JP2022033937A - Information processing apparatus, control method of the same, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a technology for automatically setting job operation restrictions according to settings related to necessity of user authentication in an information processing apparatus such as an image forming apparatus.

SOLUTION: An MFP 100 (information processing apparatus) accepts from a user an authentication setting as to whether user authentication is required for using each function of the MFP. When the MFP 100 is set to require user authentication, the MFP performs restriction setting to restrict a login user from operating a job corresponding to a user other than the login user who is logged in to the MFP.

SELECTED DRAWING: Figure 9

COPYRIGHT: (C)2022,JPO&INPIT

Description

The present invention relates to an information processing apparatus, a control method thereof, and a program.

In the image forming apparatus provided with the user authentication function, it is possible to restrict the use by users other than the authenticated user. As such a user authentication function, a function that requires user authentication (also referred to as "function-based authentication") is realized only when a specific function of the image forming apparatus is used. When function-based authentication is performed, for example, the copy function can be used by anyone without user authentication, but from the viewpoint of security, the user can use the transmission function to send the image data obtained by scanning to an external device. It is possible to authenticate. This makes it possible to limit the users who can use the transmission function to only authorized users.

Further, in an image forming apparatus capable of displaying a job execution status or history, a user other than the logged-in user may restrict the operation or information display of the owner's job from the viewpoint of security or privacy protection. For example, Patent Document 1 proposes a technique for controlling (permitting or prohibiting) the display of information about a job corresponding to a user other than the logged-in user for each type of job.

Japanese Unexamined Patent Publication No. 2015-155159

In the above-mentioned conventional technique, it is possible to set for each type of job to limit the operation or information display of the job corresponding to the user other than the logged-in user. However, when it is necessary to individually set the restriction setting of such a job and the setting of whether or not to enable the authentication function, it takes time and effort for the administrator user to set. Here, the authentication function includes device authentication that performs user authentication before displaying the function selection screen, in addition to the above-mentioned function-specific authentication.

In the example of function-based authentication, in addition to setting the function to which the function-based authentication is applied, the administrator user grasps the type of job used by the function and sets the above-mentioned restrictions for the type of job. It may be necessary. Therefore, if appropriate settings are not made, operations for jobs related to a certain function (for example, a send job) may be performed even though the users who can use a certain function (for example, a send function) are limited to a specific user. There can be situations where other users can do it. This leads to a reduced level of security or privacy protection.

The present invention has been made in view of the above problems. An object of the present invention is to provide a technique for automatically setting job operation restrictions according to settings related to application of user authentication in an information processing device such as an image forming device.

The information processing device according to one aspect of the present invention corresponds to a first setting means for setting whether or not user authentication is required in order to use the function of the information processing device, and a user other than the logged-in user. For the job, the second setting means for restricting the operation of the logged-in user in association with the type of the job and the setting for the first setting means to require the user authentication are performed. Accordingly, it is characterized by comprising a control means for controlling to enable the restriction setting for a predetermined type of job.

According to the present invention, in the information processing apparatus, it is possible to automatically set job operation restrictions according to the settings related to the application of user authentication.

The figure which shows the hardware configuration of the MFP. The figure which shows the software structure of the MFP. The figure which shows the example of the function selection screen and the authentication screen displayed in the operation part. The figure which shows the example of the setting screen displayed in the operation part. The figure which shows the example of the job status screen displayed in the operation part. A flowchart showing the procedure of the process of changing the operation restriction setting of the job. The figure which shows the example of the information and setting held in the MFP. The figure which shows the example of the selection screen and the setting screen of the authentication method displayed in the operation part. A flowchart showing the procedure of the process of changing the operation restriction setting of the job according to the authentication setting.

Hereinafter, embodiments for carrying out the present invention will be described with reference to the drawings. It should be noted that the following embodiments do not limit the invention according to the claims, and not all combinations of features described in the embodiments are essential for the means for solving the invention.

<Hardware configuration of MFP>
FIG. 1 is a block diagram showing a hardware configuration example of a multifunction device (MFP) which is an example of an information processing device (image forming device) according to the present embodiment. The MFP 100 includes a control unit 120, an operation unit 109 connected to the control unit 120, a printer 110, and a scanner 111. The control unit 120 includes a CPU 101, a ROM 102, a RAM 103, an HDD (hard disk drive) 104, an operation unit I / F (interface) 105, a printer I / F 106, a scanner I / F 107, and a network I / F 108.

The CPU 101 (control unit 120) controls the operation of the entire MFP 100. The CPU 101 reads and executes a control program stored in the ROM 102 to perform various controls such as read control or transmission control. The RAM 103 is a volatile memory used as a temporary storage area such as a main memory and a work area of the CPU 101. The HDD 104 is a non-volatile storage device that stores various programs, image data, and various data described later.

The operation unit I / F 105 is an interface for connecting the operation unit 109 and the control unit 120. The operation unit 109 includes a liquid crystal display unit having a touch panel function, and displays various screens. The user can input instructions and information to the MFP 100 via the operation unit 109.

The printer I / F 106 is an interface for connecting the printer 110 and the control unit 120. The image data used for the printing process by the printer 110 is transmitted from the control unit 120 to the printer 110 via the printer I / F 106. The printer 110 prints an image on a recording medium such as a sheet based on the image data received from the control unit 120.

The scanner I / F 107 is an interface for connecting the scanner 111 and the control unit 120. The scanner 111 reads the image of the original and generates image data, and inputs the generated image data to the control unit 120 via the scanner I / F 107.

The network I / F 108 connects the control unit 120 (MFP100) to the LAN 130. The network I / F 108 can communicate with an external device via the LAN 130, and can transmit image data or various information to the external device and receive image data (print data) or various information from the external device.

<Software configuration of MFP>
FIG. 2 is a block diagram showing a software configuration example of the MFP 100, and shows a configuration related to the present embodiment. The function of each functional block shown in FIG. 2 is realized by the CPU 101 reading and executing the control program stored in the ROM 102 or the HDD 104.

The UI (user interface) control unit 200 provides a function of controlling the operation unit 109 via the operation unit I / F 105. The UI control unit 200 notifies the authentication processing unit 201 or the job information management unit 202 of the content operated by the user in the operation unit 109. Further, when the UI control unit 200 receives a screen display request from the authentication processing unit 201 or the job information management unit 202, the UI control unit 200 performs display control for displaying the screen on the operation unit 109. The authentication processing unit 201 or the job information management unit 202 normally displays a screen on the operation unit 109 via the UI control unit 200.

The authentication processing unit 201 provides a function for authenticating a user who uses the MFP 100. The authentication processing unit 201 displays an operation screen (authentication screen 310 shown in FIG. 3) for accepting input of user information for user authentication on the operation unit 109. The authentication processing unit 201 accepts input of a user name and password as user information from the user via the authentication screen 310. The authentication processing unit 201 performs user authentication by comparing the user information input via the authentication screen 310 with the user information held in the user information DB 205. In this way, the authentication processing unit 201 performs user authentication for the user who logs in to the MFP 100.

The user information DB (database) 205 provides a function of holding user information which is information about a user who uses the MFP 100. The user information DB 205 is constructed in the HDD 104, and the information stored in the user information DB 205 is stored in the HDD 104.

FIG. 7A shows an example of user information held in the user information DB 205. User information is composed of a user name, a password and a role. The user name is a name for uniquely identifying the user. The password is used for user authentication, and any value can be set for each user. The role corresponds to the authority given to the user of the MFP 100. In the MFP 100 of the present embodiment, there are two roles, "Administrator" and "General User". "Administrator" is a role assigned to the administrator user of the MFP 100, and "General User" is a role assigned to a general user who uses the MFP 100.

The authentication processing unit 201 can limit the functions according to the role of the user (logged-in user) logged in to the MFP 100. For example, the authentication processing unit 201 displays the setting screen 400 (FIG. 4) regarding the user authentication function and the setting screen 410 (FIG. 4) regarding restrictions on job display and operation only for the administrator user for security reasons. offer. That is, the function is restricted according to the role of the user so that the setting using the setting screens 400 and 410 is permitted only to the administrator user.

In the present embodiment, as the timing at which the authentication processing unit 201 performs authentication, either the time when the user starts the operation of the MFP 100 or the time when the user selects each function installed in the MFP 100 can be set. .. The authentication at the time of starting the operation of the MFP 100 is, that is, the authentication is performed before each function of the MFP 100 is selected by the user. Each function of the MFP 100 includes, for example, functions such as copying, scanning and transmitting, scanning and saving, and printing. Hereinafter, the authentication method that authenticates before the user selects each function of the MFP 100 is referred to as "device authentication", and the authentication method that authenticates when the user selects the function of the MFP 100 is referred to as "function-specific authentication". May be called.

FIG. 8A shows an example of the setting screen. For example, the administrator of the MFP 100 can set the timing of authentication by using the setting screen shown in FIG. 8A. The setting screen of FIG. 8A can be, for example, a setting screen that can be operated only by the administrator. If the administrator selects the button 802 and the confirm button 804, device authentication is set. On the other hand, when the administrator selects the button 803 and the confirmation button 804, the authentication for each function is set.

When the time when the operation of the MFP 100 is started (device authentication) is set as the authentication timing, the MFP 100 displays a screen for prompting the user authentication on the display unit of the operation unit 109 until the authentication is successful. Alternatively, a screen for performing user authentication is displayed. Then, when the authentication using the user ID and password or the authentication using the IC card is successful, the function selection screen 300 for selecting each function of the MFP 100 is displayed. On the other hand, when the function selection time (function-specific authentication) is set as the authentication timing, the function selection screen 300 is displayed without authentication according to the user's operation from the standby state. Then, when any function is selected from the functions displayed on the function selection screen 300, the authentication processing unit 201 authenticates.

When device authentication is set, the authentication processing unit 201 is held in the authentication setting DB 204 when the user performs an operation for authentication in the standby state of the MFP 100 (a state in which user authentication is not performed). User authentication is performed as necessary according to the settings. Further, when the authentication for each function is set, the authentication processing unit 201 sets the user as necessary according to the setting held in the authentication setting DB 204 when the user uses each function installed in the MFP 100. Authenticate. The authentication setting DB 204 provides a function of holding the setting for the user authentication function. The authentication setting DB 204 is built in the HDD 104, and the information (authentication setting) stored in the authentication setting DB 204 is stored in the HDD 104. FIG. 7B shows an example of the authentication setting held in the authentication setting DB 204. The authentication setting is a setting indicating the necessity of user authentication when the user uses each function of the MFP 100.

Here, the MFP 100 of the present embodiment has a copy function, a "scan and send" function (send function), a "scan and save" function (save function), and a print function. The copy function is a function of printing an image by the printer 110 based on the image data generated by the scanner 111 reading the image of the original. The transmission function is a function of scanning the image of the original document by the scanner 111 and transmitting the image data generated by the scanner 111 to an external device. The save function is a function of saving the image data generated by the scanner 111 reading the image of the original in the HDD 104. The print function is a function of printing an image by the printer 110 based on the image data stored in the HDD 104 or the image data received from the external device.

The authentication setting DB 204 is a setting value (“ON” or “ON” indicating whether or not user authentication is required when the user uses the function when the function-specific authentication is set for each function of the MFP 100. "OFF") is held. As shown in FIG. 7B, "ON" is set for a function that requires user authentication, and "OFF" is set for a function that does not require user authentication. Functions set to "OFF" can be used by all users without user authentication.

In addition, the authentication processing unit 201 provides a setting function for changing the settings held in the authentication setting DB 204. When the function-specific authentication is set, the authentication processing unit 201 displays the setting screen 400 (FIG. 4) described later on the operation unit 109, so that the user authentication can be performed when the user uses each function of the MFP 100. Allow the administrator user to set whether or not it is required. When the authentication processing unit 201 receives the setting of the user authentication function from the administrator user via the setting screen 400, the accepted setting is held in the authentication setting DB 204.

The job usage information DB 203 provides a function of holding information (job usage information) indicating which type of job each function of the MFP 100 uses. The job usage information DB 203 is constructed in the HDD 104, and the information stored in the job usage information DB 203 is stored in the HDD 104.

FIG. 7C shows an example of job usage information held in the job usage information DB 203. The job usage information is composed of the functions of the MFP 100 and the types of jobs used by each function. Depending on the function, a plurality of types of jobs may be used. For example, in the example of FIG. 7C, the copy job and the print job are used by the copy function. The send job is used by the send function. The save job is used by the save function. The print job is used by the print function. As described above, the job usage information DB 203 holds a plurality of functions of the MFP 100 in association with one or more job types used by each of the plurality of functions.

The job information management unit 202 provides a function of managing information about jobs being executed or executed in the MFP 100. The job information management unit 202 displays a job status screen 500 (FIG. 5) for information display and operation of a job being executed or executed in the MFP 100 on the operation unit 109. The job information management unit 202 notifies the user of information about the job via the job status screen 500, and also receives an operation for the job from the user.

Further, the job information management unit 202 provides a setting function for a user other than the logged-in user to make a setting for restricting the operation and information display of the owner's job. Specifically, the job information management unit 202 displays the setting screen 410 (FIG. 4), which will be described later, on the operation unit 109 so that a user other than the logged-in user can operate and display information about the owner's job. Allow the administrator user to set whether to restrict or not. The job information management unit 202 accepts a setting for each type of job whether or not a user other than the logged-in user restricts the operation and information display of the owner's job via the setting screen 410. The job information management unit 202 holds the setting received via the setting screen 410 in the restriction setting DB 206 as the setting of the operation restriction of the job. Even if the operation restriction of the owner's job is set by a user other than the logged-in user, if the administrator user is logged in, the administrator user can operate the job owned by another user. May be allowed.

On the job status screen 500, the job information management unit 202 restricts operations and information display of the owner's job by a user other than the logged-in user according to the settings held in the restriction setting DB 206. The restriction setting DB 206 provides a function of holding a setting indicating whether or not a user other than the user (logged-in user) logged in to the MFP 100 restricts the operation and information display of the owner's job. The limit setting DB 206 is built in the HDD 104, and the information stored in the limit setting DB 206 is stored in the HDD 104. FIG. 7D shows an example of setting the operation limit of the job held in the limit setting DB 206. The limit setting DB 206 holds a limit setting for limiting operations for jobs corresponding to users other than the logged-in user who is logged in to the MFP 100 for each type of job that can be executed by the MFP 100.

Here, the types of jobs that can be executed by the MFP 100 of the present embodiment include a copy job, a transmission job, a save job, and a print job. The copy job is a job in which the printer 110 prints an image based on the image data generated by the scanner 111 reading the image of the original. The transmission job is a job in which the image data generated by scanning the image of the original document by the scanner 111 is transmitted to an external device (by e-mail or the like) via the network I / F 108. The save job is a job in which the image data generated by the scanner 111 reading the image of the original is saved in the HDD 104. The print job is a job for printing an image by the printer 110 based on the image data saved in the HDD 104 by the save job or the image data received from the external device via the network I / F 108.

The restriction setting DB 206 is a setting value (“ON” or “” indicating whether or not a user other than the logged-in user restricts the operation and information display of the owner's job for each type of job that can be executed by the MFP 100. "OFF") is held. As shown in FIG. 7 (D), "ON" is set for the type of job to be restricted, and "OFF" is set to the type of job not to be restricted. For jobs of the type set to "OFF", users other than the logged-in user can display information about the owner's job and operate it by the logged-in user.

<Example of operation screen>
Next, with reference to FIGS. 3 to 5 and 8, an example of an operation screen related to the present embodiment displayed on the operation unit 109 in the MFP 100 will be described.

(Function selection screen 300)
The function selection screen (menu screen) 300 shown in FIG. 3 is an example of an operation screen for selecting a function to be used by the user among the functions mounted on the MFP 100. The function selection screen 300 is displayed on the operation unit 109, for example, immediately after the MFP 100 is started or after the user authentication is successful. The function selection screen 300 displays a list of functions installed in the MFP 100. The user of the MFP 100 can select a function corresponding to the pressed button by pressing any button of the button group 301 displayed on the function selection screen 300.

Of the button group 301, the "copy" button is used to instruct the display of the operation screen of the copy function. The "scan and send" button is used to instruct the display of the operation screen of the transmission function. The "scan and save" button is used to instruct the display of the operation screen of the save function. The "print" button is used to instruct the display of the operation screen of the print function. The "job status" button is used to instruct the display of the job status screen 500 (FIG. 5). The "setting" button is used to instruct the display of the setting screen 400 or 410 (FIG. 4). In this embodiment, the description of the operation screens related to the copy function, the transmission function, the save function, and the print function will be omitted.

(Authentication screen 310)
The authentication screen 310 shown in FIG. 3 is an example of an operation screen used for user authentication for the user to use the function of the MFP 100. The input fields 311, 312 included in the authentication screen 310 are used by the user of the MFP 100 to input a user name and a password as user information for user authentication, respectively. When the user inputs the user name and password in the input fields 311, 312 and presses the login button, the authentication processing unit 201 executes user authentication based on the input user information.

(Setting screen 400)
The setting screen 400 shown in FIG. 4 is an example of an operation screen for setting the user authentication function when the authentication for each function is set. The setting screen 400 is a setting screen for accepting authentication settings from the user for each function as to whether or not user authentication is required (whether it is required or not) in order to use each function of the MFP 100. be. In this example, on the setting screen 400, each of the copy function, the transmission function, the save function, and the print function is "ON" when user authentication is required, and "OFF" when user authentication is not required. Is set.

The authentication processing unit 201 accepts the authentication setting via the setting screen 400 displayed on the operation unit 109. The setting contents on the setting screen 400 are stored in the authentication setting DB 204. When the user uses the function set to require user authentication according to the authentication setting (held in the authentication setting DB 204) received via the setting screen 400, the authentication processing unit 201 concerned. User authentication is performed for the user.

FIG. 4 shows, as an example, a state in which the setting screen 400 is set to require user authentication only for the transmission function when the function is used. In this case, for example, the function selection screen 300 is displayed on the operation unit 109 immediately after the MFP 100 is started, and the authentication screen 310 is displayed on the operation unit 109 when the "scan and send" button is pressed on the function selection screen 300. Display control is performed. When "ON" is set as a setting value for all functions on the setting screen 400, display control for displaying the authentication screen 310 on the operation unit 109 may be performed immediately after the MFP 100 is started. Further, when the user authentication using the authentication screen 310 is successful, the display control for displaying the function selection screen 300 on the operation unit 109 may be performed.

(Setting screen 410, setting screen 810)
The setting screen 410 shown in FIG. 4 and the setting screen 810 shown in FIG. 8 are examples of operation screens for a user other than the logged-in user to perform operations related to the owner's job and settings related to information display. The setting screen 410 is an example of a setting screen when function-based authentication is set as the authentication method. Further, the setting screen 810 is an example of a setting screen when device authentication is set as an authentication method. On the setting screen 410 and the setting screen 810, whether or not a user other than the logged-in user is allowed to operate and display information about the owner's job (whether to allow or prohibit) is set for each job type. Contains a set of buttons to do. Hereinafter, a function in which a user other than the logged-in user restricts (for example, prohibits) the operation and information display of the owner's job is referred to as a "job operation restriction function". In the example of the setting screen 410 and the setting screen 810, by setting the enable (ON) or invalid (OFF) of the job operation restriction function, the operation and information display of the job of the user other than the logged-in user are prohibited. Set whether to allow or allow. When the job operation restriction function is enabled, users other than the logged-in user are prohibited from operating and displaying information about the owner's job. On the other hand, when the job operation restriction function is disabled, users other than the logged-in user are allowed to operate and display information about the owner's job. When permitting job operations (including information display) for each of the copy job, print job, send job, and save job on the setting screen 410 and the setting screen 810, the "OFF" button is prohibited. In that case, the "ON" button is selected.

8 (A) and 8 (B) show an example of a state in which "authentication at the start of operation (device authentication)" is selected as the authentication method. When device authentication is set, as shown in the setting screen 810, the job operation restrictions for the copy job, the print job, the send job, and the save job are automatically set to be ON. That is, the job operation restriction function for the copy job, the print job, the send job, and the save job is set to ON in conjunction with the activation of the device authentication. In the present embodiment, an example in which the job operation restriction function is set to ON for all types of jobs has been described, but the job operation restriction function may be set to OFF for some types.

By linking the activation of device authentication and the setting of job operation restrictions, it is possible to automatically prevent the logged-in user from performing job operations of users other than the logged-in user simply by enabling device authentication. Security can be enhanced. However, when the administrator user permits the logged-in user to execute the job operation of a user other than the logged-in user, such a setting can be made by the administrator operating the setting screen 810. ..

FIG. 4 shows an example of a state in which "authentication at the time of function selection (authentication by function)" is selected as the authentication method. FIG. 4 shows, as an example, a state in which “ON” is set for a transmission job and “OFF” is set for other jobs on the setting screen 410. The setting contents on the setting screen 410 are stored in the restriction setting DB 206. That is, for the function set to require authentication, the job operation restriction is automatically set to be ON.

By linking the activation of authentication for the specified function and the setting of the job operation restriction for the function, the logged-in user can perform the job operation of the user other than the logged-in user for the function that requires authentication. It can be prevented automatically and security can be strengthened. However, if the administrator user permits the execution of job operations by users other than the logged-in user for functions that require authentication, the administrator makes such settings by operating the setting screen 410. It is possible.

(Job status screen 500)
The job status screen 500 shown in FIG. 5 is an operation screen for operating a job being executed or executed in the MFP 100, which is displayed in the operation unit 109 by the job information management unit 202, and is a job execution status in the MFP 100 or a job execution status. View history. The button group 501 includes buttons corresponding to copy jobs, print jobs, send jobs, and save jobs, respectively. When any button is pressed by the user, information about the type of job corresponding to the pressed button is displayed in the display area 505.

When the button 502 is pressed on the job status screen 500, information indicating the job execution status is displayed in the display area 505. In this case, information indicating the status of the job being executed or the job waiting to be executed in the MFP 100 is displayed. When the button 503 is pressed, information indicating the job history is displayed in the display area 505. In this case, information indicating the history of jobs executed in the MFP 100 is displayed. In the display area 504, the user name of the user (logged-in user) logged in to the MFP 100 is displayed.

FIG. 5 shows an example in which information indicating the execution status of the print job is displayed in the display area 505 in a state where the operation of the print job is prohibited (the job operation restriction of the print job is enabled) on the setting screen 410. .. In the display area 505, the time when each job is received, the job name and user name corresponding to each job, the execution status of each job, and the waiting time until the execution of each job is started are displayed. ing. The button 506 is used to instruct to suspend the execution of the currently selected job in the display area 505. The stop button 507 is used to instruct to stop the execution of the currently selected job in the display area 505. The button 508 is used to instruct the end of the display of the job status screen 500.

The job information management unit 202 restricts operations for jobs corresponding to users other than the logged-in user on the job status screen 500 displayed on the operation unit 109 according to the restriction settings held in the restriction setting DB 206. More specifically, the job information management unit 202 does not perform an operation on a job corresponding to a user other than the logged-in user among one or more jobs displayed on the job status screen 500, so that the job status screen cannot be operated. Display control of 500 is performed.

FIG. 5 shows a screen displayed when a user having "user A" as a user name logs in, and shows a state in which a print job currently being executed is selected. When the user presses the button 506 in this state, the execution of the selected print job is suspended. Further, when the user presses the stop button 507, the execution of the selected print job is stopped.

Further, as described above, since the operation of the print job of the owner is prohibited by a user other than the logged-in user, the job name corresponding to the user B and the user C other than the user A in the display area 505 shown in FIG. Is masked. In this way, the job information management unit 202 limits the display of information about jobs corresponding to users other than the logged-in user (user A) among the information being executed or executed on the job status screen 500. In this state, display control is performed so that even if the logged-in user (user A) selects a job corresponding to the masked job name, the buttons 506 and 507 cannot be operated.

<Processing flow>
Next, with reference to the flowchart of FIG. 9, a process of changing the job operation restriction setting according to the user authentication setting will be described. The process according to the procedure shown in FIG. 9 is realized as a function of the authentication processing unit 201 by the CPU 101 reading the control program stored in the storage device such as the ROM 102 or the HDD 104 into the RAM 103 and executing the process.

In S901, the CPU 101 determines whether or not the authentication setting has been made. If the authentication setting is not made, the process ends. That is, if neither the device authentication setting nor the function-specific authentication setting is enabled, the process of changing the job restriction setting in conjunction with the authentication setting is not executed.

When the authentication setting is made (YES in S901), the CPU 101 determines whether the authentication method is device authentication or function-based authentication (S902).

When the CPU 101 determines in S902 that the authentication method is device authentication, the CPU 101 enables the job operation restriction function for a predetermined function (S903). For example, in the example shown in FIG. 8B, job operation restrictions are enabled for the copy function, the print function, the transmission function, and the save function. In this embodiment, an example in which job operation restrictions are enabled for all functions has been described, but the present invention is not limited to this. Even if device authentication is set, job operation restrictions may not be enabled for certain functions.

On the other hand, when the CPU 101 determines in S902 that the authentication method is function-based authentication, the CPU 101 performs a process described later with reference to FIG. 6 (S904).

When the CPU 101 executes the process of S903 or S904, the CPU 101 ends the process flow.

Next, with reference to the flowchart of FIG. 6, a process of changing the job operation restriction setting according to the user authentication setting when the function-based authentication is set will be described. The process according to the procedure shown in FIG. 6 is realized as a function of the authentication processing unit 201 by the CPU 101 reading the control program stored in the storage device such as the ROM 102 or the HDD 104 into the RAM 103 and executing the process.

After the MFP 100 is started from the power-off state, the CPU 101 (authentication processing unit 201) displays the setting screen 400 on the operation unit 109 in response to a request from the UI control unit 200, and executes the process according to the procedure shown in FIG. .. In the following, at the start of the process according to the procedure shown in FIG. 6, the authentication setting shown in FIG. 7 (B) is stored in the authentication setting DB 204, and the limit setting DB 206 is shown in FIG. 7 (D). It is assumed that the indicated restriction settings have been saved.

In S601, the CPU 101 waits until the authentication settings for one or more functions are changed on the setting screen 400. Specifically, the CPU 101 proceeds to S602 when the OK button is pressed after the setting value of one or more functions displayed on the setting screen 400 is changed, and proceeds to S602 in other cases. , S601 is repeated. When the cancel button is pressed on the setting screen 400, or the OK button is pressed without changing the setting value of any function, the CPU 101 ends the process according to the procedure shown in FIG.

In S602, the CPU 101 determines whether or not the set value of one or more functions has been changed from "OFF" to "ON", and if the change has been made from "OFF" to "ON", S603 In other cases, the process proceeds to S606. In this example, it is assumed that the setting value of the save function is changed from "OFF" to "ON" by the administrator user on the setting screen 400.

In S603, the CPU 101 has a job related to the target function whose authentication setting has been changed so that the user authentication is required when the user uses the function by changing the setting value from "OFF" to "ON". Get the type of. Specifically, the CPU 101 refers to the job usage information DB 203 and acquires the type of job used by the target function. In this example, because the setting value of the save function is changed from "OFF" to "ON", as shown in FIG. 7C, "save job" is selected as the type of job used by the save function. To be acquired.

Next, in S604, if the CPU 101 can acquire one or more job types related to the target function, the process proceeds to S605, and if none of the related job types can be acquired, the CPU 101 proceeds to S605. Proceed to process to S606.

In S605, the CPU 101 sets the setting value of the restriction setting for the acquired job type in the restriction setting DB 206 to "ON" (that is, the operation for the job owned by a user other than the logged-in user and the job. Make settings to limit the information display). As described above, the CPU 101 receives the authentication setting as to whether or not the user authentication is required in order to use each function of the MFP 100 via the setting screen 400, and the job acquired in S603 is linked. Set restrictions on the types of. In this example, the CPU 101 sets the setting value corresponding to the save job in the limit setting DB 206 to "ON". That is, the limit setting in the limit setting DB 206 is changed from the setting shown in FIG. 7 (D) to the setting shown in FIG. 7 (F). When the setting of S605 is completed, the CPU 101 proceeds to S606.

In S606, the CPU 101 reflects the change in the authentication setting made in S601 in the authentication setting DB 204, and ends the process. In this example, the CPU 101 changes the setting value corresponding to the save function in the authentication setting DB 204 from "OFF" to "ON". That is, the authentication setting in the authentication setting DB 204 is changed from the setting shown in FIG. 7 (B) to the setting shown in FIG. 7 (E).

In the above process, when the setting value in the authentication setting DB 204 is changed from "OFF" to "ON", the setting value in the restriction setting DB 206 corresponding to the type of job used by the target function is set to "ON". Is set to. In addition to this process, the following process may be executed when the set value of the authentication setting in the authentication setting DB 204 is changed from "ON" to "OFF". That is, if the type of job used by the target function is not used by another function, the process of setting the setting value in the restriction setting DB 206 corresponding to the type of job used by the target function to "OFF" is executed. You may. In this way, when a change in the authentication setting is accepted from a setting that requires user authentication to a setting that does not require user authentication, a job that is related to the function whose authentication setting has been changed and is not related to other functions. You may cancel the restriction setting for the type of.

As described above, in the MFP 100 of the present embodiment, the CPU 101 receives from the user an authentication setting as to whether or not user authentication is required in order to use each function of the MFP. The CPU 101 sets a restriction setting for a predetermined type of job to limit the operation of the logged-in user for the job corresponding to the user other than the logged-in user according to the setting that the user authentication is required. Control to enable it.

Further, when the function-based authentication is set as the authentication method for the user authentication, whether or not the CPU 101 requires the user authentication in order to use each function of the MFP 100 via the setting screen 400. Accept authentication settings from the user for each function. The CPU 101 acquires, among the types of jobs that can be executed by the MFP, the types of jobs related to the functions that are set to require user authentication according to the received authentication settings. Further, the CPU 101 sets a limit for the acquired type of job to limit the operation for the job corresponding to the user other than the logged-in user who is logged in to the MFP 100.

According to the above process, it is possible to automatically set job operation restrictions according to the user authentication settings. That is, it is not necessary for the administrator user to individually set the user authentication and the job operation restriction, and it is possible to save the trouble of setting by the administrator user. In addition, since job operation restrictions are automatically set in conjunction with settings that require user authentication, it is possible to prevent a decrease in the level of security or privacy protection caused by improper settings by the administrator user. Will be possible.

[Other embodiments]
The present invention supplies a program that realizes one or more functions of the above-described embodiment to a system or device via a network or storage medium, and one or more processors in the computer of the system or device reads and executes the program. It can also be realized by the processing to be performed. It can also be realized by a circuit (for example, ASIC) that realizes one or more functions.

100: MFP, 101: CPU, 109: Operation unit, 120: Control unit, 200: UI control unit, 201: Authentication processing unit, 202: Job information management unit, 203: Job usage information DB, 204: Authentication setting DB, 205: User information DB, 206: Restriction setting DB

The information processing device according to one aspect of the present invention is being executed or executed in the information processing device as a first setting means for setting whether or not user authentication is required in order to use the function of the information processing device. It has a display control means for displaying an operation screen for operating an executed job on the display unit of the information processing apparatus, and the first setting means has made a setting requiring the user authentication. Accordingly, the display control means is characterized in that, among the information of the executed or executed jobs, the display of the information about the job corresponding to the user other than the logged-in user is restricted on the operation screen. ..

Claims (12)

It is an information processing device
A first setting means for setting whether or not user authentication is required to use the function of the information processing device, and
For a job corresponding to a user other than the logged-in user, a second setting means for performing a restriction setting for restricting the operation of the logged-in user in association with the job type, and
Information characterized in that the first setting means includes a control means for controlling to enable the restriction setting for a predetermined type of job in response to the setting requiring the user authentication. Processing equipment. A receiving means for accepting authentication settings from the user for each function as to whether or not user authentication is required to use each function of the information processing device.
Among the types of jobs that can be executed in the information processing apparatus, there is an acquisition means for acquiring the type of job related to the function that is set to require the user authentication according to the authentication setting accepted by the receiving means. death,
The control means sets restrictions on jobs of the type acquired by the acquisition means to limit operations on jobs corresponding to users other than the logged-in user logged in to the information processing apparatus.
The information processing apparatus according to claim 1. Further, a holding means for holding the plurality of functions of the information processing apparatus in association with and holding one or more types of jobs used by each of the plurality of functions is provided.
The information processing apparatus according to claim 2, wherein the acquisition means acquires the type of job used by the function set to require the user authentication from the holding means. The information processing apparatus according to claim 2 or 3, wherein the control means performs the restriction setting in conjunction with the reception of the authentication setting by the receiving means. An authentication means for performing user authentication for a user who logs in to the information processing device, and
Further provided with a display control means for displaying an operation screen for operating a job being executed or executed in the information processing apparatus on the display unit of the information processing apparatus.
The information processing according to any one of claims 2 to 4, wherein the display control means restricts operations for jobs corresponding to users other than the logged-in user on the operation screen according to the restriction setting. Device. 5. The display control means is characterized in that, on the operation screen, the display of information about a job corresponding to a user other than the logged-in user among the information of the job being executed or executed is restricted. The information processing device described in. The display control means controls the display of the operation screen so that the job corresponding to a user other than the logged-in user cannot be operated among one or more jobs displayed on the operation screen. The information processing apparatus according to claim 5 or 6. The information processing according to any one of claims 5 to 7, wherein the authentication means performs the user authentication when the user uses a function set to require the user authentication. Device. The control means further relates to a function in which the authentication setting is changed when the receiving means accepts a change in the authentication setting from a setting requiring the user authentication to a setting not requiring the user authentication. The information processing apparatus according to any one of claims 2 to 8, wherein the restriction setting is canceled for the types of jobs not related to other functions. The receiving means displays a setting screen for setting whether or not the user authentication is required for each function of the information processing device on the display unit of the information processing device, and via the setting screen. The information processing apparatus according to any one of claims 2 to 9, wherein the information processing apparatus accepts the authentication setting. It is a control method for information processing equipment.
A first setting step for setting whether or not user authentication is required to use the function of the information processing device, and
For jobs corresponding to users other than the logged-in user, the second setting process in which the restriction setting for restricting the operation of the logged-in user is performed in association with the job type is performed.
Information processing characterized by comprising a control step for controlling to enable the restriction setting for a predetermined type of job according to the setting requiring the user authentication in the first setting step. How to control the device. A program for causing a computer to execute each step of the control method of the information processing apparatus according to claim 11.

Images