JP3785841B2 - Access control device and program recording medium thereof - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to an access control device for restricting item access and a program recording medium thereof.
[0002]
[Prior art]
Conventionally, in a database management system (DBMS), access right information for a database is set using a database language or set in an upper application layer itself. Any setting depends on user attributes, etc. This is done for each item unit. For example, in a highly confidential file such as a payroll file, unauthorized employees are allowed to access general items such as name, gender, etc. Security is maintained by restricting access to specific items such as.
[0003]
[Problems to be solved by the invention]
In this way, since access restriction is performed on an item-by-item basis, access permission can be controlled for each item, but for specific items such as `` basic salary '', `` qualification allowance '', `` job allowance '' etc., uniformly There was a problem of lack of flexibility because it would be possible to access.
By the way, the data value of a specific item is fluctuating data that changes from record to record, and rather than making it inaccessible uniformly, the item access was restricted according to the relationship between the actual data of the items. However, it will match the business content and user authority, and it will be in line with the actual situation without loss of confidentiality.
An object of the present invention is to make it possible to restrict item access in relation to actual data of a plurality of items only by describing simple definition information without incorporating complicated logic relating to access restriction in the application itself. It is.
[0004]
[Means for Solving the Problems]
Means of the present invention are as follows.
The invention described in claim 1 specifies a plurality of items as comparison targets, a definition information storage means for defining a comparison expression indicating under what conditions the actual data of these items are compared, and a plurality of items Whether or not the condition of the comparison expression is satisfied by reading out the actual data corresponding to the plurality of items specified by the definition information and substituting it into the comparison expression when the data access is requested collectively And determining means for determining an access restriction item according to the determination result, and an access control means for restricting access to the restriction item determined by the determination means.
The present invention may be as follows.
(1) The definition information includes item designation information for specifying a plurality of items to be compared, and a comparison operator that indicates under what conditions the actual data of these items are compared Definition information consisting of a comparison expression including
(2) The definition information includes item designation information for specifying a plurality of items to be compared, and includes a comparison operator in a logical expression obtained by combining a plurality of items with a logical operator. Definition information.
(3) When a plurality of the definition information is stored for each type for restricting access, the determining means determines an access restriction item in relation to the plurality of definition information.
(4) The definition information is information arbitrarily set by an input operation.
(5) The access control means prohibits output of the data for the access restriction item determined by the determination means.
In the invention described in claim 1, when a plurality of items are specified as comparison targets, and definition information that defines a comparison expression indicating under what conditions the actual data of those items is compared is stored In this case, when data access for a plurality of items is requested, real data corresponding to the plurality of items specified by the definition information is read and substituted into the comparison formula, thereby satisfying the condition of the comparison formula Whether or not, a restriction item is determined according to the determination result, and access to the determined restriction item is controlled.
Therefore, it is possible to restrict item access in relation to a plurality of items of actual data only by describing simple definition information without incorporating complicated logic relating to access restriction in the application itself.
[0005]
DETAILED DESCRIPTION OF THE INVENTION
Hereinafter, an embodiment of the present invention will be described with reference to FIGS.
FIG. 1 is a block diagram showing the overall configuration of the data processing apparatus.
The CPU 1 is a central processing unit that controls the overall operation of the data processing device according to various programs. The storage device 2 includes a storage medium 3 in which a database management system, various application programs, a database, character font data, and the like are stored in advance, and a drive system thereof. The storage medium 3 is fixedly provided or detachably mountable, and is constituted by a magnetic / optical storage medium such as a floppy disk, a hard disk, an optical disk, or a RAM card, and a semiconductor memory. The program and data in the storage medium 3 are loaded into the RAM 4 under the control of the CPU 1 as necessary. Further, the CPU 1 receives a program and data transmitted from another device via a communication line or the like and stores them in the storage medium 3 or stored in a storage medium provided on the other device. Existing programs and data can be used via a communication line or the like. An input device 5, a display device 6, and a printing device 7 that are input / output peripheral devices are connected to the CPU 1 via a bus line, and the CPU 1 controls their operations according to an input / output program.
The input device 5 has a pointing device such as a keyboard or a mouse for inputting character string data or inputting various commands. Here, when character string data is input from the input device 5 at the time of creating the database, it is displayed on the text screen of the display device 6 and the confirmed character string confirmed by the kana-kanji conversion is stored in the storage device 2. The
[0006]
FIG. 2A shows the payroll ledger database 2-1 and authority information definition file 2-2 stored in the storage device 2, and each record in the payroll ledger database 2-1 is shown in FIG. 11A. Thus, each employee consists of the following items: “Employee number”, “Name”, “Gender”, “Basic salary”, “Qualification allowance”, and “Job title allowance”. The authority information definition file 2-2 is, for example, a comparison formula that specifies a plurality of items in a record constituting the salary ledger database 2-1 and under what conditions the actual data of these items are compared. Is stored as an item access restriction definition, and FIG. 3 shows an example of the definition. That is, FIG. 3 (A) shows a description format of the restriction definition, in which a logical expression is described for each authority type indicating what kind of access is restricted. FIG. 3B is a diagram for explaining the contents of “authority type” and “logical expression”. “Authority type” is represented by “R impossible (unreadable)”, “W impossible (write impossible)”, and the like. It is. “Logical expression” uses logical operators “AND” and “OR” and comparison operators “=”, “>”, “<”, “> =”, “<=”, “! =”. A combination of access restriction target item names, a plurality of items that are subject to access restriction comparison are specified, and the conditions under which the actual data of these items are compared are defined.
[0007]
FIG. 3C shows a specific description example of the restriction definition, which is a restriction definition of authority type “R not possible”, logical expression (title allowance> qualification allowance) AND (gender = “male”). Here, when there is a request for data access for a plurality of items, the actual data of each item included in this logical expression is read from the payroll ledger database 2-1, and the data value is used as the corresponding item of the logical expression. By assigning, the truth of the whole logical expression is evaluated, and if the evaluation result is “true”, each item in the logical expression is subject to access restriction, and if it is “false”, it is not subject to item access. It becomes. Therefore, in the example of FIG. 3C, a record in which the position allowance> qualification allowance and the gender is “male” satisfies the condition of the logical expression. If the item specified by is included, access to the item is restricted, but records with job titles below the qualification allowance or gender “female” are not subject to item access, and access requests are made. All access to the specified item is allowed.
An arbitrary restriction definition can be set in the authority information definition file 2-2 by inputting such a restriction definition from the input device 5. In this case, since the setting is simple in a tabular format, even a person who does not have specialized knowledge such as a program can make the setting. Further, the restriction definition is not limited to one type, and a plurality of restriction definitions can be set for each authority type. In the above example, the authority information definition file 2-2 is associated with the salary ledger database 2-1. However, the restriction definition exists for each database, and the restriction definition corresponding to the restriction definition when the database is opened. Is read from the authority information definition file 2-2.
[0008]
FIG. 2B shows various memory areas allocated to the RAM 4. The definition pointer 4-1 designates reading of the restriction definition set in the authority information definition file 2-2. When a plurality of restriction definitions are set for each authority type, the definition pointer 4-1 Based on the value of 1, the restriction definitions in the authority information definition file 2-2 are sequentially specified. The definition item number counter 4-2 counts the number of item names described in one restriction definition (in the logical expression), and the target item number counter 4-3 is requested to access data for a plurality of items. The number of requested target items is counted. The work memory 4-4 is another work area for temporarily storing intermediate results of processing.
[0009]
Next, item access control in this data processing apparatus will be described with reference to the flowcharts shown in FIGS. Here, a program for realizing each function described in these flowcharts is stored in the storage medium 3 in the form of a readable program code, and the CPU 1 sequentially executes operations according to the program code. To do.
FIG. 4 is a flowchart showing a restriction definition reading process that is executed before the database is accessed. The restriction definition in the authority information definition file 2-2 exists for each database. When an arbitrary database is opened, the restriction definition reading routine is called, and the corresponding restriction definition is read from the authority information definition file 2-2. The data is read, formatted according to a predetermined data structure, and expanded on the work memory 4-4.
[0010]
That is, after initializing (formatting) the data structure of the restriction definition, all the restriction definitions are read from the authority information definition file 2-2 and expanded according to the data structure (steps A1 to A3). FIG. 10B shows the data structure in this case. In the format, “number of definitions” is used as a header, and “definition restriction type”, “logical expression”, “number of definition items”, “definition item name” for each definition. ”And“ Item actual data value ”are allocated. The CPU 1 reads all restriction definitions from the authority information definition file 2-2 to obtain the “number of definitions”, extracts “authority type” and “logical expression” for each definition, and stores them in the corresponding development area in the format. I will do it. Then, the CPU 1 assigns an initial value “1” to the definition pointer 4-1 (step A4) and checks whether the value exceeds the “number of definitions” (step A5). Now, the value of the definition pointer 4-1 Is “1”, all the item names are extracted from the area “logical expression” on the format indicated by the value, copied to the “definition item name”, and the number of definition items is obtained and “ The number of definition items is set (step A6), the value of the definition pointer 4-1 is updated (step A7), and steps A6 and A7 are repeated until the value exceeds the “number of definitions”.
[0011]
FIG. 11 is an operation concept diagram conceptually showing the overall operation. In the figure, (1) to (8) indicate the flow of operation, and data is sequentially processed as shown in the order. Here, if the restriction definition in the authority information definition file 2-2 corresponding to the payroll database 2-1 is as shown in FIG. 11B, the contents are formatted according to a predetermined data structure and stored in the memory. (See FIG. 11 (1)). In this case, the “data value” for each item assigned on the format is the actual data value extracted for each “definition item name” from one record read from the payroll database 2-1. In the area to be written, the item actual data value is not written during the restriction definition reading process.
[0012]
FIG. 5 is a flowchart showing the operation when there is an access request from the user. Here, when there is an access request from the user, the application AP (see FIG. 11) calls the record reading routine and the record writing routine, but prior to that, all the target items requested for access are accessed. It is set as a list of items (see (2) in FIG. 11). That is, the list of access target items is formatted according to a predetermined data structure and expanded on the work memory 4-4 (step B1). FIG. 9A shows the data structure of this item list, the format of which consists of “number of target items”, “target item name”, and “target authority type”, and the item name for each target item for which an access request has been made. Is set in the area “target item name” in the extracted format, and the number of items is obtained and set in “number of target items”. FIG. 11C shows a specific example of an item list set as an item to be accessed among the records in the payroll ledger database 2-1, and this item list is formatted into the data structure shown in FIG. 9A. Is done.
[0013]
Next, after reading the data for one record from the top of the payroll ledger database 2-1, the authority judgment processing routine is called. This authority determination process (step B3) acquires the target item from the access target item list passed from the application AP, acquires the record read from the payroll ledger database 2-1, and refers to the restriction definition. The authority is determined, and the determination result is handed over to the application AP side as access authority information. As shown in FIG. 10A, the “target authority type” secured by formatting the access target item list is an area in which the determination result of the access authority determined for each access target item is stored. In addition to the “number of target items”, information in which “target authority type” and “target item name” are associated is handed over to the application AP side as access authority information. That is, when the access target item list is formatted, the “target authority type” is secured corresponding to each “target item name”, so that the corresponding relationship becomes the access authority information as it is.
[0014]
FIG. 6 is a flowchart showing this authority determination process. First, the target item is acquired from the access target item list, and data for one record read from the payroll ledger database 2-1 is acquired (step C1). Then, initialization processing for setting “RW permission” as “target authority type” corresponding to all “target item names” assigned on the format of the target item list is performed, and all items are Authority is permitted (step C2). In FIG. 11, “* 1” indicates a state in which the authority type in the access target list is initialized, and “RW permission” is set as the target authority type in each item. Here, the authority determination processing routine is a group for each definition for analyzing the restriction definition for each definition. First, in order to loop all definitions from the first definition, first, an initial value is set in the definition pointer 4-1. “1” is substituted (step C3). Then, the item data of the acquired record is set to the “data value” of the corresponding item of the restriction definition indicated by the value of the definition pointer 4-1 (step C4). In this case, as shown in FIG. 11, “title allowance”, “qualification allowance”, and “gender” are defined as the definition item names in the restriction definition, so that the actual item data corresponding to each item is obtained this time It is extracted from the (first record), and the position allowance “300,000”, the qualification allowance “200,000”, and the sex “male” are set to the corresponding “data value”. Next, a “logical expression” is acquired from the restriction definition indicated by the definition pointer 4-1 (step C5), and the data value read from the record is substituted as the value of each item in the acquired logical expression. The whole is evaluated (step C6). In this case, since the position allowance “300,000”> qualification allowance “200,000” and the gender is “male”, the truth value of the whole logical expression becomes “true” (step C7), and the authority set The process proceeds (step C8).
[0015]
FIG. 7 is a flowchart showing the restriction set process in this case. First, an initial value “1” is assigned to a target item number counter 4-3 that counts the number of items to be accessed (step D1), and it is checked whether the value is equal to or less than the “number of target items” in the item list (step D2). ). Now, since the “number of target items” is “3”, the process proceeds to step D3. This time, the initial value “1” is substituted into the definition item number counter 4-2 that counts the number of items of the restriction definition, and the definition pointer 4- It is checked whether the number is equal to or less than the “number of definition items” of the restriction definition indicated by 1 (step D4). In this case, since the value of the definition pointer 4-1 is “1” and the corresponding “number of definition items” is “3”, the process proceeds to step D5, and the “definition” indicated by the definition item number counter 4-2. The “item name” is compared with the “target item name” specified by the target item number counter 4-3, and it is checked whether or not both are the same item name. In this case, the values of the definition item number counter 4-2 and the target item number counter 4-3 are both “1”, the definition item name is “title allowance”, and the target item name is “employee number”. Therefore, “1” is added to the value of the definition item number counter 4-2 while the value of the target item number counter 4-3 is fixed, and the value is updated (step D7). Then, the process returns to step D4. In this case, however, since the “number of definition items” is not exceeded, the process proceeds to step D5. Hereinafter, while the value of the target item number counter 4-3 is fixed, that is, without changing the target item name of interest, the definition item name is sequentially specified while updating the value of the definition item number counter 4-2. Compare item names. In this case, since the target item name of interest is not included in the definition item name, when all the definition item names are specified, the value of the definition item number counter 4-2 is “number of definition items”. Therefore, this time, the value is updated by adding “1” to the value of the target item number counter 4-3 (step D8). If the value is equal to or less than the “number of target item names” (step D2), The definition item number counter 4-2 is initialized (step D3). As a result, the target item name is moved to the next item and the definition item name is returned to the top. Hereinafter, by repeating the same operation, when focusing on “qualification allowance” as the target item name, if the second definition item name is specified, the item name match is detected in step D5. The contents of “definition authority type” are directly copied as the “target authority type” corresponding to the item in the list (step D6). Thereafter, the above-described operation is repeated until all of the final target item names are focused. Accordingly, the correspondence relationship between the “target item name” and the “target authority type” is as shown in FIG. 11D, and among the access target items, “employee number”, “name”, and “basic salary” are as follows: The initialized authority type “RW Allowed” remains as it is, but “qualification allowance” and “posture allowance” are both “R not allowed” because the definition restriction type is copied.
[0016]
When such authority setting processing is completed, the process proceeds to step C9 in FIG. 6, where “1” is added to the value of the definition pointer 4-1, the value is updated, and it is checked whether the value is equal to or less than the “number of definitions”. (Step C10). Here, if it is less than the “number of definitions”, the process returns to step C5, the next restriction definition is designated and its logical expression is acquired, and the record data value is substituted into each item in the logical expression in the same manner as described above to obtain the logical expression. Although the expression is evaluated, since the number of definitions is “1”, the authority determination process ends at this point, and the access authority information shown in FIG. 11D is passed to the application AP. Then, the application AP acquires this access authority information, determines the type requested for access (step B4 in FIG. 5), and calls the record reading routine if it is a read access. Thus, a record reading process for sequentially displaying the item data while confirming that the access target item is not “R impossible” is performed (see (7) and (8) in FIG. 11). If it is a write access, a record write routine is called. As a result, a record writing process is performed to rewrite item data while confirming that the access target item is not “W impossible”.
[0017]
FIG. 8 is a flowchart showing the record reading process. First, an initial value “1” is assigned to the target item number counter 4-3 (step E1). Then, the “target authority type” of the item indicated by the value of the target item number counter 4-3 is extracted from the authority information, and if it is “R impossible” (step E2), the corresponding in the read record “***” is inserted into the item, and the data is masked (step E3). Next, an increment process for adding “1” to the value of the target item number counter 4-3 is performed (step E4). If the value is equal to or smaller than the “number of target items” in the restriction information (step E5), the target The process returns to step E2 until the processing for the number of items is completed, and the above operation is repeated for each target item. When the processing for the number of target items is completed, the access target item is extracted from the read record and is displayed and output (step E6). As a result, as shown in FIG. 11E, the display contents of the first record are displayed as asterisks for both “qualification allowance” and “title allowance”, and the data value is masked.
[0018]
When the reading process for one record is completed in this way, the process proceeds to step B7 in FIG. 5. If there is a next record in the payroll ledger database 2-1, the record is read (step B2), and the authority determination process is performed. Is performed (step B3). In this case, since the second record is read out, the second record also satisfies the restriction definition (title allowance> qualification allowance and gender = “male”) as in the first record. The evaluation result is “true”. Therefore, the process proceeds to the authority set process of FIG. 7, and the definition authority type “R impossibility” is copied to the target authority types of “qualification allowance” and “title allowance”. Accordingly, the access authority information after the second record reading is as shown by * 2 in FIG. 11, and the record reading process is executed based on this access authority information (step B5 in FIG. 5). As for the display content of the record, both “qualification allowance” and “posture allowance” are displayed as asterisks as in the first. Next, the third record is read. In this case, since the third record is qualification allowance ≧ job title allowance, the evaluation result of the logical expression is “false”, the permission set process is not executed, and access is made. The target authority type corresponding to each item of the authority information remains “RW enabled” which is initially set (see * 3 in FIG. 11). The next 4th record is the same as the 3rd record, and the 5th record is title allowance> qualification allowance, but because gender = “female”, the evaluation result of the logical expression is “false” " As described above, since the access authority information when the third and subsequent records in the payroll ledger database 2-1 illustrated in FIG. 11 are read is “RW OK”, the display contents are shown in FIG. Thus, all items are displayed without any access restrictions.
[0019]
FIG. 9 is a flowchart detailing the record writing process (step B6 in FIG. 5). First, in a state where attention is paid to the first record in the payroll ledger database 2-1, the initial value “1” is substituted into the target item number counter 4-3 (step F1), and the number of target items is determined from the authority information. The “target authority type” of the item indicated by the value of the counter 4-3 is extracted, and if “W Allowed” is included (step F2), the data for the corresponding item in the record of interest is rewritten based on that condition. Although permitted (step F3), rewriting of item data is prohibited unless “W” is included. Then, an increment process for adding “1” to the value of the target item number counter 4-3 is performed (step F4). If the value is equal to or less than the “number of target items” (step F5), the process for the number of target items is performed. The process returns to step F2 until the above is completed, and the above operation is repeated. And it returns to step F2 until the process for object item is completed, and repeats the above-mentioned operation.
[0020]
As described above, in this embodiment, a restriction definition that arbitrarily specifies a plurality of items in one record and defines a logical expression indicating under what conditions the actual data of those items are compared is authority information. In the case of setting in the definition file 2-2, when data access for a plurality of items is requested, by substituting actual data corresponding to the plurality of items specified by the restriction definition into the logical expression, It is determined whether or not the expression condition is satisfied, the access restriction item is determined according to the determination result, and the access to the determined access restriction item is controlled. Even if complicated logic is not included, it is only necessary to describe simple definition information, and to restrict item access in relation to multiple items of actual data It is possible. In this case, it is possible to set restriction definitions by combining logical operators and comparison operators for item names that specify multiple items, so that it is easy to set up and define various access restrictions. It becomes possible to do. Here, when multiple items are combined with "AND" as a logical expression, item access is restricted only when the AND condition is satisfied, and if the AND condition is not satisfied, any item is accessed. Can do. In addition, since it is possible to set multiple restriction definitions for each authority type indicating what kind of access is restricted, even simple access is sufficient even for complicated access restrictions. It will be easy.
[0021]
In the above-described embodiment, “OR” and “AND” are exemplified as the logical operators, but “NOT” may be used. In this case, the item names connected by the logical operator may be item names excluding the restriction target. In addition, although the restriction target is specified by the item name, data for specifying the item position may be used. Restriction definitions may include arithmetic operators and functions in logical expressions. The restriction definition can be set for each user, for each user level, and for each group to which the user belongs.
Furthermore, although one Embodiment mentioned above was taken as the item which exists in one record, you may define the relationship of the items between different records, between files, and between databases. In this case, it may be defined in an expression format such as “file name / item name” or “database name / item name”. Further, the type of authority is not limited to “R” and “W”, but may be Select (reading), Insert (addition), Update (correction) and the like generally used by the database management system.
[0022]
【The invention's effect】
According to the present invention, it is possible to restrict item access in relation to actual data of a plurality of items by simply describing simple definition information without incorporating complicated logic relating to access restriction in the application itself. This makes it possible to maintain security in accordance with the actual situation and is versatile.
[Brief description of the drawings]
FIG. 1 is a block diagram showing the overall configuration of a data processing apparatus.
2A is a diagram showing a payroll ledger database 2-1 and an authority information definition file 2-2 stored in the storage device 2, and FIG. 2B is a memory area allocated to a RAM 4; Figure.
FIGS. 3A to 3C are diagrams for explaining restriction definitions set in an authority information definition file 2-2. FIGS.
FIG. 4 is a flowchart showing a restriction definition reading process executed prior to accessing a database.
FIG. 5 is a flowchart showing main processing when restricting item access;
FIG. 6 is a flowchart detailing step B3 (authority determination processing) in FIG. 5;
FIG. 7 is a flowchart detailing step C8 (authority set processing) in FIG. 6;
FIG. 8 is a flowchart detailing step B5 (record read processing) in FIG. 5;
FIG. 9 is a flowchart detailing step B6 (record writing processing) in FIG. 5;
10A is a diagram showing a data structure when a list of access target items is formatted, and FIG. 10B is a diagram showing a data structure when a restriction definition is formatted.
FIG. 11 is an operation concept diagram specifically showing the overall operation.
[Explanation of symbols]
1 CPU
2 storage devices
2-1 Salary ledger database
2-2 Authority information definition file
3 storage media
4 RAM
4-1 Definition pointer
4-2 Number of definition items counter
4-3 Target item counter
5 input devices
6 Display device

Claims (7)

A definition information storage means that identifies a plurality of items as comparison targets and defines a comparison expression that indicates under what conditions the actual data of those items are compared;
When data access for a plurality of items is requested at once, the actual data corresponding to the plurality of items specified by the definition information is read and substituted into the comparison expression, thereby satisfying the condition of the comparison expression Determination means for determining whether or not and determining an access restriction item according to the determination result,
An access control device comprising access control means for restricting access to a restriction item determined by the determination means. The definition information includes item designation information for specifying a plurality of items to be compared, and a comparison expression including a comparison operator that indicates under what conditions the actual data of these items are compared The access control apparatus according to claim 1, wherein the access control apparatus is defined information. The definition information is definition information including a comparison operator in a logical expression in which item designation information for specifying a plurality of items to be compared is listed and a plurality of items are combined by a logical operator. The access control apparatus according to claim 1. 2. The method according to claim 1, wherein when a plurality of the definition information is stored for each type for restricting access, the determination means determines an access restriction item in relation to the plurality of definition information. Access control device. The access control apparatus according to claim 1, wherein the definition information is information arbitrarily set by an input operation. 2. The access control apparatus according to claim 1, wherein the access control means prohibits output of data for an access restriction item determined by the determination means. A recording medium having a program code read by a computer,
Definition information that defines a comparison expression that identifies multiple items as comparison targets and the conditions under which the actual data of those items are compared when data access for multiple items is requested at once. By referring to and reading out actual data corresponding to a plurality of items specified by the definition information and substituting it into the comparison expression, it is determined whether or not the condition of the comparison expression is satisfied. A function to determine access restriction items according to
A recording medium having a program code for realizing a function of restricting access to a determined restriction item.

Images