the script of the setting data managed by the management server 101, authentication other than user authentication (for example, device authentication) may be used. The script acquisition unit 321 acquires the script of the setting data from the management server 101. The script execution unit 322 executes the script acquired by the script acquisition unit 321 to change the settings of the device 104, download a file, and the like.

The PCs 102 and 105, the device 104, and the management server 101 communicate with each other using known techniques such as REST (Representational State Transfer) and SOAP (Simple Object Access Protocol).

FIG. 5 is an explanatory diagram showing an example of setting data managed by the management server 101.

As the setting data, the setting data ID, the organization ID, the setting data name, the setting value file, the address book, and the information of the target device are held.

The setting data ID is an identifier for uniquely identifying the setting data. This information is also used by the device 104 to specify the script, and is composed of random numbers that are easy to input from the operation panel 405 of the device 104 and difficult to guess.

The organization ID is the ID of the organization that holds the setting data.

The setting data name is an arbitrary character string that makes it easy for the user to identify the setting data.

The setting value file is an identifier of a file in which various setting values applied to the device 104 are described. The setting value file contains setting values for various setting items of the device 104.

The address book is an address book identifier applied to the device 104.

The target device is an identifier of the target device to which the setting data is applied. If the target device is set, the setting data cannot be used from other devices.

FIG. 6 is an explanatory diagram showing an example of a script executed on the device 104. Specifically, it is an example of a script associated with the setting data of "setting data ID = 3152486128" shown in FIG. 5, the order of processing, the content of processing, the type of content used in the processing, and the identifier of the content. Holds.

In the example of FIG. 6, a procedure is described in which the setting value file S001 is downloaded as the first process and the setting value file S001 is applied to the device 104 as the second process.

The script shown in FIG. 6 is actually expressed as structured data such as JSON (Javascript (registered trademark) Object Notification), and is interpreted and executed by the script execution unit 322 of the device 104.

FIG. 7 is an explanatory diagram showing an example of a screen when managing the setting data on the PCs 102 and 105.

FIG. 7A is a login screen that is displayed first. If the user authentication is successful here, (b) of FIG. 7 is displayed.

FIG. 7B is a list screen of setting data. Only the setting data that can be referred to by the logged-in user is displayed, and specifically, among the setting data illustrated in FIG. 5, only the setting data held by the organization ID = 0001 is displayed. On this screen, you can create and delete setting data.

As the updater, the user ID who last updated the setting data is displayed in the history information (FIG. 10).

The screen shown in FIG. 7 may be displayed by a client application running on the PCs 102 and 105, or may be displayed by connecting the PCs 102 and 105 to the management server 101 with a Web browser as a Web application provided by the management server 101. You may.

FIG. 8 is an explanatory diagram showing a screen example when editing the setting data on the PCs 102 and 105.

FIG. 8A shows an example of a screen displayed when the edit button of the setting data of the setting data ID = 3152486128 is pressed in FIG. 7B. Since the setting data ID is an ID automatically determined by the management server 101, it cannot be changed. As other information, the setting data name, setting value file, and address book can be edited. In addition, it is possible to specify an outsourced organization as an organization that can use the setting data.

FIG. 8B is a contractor selection screen displayed when the contractor selection button is pressed in FIG. 8A. If necessary, additional registration or deletion of the contractor is possible. From the organization selected here, the setting data shown in FIG. 8A can be referenced and edited.

FIG. 9 is an explanatory diagram showing an example of alias information of the setting data managed by the setting data management unit 302.

The alias is information issued by the setting data management unit 302 when a contractor is specified for the setting data in FIG. 8B. As shown in FIG. 9, an alias is assigned to each combination of the outsourcer setting data ID and the outsourcer organization ID, and the status indicating whether the alias is valid or invalid is managed. If it is valid, the expiration date of the alias is set. In this embodiment, a predetermined expiration date (for example, 3 months from the start of entrustment) is automatically set by the data management unit 302, but the user is allowed to specify the expiration date on the screen of FIG. Is also good.

FIG. 10 is an explanatory diagram showing an example of history information of setting data managed by the setting data management unit 302.

The history information is information recorded by the setting data management unit 302 when an operation for each setting data occurs, and in the example of FIG. 10, the setting data ID, history ID, operation, user ID, and time are held.

The setting data ID is an ID of the setting data shown in FIG. The history ID is an identifier unique to each history information. The operation is the type of operation performed at that time. The user ID is an identifier of the user who executed the operation. The time is the time when the operation was performed.
The setting data of the setting data ID = 3152486128 in FIG. 10 is the data held by the organization ID = 0001 as shown in FIG. The fact that the user ID of the history ID = 0002 of the setting data is “organization ID: 0002” indicates that the user of the organization ID = 0002 has changed the setting data of the organization ID = 0001. In this way, when the user of the external organization operates the setting data using the consignment function shown in FIG. 8, the setting data management unit 302 and the confidential information control unit 303 convert the user ID into the organization ID. Record historical information.

This is because the user ID may be personal information such as an e-mail address, and the personal information is prevented from being recorded as history information of another organization.

FIG. 11 is a flowchart showing a flow in which the management server 101 executes the operation processing of the setting data.

The process shown in the flowchart of FIG. 11 is executed by the setting data management unit 302 and the confidential information control unit 303 of the management server 101. That is, the processing of the flowchart of FIG. 11 is realized by the CPU 201 reading and executing the program recorded in the HDD 212.

In step S1101, the setting data management unit 302 receives an operation request for the setting data. Specifically, the operation corresponds to changing the setting data or executing the setting using a script. When the operation request is determined by the authentication unit 300 or the access control unit 301 prior to step S1101 whether the requesting user can operate the setting data (not shown) and is determined to be inoperable. The management server 101 sends an error in response to the operation sharing.

In step S1102, the confidential information control unit 303 determines whether or not the organization that holds the setting data of the operation target and the organization to which the user who requested the operation received in step S1101 belongs are the same. If the tissues are the same, the process proceeds to step S1103, and if the tissues are different, the process proceeds to step S1104.

In step S1103, the setting data management unit 302 generates and records history information related to the operation while keeping the user ID of the operation request source received in step S1101 as it is.

In step S1104, the setting data management unit 302 converts the user ID of the operation request source received in step S1101 into the organization ID to which the user belongs, and then generates and records the history information related to the operation.

In step S1105, the setting data management unit 302 executes various operations instructed by the operation request received in step S1101.

In the example of FIG. 11, the user ID is converted into the organization ID in step S1104, but any method may be used in which the user ID is not recorded as it is. For example, it may be converted into an empty string or a hash value. Is also good.

FIG. 12 is an explanatory diagram showing a screen example when referring to the history information of the setting data on the PCs 102 and 105.

FIG. 12 shows an example of a screen displayed when a user with user ID = User01 belonging to organization ID = 0001 presses the history button for setting data with setting data ID = 3152486128 in FIG. 7B. , Only the history information shown in FIG. 10 that matches the setting data ID is displayed.

Since the second history information is operated by a user of an organization other than the organization ID = 0001, the user ID part is displayed in a state of being converted into the organization ID.

FIG. 13 is an explanatory diagram showing an example of a setting data management screen and a history information display screen on the PC 102 and PC 105, which are displayed to users of the outsourced organization. Specifically, the screen displayed to the user with the organization ID = 0002 is illustrated.

FIG. 13A is a setting data list screen displayed to the user with the organization ID = 0002. Based on the example of FIG. 5, the setting data of the setting data ID = 5807515798 is displayed as the setting data held by the organization ID = 0002. Further, the setting data entrusted from the organization ID = 0001 is also displayed. Here, the setting data entrusted from the organization ID = 0001 displays an alias (4848762108) for the organization ID = 0002 as shown in FIG. 9 instead of the original setting data ID (3152482128). Further, the user ID of the updater is displayed in a state of being converted to the organization ID = 0001 instead of User0001. This is because the user information of the organization ID = 0001 is not displayed as it is for the user of the organization ID = 0002. As shown in FIG. 13A, there is no check box in the entrusted setting data, and users of other organizations cannot delete it.

FIG. 13B is a history information display screen displayed when the history button of the setting data entrusted in FIG. 13A is pressed. Here, too, the setting data ID displays an alias. The difference from FIG. 12 is that the user ID portion of the first and third history information is converted to the organization ID = 0001, and the reason is the same as in FIG. 13 (a).

FIG. 14 is a flowchart showing a flow in which the management server 101 executes the history information acquisition process.

The process shown in the flowchart of FIG. 14 is executed by the setting data management unit 302 and the confidential information control unit 303 of the management server 101. That is, the processing of the flowchart of FIG. 14 is realized by the CPU 201 reading and executing the program recorded in the HDD 212.

In step S1401, the setting data management unit 302 receives the history information acquisition request. When the operation request is determined by the authentication unit 300 or the access control unit 301 prior to step S1401 whether the requesting user can operate the setting data (not shown) and is determined to be inoperable. The management server 101 sends an error in response to the operation sharing.

In step S1402, the setting data management unit 302 acquires the history information of the setting data specified in the history information acquisition request received in step S1401.

In step S1403, the confidential information control unit 303 determines whether or not the confidential information control process has been executed for each of the history information acquired in step S1402. If the processing is completed for all the history information, the process proceeds to step S1408, and if all the history information is not completed, the process proceeds to step S1404.

In step S1404, the confidential information control unit 303 determines whether or not the user ID recorded in the history information is masked, that is, whether or not step S1104 of FIG. 11 is executed when the history information is recorded. If the user ID is masked, the process proceeds to step S1407, and if the user ID is not masked, the process proceeds to step S1405.

In step S1405, the confidential information control unit 303 determines whether the organization that holds the history information and the organization to which the acquisition requesting user received in step S1401 belongs are the same. If the tissues are the same, the process proceeds to step S1407, and if the tissues are different, the process proceeds to step S1406.

In step S1406, the confidential information control unit 303 converts the user ID included in the history information into the organization ID of the organization to which the user belongs, and then adds it to the history information return list.

In step S1407, the confidential information control unit 303 adds the user ID included in the history information to the history information return list as it is.

In step S1408, the setting data management unit 302 transmits a list of history information to the source of the history information acquisition request received in step S1401.

By the process of step S1406 of FIG. 14, the user ID is converted to the organization ID = 0001 in the first and third historical information shown in FIG. 13 (b).

The history information acquisition process shown in FIG. 14 can be applied not only when the history information is displayed on the screen. For example, in FIG. 13A, when the function of duplicating the entrusted setting data and the history information associated therewith is provided as the data of the own organization, the process shown in FIG. 14 when duplicating the history information. The user ID included in the history information may be converted by.

Further, although the processing for the user ID is described as an example of confidential information in this embodiment, it may be applied to other information.

According to the first embodiment, when the history information is acquired in the system that masks the confidential information according to the conditions at the time of recording the history information, the mask status of the history information and the user information accessing the history information are used as the basis. Confidential information contained in historical information can be appropriately restricted.

[Second Embodiment]
In the second embodiment, the configurations shown in FIGS. 1 to 10 and 12 are the same as those of the first embodiment, and the same reference numerals are used for the same parts as those of the first embodiment, and the description thereof is omitted. To do. Hereinafter, the differences from the first embodiment will be mainly described.

FIG. 15 is a flowchart showing a flow in which the management server 101 executes the operation processing of the setting data. The difference is that the process of step S1501 is added as compared with FIG. The same processing as in FIG. 11 will be omitted by using the same reference numerals.

In step S1501, the confidential information control unit 303 sets the confidential information control history (FIG. 15) as the history of converting the user ID in step S1104 to the organization to which the operation request source user of the setting data belongs (that is, the setting data of the operation target). Record as data of an organization different from the one that owns.

FIG. 16 is an explanatory diagram showing an example of the confidential information control history of the setting data managed by the setting data management unit 302.

The confidential information control history is the history information of the confidential information control process executed in step S1104. The history information (FIG. 10) recorded in step S1104 is recorded as data of the organization holding the setting data to be operated, whereas the confidential information control history (FIG. 16) recorded in step S1501 stores the setting data. It is recorded as the data of the organization to which the operating user belongs. In the example of FIG. 16, the organization ID, the setting data ID, the history ID, and the user ID are held.

The organization ID is the ID of the organization to which the user who requested the setting data operation of FIG. 15 belongs.

The setting data ID is an ID of the setting data operated in FIG. However, since the confidential information control history of FIG. 16 is recorded when a user other than the organization that holds the setting data of the operation target performs the operation, the setting data ID of FIG. 16 is not the original setting data ID. The alias is shown in FIG.

The history ID is the same as the history ID recorded in the history information recorded in step S1104 (that is, shown in FIG. 10).

The user ID is the ID of the user who requested the setting data manipulation process shown in FIG.

FIG. 17 is a flowchart showing a flow in which the management server 101 executes the history information acquisition process. Compared with FIG. 14, the difference is that the processes of steps S1701 and S1702 are added. The same processing as in FIG. 14 will be omitted by using the same reference numerals.

In step S1701, the confidential information control unit 303 includes the setting data ID in the history information of interest in step S1701 in the confidential information control history of the organization to which the requesting user for history information acquisition belongs (more strictly speaking, its). It is determined whether or not there is a match between the alias) and the history ID. If there is a matching confidential information control history, the process proceeds to step S1702, and if there is no matching, the process proceeds to step S1407.

In step S1702, the confidential information control unit 303 replaces the masked user ID included in the history information with the user ID recorded in the confidential information control history matched in step S1701, and then puts it in the history information return list. to add.

FIG. 18 is an explanatory diagram showing an example of a setting data management screen and a history information display screen on the PC 102 and PC 105, which are displayed to users of the outsourced organization. Specifically, the screen displayed to the user with the organization ID = 0002 is illustrated.

FIG. 18 (a) is the same as FIG. 13 (a), but in FIG. 18 (b), the user ID of the second history information is the organization ID as compared with FIG. 13 (b). The difference is that it is not masked and has a specific user ID. This is because, in step S1702 of FIG. 17, the user ID masked by the organization ID is converted into a specific user ID based on the confidential information control history.

According to the second embodiment, when confidential information such as a user ID in the history information is masked and recorded, the history information of the masking process is separately recorded, so that the masked user ID is used when the history information is acquired. Can be restored, and user convenience can be improved while protecting confidential information.

101 management server, 104 devices, 201 CPU, 401 CPU

Claims (2)

In an automatic setting system consisting of at least a server that manages setting data in which setting processing is described, and an image processing device that is connected to the server via a network and automatically performs setting processing according to the setting data.
The server has a function of recording the time and user information as history information when the setting data is operated.
The history information recording function has a function of masking and recording a part of the history information when a user other than the organization holding the setting data operates the setting data.
In response to the history information acquisition request for the setting data, the history information is included in the history information by the history information mask determining means (S1404) for determining whether or not the user information included in the history information is masked, and the history information mask determining means. Confidential information control means (S1407) that masks a part of the history information when it is determined that the user information is not masked and the organization that holds the history information and the organization to which the history acquisition request source user belongs are different. When,
An automatic setting system characterized by having. The server also
When a user other than the organization that holds the setting data operates the setting data, a part of the history information is masked and recorded, and mask processing is performed as data of the organization of the user other than the organization that holds the setting data. Confidential information control history recording means (S1701) for recording history information related to
Confidential information restoration means (S1702) that restores the masked history information included in the history information by referring to the confidential information control history when responding to the history information acquisition request for the setting data.
The automatic setting system according to claim 1, wherein the system is characterized by having.