JP4800760B2 - Access authority management apparatus, access authority management method and program thereof - Google Patents

Description

  The present invention relates to an access authority management apparatus, an access authority management method, and a program thereof that manage user access authority to each of a plurality of websites.

Conventionally, in a situation where a plurality of websites used for different purposes are installed, when performing user registration so that the user can access all websites, each website has a database for user registration, The administrator registers user identification information (ID) and password in each database. The website is a name indicating a set unit of web pages transmitted from the web server to the terminal on the communication network. Setting up a website means connecting a web server to a communication network so that it can be connected from a terminal. A database for user registration is connected to the web server. Patent Document 1 is disclosed as a mechanism for registering users who can access a web server.
JP 2004-54779 A

  Here, when registering different access authority for each user for each content to be transmitted, such as a web page that can be browsed and a web page that can be registered, among the web pages transmitted on one website, In addition to simply registering user identification information and passwords, it is necessary to register detailed access authority information for each user that indicates what kind of information can be accessed on which website. . Therefore, as the number of users increases, the work for administrator user registration becomes enormous. Moreover, since the access authority about the same user was separately registered with respect to several websites, the effort for user registration was applied to the administrator.

  Therefore, the present invention provides an access authority management apparatus that can reduce the labor of an administrator when a plurality of websites are provided in a computer system and a large number of user registrations with different access authorities to each website are performed. It is an object to provide an access authority management method and its program.

The present invention, identification information of an access authority management device for managing the rights of access to each of the plurality of web sites, from the system administrator terminal, and identification information of the group, a website that can be accessed in the user belonging to the group accepting a combination of a site access right registration means for registering in association in the group management table, accepts access from the website administrator terminal, managing the website administrator operating the website administrator terminal Access authority for the group identification information associated with the website identification information and registered in the group management table, and the content information in the website managed by the website administrator that can be accessed by users belonging to the group And a list of site actions including Transmits the scan right setting screen, the more the website administrator terminal, are entered using the site access right setting screen, accepts access to the content information in the website, the said received information Corresponding to the combination of the registered group identification information and the website identification information, the in- site access right registration means to be registered in the group management table and the user registration request from the group manager terminal , and the group management A user registration screen for inputting attribute information of a user belonging to the group of the group administrator who operates the administrator terminal is transmitted to the group administrator terminal, and the group administrator terminal receives the group identification information and the user registration screen. union with the user attribute information belonging to the group that was entered using the The accept, the received information, it accepts the user registration means for registering the user management table in association with the identification information of the user who has newly generated job registration from the group administrator terminal request, the group manager A list of website identification information linked to the identification information of the group to which the group administrator operating the terminal belongs and registered in the group management table, and the access authority for each content information in the website, The job registration screen showing the input field of the identification information is transmitted, and the job identification information input from the group manager terminal using the job registration screen and the user of the job indicated by the job identification information are accessed. Website identification information that can be accessed, and access rights to the content information on the website And a job registration means for registering in the job management table and a job setting request from the group manager terminal, inputting job identification information from the group manager terminal and indicating the job identification information. ID setting information of a user registered in the user management table in association with the identification information of the group to which the group administrator who operates the group administrator terminal belongs, A job setting screen showing a list of user IDs, and a combination of the user identification information input using the job setting screen and the input job identification information from the group manager terminal, and the user An access authority management device comprising job setting means for registering in association with a management table .

According to the present invention, in the above-mentioned access authority management apparatus, an access request to the content information is received, the access request storing user identification information, identification information of a website to be accessed, and content information. , Referring to the user management table based on the access request, and permitting access to the content information stored in the access request based on the access request and information stored in the user management table And a permission determining means .

In the access authority management apparatus according to the present invention, the access permission determination unit reads the job identification information associated with the user identification information included in the access request and registered in the user management table, The website identification information linked to the read job identification information and registered in the job management table and the access authority to the content information in the website are read, and the read job identification information and website are read. And an access authority management object including information on the access authority for the content information in the website is stored in the memory, the user identification information included in the access request to the content information, and the website identification information And the content information are the access rights. An access permission based on the access authority for the content information included in the access authority management object when it matches the combination of the user identification information included in the management object, the website identification information, and the content information in the website. Is transmitted to the website indicated by the identification information of the website included in the access request to the content information.

According to the present invention, in the above-described access authority management apparatus, the group manager terminal includes a user group terminal operated by a user group manager and a subgroup set in a user group to which the user group manager belongs. A subgroup terminal operated by the subgroup manager to which the site belongs, and the site access right registration means can access the identification information of the user group and the website belonging to the user group from the system manager terminal Is received in combination with the user group management table, and the in-site access right registration means accepts access from the website manager terminal and operates the website manager terminal. Linked to website identification information managed by the website administrator Identification information of the user group registered in the user group management table and a list of access rights for each content information in the website managed by the website administrator that can be accessed by users belonging to the user group. The website access right setting screen is transmitted, and the website administrator terminal receives the access authority for the content information in the website, which is input using the site access right setting screen. Information is registered in the user group management table in association with the combination of the registered user group identification information and the website identification information, and the user registration means sends a user registration request from the user group manager terminal. Accept the user group A user registration screen for inputting attribute information of a user belonging to a user group of a user group administrator who operates the administrator terminal is transmitted to the user group administrator terminal, and the user group administrator terminal identifies the user group identification information. And the attribute information of the users belonging to the user group input using the user registration screen is received, and the received information is registered in the user management table in association with the newly generated user identification information. Further, a subgroup registration request is received from the user group manager terminal, and the user group manager table is associated with identification information of a user group to which the user group manager who operates the user group manager terminal belongs. The registered users belonging to the user group The access authority for each content information in the website managed by the website administrator that can be accessed is read, and a subgroup registration screen showing a list of access authorities for each content information is transmitted to the user group administrator terminal, Accepting access authority to the content information in the website from the user group manager terminal, identification information of the user group to which the user group manager who operates the user group manager terminal belongs, and a newly generated subgroup Are registered in the user group management table in association with the access authority for the received content information, and a subgroup belonging user setting request is received from the user group administrator terminal. A subgroup belonging user setting screen showing a list of identification information of the user linked to identification information of a user group to which a user group administrator who operates a group administrator terminal belongs and registered in the user management table Sending to the user group manager terminal and accepting the user identification information input from the user group manager terminal using the subgroup belonging user setting screen and associating it with the subgroup identification information Subgroup registration means for registering in the user management table, and the job registration means accepts a job registration request from the subgroup manager terminal and operates the subgroup manager terminal. Associated with the identification information of the subgroup to which the user group belongs. A job registration screen showing a list of identification information of websites registered in the website, access authority for each content information in the website, and an input field for job identification information, and the subgroup manager The job identification information input from the terminal using the job registration screen, the identification information of the website accessible by the user of the job indicated by the job identification information, and the access authority to the content information in the website The combination is received and registered in the job management table, and the job setting means receives the job setting request from the sub group manager terminal, inputs the job identification information from the sub group manager terminal, and the job identification information. Is a job setting screen for setting the user who performs the job indicated by A job setting screen showing a list of identification information of users registered in the user management table in association with identification information of the subgroup to which the subgroup administrator operating the terminal belongs, and the subgroup administrator A combination of the user identification information input using the job setting screen and the input job identification information is received from a terminal and registered in association with the user management table .

The present invention also provides login request accepting means for accepting a login request including user group or subgroup identification information and website identification information from a user terminal via a communication network, and login completion information to the user terminal. Login completion recording means for storing login completion information and the user terminal when the identification information of the website included in the login request is received again as the identification information of another website. Re-login necessity determination means for determining whether re-authentication is necessary by receiving the login completion information transmitted from the user terminal and comparing the login completion information with the stored login completion information, access permission determination unit, when not required re-authentication, the said access request Yoo Based on the information stored in The management table, and permits access to the content information.

The present invention also relates to an access right management method in an access right management device that manages access rights to each of a plurality of websites , wherein the site access right registration means receives group identification information from the system administrator terminal, Accepts a combination of identification information of websites that can be accessed by users belonging to the group , registers them in association with the group management table, and the site access right registration means accepts access from the website administrator terminal, and Identification information of a group registered in the group management table in association with identification information of a website managed by a website administrator who operates a site administrator terminal, and the website management accessible by users belonging to the group Content information on websites A list of access rights to respectively, sends a site access right setting screen including, from the website administrator terminal, are entered using the site access right setting screen, in the web site The access authority for the content information is received, the received information is registered in the group management table in association with the combination of the registered group identification information and the website identification information, and the user registration means is a group manager. A user registration request is received from the terminal, and a user registration screen for inputting attribute information of a user belonging to the group of the group manager who operates the group manager terminal is transmitted to the group manager terminal, and the group manager terminal more it was entered using the identification information of the group and the user registration screen Accept a combination of attribute information of users belonging to the group, the received information is registered in the user management table in association with the identification information of the user who has newly generated the job registering means, the group manager terminal The job registration request is accepted from the website, and the website identification information registered in the group management table linked to the group identification information to which the group manager who operates the group manager terminal belongs is stored in the website. A job registration screen showing a list of access rights for each piece of content information and an input field for job identification information is transmitted, and job identification information input from the group manager terminal using the job registration screen, , The identification information of the website accessible to the user of the job indicated by the job identification information, and the website A combination of access authority to the content information in the site and register it in the job management table, and the job setting means receives the job setting request from the group manager terminal and receives job identification information from the group manager terminal. The user management table is a job setting screen for setting a user who performs the job indicated by the job identification information and is associated with the group identification information of the group manager who operates the group manager terminal. A job setting screen showing a list of user identification information registered in the user ID, the user identification information input from the group manager terminal using the job setting screen, and the input job identification information accepting a combination of, the access right management side, characterized in that to register in association with the user management table It is.

In addition, the present invention is a program that is executed by a computer of an access authority management device that manages access authority for each of a plurality of websites , and includes identification information of a group and access of users belonging to the group from a system administrator terminal. can accept the combination of the identification information of the web site, the site access right registration process of registering in association in the group management table, accepts access from the website administrator terminal, web operating the website administrator terminal The group identification information registered in the group management table linked to the identification information of the website managed by the site administrator, and the website managed by the website administrator that can be accessed by users belonging to the group Access to each piece of content information Scan a list of permissions, it sends the site access right setting screen including the from the website administrator terminal, are entered using the site access right setting screen, access to the content information in the website accepting the authority, the received information in association with a combination of the identification information of the website of the group that the registration, the site access right registration process for registering the group management table, the group manager terminal A user registration request is received, and a user registration screen for inputting attribute information of a user belonging to the group of the group manager who operates the group manager terminal is transmitted to the group manager terminal, and from the group manager terminal, the group entered using the identification information of the group to the user registration window Accept a combination of user attribute information belonging to the flop, duties the received information, the user registration process of registering the user management table in association with the newly generated user identification information, from the group administrator terminal Web site identification information registered in the group management table associated with the group identification information of the group manager to which the registration request is accepted and operating the group manager terminal and the content information in the website A job registration screen showing a list of access authorities for each and an input field of job identification information is transmitted, and the job identification information input from the group administrator terminal using the job registration screen, Identification information of the website that can be accessed by the user of the job indicated by the job identification information, and the website Receiving a combination of access authority to the content information of the job, registering it in the job management table, and receiving a job setting request from the group manager terminal, inputting job identification information from the group manager terminal, It is a job setting screen for setting a user who performs the job indicated by the job identification information, and is registered in the user management table in association with the group identification information of the group manager who operates the group manager terminal. A combination of the user identification information input from the group manager terminal using the job setting screen and the input job identification information. the accepted, execution and job setting process of registering in association with the user management table, to a computer Is that program.

  According to the present invention, the system administrator registers which user group can access which information transmitting / receiving device, and the information transmitting / receiving device administrator can access which information in each information transmitting / receiving device each user group can access. Register for. Thereby, since the access authority of the user is registered for each user group, the labor of each administrator is reduced.

  Further, according to the present invention, the user group administrator sets the access authority for the user group managed by the user group within the range of the access authority set by the system administrator or the information transmission / reception apparatus administrator for the user group. To do. As a result, each user group administrator only needs to set the access authority for only the users belonging to his / her user group, so that the access authority registration process is distributed, and the access authority registration effort is reduced.

  In addition, according to the present invention, the sub-group administrator sets the access authority for the sub-group managed by the system administrator or the information transmission / reception apparatus administrator to the user group, This is performed within the range of access authority set by the user group administrator for the subgroup. As a result, each sub-group administrator only needs to set the access authority for users belonging to his / her sub-group, so the access authority registration process is distributed, and the access authority registration effort is reduced.

  According to the present invention, the access authority to the plurality of information transmitting / receiving apparatuses is managed by one access authority management apparatus. In other words, each administrator can determine which user group or subgroup can access which information transmission / reception device and information in the information transmission / reception device even when the number of information transmission / reception devices increases in the computer system. Since only the registration is required, the labor for registering access authority is reduced.

  Hereinafter, an access authority management apparatus according to an embodiment of the present invention will be described with reference to the drawings. FIG. 1 is a block diagram showing a configuration of a computer system according to the embodiment. From this figure, in the computer system, reference numeral 1 denotes an access authority management device for managing the authority of user access to each of a plurality of websites. Reference numeral 2 denotes a system administrator terminal (hereinafter, system administrator terminal) of a computer system comprising a plurality of web servers and the access authority management apparatus 1. Reference numeral 3 denotes a terminal of a website manager who manages each website. Reference numeral 4 denotes a user group administrator's terminal (hereinafter referred to as a UG administrator terminal) that manages the user group, and reference numeral 5 denotes a subgroup administrator's terminal (hereinafter referred to as an SG administrator) that manages subgroups set in the user group. Terminal), and reference numeral 6 denotes a user terminal (hereinafter referred to as a user terminal) belonging to a user group or subgroup.

  The user group is a user unit set for each organization such as a company, for example. A subgroup is a unit of users belonging to a subgroup installed in a user group, for example, a department or section installed in a company. Further, the system administrator terminal 2 and the website administrator terminal 3 do not refer to specific terminals in the computer system, but are PCs used when the system administrator or website administrator logs into the computer system. Are the system administrator terminal 2 and the website administrator terminal 3. In addition, there may be user terminals 6 that do not belong to the subgroup in the user group.

  The access authority management device 1 includes a communication processing unit 11 that transmits and receives information to and from each terminal connected via a communication network, and a control unit (login request receiving unit) 12 that controls each processing unit of the access authority management device 1. Site access right registration unit (user group access right first registration means) 13 for performing registration processing as to which website a user group can access, registration of which web page a user group can access in one website In-site access right registration unit (user group access right second registration means) 14 for performing processing, and access permission determination unit (access permission) for determining permission or non-permission of access from the user terminal 6 to the website (that is, web server) Means, login completion recording means, re-login necessity determination means) 15 UG registration unit 16 that performs user group (UG) registration processing, SG registration unit 17 that performs registration processing of subgroups belonging to the user group, user registration unit (user registration means) 18 that performs registration processing for each user, job registration A job registration unit (job registration unit) 19 that performs processing, an access authority setting unit (user access right registration unit) 20 that sets access authority for each user, and a database 21 that stores various tables are provided.

FIG. 2 is a diagram illustrating a relationship among a web server, a website, and an information transmission / reception device.
In the present embodiment, a website is a collective unit of web pages (content information) transmitted by one web server, or a set of web pages transmitted for each different management entity in one web server. Or a collective unit name of web pages transmitted by a plurality of web servers. That is, a set unit of web pages in one or more web servers managed by the management entity is a website. The function of the web server corresponding to one website is an information transmitting / receiving device.

FIG. 3 is a diagram showing an outline of processing of the computer system.
Next, an outline of the computer system will be described.
In the computer system, the access authority management apparatus 1 performs a registration process of an access authority for a user group and an access authority for a user, and determines whether access to a plurality of websites is permitted or not. Here, the system administrator of the computer system performs registration processing (site access right registration processing) as to which Web site each user group can access to the access authority management apparatus. In addition, the website administrator uses the access authority management device to register a user group that can access the website managed by the website administrator and a web page that the user group can access in the website (intra-site access right registration process). Against. As described above, for example, this user group is an organization such as a company. Each user may belong to any one of a plurality of user groups, and may belong to any group among subgroups belonging to the user group. A subgroup is a unit of a user such as a department or section in a company.

  Also, the user group administrator performs access authority registration processing (subgroup access authority registration processing) for the subgroups in the user group for the access authority management apparatus 1, and the user group administrator or subgroup administrator The access authority management apparatus 1 is registered with the access authority of the users belonging to the group (job registration process). That is, the user group manager or the sub group manager determines the access authority assigned to each user within the range of access authority given by the system administrator or website administrator, and performs the registration process.

FIG. 4 is a diagram showing a work flow of each administrator in the computer system.
(1) First, the website administrator applies for user group registration. In this application, a user group name, user group manager information (name, department), and the like are provisionally registered in the access authority management apparatus using a web page.
(2) Next, the website administrator makes an application for setting the site access right for the user group that has applied for registration in the process of (1). In this application, information for identifying a user group, a website ID of a website that can be accessed by the user group, and the like are provisionally registered in the access authority management apparatus using a web page.

(3) Next, the system administrator approves user group registration based on the application (1). In this process, the registration request temporarily registered in the access authority management device 1 in (1) by the system administrator is displayed on the monitor of the system administrator terminal 2 using a web page, and a display button on the monitor is displayed. Press to give registration instructions. As a result, a user group ID is generated, and the user group ID and the application information provisionally registered in the access authority management device 1 are stored in another data table or the like by the processing of the access authority management device 1.
(4) Next, the system administrator approves the site access right setting based on the application (2). In this process, the registration application temporarily registered in the access authority management device 1 in (2) by the system administrator is displayed on the monitor of the system administrator terminal 2 using a web page, and the display button on the monitor is pressed. To give registration instructions. Thereby, the application information temporarily registered in the access authority management apparatus 1 is stored in another data table or the like by the process of the access authority management apparatus 1.

(5) When the approval of the site access right setting by the system administrator is completed, the website administrator next sets the in-site access right. In this process, the website administrator is a process of registering what information can be accessed for a user group that can access the website managed by the website administrator. At this time, the website administrator accesses the access authority management apparatus 1, displays the in-site access authority setting screen on the monitor using the web page, and performs registration. Then, the registered information is stored in the database 21 by the processing of the access authority management device 1.
(6) Next, the user group manager registers each user in the user group managed by the user group manager. In this process, the user group manager inputs information such as the name and department of each user into the web page and registers them in the access authority management apparatus 1. The registered information is stored in the database 21 by the processing of the access authority management device 1.
(7) Next, the user group manager registers a subgroup belonging to the user group managed by the user group manager. In this process, the user group manager inputs the name of the subgroup and the information of users belonging to the subgroup on the web page and registers them in the access authority management apparatus 1. The registered information is stored in the database 21 by the processing of the access authority management device 1.

(8) Next, the sub group manager performs job registration processing. In this process, the sub-group administrator registers the access authority necessary for performing a certain job among the access authorities granted to the sub-group by the system administrator, the website administrator, and the user group administrator ( Job registration). In other words, the access authority consisting of a combination of the contents of a web page transmitted on a predetermined website and information such as whether the web page can be browsed and information registered using the web page is registered in units of duties. In this process, the subgroup manager registers at least the job identification information and the access authority information in the access authority management apparatus 1 using a web page. The registered information is stored in the database 21 by the processing of the access authority management device 1.
(9) Next, the access authority of the job unit registered by the subgroup manager in (8) is set for the user (job setting). In this process, the subgroup administrator registers the identification information of the users belonging to the subgroup and the identification information of the duties in the access authority management apparatus 1 using a web page. The registered information is stored in the database 21 by the processing of the access authority management device 1.
Note that (10) and (11) in FIG. 4 are job registration processing and job setting processing by the user group manager. This process is the same as the processes (8) and (9). As described above, the job group registration and job setting process may be performed by the user group administrator.

FIG. 5 is a data structure showing the first user group management table.
As shown in this figure, a first user group management table (hereinafter referred to as a first UG management table) includes a user group ID, a website ID, and the contents of a web page transmitted on the website (first transmission contents identification information). ), An authority indicating what kind of access to the contents of the web page is stored in association with each other. In other words, in this first UG management table, which user group can access which website, and which web page indicates which of the web pages transmitted on the accessible website can be accessed, and which web page It holds information on whether such access is possible. The correspondence relationship between the user group ID and the website ID in the first UG management table is registered based on the site access right setting process by the system administrator in (4) described above. In addition, the correspondence relationship between the user group ID, the website ID, the contents, and the authority in the first UG management table is registered based on the above-described site access right setting process by the website administrator in (5). .

FIG. 6 is a data structure showing the second user group management table.
As shown in this figure, the second user group management table (hereinafter referred to as the second UG management table) includes a user group ID, a subgroup ID, a website ID, and the contents of the web page transmitted on the website (first (Transmission content identification information) and an authority indicating what kind of access to the web page can be stored in association with each other. In other words, in this second UG management table, which subgroup belonging to which user group can access which website, and information indicating which contents of the web pages transmitted on the accessible website can be accessed. It holds information on how to access web pages. Each piece of information registered in the second UG management table is registered based on the subgroup registration process by the user group manager (7) described above. This subgroup registration process may be performed by a subgroup administrator.

FIG. 7 is a data structure showing the first user management table.
As shown in this figure, the first user management table is a table that stores a user ID, a user group ID, and a subgroup ID in association with each other. That is, the first user management table indicates a user group to which the user belongs and a subgroup in the user group. This first user management table is registered based on the user registration process by the user group administrator (6) described above.

FIG. 8 shows a data structure showing the job management table.
As shown in this figure, the job management table includes job identification information, a website ID, the content of the web page transmitted on the website (first transmission content identification information), and details that further define the content. It is a table that stores the contents (second transmission content identification information) and the authority indicating what kind of access is possible to the web page in association with each other. In other words, the job management table can access which web page the user can access according to the job given to the user, and which web page indicates which of the web pages transmitted by the accessible website. It holds information on how to access web pages.

FIG. 9 shows the data structure of the second user management table.
As shown in this figure, the second user management table is a table that stores a user ID and job identification information in association with each other. In other words, this second user management table is a table showing duties assigned to each user.

FIG. 10 is a data structure showing the third user management table.
As shown in this figure, the third user management table includes the user ID, the website ID, the contents of the web page transmitted on the website, the detailed contents that further define the contents, and how to access the web page. This is a table for storing the authority indicating whether or not it can be accessed in association with each other. In other words, the third user management table allows the user to access which web page the user can access, and which web page indicates which of the web pages transmitted by the accessible website, and how to access the web page. Holds information on whether or not it can be accessed successfully. That is, by assigning duties to users as shown in the table of FIG. 9, not only is the access authority to a predetermined web page in the website granted, but also the websites for each user as shown in the table of FIG. You may make it grant the access authority to the predetermined information directly.
In the present embodiment, each of the above tables is stored in the database 21 of the access authority management apparatus 1, but they may be stored in separate databases.

Next, the details of the processing flow for registration of access authority in the computer system (4) to (11) will be described in order. It is assumed that the processes (1) to (3) have been completed in advance. Further, it is assumed that information (user name, password, etc.) of the system administrator, website administrator, and user administrator is registered in the access authority management apparatus 1 in advance.
FIG. 11 is a diagram showing a site access right setting screen. This screen is a screen that is displayed on the monitor on the system administrator terminal 2 by accessing the access authority management device 1 from the system administrator terminal 2 when the system administrator performs the site access right setting (4) described above. It is. In this site access right setting screen, a user group ID and a user group name are displayed, and a field for setting access permission is provided so that users in the user group can access. On the site access right setting screen, the system administrator registers which websites the user group can access, thereby specifying websites that users belonging to the user group can access.

FIG. 12 is a diagram showing a processing flow of site access right setting.
First, the system administrator uses the system administrator terminal 2 to access the access authority management apparatus 1 and instructs the display of the list for which the site access right setting application has been made in the process (2). Then, the site access right registration unit 13 of the access right management apparatus 1 reads the application information stored in the database 21 and transmits a web page displaying the contents to the system administrator terminal 2. When this web page is displayed on the monitor of the system administrator terminal 2, the system administrator selects one site access right setting application (step S101). Thereby, the access authority management apparatus 1 transmits the web page of the site access authority setting screen (step S102). Then, a site access right setting screen is displayed on the monitor of the system administrator terminal 2 (step S103).

  Next, when the system administrator presses the confirmation button on the site access right setting screen (step S104), the access authority management device 1 transmits a web page of the site access right setting confirmation screen to the system administrator terminal 2 ( Step S105). Then, on this confirmation screen, the system administrator presses the registration button (step S106). Then, the system administrator terminal 2 transmits the user group ID, the website ID, and the like held in the HTML text on the web page of the site access right setting screen to the access authority management apparatus 1. Next, the site access right registration unit 13 of the access right management apparatus 1 associates the received user group ID with the website ID and registers them in the first UG management table (step S107). Thereby, the site access right setting is completed, and which user group can access which website is registered in the access authority management apparatus 1. In this site access right setting process, in addition, authentication as to whether or not the user is a system administrator, determination as to whether or not the transition source screen is normal, and the like are performed.

  FIG. 13 is a diagram showing a site access right setting screen. This screen is used when the website administrator performs the access authority setting in (5) described above to access the access authority management apparatus 1 using the website administrator terminal 3, and the website administrator terminal 3 It is a screen displayed on a monitor. In this in-site access right setting screen, a user group ID and a user group name are displayed, and a field for setting which contents of the web page the user in the user group can access is displayed. Is provided. In this field, a non-selection field (a) for displaying a list of contents of all web pages transmitted on the website and authority to access the web page, and a web page selected by the website administrator There is a selection field (b) for displaying a list. By specifying the content of information accessible to users belonging to the user group on the site access right setting screen, the website administrator can determine which content information on which website the user belonging to the user group can access. You can register.

FIG. 14 is a diagram showing a processing flow for setting access rights within a site.
First, the website manager uses the website manager terminal 3 to access the access authority management apparatus 1 and instructs the display of the list in which the site access authority setting has been registered in the process (4). Then, the in-site access right registration unit 14 of the access right management device 1 reads the registered information of the site access right setting stored in the database 21 and displays the web page displaying the contents thereof as the website administrator. Transmit to terminal 3. When this web page is displayed on the monitor of the website manager terminal 3, the website manager selects a user group for which one site access right is set (step S201). Thereby, the access authority management apparatus 1 transmits the web page of the in-site access authority setting screen to the website administrator terminal 3 (step S202). Then, a site access right setting screen is displayed on the monitor of the website manager terminal 3 (step S203).

  Next, the website administrator selects items to be assigned to the user group from the list displayed in the non-selection field (a) on the in-site access right setting screen, that is, the website name, information in the website, and its access authority. Is selected (step S204). Then, the selected item is displayed in the selection column (b). When the combination of the contents of the accessible web page and the access authority is selected, a confirmation button is pressed (step S205). Then, the access authority management device 1 transmits a web page of the confirmation screen for setting the access authority in the site to the system administrator terminal 2 (step S206). On this screen, a list selected by the website administrator is displayed. Then, on this confirmation screen, the website administrator presses the registration button using an input device such as a mouse (step S207). Then, the website manager terminal 3 uses the user group ID, the website ID, the identification information of the contents of the web page, the access authority, etc., which are stored in the HTML text on the web page of the in-site access right setting screen. Is transmitted to the access authority management apparatus 1.

  Next, the site access right registration unit 13 of the access right management apparatus 1 determines the user group ID and the web from the combination of the received user group ID, the website ID, the identification information of the content of the web page transmitted by the web server, and the access right. The site ID is read and registered in the first UG management table in which they are already registered in association with the identification information and access authority of the contents of the web page transmitted by the web server (step S208). As a result, the access right setting in the site is completed, and which user group user can register in the access authority management apparatus 1 what type of web page transmitted by which website can be accessed. . In this intra-site access right setting process, other authentication such as whether the access to the access right management apparatus 1 is a website administrator is performed.

  FIG. 15 shows a user registration screen. This screen is used to access the access authority management device 1 using the UG administrator terminal 4 when the user group administrator registers a user belonging to the user group managed by the user group administrator, and on the monitor of the UG administrator terminal 4 It is a screen to be displayed. In this user registration screen, the user group ID and the user group name are displayed, and the user name of the user belonging to the user group and the attribute information of the user (affiliation department and contact information, subgroup information, user (Such as the job function to be set to).

FIG. 16 is a diagram showing a processing flow of user registration.
The user group manager registers each user who belongs to the user group managed by the user group with respect to the access authority management apparatus 1. First, the user group manager accesses the access authority management apparatus 1 using the UG manager terminal 4 and makes a user registration request (step S301). Then, the user registration unit 18 of the access authority management device 1 transmits the web page of the user registration screen to the UG manager terminal 4 (step S302). Then, a user registration screen is displayed on the monitor of the UG manager terminal 4 (step S303). On the user registration screen, an input field for user name and user attribute information and a user group name are displayed. On the user registration screen displayed on the monitor of the UG administrator terminal 4, the user group manager inputs a user name, user attributes, and the like, and presses a confirmation button (step S304). Then, the UG administrator terminal 4 transmits the input user name, user attribute, and user group ID to the access authority management apparatus 1. When the user registration unit 18 of the access authority management apparatus 1 receives the information transmitted from the UG manager terminal 4, the user registration unit 18 generates a user ID (step S305). Then, the user registration unit 18 associates the generated user ID with the received user group ID, user name, and user attribute information and registers them in the first user management table of the database 21 (step S306). In FIG. 7, the first user management table shows a state in which only the user ID and the user group ID are associated with each other. Through the above processing, user registration is completed, and information on users belonging to the user group is registered. In addition, in this user registration processing, authentication such as whether or not the access to the access authority management device 1 is a user group manager is performed.

FIG. 17 shows a subgroup registration screen.
This screen accesses the access authority management device 1 using the UG administrator terminal 4 when the user group administrator registers the subgroup belonging to the user group and sets the access right to the subgroup. It is a screen displayed on the monitor of the UG manager terminal 4. In this subgroup registration screen, set the subgroup name entry field, the subgroup administrator name and its attribute entry field, and the contents of the web page of which website can be accessed by the users in the sub group. A column to do is provided. In this column, a non-selection column (c) for displaying a list of in-site access rights set for the user group to which the sub-group belongs by the processing of (5) above, and a user group administrator from among them There is a selection field (d) for displaying a list of access rights within the site selected by. On the subgroup registration screen, the user group administrator must enter the information of the subgroup administrator and specify the site access rights to be given to the subgroup among the site access rights given to the user group. Thus, it is possible to register which user can access which web page of which website in the subgroup.

FIG. 18 is a diagram showing a processing flow of subgroup registration.
First, the user group manager accesses the access authority management apparatus 1 using the UG manager terminal 4 and makes a subgroup registration request (step S401). Then, the SG registration part 17 of the access authority management apparatus 1 transmits the web page of a subgroup registration screen to the UG administrator terminal 4 (step S402). At this time, the SG registration unit 17 reads the in-site access right associated with the ID of the user group to which the user group administrator belongs and is registered in the first UG management table, and sets the in-site access right in the non-selection field ( c) is transmitted to the UG manager terminal 4 as information to be displayed. Then, in the non-selection column (c), a subgroup registration screen displaying the in-site access right given to the user group is displayed on the monitor of the UG manager terminal 4 (step S403).

  Next, the user group manager inputs the subgroup manager name and the attribute information of the subgroup manager on the subgroup registration screen. Further, an item to be assigned to the subgroup is selected from the list displayed in the non-selection column (c) (step S404). Then, the selected item is displayed in the selection column (d). When the site access right assigned to the subgroup is selected, the user group administrator presses a confirmation button (step S405). Then, the access authority management apparatus 1 transmits the web page of the confirmation screen for subgroup registration to the UG manager terminal 4 (step S406). On this screen, the in-site access right selected by the user group manager and the information of the sub group manager are displayed. Then, on this confirmation screen, the user group administrator presses the registration button (step S407). Then, the UG administrator terminal 4 is held in the HTML text on the web page of the subgroup registration screen and the information on the subgroup manager input on the subgroup registration screen and the information on the selected access right in the site. A user group ID, a website ID, and the like are transmitted to the access authority management apparatus 1.

  Next, when the access authority management apparatus 1 receives the information transmitted from the UG administrator terminal 4, the SG registration unit 17 generates a subgroup ID (step S408). Then, the SG registration unit 17 registers the generated subgroup ID and the information received from the UG administrator terminal 4 in the second UG management table stored in the database 21 in association with each other (step S409). In the second UG management table of FIG. 6, the user group ID, the subgroup ID, the website ID, the in-site access right (the contents of the accessible web page among the information transmitted by the website, and the web page of the contents) (Access authority indicating what kind of access is possible) is registered in association with each other. As a result, the subgroup registration process is completed, and which subgroup users can register in the access authority management apparatus 1 as to what type of web page transmitted by which website can be accessed. . In the subgroup registration process, authentication of whether or not the access to the access authority management apparatus 1 is a user group manager is performed. The subgroup registration and resetting process may be performed using the user registration screen (FIG. 15) in the above-described user registration process, or may be performed on the following subgroup belonging user setting screen (FIG. 19). It may be.

FIG. 19 is a diagram showing a subgroup belonging user setting screen.
This screen is a screen that is displayed on the monitor of the UG administrator terminal 4 by accessing the access authority management device 1 using the UG administrator terminal 4 when the user group administrator sets the users belonging to the subgroup. is there. In this subgroup belonging user setting screen, fields for selecting subgroup manager information (such as the manager name) and users belonging to the subgroup are provided. In this column, a user who has been registered on the above-described user registration screen and displays a user list of a user group to which the user group administrator belongs, and a user group administrator selects from among these are displayed. There is a selection field (f) for displaying a list of selected users. The user group manager registers which user among the users belonging to the user group the user belonging to the subgroup by selecting a user belonging to the subgroup on the subgroup belonging user setting screen.

FIG. 20 is a diagram showing a processing flow for setting a subgroup belonging user.
When the user group manager ends the above-described subgroup registration process, the user group manager sets the users belonging to the subgroup. First, the user group manager accesses the access authority management apparatus 1 using the UG manager terminal 4 and makes a subgroup affiliation user setting request (step S501). Then, the SG registration unit 17 of the access authority management apparatus 1 transmits the web page of the subgroup belonging user setting screen to the UG manager terminal 4 (step S502). At this time, the SG registration unit 17 reads the user ID, the user name, and the like that are associated with the ID of the user group to which the user group administrator belongs and is registered in the first user management table, and does not select the user name, etc. The information to be displayed in the column (e) is transmitted to the UG manager terminal 4. Then, in the non-selection column (e), a subgroup belonging user setting screen displaying all users in the user group to which the user group manager belongs is displayed on the monitor of the UG manager terminal 4 (step S503).

  Next, the user group manager selects a user belonging to the sub group from the list displayed in the non-selection column (e) on the sub group belonging user setting screen (step S504). Then, the selected item is displayed in the selection field (f). When a user belonging to the sub group is selected, the user group manager presses a confirmation button (step S505). Then, the access authority management apparatus 1 transmits the web page of the confirmation screen for subgroup belonging user setting to the UG administrator terminal 4 (step S506). On this screen, a list of users selected by the user group manager is displayed. Then, on this confirmation screen, the user group administrator presses the registration button (step S507). Then, the UG administrator terminal 4 uses the ID of the user selected on the subgroup belonging user setting screen, the user group ID, the subgroup ID, etc. held in the HTML text of the web page of the subgroup belonging user setting screen. Is transmitted to the access authority management apparatus 1.

  Next, when the access authority management apparatus 1 receives the information transmitted from the UG administrator terminal 4, the SG registration unit 17 determines the user ID from the user ID, user group ID, and subgroup ID received from the UG administrator terminal 4. And the user group ID are registered, and the received subgroup ID is associated and registered in the first user management table in which the combination is already registered (step S508). Note that the first user management table of FIG. 7 shows a state in which a user ID, a user group ID, and a subgroup ID are registered in association with each other. As a result, the subgroup belonging user setting process is completed, and the users belonging to the subgroup are registered. In this subgroup belonging user setting process, authentication of whether or not the access to the access authority management apparatus 1 is a user group manager is performed. Further, the subgroup manager may perform the subgroup affiliation user setting process.

FIG. 21 is a diagram showing a job registration screen.
This screen is used to access the access authority management device 1 using the SG administrator terminal 5 when the subgroup administrator sets the detailed access right to the web page used by the user performing the predetermined function. And a screen displayed on the monitor of the SG manager terminal 5. In the present embodiment, the job registration process may be performed by a subgroup administrator or a user group administrator. In this job registration screen, the website selection field, the field for selecting the content of the web page transmitted by the website, the field for inputting the job title, and the content of the web page transmitted by the website are further detailed. A non-selection field (g) for displaying a list of the detailed contents defined in the above and its access authority, and a selection field for displaying a list of combinations of the detailed contents and the access authority selected by the subgroup administrator from the non-selection field (H) exists. The sub-group manager registers the job to be registered and the job that can be accessed to the web page with the detailed content in the web page with the content transmitted by which web site.

FIG. 22 is a diagram showing a processing flow for job registration.
Next, the subgroup manager performs job registration. First, the subgroup manager accesses the access authority management apparatus 1 using the SG manager terminal 5 and makes a job registration request (step S601). Then, the job registration unit 19 of the access authority management apparatus 1 transmits a web page of the job registration screen to the SG manager terminal 5 (step S602). At this time, the job registration unit 19 reads the in-site access right associated with the user group to which the subgroup manager belongs and the ID of the subgroup and registered in the second user management table, and the in-site access right The SG administrator terminal as information to be read from a table or the like that defines the detailed contents of the detailed contents and the access authority that define the contents of the accessible web page shown in FIG. To 5. Then, in the non-selection column (g), a job registration screen holding information on the detailed contents of the in-site access right that can be set for the subgroup to which the subgroup manager belongs is displayed on the monitor of the SG manager terminal 5 ( Step S603).

  Next, on the job registration screen, the sub-group manager selects a website to be accessed according to the job and the content of information transmitted on the website, and inputs the job name in the job name input field. Then, detailed content information that defines the content of the selected information in more detail is displayed in the non-selection column (g). Then, the subgroup manager selects the detailed contents of the access right in the site that can be accessed by the user as a job from the list displayed in the non-selection column (g) (step S604). Then, the selected item is displayed in the selection column (h). When the detailed content of the access right within the site is selected, the subgroup manager presses a confirmation button (step S605). Then, the job registration unit 19 of the access authority management apparatus 1 transmits a web page of a job registration confirmation screen to the SG manager terminal 5 (step S606). In this confirmation screen, the website name selected by the subgroup manager, the contents of the web page transmitted by the website, the job name, and the detailed contents of the web page accessible as the job are displayed. Then, on this confirmation screen, the subgroup administrator presses the registration button (step S607). Then, the SG administrator terminal 5 includes the ID of the website selected on the job registration screen, the content of the information transmitted on the website, the detailed content of the information that can be accessed by the job among the information on the content, The access authority and the like are transmitted to the access authority management apparatus 1.

  Next, when the access authority management apparatus 1 receives the information transmitted from the SG administrator terminal 5, the job registration unit 19 associates the received information and registers it in the job management table (step S608). In the job management table of FIG. 8, the job name, the website ID, the content of the web page transmitted on the website, the detailed content of the web page that can be accessed by the job among the web pages of the content, It shows a state in which an access authority indicating what kind of access can be made to the detailed contents is registered in association with each other. This completes registration (duty registration) of what access to which web page in which website can be performed in the duties performed by the users belonging to the subgroup. In the job registration process, authentication of whether or not the access to the access authority management apparatus 1 is a subgroup manager is performed.

FIG. 23 is a diagram showing a job setting screen.
This screen is used to access the access authority management apparatus 1 using the SG administrator terminal 5 when the subgroup administrator assigns the job registered in the job registration described above to the user belonging to the subgroup, and the SG administrator terminal. 5 is a screen displayed on the monitor 5. The job setting process may be performed by a subgroup manager or a user group manager. In this job setting screen, there are provided columns for selecting a website name to be accessed in the job, the contents of the web page transmitted by the website, the job name, and a user belonging to the subgroup. In this column, a non-selection column (i) for displaying a list of users in the subgroup registered on the above-described subgroup belonging user setting screen and a list of users selected by the subgroup administrator from among them are displayed. There is a selection field (j). The sub-group manager registers which job is assigned to which user belonging to the sub-group by selecting a user to which the job is assigned on the job setting screen.

FIG. 24 is a diagram showing a processing flow of job setting.
When the above-described job registration process is completed, the subgroup manager performs a job setting process for assigning jobs to users belonging to the subgroup managed by the subgroup manager. First, the subgroup manager accesses the access authority management apparatus 1 using the SG manager terminal 5 and requests a job setting (step S701). At this time, in order to specify which job is set for the user, the job is selected on the web page. Then, the access authority setting unit 20 of the access authority management apparatus 1 transmits a web page of a job setting screen for the selected job to the SG manager terminal 5 (step S702). At this time, the access authority setting unit 20 reads the user ID and user name associated with the ID of the subgroup managed by the subgroup administrator and registered in the first user management table. The name is transmitted to the SG administrator terminal 5 as information to be displayed in the non-selection column (i). In the non-selection column (i), the job setting screen displaying all users in the subgroup to which the subgroup manager belongs is displayed on the monitor of the SG manager terminal 5 (step S703).

  Next, the subgroup manager selects a user to whom a job is assigned from the list displayed in the non-selection field (i) on the job setting screen (step S704). Then, the selected item is displayed in the selection column (j). When the user to whom the job is assigned is selected, the subgroup manager presses a confirmation button (step S705). Then, the access authority management apparatus 1 transmits the web page of the job setting confirmation screen to the SG administrator terminal 5 (step S706). On this screen, a list of users selected by the subgroup manager, that is, users to whom duties are assigned, is displayed. Then, on this confirmation screen, the subgroup administrator presses the registration button (step S707). Then, the SG administrator terminal 5 displays the user ID of the user selected on the job setting screen, the job identification information (job name, job ID, etc.) held in the HTML text of the web page of the job setting screen. To the access authority management apparatus 1.

  Next, when the access authority management device 1 receives the information transmitted from the SG administrator terminal 5, the access authority setting unit 20 reads the user ID and job identification information received from the SG administrator terminal 5, and the second user Registration is performed in association with the management table (step S708). The second user management table in FIG. 9 shows a state where the user ID and job name are registered in association with each other. As a result, the job setting process ends, and the assignment of the job to the user ends. In the job setting process, other authentication such as whether or not the access to the access authority management apparatus 1 is a subgroup manager is performed. The job setting process may be performed using the user registration screen (FIG. 15) in the above-described user registration process. In this case, the user group manager selects a job from the non-selection column and performs registration.

  In addition to the method of granting the access authority to the website to each user by the job setting as described above, the access authority to the website may be individually given to each user. For example, the access authority setting screen is a screen for setting access authority for one user in the subgroup, and is assigned to the user from the list of detailed contents of the web page transmitted by the website using this screen. Select the details and give a registration instruction. Then, the access authority setting unit 20 of the access authority management apparatus 1 includes a user ID, a website ID that can be accessed by the user, and the contents of a web page that can be accessed by the user among the contents of the web page transmitted by the website. The detailed contents defining the contents in detail and the access authority indicating what kind of access is possible to the web page are received from the SG administrator terminal 5, and they are associated with each other in the third user management table (FIG. 10). ).

  Thereby, the access authority to the website for each user of the subgroup is set. When the user accesses the website, the access permission determination unit 15 of the access authority management device 1 determines whether the access is permitted based on the access authority registered in the second user management table or the third user management table. judge.

FIG. 25 is a diagram showing a user setting change screen.
This screen is a screen that is displayed on the monitor of the UG administrator terminal 4 by accessing the access authority management device 1 using the UG administrator terminal 4 when the user group administrator changes the settings of the users belonging to the user group. It is. On this user setting change screen, a user group ID, a user group name, a user ID, a user name, a user group name to which the user belongs, a subgroup name, a department, a contact address, and the like are displayed.

FIG. 26 is a diagram showing a processing flow for changing user settings.
The user group manager can change the information set for the user on the user setting change screen. The user group manager accesses the access authority management apparatus 1 using the UG manager terminal 4 and makes a user setting change request (step S801). Then, the user registration unit 18 of the access authority management apparatus 1 transmits the web page of the user setting change screen to the UG manager terminal 4 (step S802). Then, a user setting change screen is displayed on the monitor of the UG manager terminal 4 (step S803).

  Next, when the user group administrator changes the information such as the subgroup and department in the user setting change screen and presses the confirmation button (step S804), the access authority management apparatus 1 displays the user setting change confirmation screen. The web page is transmitted to the UG manager terminal 4 (step S805). Then, on this confirmation screen, the user group administrator presses the registration button (step S806). Then, the UG administrator terminal 4 transmits the user ID, the user group ID, the sub group ID, and the like held in the HTML text of the web page of the confirmation screen to the access authority management apparatus 1. These pieces of information are registered in the first user management table (step S807), and the user setting change ends.

  In addition, when a user who belongs to a user group or a sub group is newly granted access authority to another website, that is, the user group ID, website ID, and website are already added to the first UG management table. A combination of information of website access rights (access rights indicating the contents of the web page and what kind of access to the web page) indicating the accessible web page among the web pages transmitted by is registered, and In the case of registering another combination of information, the same processing as the above-described (4) user access right setting processing may be performed again. In addition, the same processing can be repeated for the site access right setting, user registration, subgroup registration, job registration, job setting, etc., when a user is newly given access authority to another website. .

  By the above processing, the system administrator registers which user group can access which website, and the website administrator can access which web page of the web pages transmitted by the website managed by the system administrator. Is registered for the user group, the user group administrator registers the subgroup, and the subgroup administrator registers the access authority for the duties of the users in the subgroup that he / she manages, and the subgroup The administrator assigns duties to users in subgroups managed by the administrator. As a result, each administrator sequentially registers the access authority within the given range, so even when a large number of users use a computer system having a plurality of websites, the amount of access authority registration processing Are distributed, and the process of assigning access rights to the users of each administrator can be reduced. In addition, registration of user access authority for a plurality of websites can be performed by one access authority management device. Therefore, even when a website is further added to the computer system, it is not necessary to provide the function of a user access authority management device to the added website, thereby reducing the effort for system construction. Can be reduced.

Next, a user's website access process will be described.
The user accesses the website and enters the login ID and password to be authenticated. Then, the user terminal 6 displays the website of the website on the monitor. At this time, the web server that transmits the web page of the website transmits the user ID received when accessing the home page from the user terminal 6 to the access authority management apparatus 1. Then, the access permission determination unit 15 of the access authority management apparatus 1 reads the job identification information registered in the second user management table using the user ID as a key, and registers it in the job management table in association with the job. The web site ID, the content of the web page accessible on the website indicated by the web site ID, the detailed content, and the access authority are read. Then, the access permission determination unit 15 of the access authority management apparatus 1 holds the read various information as an access authority management object in the memory area allocated to the user. When the user uses the user terminal 6 to specify a web page to be transmitted by the website, the user terminal 2 transmits an access request to the access authority management device 1.

  This access request stores at least the user ID, identification information indicating the content of the web page, and identification information indicating the detailed content. Then, the access permission determination unit 15 of the access authority management apparatus 1 includes information stored in the access request and information included in the access authority management object (identification information indicating the contents of the web page and identification information indicating the detailed contents). And compare. If the comparison results match, in the access authority management object, the access permission with the access authority registered in association with the identification information indicating the content of the web page and the identification information indicating the detailed contents is displayed. Send to site. Then, the web server corresponding to the website transmits the web page designated by the user terminal 6 to the user terminal 6. The access authority includes web page browsing permission (R: Read), web page writing permission (W: Write), and the like. The user terminal 6 obtains a cookie from the web server when accessing the website. This cookie is managed in the database 21 of the access authority management apparatus 1 in association with the user ID.

  In the above-described website access processing, the access permission is determined using the duties assigned to the users belonging to the subgroup, but the assignment is made to the users not belonging to the subgroup. It may be possible to determine whether the user who does not belong to the subgroup can access from the user terminal 6 by the same process as described above. In addition, when the user ID stored in the access request, the contents of the web page to be accessed, the detailed contents, etc. are compared with the information recorded in the user management table without using the job information, Access permission may be determined using the access authority registered in the user management table in association with the user ID, the contents of the web page to be accessed, and the detailed contents.

  In addition, the user can access a plurality of websites based on the detailed access authority assigned to the user. At this time, when logging in to one website, a cookie is held in the user terminal 6, so that when a user tries to display a web page of another website, the function of the accessed website is controlled. The holding web server acquires a cookie (information storing user ID, access history information, etc.) from the user terminal 6 and stores the cookie and the cookie stored in the database 21 when accessing the transition source website. Are compared. If the user ID and information indicating access to a series of websites are held and matched in the two cookies, access to other websites can be logged in without authentication. By the above processing, the user can access without re-authentication when sequentially changing the access to the website to which other access authority is given.

  The access authority management apparatus described above has a computer system inside. The process described above is stored in a computer-readable recording medium in the form of a program, and the above process is performed by the computer reading and executing this program. Here, the computer-readable recording medium means a magnetic disk, a magneto-optical disk, a CD-ROM, a DVD-ROM, a semiconductor memory, or the like. Alternatively, the computer program may be distributed to the computer via a communication line, and the computer that has received the distribution may execute the program.

  The program may be for realizing a part of the functions described above. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, and what is called a difference file (difference program) may be sufficient.

It is a block diagram which shows the structure of a computer system. It is a figure which shows the relationship between a web server, a website, and information transmission / reception. It is a figure which shows the process outline | summary of a computer system. It is a figure which shows the work flow of each administrator in a computer system. It is a data structure which shows a 1st user group management table. It is a data structure which shows a 2nd user group management table. It is a data structure which shows a 1st user management table. It is a data structure which shows a job management table. It is a data structure which shows a 2nd user management table. It is a data structure which shows a 3rd user management table. It is a figure which shows a site access right setting screen. It is a figure which shows the processing flow of a site access right setting. It is a figure which shows a site access right setting screen. It is a figure which shows the processing flow of site access right setting. It is a figure which shows a user registration screen. It is a figure which shows the processing flow of user registration. It is a figure which shows a subgroup registration screen. It is a figure which shows the processing flow of subgroup registration. It is a figure which shows a subgroup affiliation user setting screen. It is a figure which shows the processing flow of a subgroup affiliation user setting. It is a figure which shows the job registration screen. It is a figure which shows the processing flow of job registration. It is a figure which shows the duties setting screen. It is a figure which shows the processing flow of duties setting. It is a figure which shows a user setting change screen. It is a figure which shows the processing flow of a user setting change.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 ... Access authority management apparatus, 2 ... System administrator terminal, 3 ... Website administrator terminal, 4 ... UG administrator terminal, 5 ... SG administrator terminal, 6 ... User terminal

Claims (7)

An access authority management device that manages access authority for each of a plurality of websites ,
From the system administrator terminal, and the group identification information, accepting a combination of identification information of the web site that can be accessed user belonging to the group, and site access right registration means for registering in association in the group management table,
Accepting access from the website administrator terminal, identification information of the group registered tied to the group management table identification information of the web site to manage the website administrator operating the website administrator terminal And a website access authority setting screen including a list of access authorities for each content information in the website managed by the website administrator that can be accessed by users belonging to the group, and the website administrator From the terminal, the access authority for the content information in the website, which is input using the intra-site access right setting screen, is received, and the received information includes the identification information of the registered group and the identification information of the website . The group management table is associated with the combination. And site access right registration means for registering,
A user registration request is received from the group manager terminal, and a user registration screen for inputting attribute information of a user belonging to the group manager group operating the group manager terminal is transmitted to the group manager terminal, and the group A combination of the identification information of the group and the attribute information of the user belonging to the group input using the user registration screen is received from the administrator terminal, and the received information is newly generated. User registration means for registering in the user management table in association with
Receiving a job registration request from the group manager terminal, and identifying information of the website registered in the group management table linked to the group identification information of the group manager who operates the group manager terminal; A job registration screen showing a list of access rights for each content information in the website and an input field for job identification information is transmitted, and input from the group administrator terminal using the job registration screen. Job registration that accepts a combination of job identification information, identification information of a website that can be accessed by a user of the job indicated by the job identification information, and access authority to content information in the website, and registers it in the job management table Means,
A job setting screen for receiving a job setting request from the group manager terminal, inputting job identification information from the group manager terminal, and setting a user who performs the job indicated by the job identification information. A job setting screen showing a list of identification information of users registered in the user management table in association with identification information of the group to which the group administrator who operates the administrator terminal belongs, and from the group administrator terminal Accepting a combination of the user identification information input using the job setting screen and the input job identification information, a job setting means for registering in association with the user management table;
An access authority management device comprising: An access request to the content information, the access request storing the user identification information, the identification information of the access destination website, and the content information is received, and the user management table is referred to based on the access request And an access permission determining means for permitting access to the content information stored in the access request based on the access request and information stored in the user management table. The access authority management apparatus according to 1. The access permission determining means includes
  The job identification information linked to the user identification information included in the access request is read and registered in the user management table, and the job identification information linked to the read job identification information is registered in the job management table. Access including information on the website identification information and the access authority to the content information in the website, and the read job identification information, website identification information, and access authority to the content information in the website Hold the rights management object in memory,
  A combination of the user identification information, the website identification information, and the content information included in the access request to the content information includes the user identification information included in the access authority management object, the website identification information, If the combination of the content information in the website matches, the access permission based on the access right for the content information included in the access right management object, the website identification information included in the access request to the content information Send to the website indicated by
  The access authority management apparatus according to claim 2, wherein The group manager terminal is a user group terminal operated by a user group manager, and a subgroup terminal operated by a subgroup manager belonging to a subgroup set in a user group to which the user group manager belongs. Either
The site access right registration means accepts a combination of user group identification information and website identification information accessible to a user belonging to the user group from the system administrator terminal, and registers it in association with the user group management table. And
The in-site access right registration means accepts access from a website manager terminal and is associated with the identification information of the website managed by the website manager who operates the website manager terminal. In-site access right including identification information of a user group registered in the management table and a list of access rights for each content information in the website managed by the website administrator that can be accessed by users belonging to the user group The setting screen is transmitted, and the access authority for the content information in the website input from the website administrator terminal using the in-site access right setting screen is received, and the received information is registered. User group identification and website In association with a combination of the identification information, registered in the user group management table,
A user registration screen for accepting a user registration request from the user group manager terminal and inputting attribute information of users belonging to a user group of a user group manager operating the user group manager terminal; Sending to the user group manager terminal and accepting a combination of the identification information of the user group and the attribute information of the user belonging to the user group input using the user registration screen from the user group manager terminal The received information is registered in the user management table in association with the newly generated user identification information,
further,
A subgroup registration request is received from the user group manager terminal and registered in the user group management table in association with the identification information of the user group to which the user group manager operating the user group manager terminal belongs. The user group displays a subgroup registration screen that reads the access authority for each content information in the website managed by the website administrator that can be accessed by the users belonging to the user group, and displays a list of the access authority for each of the content information The user group manager terminal who receives the access authority to the content information in the website from the user group manager terminal and operates the user group manager terminal is transmitted to the manager terminal. The identification information of the group, the identification information of the newly generated subgroup, and the access authority for the received content information are associated and registered in the user group management table, and the subgroup is also transmitted from the user group manager terminal. A list of identification information of the user registered in the user management table in association with the identification information of the user group to which the user group manager to whom the user group manager terminal operating the user group manager terminal belongs is received A subgroup belonging user setting screen is transmitted to the user group manager terminal, and the user group manager terminal accepts the identification information of the user input using the subgroup belonging user setting screen. The user is associated with the identification information of the subgroup. It comprises a subgroup registration means for registering in the management table, and
The job registration means receives the job registration request from the subgroup manager terminal, and is associated with the identification information of the subgroup to which the subgroup manager who operates the subgroup manager terminal belongs to the user group management table. A job registration screen showing a list of website identification information registered in the website, access rights for each content information in the website, and an input field for job identification information, and the subgroup manager terminal Thus, a combination of job identification information, website identification information that can be accessed by a user of the job indicated by the job identification information, and access authority for the content information in the website, entered using the job registration screen Is registered in the job management table,
The job setting unit receives a job setting request from the subgroup manager terminal, inputs job identification information from the subgroup manager terminal, and sets a user who performs the job indicated by the job identification information Job setting screen showing a list of identification information of users registered in the user management table in association with identification information of the subgroup to which the subgroup administrator who operates the subgroup administrator terminal belongs And receiving a combination of the user identification information input using the job setting screen and the input job identification information from the subgroup manager terminal, and associating it with the user management table. The access authority management apparatus according to any one of claims 1 to 3, wherein registration is performed . And identification information of a user group or subgroup from User chromatography The terminal via a communication network, and the login request receiving means for receiving a login request including the identification information of the web site,
Login completion information is transmitted to the user terminal, and login completion information is stored in the login completion information;
In the case where the identification information of the website included in the login request is received again as a login request as identification information of another website , the login completion information transmitted to the user terminal is received from the user terminal, Re-login necessity determination means for determining whether or not re-authentication is necessary by comparing with the stored login completion information,
The access permission determination means permits access to content information based on the access request and information stored in the user management table when re-authentication is not required. Item 5. The access authority management device according to Item 4 . An access right management method in an access right management device for managing the right of access to each of a plurality of websites ,
Site access right registration unit, from the system administrator terminal receives identification information of the group, a combination of identification information of the web site that can be accessed user belonging to the group, to register association with the group management table,
The in-site access right registration means accepts access from the website manager terminal and is associated with the identification information of the website managed by the website manager who operates the website manager terminal. The site access right setting screen including the identification information of the group registered in the website and a list of access rights for each content information in the website managed by the website administrator that can be accessed by users belonging to the group is transmitted. In addition, the access authority for the content information in the website input from the website administrator terminal using the in-site access right setting screen is accepted, and the received information is the identification information of the registered group . and with corresponding to the combination of the identification information of the web site Te, it was registered in the group management table,
User registration means, from a group administrator terminal in response to a user registration request, transmits a user registration screen for inputting the attribute information of users belonging to the group of the group manager operating the group manager terminal to the group manager terminal In addition, a combination of the group identification information and the attribute information of the user belonging to the group input using the user registration screen is received from the group manager terminal, and the received information is newly generated. Registered in the user management table in association with the user identification information ,
The job registration means receives a job registration request from the group manager terminal, and is registered in the group management table in association with the identification information of the group to which the group manager who operates the group manager terminal belongs. A job registration screen showing a list of site identification information and access authority for each content information in the website and an input field for job identification information is transmitted, and the job registration screen is displayed from the group manager terminal. A job management table that accepts a combination of job identification information, a web site identification information that can be accessed by a user of the job indicated by the job identification information, and an access authority for the content information in the website, Register with
The job setting means is a job setting screen for receiving a job setting request from the group manager terminal, inputting job identification information from the group manager terminal, and setting a user who performs the job indicated by the job identification information. A job setting screen showing a list of identification information of users registered in the user management table in association with identification information of a group to which the group administrator who operates the group administrator terminal belongs, and A combination of the user identification information input using the job setting screen and the input job identification information is received from a group manager terminal and registered in association with the user management table. Access right management method. A program to be executed by a computer of an access authority management device that manages access authority to each of a plurality of websites ,
From the system administrator terminal, and identification information of the group receives the combination of the identification information of the web site that can be accessed user belonging to the group, and site access right registration process of registering in association in the group management table,
Accepting access from the website administrator terminal, identification information of the group registered tied to the group management table identification information of the web site to manage the website administrator operating the website administrator terminal And a website access authority setting screen including a list of access authorities for each content information in the website managed by the website administrator that can be accessed by users belonging to the group, and the website administrator From the terminal, the access authority for the content information in the website, which is input using the intra-site access right setting screen, is received, and the received information includes the identification information of the registered group and the identification information of the website . The group management table is associated with the combination. And site access right registration process of registering,
A user registration request is received from the group manager terminal, and a user registration screen for inputting attribute information of a user belonging to the group manager group operating the group manager terminal is transmitted to the group manager terminal, and the group A combination of the identification information of the group and the attribute information of the user belonging to the group input using the user registration screen is received from the administrator terminal, and the received information is newly generated. User registration processing for registering in the user management table in association with
Receiving a job registration request from the group manager terminal, and identifying information of the website registered in the group management table linked to the group identification information of the group manager who operates the group manager terminal; A job registration screen showing a list of access rights for each content information in the website and an input field for job identification information is transmitted, and input from the group administrator terminal using the job registration screen. Job registration that accepts a combination of job identification information, identification information of a website that can be accessed by a user of the job indicated by the job identification information, and access authority to content information in the website, and registers it in the job management table Processing,
A job setting screen for receiving a job setting request from the group manager terminal, inputting job identification information from the group manager terminal, and setting a user who performs the job indicated by the job identification information. A job setting screen showing a list of identification information of users registered in the user management table in association with identification information of the group to which the group administrator who operates the administrator terminal belongs, and from the group administrator terminal Accepting a combination of user identification information input using the job setting screen and the input job identification information, and registering the user linked to the user management table;
A program that causes a computer to execute.

Images