JP5637501B2 - Document management system and document management method - Google Patents

Description

  The present invention relates to a document management system and a document management method.

  In recent years, the proportion of non-regular employees such as contract employees, temporary employees, and part-time employees has increased in accordance with the impact of the recession and the needs of the company and individuals. For example, there are many cases where a person who has retired from the company is re-employed as a non-regular employee. For employers, it is cheaper to establish employment relationships as non-regular employees than to establish employment relationships as regular employees. There are advantages in terms of labor costs, such as easy to do.

  Re-employment is to re-employ a person who has retired in a different form of employment, and when the employment relationship with the workplace is temporarily terminated, the ID and authority etc. at the company granted to that person are It is generally erased. Therefore, the reemployer also has an access right for accessing document data (for example, an electronic document stored on a server or the like) handled before retirement. And even if we have an employment relationship with the same company again, there is usually a problem that the document data cannot be accessed as before because a new ID etc. is issued instead of the same ID etc. as before retirement. . Therefore, if you want to handle the document data that was handled before retirement in the same way as before retirement, you can handle it by asking the system administrator to reassign the access right to all the document data. Was.

  Here, as a method for managing the access right to the data, for example, the methods described in Patent Literature 1 and Patent Literature 2 are known. Patent Document 1 discloses a database system for managing data, an attribute table for storing attributes of each user on the organization, and information on whether or not there is an access right to each data. A database system comprising: an access right table that is stored on the basis of an attribute table; and a determination means that determines whether or not each user is permitted to access specified data based on the attribute table and the access right table. It is disclosed. Also, in Patent Document 2, the access authority to the data is determined by comprehensively including not only the user ID but also the attribute (department or job title) of the user in the organization. Techniques to do this are disclosed.

JP 2009-104646 A JP 2004-054779 A

  However, in the traditional method of reassigning the same access rights to re-employed users as before retirement for each document, the more re-employed users, the more individual However, the more documents that can be accessed before retirement, the greater the effort and cost for the system administrator and the like, and there is a problem of wasting unnecessary man-hours.

  In addition, the method of managing access rights described in Patent Document 1 and Patent Document 2 described above does not have the concept of re-employment. As in the past, setting of access rights to documents when a user is re-employed At present, there is no document management system that takes into account even re-employed re-employed persons (re-employed users), for example, it is necessary to re-set from scratch by changing the form.

  Therefore, the present invention can consider up to re-employed users for the purpose of reducing the above-mentioned wasteful man-hours, that is, even when different user IDs are assigned to the same user in the present and the past. It is an object of the present invention to provide a new document management system and document management method capable of re-enabling access to document data that has been accessible in the past.

  A document management system according to the present invention receives an access request including a document ID for identifying document data and a first user ID for identifying a user, and outputs the requested document data. User information associated with each first user ID, which includes the first user attribute information and is given to the same user having the first user ID in the past than the first user ID. A user information database that stores user information including the second user ID when there is a second user ID, and second user attribute information associated with each second user ID. A history information database for storing history information indicating a user's history, and for determining whether or not an access right to document data is associated with each document ID. Access right management database for storing access right information including access judgment criterion information, and user information corresponding to the first user ID included in the access request is retrieved from the user information database and obtained, and the obtained user information If it is determined that the second user ID is included, the history information corresponding to the second user ID is obtained from the history information database. A history search unit that searches and acquires, a document access right search unit that searches and acquires access right information associated with the document ID included in the acquired access request from the access right management database, and a document access right search unit Access criteria information included in the access right information acquired in step 1 and user information acquired by the user information search unit. A document access unit that determines whether or not access to the corresponding document data is possible based on the first user attribute information or the second user attribute information included in the history information acquired by the history search unit. .

  Also, the document management method according to the present invention accepts an access request including a document ID for identifying document data and a first user ID for identifying a user, and outputs the document data requested to be accessed. The user information associated with each of the first user IDs, including the first user attribute information, for the same user having the first user ID than the first user ID When there is a second user ID assigned in the past, the step of storing user information including the second user ID in the user information database is associated with each second user ID. Storing the history information indicating the user's history including the second user attribute information in the history information database, and the document data associated with each document ID A step of storing access right information including access determination reference information for determining whether or not an access right is permitted in an access right management database; and user information corresponding to a first user ID included in the access request is stored in the user information database. If it is determined that the second user ID is included in the acquired user information, and the second user ID is determined to be included in the acquired user information Searching and acquiring the history information corresponding to the ID from the history information database, and searching and acquiring the access right information associated with the document ID included in the acquired access request from the access right management database. The access criteria information included in the acquired access right information, and included in the acquired user information. The first user attribute information that, or the on the basis of the acquired said second user attribute information included in the history information, comprising the steps of determining whether access to the corresponding document data.

  According to the present invention, by providing a history information database and associating a new first user ID with a past second user ID (old ID), access to document data that has been accessible in the past is performed again. This makes it possible to reduce the number of wasted man-hours required by a conventional system administrator.

It is the schematic which shows the hardware constitutions of the document management apparatus of this embodiment. It is the schematic which shows an example of the whole structure of the document management system containing the document management apparatus of this embodiment. It is a figure which shows an example of the user information of this embodiment. It is a figure which shows an example of the pre-retirement information of this embodiment. It is a figure which shows an example of the access right information of this embodiment. It is a flowchart which shows the processing content of the document management method implemented using the document management apparatus of this embodiment. It is a flowchart which shows the processing content of the document management method implemented using the document management apparatus of this embodiment. It is a flowchart which shows the processing content of the document management method implemented using the document management apparatus of this embodiment. It is a figure which shows the relationship between a document management apparatus and each DB accompanying the process of the document management method implemented using the document management apparatus of this embodiment. It is a figure which shows the relationship between a document management apparatus and each DB accompanying the process of the document management method implemented using the document management apparatus of this embodiment.

  DESCRIPTION OF EXEMPLARY EMBODIMENTS Hereinafter, preferred embodiments for carrying out the invention will be described with reference to the drawings.

  FIG. 1 is a schematic diagram illustrating a hardware configuration of a document management apparatus 2 according to an embodiment of the present invention, and FIG. 2 is a schematic diagram illustrating an example of an overall configuration of a document management system 10 including the document management apparatus 2. .

  As shown in FIG. 2, the document management device 2 is a normal computer device such as a CPU, a ROM, a RAM, a storage unit, an input unit, a display unit, and an input / output interface that are coupled to the CPU. The same hardware can be provided. Further, the document management apparatus 2 may physically be either a dedicated system or a general-purpose information processing apparatus. For example, in an information processing apparatus having a general configuration, the document management apparatus can be realized by activating software that defines each process in the document management method of the present invention.

  Functionally, the document management device 2 includes a user information search unit 21, an ID history search unit 22, a document access right search unit 23, and a document access unit 24 as shown in FIG. Each of these units can be realized mainly by the CPU executing a program stored in the ROM or RAM and controlling each hardware.

  The user information search unit 21 receives the document access request 1 and searches the user information database (user information DB) 3 for information on the user who issued the document access request. For example, as shown in FIG. 3, the user information includes a user ID (first user ID), an office ID and position (first user attribute information), and an old user ID (second user ID: Old attribute ID), and is stored in the user information DB 3. If the attribute value of the old ID is a re-employed user, the past user ID before re-employment is stored, and if it is any other user, “Null” is stored. That is, it is possible to determine whether or not the user is a re-employed user (re-employed user) based on the old ID information. The attribute value possessed by the user information is not limited to the above case. For example, the attribute information of the first user can be added or changed as appropriate.

  When the user who issued the document access request 1 is a re-employed user, the ID history search unit (history search unit) 22 obtains history information (ID history information) before retirement from the ID history database (ID history DB) 4. Search and get. The ID history information (pre-retirement information) includes, for example, an old ID (second user information), an old office ID, an old position, and a retirement date (second user attribute information) as shown in FIG. Are stored in the ID history DB 4. In addition, by including the last effective date information of the second user ID, for example, retirement date information (retirement date information) in the pre-retirement information, it is possible to prevent the information of the retired user from remaining permanently. In other words, the document management apparatus 2 can preset a period during which history information remains (for example, three years from the retirement date), and information that has passed a certain period (retention period) from the retirement date is stored in the ID history DB 4. Or a history information management unit 25 that is notified to the system administrator and deleted at the discretion of the system administrator. Note that the attribute value of the history information is not limited to the above case. For example, the retirement date information may be omitted as appropriate, and the attribute information of the first user may be added or changed as appropriate. When the retirement date information is omitted, the history information management unit 25 can be omitted.

  The document access right search unit 23 searches and acquires access right information associated with the document data from the access right management database (access right management DB) 5. As shown in FIG. 5, the access right information (access right information) includes an accessible office, an accessible job title, and an access determination standard information for determining whether or not the right to access the document data is available. Attribute value of re-employed user access permission information (access permission information) and is stored in the access right management DB 5. Access to the document data is possible only when the attributes of the access criterion information are satisfied. Note that the attribute of “re-employment user access permission” included in the access right information considers security and, for example, wants to access document data as before retirement, but does not want to show it to some re-employed users. If there is document data or the like, it can be made inaccessible by setting “False”. The attribute of “re-employment user access permission” can be included in the access right information as necessary, and may be omitted.

  The document access unit 24 searches and acquires document data from the document management storage 6, and transmits the acquired document data to, for example, the document data output device 7. When the access permission information included in the access right information indicates that access is possible, the document access unit 24 accesses the access determination criterion information included in the access right information and the second information included in the history information acquired by the history search unit 22. Based on the attribute information of the user, it is determined whether or not the corresponding document data can be accessed.

  Hereinafter, the document management method of this embodiment implemented using the document management apparatus 2 will be described with reference to the flowcharts shown in FIGS. 6 to 8 and FIGS. 9 and 10. In addition, each process in the flowchart of each figure can be arbitrarily changed in order within the range which does not produce contradiction in the processing content, or can be performed in parallel.

<User specified action>
First, details of an operation for accessing a document will be described with reference to the flowchart of FIG. 6 and FIG. It is assumed that the step number in FIG. 6 corresponds to the step number in FIG.

  First, the document management apparatus 2 receives an access request (document access request) 1 for document data from a user (step A1). The document access request 1 is notified by, for example, a user terminal arranged for each user, and includes the user ID “R-00001” of the user himself and the document ID “DOC-2222” to be accessed.

  Next, the document management apparatus 2 searches and acquires user information corresponding to the user ID included in the document access request 1 from the user information DB 3 (step A2). Specifically, as shown in FIG. 9, among the user information stored in the user information DB, each data (affiliated office ID “CFC-003”, job title “30” corresponding to the user ID “R-00001”). ”And the old ID“ S-10000 ”).

  Next, the document management apparatus 2 determines whether or not the attribute of the old ID included in the acquired user information is “Null” (step A3). If it is not “Null” (step A3: No), The user is determined to be a reemployed user, and in order to obtain information before retirement of the reemployed user, ID history information (pre-retirement information) corresponding to the old ID is retrieved from the ID history DB 4 and obtained (step) A4). Specifically, as shown in FIG. 9, among the history information stored in the ID history DB, each piece of data corresponding to the old ID “S-00150” (old office ID “CFC-003”, old position) "10" and retirement date "2008/3/31") are retrieved and acquired.

  When the attribute of the old ID included in the acquired user information is “Null” (when the user is not a re-employed user) (step A3: Yes), or when ID history information is acquired at step A4, the document The management device 2 retrieves and acquires access right information corresponding to the document ID included in the document access request 1 from the access right management DB 5 (step A5). Specifically, as shown in FIG. 9, among the access right information stored in the access right management DB, each data (accessible office “CFC-003”, access corresponding to the document ID “DOC-2222”) is accessed. The possible job position “10” and the re-employed user access permission “True”) are searched and acquired.

  Next, when the document management apparatus 2 is not a re-employed user (step A6: No), or is a re-employed user (step A6: Yes), whether or not the re-employed user can be accessed is included in the access right information. As a result of determining whether or not it is “True”, when it is determined that it is “True” (step A7: Yes), it is determined whether or not the document data is accessible (step A8). If the user is not a re-employed user, the office ID and position (first user attribute information) included in the user information obtained from the user information DB is accessed. It can be determined whether the accessible office and accessible job conditions (access criteria and information) of the document data included in the right management DB are satisfied. On the other hand, if the user is a re-employed user, the old office ID and the old position (second user attribute information) included in the ID history information obtained from the ID history DB are the corresponding documents included in the access right management DB. It can be determined whether the data accessible office and accessible job conditions (access criteria and information) are satisfied. Specifically, in the case shown in FIG. 9, since the old ID of the user information corresponding to the user ID “R-00001” is not “Null”, it is determined that the user is a re-employed user, and the document ID Since the re-employment user access permission corresponding to “DOC-3333” is “True”, the accessible office “OFC-003” and the accessible position “10” included in the access right information, and the old information included in the history information Comparing the affiliated office “OFC-003” and the former position “10”, both can be determined to be accessible because they match each other.

  If the document data is accessible (step A8: Yes), the document management device 2 searches and acquires the target document data from the document storage, and sends the document data to the document data output device 7 (step A9). . Specifically, the document data output device 7 is a user terminal that has transmitted a document access request, and can return the requested document data to the user terminal. The document data output device 7 does not have to coincide with the terminal that has notified the access request 1, and may be an output device such as a printing device, for example.

  On the other hand, if the document data is not accessible (step A8: No), or if the reemployment user access permission is “False” instead of “True” in the process of step A7 (step A7: No), the document The management device 2 returns a message indicating that the access has failed to the document data output device (step A10), and ends the processing.

<Operations from the perspective of the system administrator>
Next, details of an operation for accessing a document will be described with reference to the flowchart of FIG. 7 and FIG. It is assumed that the step numbers in FIG. 7 correspond to the step numbers in FIG.

  First, it accepts the operation of the system administrator and selects whether to employ the user or to retire (step B1).

  When a user retirement process is performed (step B1: retirement process), retired user information (ID, belonging office ID, and job title attributes) is extracted from the user information DB 3 (step B2). Specifically, for example, in the case illustrated in FIG. 10, each data (affiliated office ID “CFC-003”, job title “10”) corresponding to the user ID “S-10000” of the retired user is extracted.

  Next, the data of the extracted user information (ID, affiliation office ID, and position attributes) is used as data of pre-retirement information (old ID, old affiliation office ID, and old position attributes), and the user retires. Retirement date data to be added is added and stored in the ID history DB 4 (step B3). Specifically, for example, as shown in FIG. 10, the user ID “S-00100”, the belonging office ID “CFC-003”, and the job title “10” stored in the user information DB are changed to the old user ID. The data of “S-10000”, the former office ID “CFC-003”, and the old position “10” is added, and the data of the retirement date information “2010/3/31” is added and stored in the ID history DB.

  Next, the retired user information is deleted from the user information DB (step B4), and the process ends. FIG. 10 shows the user information DB after the user information corresponding to the user ID “S-10000” stored in the user information DB is deleted.

  On the other hand, when the user is hired (step B1: hiring process), the new user information (ID, affiliation office ID, and position attributes) of the hired user is stored in the user information DB (step B5). If the employed user is a re-employed user and has an old ID in the old history DB (step B6: Yes), the attribute of the old ID in the user information DB is updated (step B7). After the process of step B7, or when there is no old ID in the old history DB (step B6: No), this process ends.

  <Operation from the device perspective>

  Finally, with reference to the flowchart of FIG. 8, the details of the operation of deleting the old user ID history information (pre-retirement information) from the ID history DB will be described. The document management apparatus 2 can periodically delete the ID history information so that the information amount in the ID history DB 4 does not increase too much.

  First, the document management apparatus 2 periodically accesses the ID history DB, and acquires information on the date of retirement included in each ID history information (step C1).

  Next, the document management apparatus 2 determines whether the retirement date included in each ID history information has passed the retention period (step C2). For example, when the retention period is set to 3 years, it is possible to determine whether or not the retention period has elapsed by comparing the current date with the retirement date. The retention period can be changed and set as appropriate, for example, by a system administrator or the like.

  If the retention period has not elapsed (step C2: No), this processing flow ends. If the retention period has elapsed (step C2: Yes), the document management apparatus 2 notifies the system administrator that there is ID history information that has passed the retention period (step C3).

  Next, if the system administrator determines whether or not to delete the ID history information whose retention period has elapsed, and deletes the ID history information (step C4: Yes), the corresponding ID history information is deleted from the ID history DB4. (Step C5). On the other hand, when not deleting (step C4: No), the holding period is set to be extended (step C6).

  According to the document management system and the document management method of the present embodiment configured as described above, it is possible to eliminate the trouble of resetting the access right to the document data for the re-employed user. The reason is that past information can be referred to when re-employed by the ID history DB provided by the document management system. In the case where there are many target documents, the effect of this apparatus can be expected.

  Further, simply storing the old ID of the retired person in the ID history DB only increases the data in the database. However, the concept of the “retention period” of the old ID is one of the features of the present invention. Originally, by having a mechanism for deleting an old ID after a certain period of time, the amount of information in the ID history DB can be limited to a certain amount.

  Furthermore, the security for the document can be improved. The reason is that the access right management DB has an attribute of “re-employment user access permission”, so that the document can be accessed in the same way as before retirement, but confidential information within the company, etc. that only the regular employee can see. This is because access is not possible.

<Modification>
The preferred embodiments of the present invention have been described above. However, the present invention should not be limited to the above embodiments, and does not depart from the spirit and scope expressed in the claims. Various modifications, additions, and omissions are possible by those skilled in the art.

  For example, the object of the present invention is that a document accessed before retirement can be accessed in the same way after re-employment. For example, when a user's ID is changed due to a large-scale organization revision, etc. It can also be applied to. In the large-scale organization revision, for example, there may be a case where there is no change in the resources handled by the user and only the ID is changed. According to the present invention, since the information of the old ID can be held, even if the new ID is reassigned, the corresponding user can access the same resources as the old ID as usual.

  In the above embodiment, the configuration in which each unit having each processing function is provided in the document management apparatus has been described. However, the present invention is not limited to this, and for example, each unit is connected to be able to communicate with the document management apparatus. It can also be configured on the network or in preparation for other devices. Each database of the user information DB, ID history DB, access right management DB, and document management storage may be realized by a RAM, a storage unit, or the like in the document management apparatus, or may be stored separately from the document management apparatus. You may implement | achieve with an apparatus.

  Furthermore, in the above embodiment, the document management apparatus is provided with each unit according to the application. However, each of the provided units may be configured as a single unit or a single unit. The part may be further divided into a plurality of parts.

  A part or all of the above-described embodiment can be described as in the following supplementary notes, but is not limited thereto.

  (Supplementary Note 1) In the document management system that receives an access request including a document ID that identifies document data and a first user ID that identifies a user, and outputs the document data requested to be accessed, the first User information associated with each user ID, including the first user attribute information and given to the same user having the first user ID in the past than the first user ID A user information database storing user information including the second user ID, and second user attribute information associated with each second user ID when the second user ID is present A history information database for storing history information indicating a user's history, and whether or not an access right to the document data is associated with each document ID. An access right management database for storing access right information including access criteria information for searching, and user information corresponding to the first user ID included in the access request is retrieved from the user information database and obtained. The user information search unit for determining whether or not the second user ID is included in the user information, and the history corresponding to the second user ID when it is determined that the second user ID is included. A history search unit that searches and acquires information from the history information database, and a document access right that searches and acquires access right information associated with a document ID included in the acquired access request from the access right management database A search unit; and the access determination criterion information included in the access right information acquired by the document access right search unit; Applicable document data based on the first user attribute information included in the user information acquired by the user information search unit or the second user attribute information included in the history information acquired by the history search unit And a document access unit that determines whether or not access to the document is possible.

  (Supplementary Note 2) The history information includes second user attribute information associated with each second user ID and last effective date information of the second user ID, and the history Of the history information stored in the information database, it is determined whether or not the last effective date information included in the history information has passed a preset holding period, and history that has passed the holding period The document management system according to appendix 1, further comprising a history information management unit that deletes the history information from the history database when information exists.

  (Supplementary Note 3) The access right information includes the access determination criterion information associated with each document ID, and access permission information indicating whether or not the user having the second user ID can access, The document access unit is included in the access determination criterion information included in the access right information and the history information when the access permission information indicates that access is possible in the access right information acquired by the document access right search unit. The document management system according to Supplementary Note 1 or Supplementary Note 2, which determines whether or not access to the corresponding document data is possible based on the attribute information of the second user.

  (Supplementary note 4) In the document management method for accepting an access request including a document ID for identifying document data and a first user ID for identifying a user, and outputting the requested document data, the first User information associated with each user ID, including the first user attribute information and given to the same user having the first user ID in the past than the first user ID And storing the user information including the second user ID in the user information database when the second user ID is present, and a second user associated with each second user ID The step of storing history information indicating the user's history including attribute information in the history information database, and the permission of access to the document data associated with each document ID A step of storing access right information including access judgment reference information for determination in the access right management database, and retrieving and acquiring user information corresponding to the first user ID included in the access request from the user information database And determining whether or not the second user ID is included in the acquired user information, and if determining that the second user ID is included, the step corresponding to the second user ID Retrieving and obtaining history information from the history information database; retrieving and obtaining access right information associated with a document ID included in the obtained access request from the access right management database; Access criterion information included in the acquired access right information and the first user included in the acquired user information. Attribute information, or on the basis on the obtained said second user attribute information included in the history information, the method comprising: determining whether access to the corresponding document data, document management method comprising.

  DESCRIPTION OF SYMBOLS 1 ... Document access request, 2 ... Document management apparatus, 3 ... User information database (user information DB), 4 ... ID history database (ID history DB), 5 ... Access right management database (access right management DB), 6 ... Document Management storage 7 ... Document data output device 10 ... Document management system 21 ... User information search unit 22 ... ID history search unit 23 ... Document access right search unit 24 ... Document access unit 25 ... History information management unit .

Claims (4)

In a document management system that accepts an access request including a document ID that identifies document data and a first user ID that identifies a user, and outputs the document data requested to be accessed.
User information associated with each first user ID, including first user attribute information, and for the same user having the first user ID, from the first user ID A user information database that stores user information including the second user ID when there is a second user ID assigned in the past;
A history information database for storing history information indicating a user history including second user attribute information associated with each second user ID;
An access right management database that stores access right information including access determination criteria information for determining whether or not access right to the document data is associated with each document ID;
A user who searches and acquires user information corresponding to the first user ID included in the access request from the user information database, and determines whether the acquired user information includes the second user ID. An information search unit;
When it is determined that the second user ID is included, a history search unit that searches and acquires the history information corresponding to the second user ID from the history information database;
A document access right search unit that searches and acquires the access right information associated with the document ID included in the acquired access request from the access right management database;
Acquired by the access determination criterion information included in the access right information acquired by the document access right search unit and the first user attribute information included in the user information acquired by the user information search unit, or by the history search unit A document access unit that determines whether or not access to the corresponding document data is possible based on the second user attribute information included in the history information.
A document management system comprising: The history information includes second user attribute information associated with each second user ID, and last effective date information of the second user ID,
Of the history information stored in the history information database, it is determined whether or not the last effective date information included in the history information has passed a preset retention period, and the retention period has elapsed The document management system according to claim 1, further comprising: a history information management unit that deletes the history information from the history database when there is history information. The access right information includes the access criterion information associated with each document ID, and access permission information indicating whether a user having a second user ID can access,
The document access unit is included in the access determination criterion information included in the access right information and the history information when the access permission information indicates that access is possible in the access right information acquired by the document access right search unit. The document management system according to claim 1, wherein access permission to corresponding document data is determined based on the attribute information of the second user. In a document management method for accepting an access request including a document ID for identifying document data and a first user ID for identifying a user, and outputting the requested document data,
User information associated with each first user ID, including first user attribute information, and for the same user having the first user ID, from the first user ID Storing the user information including the second user ID in the user information database when there is a second user ID assigned in the past,
Storing history information indicating a user history including second user attribute information associated with each second user ID in a history information database;
Storing, in an access right management database, access right information associated with each document ID and including access determination reference information for determining whether or not access right to the document data is permitted;
Searching and acquiring user information corresponding to the first user ID included in the access request from the user information database, and determining whether or not the second user ID is included in the acquired user information When,
If it is determined that the second user ID is included, the history information corresponding to the second user ID is searched and acquired from the history information database;
Retrieving and acquiring access right information associated with the document ID included in the acquired access request from the access right management database;
Based on the access criterion information included in the acquired access right information and the first user attribute information included in the acquired user information, or the second user attribute information included in the acquired history information. Determining whether access to the corresponding document data is possible,
Document management method comprising: