JP2023095515A - Information processing apparatus, information processing method, program, and information processing system - Google Patents

Abstract

To easily manage the authorities for guest users to use a service.SOLUTION: An information processing apparatus includes: a storage unit which stores group authority information obtained by associating group identification information identifying a group to which a user is included with service identification information identifying a service, and user group information obtained by associating user specifying information specifying a user with the group identification information; an authentication unit which authenticates the user; an authority management unit which allows a service corresponding to authority information associated with a group associated with an authenticated user authenticated by the authentication unit to be available for the authenticated user, on the basis of the group authority information and the user group information; and a deadline management unit which deletes the user group information in accordance with a deadline. The authority management unit manages the group authority information so as to be modified only through an operation received from a user, and manages the user group information so as to be modified by deadline management unit.SELECTED DRAWING: Figure 2

Description

The present invention relates to an information processing device, an information processing method, a program, and an information processing system.

Conventionally, there has been known a technique of allowing a guest who does not belong to the tenant of the image output terminal to use the image output terminal. Specifically, for example, in this technology, an access key for registering a location where information output by an image output terminal is stored is presented to the guest in response to an application from the guest. outputs registered information from a terminal possessed by to an image output terminal.

In the above-described conventional technology, it is assumed that the terminal owned by the guest belongs to a different tenant than the image output terminal, and there may be restrictions on the conditions under which the image output terminal can be used.

The disclosed technology has been made in view of the above circumstances, and aims to facilitate management of service usage rights for guest users.

The disclosed technology associates group authority information that links group identification information that identifies a group that includes a user and service identification information that identifies a service, and user identification information that identifies a user and the group identification information. an authentication unit for authenticating the user; authority information associated with a group associated with the authenticated user authenticated by the authentication unit based on the group authority information and the user group information; and a time limit management unit for deleting the user group information according to a time limit, wherein the authority management unit is configured such that the group authority information is the user and managing the user group information so that it can be changed by the time limit management unit.

It is possible to easily manage service usage rights for guest users.

It is a figure which shows an example of the system configuration|structure of an information processing system. It is a figure explaining management of the utilization authority of a guest user. It is a figure which shows an example of the hardware constitutions of a server apparatus. 2 is a hardware configuration diagram of an information processing apparatus; FIG. It is a diagram showing an example of a tenant database. It is a figure which shows an example of a group database. It is a figure which shows an example of a user database. It is a figure which shows an example of a service database. It is a figure which shows an example of a contract management database. FIG. 4 is a diagram showing an example of a group authority database; FIG. It is a figure which shows an example of a user authority database. It is a figure which shows an example of a term management database. It is a figure explaining the function of each apparatus which an information processing system has. FIG. 4 is a first sequence diagram for explaining the operation of the information processing system; FIG. 4 is a first diagram showing a display example of the information processing device; FIG. 10 is a second sequence diagram showing the operation of the information processing system; FIG. 10 is a second diagram for explaining a display example of the information processing device; FIG. 11 is a third sequence diagram for explaining the operation of the information processing system; FIG. 11 is a third diagram for explaining a display example of the information processing device; FIG. 10 is a fourth diagram for explaining a display example of the information processing device; FIG. 15 is a fifth diagram for explaining a display example of the information processing device; FIG. 11 is a sixth diagram for explaining a display example of the information processing device; FIG. 11 is a seventh diagram for explaining a display example of the information processing device; FIG. 14 is a fourth sequence diagram for explaining the operation of the information processing system; FIG. 12 is a fifth sequence diagram for explaining the operation of the information processing system; It is a figure which shows another example of the system configuration|structure of an information processing system. FIG. 14 is a sixth sequence diagram for explaining the operation of the information processing system;

The present embodiment will be described below with reference to the drawings. FIG. 1 is a diagram showing an example of the system configuration of an information processing system.

The information processing system 100 of this embodiment includes a server device (information processing device) 200 and information processing devices (terminal devices) 300-1, . . . , 300-N. The server device 200 of this embodiment provides various services to the information processing devices 300-1, . . . , 300-N.

, 300-N are an arbitrary number of information processing devices included in the information processing system 100. The information processing devices 300-1, . In the following description, the information processing devices 300-1, . The information processing apparatus 300 of the present embodiment may be a general computer, an image forming apparatus, or the like, and the information processing system 100 may include information processing apparatuses 300 of different types. good.

Further, each of the information processing apparatuses 300 of the present embodiment belongs to a tenant, and is mainly used by users who belong to the same tenant as the information processing apparatus 300 .

A tenant in this embodiment is, for example, a company or the like. More specifically, for example, a tenant is a business operator, company, organization, or the like that has concluded a contract for using the service provided by the server device 200 .

Also, a family may be used as a unit for managing contracts. Each information processing device 300 belongs to a family, and is mainly used by users who belong to the same family as the information processing device 300 . The family unit may be a unit such as a family, or may be an individual. In the following, the term "account" may be used as a concept that includes tenants, groups, and families.

Users include general users and guest users. A general user is a user who belongs to a tenant. On the other hand, a guest user is a user who does not belong to a tenant, belongs to a tenant only for a certain period of time, or is permitted to use a service only for a certain period of time. In the following description, the term "user" may be used when the two are not distinguished from each other.

A service is a function provided by the server device 200, the information processing device 300, or an external device independently or in cooperation. The service is provided, for example, as a native application installed in the information processing device 300 or as a web application. Examples of services include, but are not limited to, a service for printing data stored in cloud storage with the information processing apparatus 300 and a service for storing data scanned by the information processing apparatus 300 in cloud storage.

The server device 200 of this embodiment has a storage unit 205 and an authority management processing unit 290 . The storage unit 205 includes a tenant database 210, a group database 220, a user database 230, a service database 240, a contract management database 250, a group authority database (group authority storage unit) 260, a user authority database (user authority storage unit) 270, a deadline A management database (time limit management storage unit) 280 is stored.

The tenant database 210 stores tenant information related to the tenant to which the information processing device 300 belongs. The group database 220 stores group information related to groups created within the tenant. The user database 230 stores user information about users who use the information processing device 300 . Note that user information is information in which users and groups are associated with each other, and thus may be referred to as user group information below.

The service database 240 stores service information on services provided by the server device 200 . The contract management database 250 stores contract information regarding service provision to tenants.

The group authority database 260 stores group authority information relating to service usage authority for each group created within a tenant. The user authority database 270 stores user authority information regarding the authority to use services for each user of the information processing apparatus 300 .

The time limit management database 280 stores time limit management information for managing time limits such as group use rights and user use rights for services. Details of each database will be described later.

The authority management processing unit 290 refers to the information stored in each database described above, and manages the authority to use the information processing apparatus 300 for guest users who do not belong to the tenant to which the information processing apparatus 300 belongs.

Specifically, the authority management processing unit 290 adds or excludes a guest user from a previously created group for guests to which service utilization authority is assigned, and grants service utilization authority to the guest user. .

As described above, in the present embodiment, it is possible to grant the guest user the authority to use the service simply by adding the guest user to a group in which the authority to use the service is set in advance. Further, in this embodiment, it is possible to select the usage authority to be given to the guest user according to the group to which the guest user is added.

Therefore, according to the present embodiment, for example, a tenant administrator who manages usage rights of tenants does not need to individually set usage rights for guest users. Easy to manage.

In addition, in FIG. 1, the server apparatus 200 has each database, but it is not limited to this. A part or all of each database may be provided in an external device capable of communicating with the server device 200 . Also, the functions of the authority management processing unit 290 may be realized by a plurality of information processing devices. In other words, server device 200 may be realized by a plurality of information processing devices.

In the following, the management of usage rights of guest users according to the present embodiment will be further described with reference to FIG. 2 . FIG. 2 is a diagram for explaining management of usage rights of guest users.

In FIG. 2, a tenant administrator P1 who manages tenant T1 concludes a contract for receiving service A and a contract for receiving service B with a service provider. . Specifically, the service provider may be a company or the like that manages the server device 200 .

Further, in the tenant T1, groups G1 and G2 for guest users and group G3 for general users are preset by the tenant administrator P1. The group for guest users is a group set to allow users (guest users) who do not belong to tenant T1 to use services for which tenant T1 has usage rights, and is associated with service usage rights. ing. The group for general users is a group set to allow users belonging to tenant T1 (general users) to use services for which tenant T1 has usage rights, and is associated with service usage rights. ing. Only guest users can belong to the group for guest users, and only general users can belong to the group for general users.

In the example of FIG. 2, the authority to use service A is associated with group G1, and the authority to use service A is associated with group G2.

In this embodiment, for example, if a guest user Gu who does not belong to the tenant T1 is permitted to use the service A, the guest user Gu should be added to the group G1. Also, for example, when the guest user Gu is permitted to use the service B, the guest user Gu may be added to the group G2. Also, for example, when general users are permitted to use service A and service B, general users may be added to group G3.

Also, for example, if the guest user Gu is permitted to use both the service A and the service B, the guest user Gu should be added to both the group G1 and the group G2. However, it is not limited to this, and, for example, the use authority of service A and service B may be associated with group G2. In this case, if the guest user Gu is permitted to use both the service A and the service B, the guest user Gu should be added to the group G2.

As described above, in this embodiment, by making a user join a group corresponding to a service, the user can be given the right to use the service associated with the group.

Furthermore, in the present embodiment, by excluding the guest user Gu from the group G1, the authority to use the service A granted to the guest user Gu can be lost. Similarly, by excluding the guest user Gu from the group G2, the usage authority of the service B granted to the guest user Gu can be lost. In addition, by excluding general users from group G3, it is possible to eliminate the usage rights of service A and service B granted to general users.

The hardware configuration of each device included in the information processing system 100 will be described below with reference to FIGS. 3 and 4. FIG.

FIG. 3 is a diagram illustrating an example of a hardware configuration of a server device; The server device 200 is constructed by a computer, and as shown in FIG. ) 508 , a network I/F 509 , a data bus 510 , a keyboard 511 , a pointing device 512 , a DVD-RW (Digital Versatile Disk Rewritable) drive 514 , and a media I/F 516 .

Among these, the CPU 501 controls the operation of the server device 200 as a whole. The ROM 502 stores programs used to drive the CPU 501 such as IPL. A RAM 503 is used as a work area for the CPU 501 . The HD 504 stores various data such as programs. The HDD controller 505 controls reading or writing of various data to/from the HD 504 under the control of the CPU 501 .

A display 506 displays various information such as cursors, menus, windows, characters, or images. The external device connection I/F 508 is an interface for connecting various external devices. The external device in this case is, for example, a USB (Universal Serial Bus) memory, a printer, or the like. A network I/F 509 is an interface for data communication using a communication network. A data bus 510 is an address bus, a data bus, or the like for electrically connecting each component such as the CPU 501 shown in FIG.

Also, the keyboard 511 is a kind of input means having a plurality of keys for inputting characters, numerical values, various instructions, and the like. A pointing device 512 is a kind of input means for selecting and executing various instructions, selecting a processing target, moving a cursor, and the like. A DVD-RW drive 514 controls reading or writing of various data to a DVD-RW 513 as an example of a removable recording medium. It should be noted that not only DVD-RW but also DVD-R or the like may be used. A media I/F 516 controls reading or writing (storage) of data to a recording medium 515 such as a flash memory.

Next, the hardware configuration of the information processing device 300 will be described with reference to FIG. FIG. 4 illustrates the hardware configuration of an image forming apparatus as an example of the information processing apparatus 300 .

FIG. 4 is a hardware configuration diagram of the information processing apparatus. The information processing device 300 is, for example, an MFP (Multifunction Peripheral/Product/Printer). The information processing device 300 includes a controller 910 , a short-range communication circuit 920 , an engine control section 930 , an operation panel 940 and a network I/F 950 .

Among these, the controller 910 includes a CPU 901, a system memory (MEM-P) 902, a north bridge (NB) 903, a south bridge (SB) 904, an ASIC (Application Specific Integrated Circuit) 906, a storage unit, which is the main part of the computer. A local memory (MEM-C) 907 , an HDD controller 908 , and an HD 909 as a storage unit, and the NB 903 and ASIC 906 are connected by an AGP (Accelerated Graphics Port) bus 921 .

Among these, the CPU 901 is a control unit that performs overall control of the information processing apparatus 300 . The NB 903 is a bridge for connecting the CPU 901, the MEM-P 902, the SB 904, and the AGP bus 921, and is a memory controller that controls reading and writing with respect to the MEM-P 902, a PCI (Peripheral Component Interconnect) master, and an AGP target. have

The MEM-P 902 is composed of a ROM 902a, which is a memory for storing programs and data for realizing each function of the controller 910, and a RAM 902b, which is used as a drawing memory for expanding the programs and data and for memory printing. The program stored in the RAM 902b is configured to be provided by being recorded in a computer-readable recording medium such as a CD-ROM, CD-R, DVD, etc. as a file in an installable format or an executable format. You may

SB 904 is a bridge for connecting NB 903 with PCI devices and peripheral devices. The ASIC 906 is an image processing IC (Integrated Circuit) having hardware elements for image processing, and serves as a bridge that connects the AGP bus 921, PCI bus 922, HDD controller 908, and MEM-C 907, respectively. This ASIC 906 includes a PCI target and AGP master, an arbiter (ARB) that forms the core of the ASIC 906, a memory controller that controls the MEM-C 907, and multiple DMACs (Direct Memory Access Controllers) that perform image data rotation, etc. by hardware logic. , and a PCI unit that transfers data between the scanner unit 931 and the printer unit 932 via the PCI bus 922 . Note that the ASIC 906 may be connected to a USB (Universal Serial Bus) interface or an IEEE 1394 (Institute of Electrical and Electronics Engineers 1394) interface.

MEM-C 907 is a local memory used as an image buffer for copying and an encoding buffer. The HD 909 is a storage for accumulating image data, accumulating font data used for printing, and accumulating forms. The HD 909 controls reading or writing of data to or from the HD 909 under the control of the CPU 901 . The AGP bus 921 is a bus interface for graphics accelerator cards proposed to speed up graphics processing, and can speed up the graphics accelerator card by directly accessing the MEM-P 902 with high throughput. .

The near field communication circuit 920 also includes a near field communication circuit 920a. The short-range communication circuit 920 is a communication circuit for NFC, Bluetooth, or the like.

Furthermore, the engine control section 930 is configured by a scanner section 931 and a printer section 932 . The operation panel 940 displays a current setting value, a selection screen, and the like, and a panel display unit 940a such as a touch panel for receiving input from an operator, and setting values for image forming conditions such as density setting conditions. An operation panel 940b is provided which includes a numeric keypad for accepting a copy start instruction, a start key for accepting a copy start instruction, and the like. The controller 910 controls the entire information processing apparatus 300, for example, controls drawing, communication, input from the operation panel 940, and the like. The scanner unit 931 or printer unit 932 includes an image processing part such as error diffusion and gamma conversion.

The information processing apparatus 300 can switch and select the document box function, the copy function, the printer function, and the facsimile function in sequence using the application switching key on the operation panel 940 . The document box mode is set when the document box function is selected, the copy mode is set when the copy function is selected, the printer mode is set when the printer function is selected, and the facsimile mode is set when the facsimile mode is selected.

A network I/F 950 is an interface for data communication using the communication network 0 . A short-range communication circuit 920 and a network I/F 950 are electrically connected to the ASIC 906 via a PCI bus 922 .

Next, each database of the server device 200 will be described with reference to FIGS. 5 to 12. FIG.

FIG. 5 is a diagram showing an example of a tenant database. The tenant database 210 of the present embodiment includes information items such as a tenant ID, tenant name, country/region, etc., and is provided for each tenant ID. The value of the item "tenant ID" is identification information that identifies the tenant, the value of the item "tenant name" is the name of the tenant, and the value of the item "country/region" is the country in which the tenant is established. or region.

FIG. 6 is a diagram showing an example of a group database. The group database 220 of this embodiment includes tenant IDs, group IDs, group names, types, etc. as information items. The value of the item "tenant ID" is identification information identifying the tenant to which the group belongs, and the value of the item "group ID" is group identification information for identifying the group. The value of the item "group name" indicates the name of the group. The value of the item "type" indicates the type of group. Specifically, for example, when the type is "guest", it becomes a group for joining guest users who do not belong to the tenant specified by the tenant ID.

On the other hand, if the type is "general", it becomes a group for general users belonging to the tenant identified by the tenant ID to join. In other words, by setting the group type to "guest", it is possible to limit the users who belong to the group to only guest users, and by setting the group type to "general", they can belong to the group Users can be restricted to general users only.

FIG. 7 is a diagram showing an example of a user database. The user database 230 includes, as information items, a tenant ID, user ID, password, surname, first name, UUID, email address, display language, role, tenant management authority, a list of groups to which the tenant belongs, and the like.

The value of the item "tenant ID" is identification information for identifying the tenant to which the user belongs, the value of the item "user ID" is identification information for authenticating the user, and the value of the item "password". is the password used to authenticate the user. The values of the items "last name" and "first name" indicate the user's name, and the value of the item "UUID" is user identification information for uniquely identifying the user.

The value of the item "e-mail address" indicates the user's e-mail address, and the value of the item "display language" indicates the language in which messages and the like are displayed to the user. The value of the item "role" indicates the role of the user, and the value of the item "group list" indicates a list of group IDs identifying groups to which the user belongs.

In the example of FIG. 7, it can be seen that the user identified by the user ID "user9876" is a guest user and has joined the groups identified by the group IDs "group1" and "group2". A guest user in this embodiment indicates a user whose value of the item "role" is "guest". Note that the values of "role" include "general" indicating a general user and "administrator" indicating a tenant administrator.

FIG. 8 is a diagram showing an example of a service database. The service database 240 includes information items such as contract ID, service ID, volume type, number of volumes, available remaining quantity, quantity in use, and the like.

The value of the item "contract ID" is identification information that identifies the contract concluded by the tenant, and the value of the item "service ID" is the service identifier that identifies the service that has become available due to the conclusion of the contract by the tenant. Information.

The value of the item "volume type" indicates the type of number of uses of the service, and the value of "number of volumes" indicates the number of uses determined in the contract, that is, the number of licenses. The value of the item "available remaining quantity" indicates the number of available volumes, that is, the number of remaining licenses, and the value of the item "currently used quantity" indicates the number of volumes that are currently being used, that is, the number of licenses that are in use. indicates

The "volume type" includes "user" and "device". In other words, if the volume type is "user", the service contract form is a user license corresponding to the number of users, and if the volume type is "device", the service contract form is a device license corresponding to the number of devices. indicates that there is

In the example of FIG. 8, the volume type is "user", so the number of volumes is the number of users. In the example of FIG. 8, the number of users who can use the service is 10, the number of users who are using the service is 8, and the other 2 users are using the service specified by the service ID. be able to.

The same contract ID and service ID may be assigned to individual users belonging to multiple groups and tenants. That is, multiple groups and users within a tenant may share the same service. In this case, the number of licenses in use is the sum of the number of licenses in use by multiple groups and users. In this case, the service database 240 can be managed by associating the number of volumes, the number of available remaining volumes, and the number of volumes in use with each group ID or group type.

Also, there are cases where the same service is shared by general users and guest users. In this case, the number of volumes that can be assigned to the guest user group can be limited in order to prevent general users from being unable to use the service due to an insufficient number of available licenses. In other words, the number of usable volumes can be set for each group ID or each type of group. For example, if the upper limit of the number of volumes in the guest user group G1 is set to 5, up to 5 guest users belonging to the group G1 can use the service. Also, when the upper limit of the number of volumes of a group whose group type is "guest" is set to 5, all five guest users belonging to groups G1 and G2 for guest users can use the service.

FIG. 9 is a diagram showing an example of a contract management database. The contract management database 250 includes information items such as tenant IDs, contract IDs, and service IDs. In the contract management database 250, contracts concluded by tenants are associated with services made available by the contracts.

FIG. 10 is a diagram showing an example of the group authority database. The group authority database 260 includes a tenant ID, a group ID, a list of service IDs, etc. as information items. In the group authority database 260, groups set in a tenant are associated with services assigned to the groups.

In other words, the group authority database 260 indicates the service usage authority assigned to the group.

FIG. 11 is a diagram showing an example of the user authority database. The user authority database 270 includes contract IDs, service IDs, UUIDs, group IDs, etc. as information items. In the user authority database 270, the groups to which the user subscribes, the services corresponding to the groups, and the contracts corresponding to the services are associated.

In other words, the user authority database 270 indicates the service utilization authority assigned to the user.

FIG. 12 is a diagram showing an example of a deadline management database. The deadline management database 280 includes information items such as UUID, group ID, date of addition, deadline date of affiliation, and the like. The value of the item "date of addition" indicates the date when the user identified by the UUID was added to the group identified by the group ID. The value of the item “belonging deadline date” indicates the date on which the user identified by the UUID is excluded from the group identified by the group ID.

In other words, the time limit management database 280 indicates the period during which the user can use the service associated with the group.

Next, with reference to FIG. 13, the function of each device included in the information processing system 100 of this embodiment will be described. FIG. 13 is a diagram for explaining the function of each device included in the information processing system.

First, functions of the information processing apparatus 300 of this embodiment will be described. An information processing apparatus 300 of this embodiment includes an input reception unit 310 , a display control unit 320 and a communication unit 330 . The input reception unit 310 receives various inputs to the information processing device 300 . The display control unit 320 controls display on the information processing device 300 . The communication unit 330 controls communication between the information processing device 300 and an external device such as the server device 200 .

Next, functions of the server device 200 will be described. The server device 200 of this embodiment has a storage unit 205 and an authority management processing unit 290 . The storage unit 205 is implemented by the HD 504 of the server device 200 or the like. The authority management processing unit 290 is implemented by the CPU 501 reading and executing a program stored in the ROM 502 or the like.

The authority management processing section 290 has an input reception section 291 , a display control section 292 , a group management section 293 , an authority management section 294 , a user management section 295 , a time limit management section 296 and a user authentication section 297 .

The input reception unit 291 receives various inputs to the server device 200 . The display control unit 292 instructs the information processing device 300 to display.

The group management unit 293 manages groups. Specifically, the group management unit 293 performs addition of group information in response to new creation of a group by a tenant administrator or the like, deletion of a group by deletion of the group, and the like.

The authority management unit 294 allocates services to groups and grants service utilization authority to users. In addition, the authority management unit 294 updates each corresponding database according to the grant of use authority to the user.
The authority management unit 294 manages user group information, group authority information, and user authority information. For example, group authority information can be changed only by a user's operation, and user group information and user authority information can be managed by a user's operation or automatically by the server device 200 . In addition, the authority management unit 294 refers to the user group information, group authority information, and user authority information so that the user or device can use the service corresponding to the authority information, and responds to the request from the user. can be controlled to provide services to

The user management unit 295 manages users. Specifically, the user management unit 295 adds a user to a group, removes a user from the group, and the like.

The time limit management unit 296 manages the period during which the user is authorized to use the service. Specifically, the deadline management unit 296 refers to the deadline management database 280 and manages the membership deadline of the user's group. In other words, the time limit management unit 296 manages the usage period of the guest user's service.

The user authentication unit 297 accepts the user ID and password of the user who uses the information processing system 100, refers to the user database 230, and authenticates the user.

Next, the operation of the information processing system 100 of this embodiment will be described. FIG. 14 is a first sequence diagram for explaining the operation of the information processing system.

In the information processing system 100, the information processing device 300 transmits a group list display request to the server device 200 by the operation of the tenant administrator or the like (step S1401).

This group list display request may include the tenant ID of the tenant who manages the information processing device 300 and the group type. In this embodiment, the type of group included in step S1401 is "guest". Therefore, here, a request to display a list of guest user groups associated with the tenant ID is transmitted to the server device 200 .

The authority management processing unit 290 of the server device 200 receives this request, refers to the group database 220, and obtains a list of guest user groups corresponding to the tenant ID (steps S1402 and 1403). That is, the authority management processing unit 290 identifies groups whose type is "guest".

Subsequently, the server apparatus 200 causes the information processing apparatus 300 to display the obtained list of groups (step S1404).

Here, the operation for adding a new guest user group will be described. The information processing device 300 transmits a new group creation request to the server device 200 by the operation of the tenant administrator or the like (step S1405). In response to this request, the server apparatus 200 causes the information processing apparatus 300 to display an input form (input screen) for group information (step S1406).

The information processing device 300, upon receiving the group information input to the input form, transmits the group information to the server device 200 (step S1407). The server device 200 adds the group information to the group database 220 (step S1408), and completes creating a new guest user group (step S1409). Subsequently, the server apparatus 200 causes the information processing apparatus 300 to display the group creation result (step S1410).

Subsequently, the information processing device 300 transmits a request for displaying a list of services available to the tenant to the server device 200 (step S1411). The server device 200 receives this request, refers to the contract management database 250, and obtains a list of services available to the tenant (steps S1412 and 1413). Subsequently, the server device 200 causes the information processing device 300 to display a list of services available to the tenant (step S1414).

When a service to be assigned to a group is selected by the tenant administrator or the like, the information processing device 300 transmits the selection result to the server device 200 (step S1415).

The server device 200 accepts the selection of the service and gives the added group information the authority to use the selected service (steps S1416 and 1417). Specifically, the server device 200 causes the authority management unit 294 to associate the group ID of the newly added group with the service ID of the service to which the group is granted the authority to use in the group authority database 260 .

Subsequently, the server apparatus 200 causes the information processing apparatus 300 to display the group creation result (step S1418).

A display example of the information processing apparatus 300 will be described below with reference to FIG. 15 . FIG. 15 is a first diagram showing a display example of the information processing apparatus.

A screen 151 shown in FIG. 15 is an example of a group list screen displayed in step S1404 of FIG. 14, for example.

A display field 151a of the screen 151 displays a list of groups for guest users. The screen 151 also displays operation buttons for creating a new group, editing a group, and deleting a group. The operation shown in FIG. 14 is the operation when the creation of a new group is operated.

Next, with reference to FIG. 16, the operation of allocating service usage rights to groups for guest users will be described. FIG. 16 is a second sequence diagram showing the operation of the information processing system.

Since the processing from step S1601 to step S1604 in FIG. 16 is the same as the processing from step S1401 to step S1404 in FIG. 14, description thereof is omitted.

Subsequent to step S1604, the information processing apparatus 300, upon accepting selection of a group from the list, notifies the selected group to the server apparatus 200 (step S1605).

The server apparatus 200 refers to the group authority database 260 by means of the authority management processing unit 290, and obtains a list of services associated with the selected group (steps S1606 and 1607). Subsequently, the server device 200 causes the information processing device 300 to display a list of services associated with the selected group (step S1608).

Subsequently, the information processing apparatus 300 transmits a request for displaying a list of services contracted by the tenant to the server apparatus 200 by the operation of the tenant administrator or the like (step S1609).

Upon receiving this request, the server device 200 refers to the contract management database 250 and acquires a list of services contracted by the tenant (steps S1610, 1611). Subsequently, the server device 200 causes the information processing device 300 to display a list of services contracted by the tenant (step S1612).

The information processing apparatus 300 accepts the selection of the service associated with the group selected in step S1605, and notifies the selected service to the server apparatus 200 (step S1613).

Subsequently, server device 200 causes authority management unit 294 to associate the selected service with the selected group (step S1614).

At this time, the server device 200 refers to the service database 240 by the authority management unit 294, and compares the available remaining quantity of the selected service with the number of guest users belonging to the selected group. If the remaining number of available services is less than the number of guest users, it is determined that the association between groups and services has failed (step S1615).

In the server device 200, if the remaining number of available services is equal to or greater than the number of guest users, the authority management unit 294 selects group authority information including the group ID of the group selected in step S1605 in step S1613. The service ID of the received service is included (step S1616).

In the service database 240, a plurality of groups may share a service corresponding to one service ID and contract ID. At this time, the number of volumes that can be assigned to each group can be set. For this reason, the authority management unit 294 selects in step S1605 when the number of volumes that can be assigned according to the group ID or group type out of the total number of volumes shown in the service database 240 is equal to or greater than the number of guest users. The service ID of the service selected in step S1613 may be included in the group authority information including the group ID of the group obtained.

In other words, authority management unit 294 associates the group ID of the group selected in step S1605 with the service ID of the service selected in step S1613 in group authority database 260 .

Subsequently, the server apparatus 200 allocates service usage authority to users belonging to the group (step S1617). Specifically, the server device 200 causes the authority management unit 294 to associate the user ID of the user belonging to the group with the service ID and the group ID in the user authority database 270 .

Also, the authority management unit 294 updates the user database 230 and the service database 240 according to the correspondence between the group and the service.

Subsequently, the authority management unit 294 assumes that the association between the group and the service has succeeded (step S1618). Subsequently, the server apparatus 200 causes the information processing apparatus 300 to display the result of association between groups and services (step S1619).

Next, a display example of the information processing apparatus 300 will be described with reference to FIG. 17 . FIG. 17 is a second diagram for explaining a display example of the information processing device.

A screen 171 illustrated in FIG. 17 is an example of a screen displayed on the information processing apparatus 300 in step S1612 of FIG. 16, for example.

A display field 171a of the screen 171 displays a list of services contracted by the tenant. In other words, a list of licenses for which the tenant has usage rights is displayed.

Also, on the screen 171, group 01 is selected. In this embodiment, when a license is selected from the list in the display field 171a, the service corresponding to this license is notified to the server device 200 as the selected service.

Next, the operation of the information processing system 100 when adding a guest user to a group will be described with reference to FIG. 18 . FIG. 18 is a third sequence diagram for explaining the operation of the information processing system.

Since the processing from step S1801 to step S1804 in FIG. 18 is the same as the processing from step S1401 to step S1404 in FIG. 14, description thereof is omitted.

Following step S1804, the information processing apparatus 300 receives an operation to add a group and a guest user to the group, and transmits a request to add the guest user to the group to the server apparatus 200 (step S1805). This add request includes the group ID of the selected group.

Upon receiving the addition request, the server apparatus 200 refers to the service database 240 by the authority management unit 294 to check the available remaining quantity of the services set in the selected group (steps S1806 and 1807). .

In the service database 240, a plurality of groups may share a service corresponding to one service ID and contract ID. At this time, the number of volumes that can be assigned to each group can be set. Therefore, the authority management unit 294 can confirm the number of volumes that can be allocated according to the group ID or group type among the total number of volumes shown in the service database 240 .

Here, when the available remaining quantity of the service set in the group is 0, the server device 200 notifies the information processing device 300 that it is impossible to add the guest user to the group. is displayed (step S1808).

In addition, when the available remaining quantity of the service set in the group is not 0, that is, when it is possible to add a guest user to the group, the server device 200 sends the information processing device 300 a new guest, Alternatively, a screen for selecting an existing guest is displayed (step S1809).

In this embodiment, when displaying the list of groups in step S1804, the available remaining quantity of the service set in advance for the group is confirmed, and the available remaining quantity of the set service is checked. A group that is 0 may be displayed as a non-selectable state.

Next, processing for adding a new guest user to a group will be described. A new guest user is a guest user whose user information is not stored in the user database 230 .

Information processing apparatus 300, upon receiving an operation to instruct addition of a new guest user, transmits an instruction to add a new guest user to server apparatus 200 (step S1810).

When receiving the addition instruction, the server device 200 causes the information processing device 300 to display an input form (input screen) for user information of the guest user (step S1811).

The information processing device 300, upon receiving the input of the user information, transmits the user information to the server device 200 (step S1812).

When the user management unit 295 receives the user information, the server device 200 stores it in the user database 230 (steps S1813 and 1814). At this time, the user database 230 associates the user ID with the group ID.

Subsequently, the server device 200 assigns the added user the authority to use the service associated with the group by the authority management unit 294 (steps S1815 and 1816).

Specifically, authority management unit 294 stores the UUID included in the newly added user information, the group ID included in the addition request accepted in step S1805, and the service ID associated with this group ID. Generate linked user authority information. The authority management unit 294 then stores this user authority information in the user authority database 270 .

In other words, the server device 200 accepts a UUID that identifies a guest user who does not belong to a tenant and a group ID that identifies a group that includes the guest user, and the group ID and the service ID that identifies the service correspond to each other. The attached group authority database 260 is referred to, and the UUID is associated with the service ID associated with the received group ID.

Subsequently, the server device 200 causes the information processing device 300 to display the guest user creation result (step S1817).

Next, processing for adding an existing guest user to a group will be described.

Information processing apparatus 300, upon receiving an operation to instruct addition of an existing guest user, transmits an instruction to add an existing guest user to server apparatus 200 (step S1818).

Upon receiving the addition instruction, the server device 200 refers to the user database 230 and acquires guest user list information (steps S1819 and 1820). In other words, the user whose role is set as guest is identified. Subsequently, the server device 200 causes the information processing device 300 to display the guest user list information (step S1821).

Information processing apparatus 300, upon receiving an operation of selecting a guest user to be selected for a group from the list of guest users, transmits a request to add the selected guest user to the group to server apparatus 200 (step S1822).

The server apparatus 200 edits the information of the group to which the selected guest user belongs by the user management unit 295 (steps S1823 and 1824). Specifically, the user management unit 295 includes the group ID of the group to which this user is added in the user information of the selected guest user.

Subsequently, the server apparatus 200 assigns the selected guest user the authority to use the service set for the group by the authority management unit 294 (steps S1825 and 1826).

Specifically, the authority management unit 294 associates the user authority information of the selected guest user with the group ID of the group and the service ID of the service set for the group in the user authority database 270 .

Also, at this time, the authority management unit 294 updates the available remaining quantity and the quantity in use of the service information of the service set in the group in the service database 240 .

Subsequently, the server device 200 transmits a notification indicating that the guest user has been added to the group to the information processing device 300 (step S1827).

Display examples of the information processing apparatus 300 will be described below with reference to FIGS. 19 to 23 . FIG. 19 is a third diagram for explaining a display example of the information processing device.

A screen 191 shown in FIG. 19 shows an example of a screen displayed on the information processing apparatus 300 in step S1804 of FIG. A display field 191a of the screen 191 displays a list of services set for each group. The screen 191 also displays an operation button 191b for requesting addition of the guest user to the group.

In this embodiment, when a group is selected in the display column 191a and the operation button 191b is operated, the screen 191 transitions to a screen for selecting users to be added.

FIG. 20 is a fourth diagram for explaining a display example of the information processing device. A screen 201 illustrated in FIG. 20 is an example of a screen displayed on the information processing apparatus 300 in step S1809 of FIG. 18, for example.

A display field 201a and operation buttons 201b, 201c, and 201d of the screen 201 are displayed. A list of existing guest users may be displayed in the display field 201a.

The operation button 201b is an operation button for adding a new guest user to the selected group. The operation button 201c is an operation button for adding an existing guest user to the selected group.

Further, the operation button 201d is an operation button for excluding the guest user selected in the list of guest users displayed in the display field 201a from the group.

In this embodiment, when the operation button 201b is selected, the screen 201 transitions to a screen for adding a new guest user. Moreover, in this embodiment, when the operation button 201c is selected, the screen 201 transitions to a screen for adding an existing guest user.

Further, in the present embodiment, the information processing device 300 transmits to the server device 200 a request to exclude the guest user selected in the guest user list when the operation button 201d is selected. This exclusion request is, in other words, a release instruction requesting release of the association between the existing guest user and the service ID, and may include the user ID of the selected guest user.

Upon receiving the exclusion request, server device 200 acquires the UUID from the user information including the user ID included in the exclusion request. Then, the authority management unit 294 deletes the group ID of the selected group and the service ID associated with this group ID from the user authority information including the acquired UUID.

Furthermore, the authority management unit 294 updates the available remaining quantity and the quantity in use of the service information including the service ID associated with the selected group ID in the service database 240 .

As described above, in this embodiment, by excluding the guest user from the group, it is possible to dissolve the connection between the guest user's UUID and the service usage authority set for the group.

FIG. 21 is a fifth diagram for explaining a display example of the information processing apparatus. A screen 202 illustrated in FIG. 21 is an example of a screen displayed on the information processing apparatus 300 in step S1811 of FIG. 18, for example. In other words, screen 202 is an example of a screen for adding a new guest user.

The screen 202 has an input screen for user information of a new guest user, and an input field 202a for each item included in the user information is displayed. The screen 202 also displays an operation button 202b for transmitting the input user information.

In the present embodiment, when the operation button 202b is operated after user information is entered in the input field 202a, the entered user information is transmitted from the information processing device 300 to the server device 200. FIG.

FIG. 22 is a sixth diagram for explaining a display example of the information processing apparatus. A screen 202A shown in FIG. 22 is another example of the screen displayed on the information processing apparatus 300 in step S1811 of FIG. 18, for example. In other words, screen 202A is another example of a screen for adding a new guest user.

A window 202c is displayed on the screen 202A. The window 202c displays an input field 202d for the mail address of the newly added guest user.

In the example of FIG. 22, when an e-mail address is entered in the input field 202d and the operation button 202e is operated, a URL (Uniform Resource Locator) for entering account information of a new guest user is entered in the entered e-mail address. ) is sent. When account information is entered at this URL, the server device 200 may add a new guest user by storing the entered account information in the user database 230 .

FIG. 23 is a seventh diagram for explaining a display example of the information processing device. A screen 203 shown in FIG. 23 is another example of the screen displayed on the information processing apparatus 300 in step S1821 of FIG. 18, for example. In other words, screen 202A is another example of a screen for adding an existing guest user.

On the screen 203, a window 203a displaying a list of existing guest users is displayed. In this embodiment, when a guest user is selected in the window 203a and the operation button 203b is operated, the information processing device 300 may transmit a request to add the selected guest user to the group to the server device 200. good.

Next, referring to FIG. 24, management of the time limit management database 280 by the server device 200 of this embodiment will be described. FIG. 24 is a fourth sequence diagram for explaining the operation of the information processing system.

The processing shown in FIG. 24 is periodically executed. The time limit management unit 296 of the server device 200 accesses the time limit management database 280 of the storage unit 205 when it is time to update the time limit management database 280 (step S2401).

Subsequently, the time limit management unit 296 searches for guest users whose belonging time limit to the group has expired (step S2402). If there is such a user, the time limit management unit 296 excludes the guest user whose time limit has expired from the group (step S2403). Specifically, the time limit management unit 296 deletes the group ID of the group whose time limit has expired from the user information of the guest user whose time limit has expired.

Subsequently, the time limit management unit 296 deletes the authority to use the service set for the group, which is given to the guest user whose time limit has expired (step S2404). Specifically, the authority management unit 294 deletes the group ID and service ID of the expired group from the user authority information of the expired guest user.

Subsequently, the expiration management unit 296 updates the available remaining quantity and the quantity in use in the service information of the service corresponding to the service ID deleted from the user authority information (step S2405).

In addition, since the guest user belongs to the tenant for a certain period of time or is a user who is permitted to use the service for a certain period of time, the user database 230 corresponding to the guest user whose belonging period has expired for personal information protection You can delete the information. Also, the usage history of a guest user whose affiliation period has expired may be deleted. At this time, in addition to deleting the usage history stored in the server device 200, the server device 200 sends the usage history regarding the guest user to all the information processing devices 300 belonging to the tenant to which the guest user belonged. can be requested to be removed. Here, the usage history is the usage history of the service, including the service ID of the service used by the user, the date and time of use, the identification information of the user, and the information identifying the data when uploading or downloading data with the service. Information about

In the present embodiment, as described above, the usage authority of a guest user whose period of belonging to a group has expired is periodically deleted. Therefore, in this embodiment, it is possible to manage the usage period of services by guest users who do not belong to a tenant.

Next, with reference to FIG. 25, user authentication processing in the information processing system 100 of the present embodiment will be described. FIG. 25 is a fifth sequence diagram for explaining the operation of the information processing system.

In the information processing system 100 of the present embodiment, when the information processing apparatus 300 receives an operation requesting activation of an application that provides a service, the information processing apparatus 300 transmits an activation request to the server apparatus 200 (step S2501). Note that a request for a list of available services or a login request to the server apparatus 200 may be used instead of the application activation request.

When the server apparatus 200 receives the activation request, the user authentication unit 297 requests the information processing apparatus 300 to input account information (step S2502). In other words, the server device 200 causes the information processing device 300 to display an account information input screen. Account information is, for example, a user ID and password.

When the input of the account information is completed and the instruction to transmit the account information to the server apparatus 200 is received, the information processing apparatus 300 transmits the account information to the server apparatus 200 (step S2503).

When the server apparatus 200 receives the account information, the user authentication unit 297 refers to the user database 230 and performs user authentication (step S2504).

Specifically, the user authentication unit 297 determines whether or not the user database 230 has user information including the user ID and password included in the account information. Then, the user authentication unit 297 assumes that user authentication has succeeded when the corresponding user ID and password exist in the user database 230 (step S2505). In the following description, the operation when user authentication is successful will be described. Note that, in the present embodiment, if the user authentication fails, the information processing apparatus 300 may display a notification to that effect.

When the user authentication is successful, the server device 200 acquires a list of services available to the authenticated user by the user management unit 295 (steps S2506, 2207).

Specifically, the user management unit 295 obtains a UUID corresponding to the user ID included in the account information in the user information, refers to the user authority database 270, and obtains a service ID associated with the UUID. .

Subsequently, the server device 200 instructs the information processing device 300 to use the service when the service ID corresponding to the service requested to be activated is included in the acquired service ID list. is possible (step S2508).

At this time, the server device 200 may transmit screen information related to the application corresponding to the activation request to the information processing device 300 or may provide the information processing device 300 with the function of the application. Further, when the request from the information processing apparatus 300 is a service list request or a login request, the server apparatus 200 transmits screen information including a list of services available to the user or home screen information to the information processing apparatus 300. You can send it.

In addition, when the service ID corresponding to the service requested to be activated is not included in the acquired service ID list, the server device 200 instructs the information processing device 300 to use the service. is not possible (step S2509).

As described above, according to the present embodiment, when a guest user not belonging to a tenant is allowed to use a service that a tenant has permission to use, the guest user is simply added to the group corresponding to the service. You can grant usage rights to guest users. In addition, in the present embodiment, only by excluding the guest user from the group, it is possible to erase from the guest user the authority to use the service associated with the group.

The addition of guest users to groups may be performed by a user other than the tenant administrator. Specifically, a guest user's addition to or exclusion from a group may be performed by a user who belongs to a tenant and has authority to add/exclude a guest user from a group. For example, the tenant administrator can grant guest management authority to general users belonging to the tenant. Users with guest management privileges are allowed to add or remove guest users from groups.

Further, in the present embodiment, a period during which a guest user belongs to a group is set in advance, and when the set period has passed, the guest user is automatically excluded from the group and associated with the group. The authorization to use the service that has been deleted will be deleted. Therefore, in this embodiment, it is not necessary for the tenant administrator or the like to confirm whether or not there is a guest user whose use authority should be deleted.

Therefore, according to the present embodiment, for example, it is possible to facilitate management of service usage rights for guest users by a tenant administrator or the like who manages usage rights and the like of tenants.

Each function of the embodiments described above may be implemented by one or more processing circuits. Here, the "processing circuit" in this specification means a processor programmed by software to perform each function, such as a processor implemented by an electronic circuit, or a processor designed to perform each function described above. devices such as ASICs (Application Specific Integrated Circuits), DSPs (digital signal processors), FPGAs (field programmable gate arrays) and conventional circuit modules.

Note that the information processing apparatus 300 is not limited to an image forming apparatus as long as it has a communication function. The information processing device 300 is, for example, a PJ (Projector), an IWB (Interactive White Board: a whiteboard having an electronic blackboard function that allows mutual communication), an output device such as a digital signage, and a HUD (Head Up Display) device. , industrial machinery, imaging devices, sound collectors, medical equipment, network appliances, automobiles (connected cars), notebook PCs (personal computers), mobile phones, smartphones, tablet terminals, game consoles, PDAs (Personal Digital Assistants), digital cameras , a wearable or desktop PC, a smart speaker, or the like.

In the above description, a case has been described in which user authority data information is generated by associating a user with authority information, such as when a user belongs to a group. However, the timing of specifying the authority possessed by the user is not limited to this. For example, the user's authority information may be specified at the timing when a request such as a request to start an application, a request for a list of available services, or a login request to the server apparatus 200 is received from the user. At this time, the authority management processing unit 290 refers to the user group information to identify a group associated with the user authenticated as a user, and further refers to the group authority information to obtain authority information associated with the identified group. identify. As a result, a service corresponding to the identified authority information can be provided for use by the authenticated user.

In the above, we explained the case of adding a new group for guest users, adding a service to the group for guest users, and adding a guest user to the group for guest users. The same applies to adding a service to a group and adding a general user to a group for general users. However, when a general user is added to the group for general users, it is not necessary to set the affiliation period of the general user. That is, only when a user is added to the guest user group, the time limit management unit 296 creates the time limit management database 280 corresponding to the user and performs time limit management.

In the above description, the case where the same service is provided even when the same service is shared between the general user group and the guest group has been described, but the present invention is not limited to this. For example, if the service is a service that uses cloud storage, it is possible to limit the accessible areas, folders, and files for guest users who belong to the guest group, and the cloud storage service itself that can be used may be restricted. You can limit it. Also, if the service uses the address book, such as fax transmission or scan data transmission, make the address book unreadable or limit the range of access for guest users who belong to the guest group. can be

Another embodiment will be described below. FIG. 26 is a diagram showing another example of the system configuration of the information processing system. In the following description, guest users and devices used by guest users may be collectively referred to as guests. That is, a user or a device whose "role" is set to "guest" in the user database 230 or a device database (to be described later) is referred to as a guest.

The information processing system 100A further includes a user terminal 400 and an external device 500 . By accessing the server device 200 , the user terminal 400 can register the information processing device 300 , conclude a contract for receiving service provision, and edit information in each database stored in the server device 200 . The external device 500 executes predetermined processing in response to a processing request from the server device 200 or the information processing device 300 and notifies the server device 200 or the information processing device 300 of the processing result.

For example, when the information processing device 300 is a smart speaker, the information processing device 300
, the voice information including the processing request is transmitted to the server device 200 . The server device 200 recognizes the voice information and analyzes the processing request to identify any or all of the service information, the job information, and the parameter information. Here, the service information is information for specifying the service, such as the name of the service and the name of the service provider. The job information is information indicating the type of processing, and includes, for example, printing, scanning, calling, searching, acquiring, and reproducing content data such as music/moving images/images/text/news/schedules. The parameter information is information indicating setting values for processing, and includes, for example, print settings, scan settings, search conditions, destinations, conditions for identifying content, and the like.

The server device 2005 executes processing based on job information and parameter information. At this time, a processing request can be transmitted to the external device 500 depending on the job information. The external device 500 executes processing such as printing, scanning, and transmission of content data to be stored to the server device 200 or the information processing device 300, for example. The server device 200 transmits the result of processing by the external device 500 and the data acquired from the external device 500 to the information processing device 300 .

Here, the service realized by the server device 200 alone or by the cooperation of the server device 200 and the external device 500 is obtained by concluding a contract with the service provider for receiving the provision of the service by the tenant administrator. available. A tenant administrator can conclude a contract by accessing the server device 200 via the information processing device 300 or the user terminal 400 and specifying the target service. As a result, in the contract management database 250, the tenant ID to which the tenant administrator belongs is associated with the contract ID and service ID specified by the tenant administrator.

In this embodiment, the user terminal 400 can execute the processing of the information processing apparatus 300 in the sequence diagrams shown in FIGS. In addition, the server device 200 can store the device ID that identifies the information processing device 300 in association with the user ID in the user database 230 . Also, instead of the user database 230 and the user authority database 270, a device database and a device authority database may be stored. In this case, the data format may be the same as that of the user database 230 and the user authority database 270 except that the device ID is stored instead of the user ID and UUID. In this case, the device ID is stored in the time limit management database 280 instead of the UUID. Therefore, in the sequence diagrams shown in FIGS. 14, 16, and 18 as well, devices are registered for tenants and groups instead of guest users.

FIG. 27 is a sixth sequence diagram for explaining the operation of the information processing system. In the information processing system 100A of the present embodiment, when voice information including a processing request for using a service is received in the information processing device 300, the voice information is transmitted to the server device 200 (step S2701). Note that the audio information can include a device ID for identifying the information processing device.

When receiving the voice information, the server apparatus 200 executes authentication processing (step S2702). For example, the server device 200 compares the device ID included in the audio information with a device ID registered in the server device 200 in advance. Server apparatus 200 determines that the authentication has succeeded if a matching device ID is registered as a result of the comparison. At this time, any or all of the user ID, tenant ID, and group ID corresponding to the device ID are specified.

The server device 200 performs speech recognition based on the speech information (step S2703). The server device 200 thereby identifies the service information, the job information, and the parameter information.

The server apparatus 200 identifies available services based on the device authority database corresponding to the device ID or the user authority database 270 corresponding to the user ID linked to the device ID (step S2704).

Note that the server device 200 may identify available services based on the contract ID and service ID associated with the identified tenant ID and group ID. In addition, the server device 200 compares the service ID corresponding to the service information specified from the voice information and the service ID corresponding to the service specified as the usable service. As a result of the comparison, if the service IDs match, it is determined that the service can be used, and if they do not match, it is determined that the service cannot be used.

If the server device 200 determines that the service is unavailable, it sends a message to the information processing device to the effect that the service is unavailable (step S2705). On the other hand, when it determines that the service is available, it executes the processing according to the processing request.

The server device 200 can store the service information in association with the external device 500 or address. The server device 200 identifies the external device 500 based on the service information, and transmits a processing request including job information and parameter information to the identified external device 500 (step S2706). Depending on the service information, the server apparatus 200 may execute processing based on the job information and the parameter information. In this case, specifying the external device 500 and transmitting the processing request can be omitted.

The external device 500 executes processing in response to the processing request and transmits the processing result to the server device 200 (step S2707).

The server device 200 transmits the processing result acquired from the external device 500 to the information processing device 300 (step S2708).

The information processing device 300 performs processing such as display or audio output based on the message or processing result acquired from the server device 200 .

Although the present invention has been described above based on each embodiment, the present invention is not limited to the requirements shown in the above embodiments. These points can be changed without impairing the gist of the present invention, and can be determined appropriately according to the application form.

100 information processing system 200 server device 205 storage unit 210 tenant database 220 group database 230 user database 240 service database 250 contract management database 260 group authority database 270 user authority database 280 time limit management database 290 authority management processing unit 293 group management unit 294 authority management Unit 295 User management unit 296 Time limit management unit 300 Information processing device

Japanese Patent No. 6443007

Claims (11)

Group authority information that links group identification information that identifies a group that includes a user and service identification information that identifies a service, and user group information that links user identification information that identifies a user and the group identification information a storage unit that stores
an authentication unit that authenticates the user;
an authority management unit that enables the authenticated user to use a service corresponding to the authority information associated with the group associated with the authenticated user authenticated by the authentication unit, based on the group authority information and the user group information;
a time limit management unit that deletes the user group information according to a time limit;
The authority management unit
The information processing apparatus, wherein the group authority information is managed so as to be changeable only by an operation received from a user, and the user group information is managed so as to be changeable by the time limit management unit. The authority management unit
2. The storage unit according to claim 1, wherein user authority information in which said user identification information, said group identification information, and service identification information associated with said group identification information are associated is generated and stored in said storage unit. Information processing equipment. The authority management unit
receiving an instruction to release the association between the user identification information and the group identification information, deleting the user group information associated with the user identification information and the group identification information from the storage unit, and removing the user identification information and the group identification information; 3. The information processing apparatus according to claim 2, wherein user authority information associated with said service identification information is deleted. Group authority information that accepts input of group information including group identification information that identifies a group in which the user is included and service identification information that identifies a service, and associates the group identification information with the service identification information. 4. The information processing apparatus according to claim 2, further comprising a group management section for generating and storing in said storage section. Stores period management information in which the user identification information, the group identification information, and information indicating a period in which the user identified by the user identification information is included in the group identified by the group identification information are associated with each other. referring to the specified time limit management storage unit, specifying the user specifying information for which the period has expired, and deleting user authority information including the specified user specifying information from the storage unit. 5. The information processing apparatus according to any one of 4. Input for accepting a setting of a first number of users available in a first group including guest users and a second number of users available in a second group including general users among the number of users who can use the service. further comprising a reception unit;
The information processing apparatus according to any one of claims 1 to 5, wherein the authority management unit links the user identification information and the service identification information within the range of the first number of users. The authority management unit
when a user is associated with a group, referring to the group authority information to generate user authority information in which authority information associated with the group is associated with the user;
referring to the user authority information corresponding to the authenticated user authenticated by the authentication unit, and enabling the authenticated user to use the function corresponding to the authority information associated with the authenticated user;
The information processing apparatus according to claim 1. The authority management unit
When the authentication unit receives a request from an authenticated user, the user group information is referred to identify a group associated with the authenticated user, and the group authority information is referred to and authority associated with the identified group. 2. The information processing apparatus according to claim 1, wherein information is specified and a function corresponding to the specified authority information is made available to the authenticated user. A method by an information processing device, the information processing device comprising:
Group authority information that links group identification information that identifies a group that includes a user and service identification information that identifies a service, and user group information that links user identification information that identifies a user and the group identification information a storage procedure to be stored in a storage unit;
an authentication procedure for authenticating the user;
an authority management procedure for enabling the authenticated user to use a service corresponding to the authority information associated with the group associated with the authenticated user authenticated in the authentication procedure, based on the group authority information and the user group information;
a time limit management procedure for deleting the user group information according to a time limit;
In the deadline management procedure,
An information processing method, wherein the group authority information is managed so as to be changeable only by an operation received from a user, and the user group information is managed so as to be changeable according to the time limit management procedure. Group authority information that links group identification information that identifies a group that includes a user and service identification information that identifies a service, and user group information that links user identification information that identifies a user and the group identification information amnestic processing in the storage unit;
an authentication process for authenticating the user;
an authority management process for enabling the authenticated user to use a service corresponding to the authority information associated with the group associated with the authenticated user authenticated in the authentication process, based on the group authority information and the user group information;
causing an information processing device to execute a time limit management process for deleting the user group information according to the time limit;
In the deadline management process,
A program for causing the information processing apparatus to execute a process in which the group authority information is managed so as to be changeable only by an operation received from a user, and the user group information is managed so as to be changeable in the time limit management process. An information processing system including an information processing device and a program for a terminal device,
The program causes the terminal device to
Functioning as a communication control unit that transmits user identification information that identifies a user and group identification information that identifies a group including the user to the information processing device,
The information processing device is
a storage unit for storing group authority information linking the group identification information and service identification information identifying a service, and user group information linking the user identification information and the group identification information;
an authentication unit that authenticates the user;
an authority management unit that enables the authenticated user to use a service corresponding to the authority information associated with the group associated with the authenticated user authenticated by the authentication unit, based on the group authority information and the user group information;
a time limit management unit that deletes the user group information according to a time limit;
The authority management unit
An information processing system, wherein the group authority information is managed so as to be changeable only by an operation received from a user, and the user group information is managed so as to be changeable by the time limit management unit.

Images