JP5687989B2 - Access authority management apparatus, access authority management method, and access authority management program - Google Patents

Description

  The present invention relates to an access authority management device, an access authority management method, and an access authority management program.

  When managing access to personnel information such as personnel changes, salary, work performance, etc. within a company, the range of accessible personnel information depends on the department and position of the employee who is attempting to access personnel information. It is common to limit. If an employee who has been granted access authority is transferred within the company or across companies, the access authority of the predecessor is deleted, and what access authority is granted to the successor is set again. cure. For example, in many cases, a pre-setting is performed so that the access authority of the successor takes effect on the departure date of the predecessor. Patent Document 1 describes a technique for confirming the consistency between the application end date of registration management information of a predecessor and the application start date of registration management information of a successor.

JP 2010-205183 A (paragraph 0009)

According to the technique of Patent Document 1, it is possible to avoid overlapping access periods and blank spaces. However, it is necessary to specify the application end date of the predecessor, that is, the application start date of the successor for each individual change. In actual operation, it is difficult to designate the operation without taking time and effort due to various periods of business takeover.
Therefore, an object of the present invention is to provide an access authority management device or the like that easily determines the date when the access authority of the predecessor disappears.

An access authority management apparatus according to the present invention is an access authority management apparatus that manages the validity and invalidity of authentication information necessary for an employee to access a business, and uses the access authority management apparatus in association with the employee. In association with the combination of the role and the reason for the change, the authentication information of the employee who is changing the personnel is associated with the first correspondence information that stores the role that is the role of the user, the time limit when the employee cannot use the authentication information, The date to invalidate the authentication information of the employee who changed personnel, starting from the date of personnel announcement, in association with the combination of the second correspondence information storing the deletion condition indicating whether to invalidate, the role and the reason for the change The third correspondence information that stores the deletion time indicating the period with the ending point as the end point, the storage unit that stores the reason, and when the employee changes personnel, accepts the reason for the change, and based on the employee who changes personnel The first correspondence information is searched, the role is acquired, the second correspondence information is searched based on the received transfer reason and the acquired role, the deletion condition is acquired, and the acquired deletion condition is the authentication information. In the case of indicating invalidation, it has a control unit that searches the third correspondence information based on the accepted reason for change and the acquired role, and acquires the deletion time.
Other means will be described in detail in the detailed description.

  ADVANTAGE OF THE INVENTION According to this invention, the access authority management apparatus etc. which determine easily the day when the access authority of a predecessor disappears can be provided.

It is a figure which shows the structure of the access authority management system which concerns on this embodiment. It is a figure which shows an example of the employee information which concerns on this embodiment. It is a figure which shows an example of the change information which concerns on this embodiment. It is a figure which shows an example of the access authority information which concerns on this embodiment. It is a figure which shows an example of ID deletion condition information which concerns on this embodiment. It is a figure which shows an example of ID deletion time information which concerns on this embodiment. It is a figure which shows an example of the determination object employee list which concerns on this embodiment. It is a flowchart of an access authority initial registration process procedure according to the present embodiment. It is a flowchart of the access authority change process procedure which concerns on this embodiment. It is another flowchart of the access authority change processing procedure which concerns on this embodiment. It is a flowchart of the continuation / deletion determination processing procedure according to the present embodiment.

  Hereinafter, a mode for carrying out the present invention (referred to as “the present embodiment”) will be described in detail with reference to the drawings.

The configuration of the access authority management system will be described with reference to FIG. The access authority management system includes an access authority management device 1, a personnel management server 2, a personnel business server 3, and a user terminal device 4. These can communicate with each other via the network 5.
The access authority management device 1 is a general computer and includes a central control device 11, a main storage device 12, an auxiliary storage device 13, an input device 14, an output device 15, and a communication interface 16. These are connected to each other by a bus. The auxiliary storage device 13 includes access authority information 31, ID deletion condition information 32, ID deletion time information 33, and a determination target employee list 36 (details will be described later). “ID” is an abbreviation of “Identifier” and means an identifier. The access authority initial registration unit 21 and the access authority change unit 22 are programs. In the following, when the subject of the operation is described as “XX section is”, the central controller 11 reads the XXX section as a program from the auxiliary storage device 13 and loads it into the main storage device 12. Then, the function (detailed later) of the program is executed.
The “first correspondence information”, “second correspondence information”, and “third correspondence information” correspond to the access authority information 31, the ID deletion condition information 32, and the ID deletion time information 33, respectively.

The HR management server 2, the HR server 3 and the user terminal device 4 are also general computers and are managed by member companies that are permitted to use the access authority management device 1. Each of these has a central controller, main storage, auxiliary storage, input device, output device and communication interface. These are connected to each other by a bus (not shown).
The personnel management server 2 stores employee information 34 and transfer information 35 in an auxiliary storage device (details will be described later). Furthermore, the personnel management server 2 stores a transfer information transmission unit 23 as a program (details will be described later). In FIG. 1, the personnel management server 2 is configured to be independent for each member company, but may be integrated with the access authority management device 1.

The personnel business server 3 is a server that stores and manages all data (except for the reference numerals 31 to 36 described above) necessary for personnel management of the company. The contents of these data are not particularly limited, and are, for example, data relating to personnel such as transfer history, job performance, salary / bonus level, and the like.
The user terminal device 4 is a terminal device used when an employee accesses the personnel business server 3, and may be a personal computer assigned to the employee.

(Employee information)
The employee information 34 will be described with reference to FIG. In the employee information 34, in association with the company ID stored in the company ID column 101, the employee ID column 102 has an employee ID, the name column 103 has a name, and the email address column 104 has an email address. It is remembered.
The company ID in the company ID column 101 is an identifier that uniquely identifies a member company that is permitted to use the access authority management apparatus 1.
The employee ID in the employee ID column 102 is an identifier that uniquely identifies an employee of a member company.
The name in the name column 103 is the name of the employee.
The mail address in the mail address column 104 is the mail address of the user terminal device 4 used by the employee.

(Transfer information)
The change information 35 will be described with reference to FIG. In the transfer information 35, in association with the company ID stored in the company ID column 111, the employee ID column 112 has the employee ID, the name column 113 has the name, the affiliation column 114 has the affiliation, and the position column. The job title is stored in 115, the reason for change is stored in the reason for change column 116, and the change reference date is stored in the change reference date column 117.

The company ID in the company ID column 111 is the same as the company ID in FIG.
The employee ID in the employee ID column 112 is the same as the employee ID in FIG.
The name in the name column 113 is the same as the name in FIG.
The affiliation in the affiliation column 114 is the name of the organization in the company to which the employee belongs. The value of affiliation is the name of an organization at a certain level such as “Human Resources Department”, the combination of the names of organizations at multiple levels such as “Human Resources Department 1st Section”, There may be variations in the name of the company other than the member company. Furthermore, it may be blank (such as an officer).
The position in the position column 115 is a business position of the employee (officer). Each position has its own top and bottom rank for each company. For example, in the example of FIG. 3, it is assumed that there is a hierarchical relationship of director = auditor>manager> section manager>chief>general> general. When “a> b” is expressed, “a” is a higher rank of “b”.
The reason for change in the change reason column 116 is a code indicating the reason for causing the employee change (details will be described later).
The change reference date in the transfer reference date column 117 is a date on which a personnel order is issued.

  There are as many records of the change information 35 as the number of personnel announcements (transfers) made for employees of a member company. It is assumed that the personnel management server 2 creates a record of the change information 35 whenever there is a personnel announcement (change). Therefore, normally, the records of the change information 35 are arranged in the order of the change reference date (the order from the youngest day). Of course, the personnel management server 2 can rearrange these records using the values in any column as a key, or can display only arbitrary records. In FIG. 3, for the sake of easy explanation, only the record related to “HR” is displayed as an example.

For example, when attention is paid to the records 118a to 118g in FIG. 3, it can be seen that the following change has occurred in the company whose company ID is “E001”.
(1) “Suzuki Tadashi” became the general manager of the personnel department after the personnel announcement on December 1, 2008. The reason for the change at this time was “A3” (record 118a). Details will be described later, but this code indicates "intra-office transfer".
(2) “Makoto Suzuki” was seconded as a director of XX Co., Ltd. in accordance with the personnel announcement on August 1, 2011. The reason for the change at this time was “A1” (record 118e). As will be described in detail later, this code indicates “retirement, transfer between companies”.
(3) “Jiro Matsumoto” became the general manager of the personnel department after the personnel announcement on August 1, 2011. The reason for the change at this time was also “A1” (record 118f). This change is a change that decides the successor of “Suzuki Tadashi”.

(4) “Yoko Tachibana” became the manager of the second section of the Human Resources Department by the personnel announcement on July 1, 2006. The reason for the change at this time was “A3” (record 118b).
(5) “Yoko Tachibana” became the manager of the sales department 1st section on July 1, 2011 when personnel was announced. The reason for the change at this time was “A2” (record 118c). As will be described in detail later, this code indicates “intra-company transfer”.
(6) “Hiroshi Sawada” became the manager of the 2nd section of the Human Resources Department when the personnel was announced on July 1, 2011. The reason for the change at this time was “A3” (record 118d). This change is a change that determines the successor of “Tachibana Tomoko”.

(7) “Sasaki Kiyoshi” was promoted to “Chief” by the personnel announcement on September 1, 2011. The reason for the change at this time was “B2” (record 118g). Details will be described later, but this code indicates “change in position”.

(Access authority information)
The access authority information 31 will be described with reference to FIG. In the access authority information 31, in association with the company ID stored in the company ID column 121, the role column 122 has a role, the user ID column 123 has a user ID, and the employee ID column 124 has an employee ID. The accessible work column 125 stores an accessible job, the password column 126 stores a password, the ID application start date column 127 stores an ID application start date, and the ID deletion date column 128 stores an ID deletion date. .

The company ID in the company ID column 121 is the same as the company ID in FIG.
The role in the role column 122 is a role in use of the access authority management apparatus 1 assigned to the employee of the member company. Here, “supervisor”, “responsible person”, “manager” and “ One of the “persons in charge”. It is assumed that there is a hierarchical relationship (hierarchy) according to the weight of responsibility: general manager>manager>manager> manager. Then, the lower person receives a designation from the immediately higher person (details will be described later).
The user ID in the user ID column 123 is an identifier that uniquely identifies an employee of a member company permitted to use the access authority management apparatus 1 (so that there is no duplication among employees of all member companies). . The employee ID is generally numbered independently by the member company, while the user ID is numbered by the access authority management device 1.
The employee ID in the employee ID column 124 is the same as the employee ID in FIG.

  The accessible business in the accessible business column 125 is the name of the personnel business server 3 that can be accessed by employees of the member company. It is assumed that each business is assigned to each individual personnel business server 3 (FIG. 1), and each individual personnel business server 3 has the assigned business as a name. The assigned business name may be, for example, a combination of a higher item and a lower item such as “salary-reward” and “salary-tax”. For example, when there are business names “salary-reward” and “salary-tax”, “salary-all” indicates both “salary-reward” and “salary-tax” together. . That is, “all” indicates all subordinate items.

The password in the password column 126 is a password used when an employee of the member company accesses the personnel business server 3.
The ID application start date in the ID application start date field 127 is the date when the record becomes valid, that is, the employee of the member company can access the accessible business using the user ID and the password. It is the date when it becomes. The ID application start date is determined based on the transfer reference date of the employee (details will be described later). In FIG. 4, the ID application start date is stored in the portion indicated by “...” In the same manner as other records, but is omitted here.
The ID deletion date in the ID deletion date field 128 is the date when the record becomes invalid, that is, an employee of the member company can access the accessible business using the user ID and the password. It is the date when it can no longer be done. The ID deletion date is determined based on the transfer reference date of the employee (details will be described later).
The “authentication information” corresponds to at least one of a user ID and a password.

  The employee who has been given the role uses the user terminal device 4 to access the personnel management server 3 that performs accessible work. At this time, the access authority management apparatus 1 refers to the access authority information 31 (FIG. 4) that stores the combination of the user ID, password, and accessible work for each employee who is given a role. Restrict the personnel management server 3 that can be accessed. For example, when attention is paid to the records 129a to 129e in FIG. 4, it is understood that the user ID and the password are managed as follows in the company whose company ID is “E001”. The following example corresponds to the example in the description of FIG.

(1) An employee with an employee ID “P002” (Masayoshi Suzuki) can access “salary-all” and “personnel change-all” as the role “responsible person” after December 2, 2008. Access to business. Suzuki is given a user ID “Y002” and a password “wryps” in order to perform the task (record 129a).
(2) The employee (Jiro Matsumoto) whose employee ID is “P102” can access “salary-all” and “personnel change-all” as the role “responsible person” after August 2, 2011. Access to business. Jiro Matsumoto is given a user ID “Y010” and a password “dgjlxv” in order to perform the task (record 129e).
(3) Jiro Matsumoto is the successor to Masaru Suzuki, who has taken over the accessible work that was done by Masaru Suzuki. After August 2, 2011, as the role “responsible person”, Suzuki can no longer access accessible jobs “salary-all” and “personnel change-all” (ID deletion date field 128 of record 129a). ).

(4) The employee (Yoko Tachibana) whose employee ID is “P004” can access the accessible work “personnel change-all” as the role “administrator” after August 1, 2006. . Tomoko Tachibana is given a user ID “Y004” and a password “etoad” in order to perform the task (record 129b).
(5) The employee (Hitoshi Sawada) whose employee ID is “P101” can access the accessible task “Personnel Change-all” as the role “Administrator” after August 1, 2011. . Hitoshi Sawada is given a user ID “Y009” and a password “sfhkzc” in order to perform the task (record 129d).
(6) Hitoshi Sawada is the successor of Tomoko Tachibana and has taken over the accessible work that Tomoko Tachibana was doing. Then, after August 1, 2011, Tomoko Tachibana cannot access the accessible task “Personnel Change-all” as the role “Administrator” (ID deletion date field 128 of record 129b).

(7) Since May 1, 2008, Kiyoshi Sasaki, whose employee ID is “P008”, can access the accessible task “Personnel Change-Transfer Travel Expense” as the role “Person in Charge”. Kiyoshi Sasaki is given a user ID “Y008” and a password “zaqxsw” in order to perform the task (record 129c). As mentioned above, Kiyoshi Sasaki was promoted to “Chief” by the personnel announcement on September 1, 2011. Then, Kiyoshi Sasaki can continue to access the “Personnel Change-Transfer Travel Expense” accessible task as the role “person in charge” even after the personnel announcement regarding the promotion. The date when access to the accessible job “Personnel Change-Transfer Travel Expense” is not scheduled is currently not scheduled (the ID deletion date field 128 of the record 129c is blank).

(ID deletion condition information)
The ID deletion condition information 32 will be described with reference to FIG. The ID deletion condition information 32 is a matrix having a reason for change on the vertical axis and a roll on the horizontal axis. A deletion condition is stored in a cell at a position where the vertical axis and the horizontal axis intersect.
As described above, the reason for the change on the vertical axis is a code indicating the reason for causing the employee change. Here, the reason indicated by the code is stored in association with the code. For example, the codes “A1”, “A2”, “A3”, “A4” and “A5” are respectively “retirement, transfer between companies”, “change within company”, “change within department”, and “change within department”. And “intra-section transfer”. Comparing “A1” to “A5”, it can be said that the smaller the code number is, the higher the level of the department hierarchy is. That is, the degree of change in the work performed by the employee before and after the transfer is greater, and it is necessary to invalidate the user ID and password given to the predecessor earlier.

  The code “B1” indicates “work designation change”. “Change in work designation” means changing the contractual status between an employee and a member company without changing the employee's affiliation. For example, “employed employee” → “temporary employee” Changes apply. The code “B2” indicates “change in position”. “Change of position” is to change the position of an employee without changing the affiliation of the employee, and for example, so-called promotion such as “general” → “lead” is applicable. Comparing “B1” and “B2”, the smaller the code number, the greater the degree of change in the work performed by the employee before and after the change (change in position or position), which is given to the employee before the change. It is necessary to invalidate the user ID and password earlier.

As described above, the role on the horizontal axis is a role in use of the access authority management apparatus 1 assigned to the employees of the member companies. Here, in the order of the hierarchical relationship (hierarchy) corresponding to the weight of responsibility, from the left, the general manager, manager, manager, person in charge are stored.
The deletion condition is information indicating how to invalidate the user ID and password of the predecessor on the basis of the transfer reference date, and there are “delete”, “continue”, and “select” as the values. Shall. “Delete” indicates that the user ID and password of the predecessor are invalidated when a predetermined number of days have elapsed after the transfer reference date. “Continue” indicates that the user ID and password of the predecessor are kept valid even after the transfer reference date. “Select” indicates that either “delete” or “continue” can be selected.

Of the ID deletion condition information 32 (FIG. 5), the deletion reason of the part whose vertical axis is “A1” to “A5” and whose horizontal axis is “supervisor” to “person in charge” Focus on it. Generally, the deletion condition becomes more severe as it goes to the left in the same row, and becomes more severe as it goes up in the same column. Here, “strict” means that it is necessary to invalidate the user ID and password given to the predecessor earlier. When attention is paid to the role “responsible person” column in FIG. 5, deletion conditions are stored in the order of “deletion”> “selection” = “selection” = “selection”> “continuation” in order from the top. a> b indicates that the deletion condition of a is stricter than the deletion condition of b. When attention is paid to the row of the reason for change “A2, change within company” in FIG. 5, deletion conditions are stored in the order of “selection” = “selection” = “selection” = “selection” in order from the left. In this case, all four deletion conditions are “selection”. Due to the free setting of member companies, this setting is also permitted in principle unless “<”.
Of the ID deletion condition information 32 (FIG. 5), the reason for the change on the vertical axis is “B1” and “B2”, and the roles on the horizontal axis are “supervisor” to “person in charge”. This is true.
The ID deletion condition information 32 can be customized in various ways according to the settings unique to the member company.

(ID deletion time information)
The ID deletion time information 33 will be described with reference to FIGS. 6 (a) and 6 (b).
The ID deletion time information 33 is a matrix having a reason for change on the vertical axis and a roll on the horizontal axis. The deletion time is stored in a cell at a position where the vertical axis and the horizontal axis intersect.
The deletion time is the number of days indicating how many days have passed after the transfer reference date and the user ID and password of the predecessor are invalidated.
6A and 6B are the same as those in FIG. 5 including the order of the change and the roll. That is, the ID deletion time information 33 in FIGS. 6A and 6B corresponds to the ID deletion condition information 32 in FIG.

More specifically, in FIG. 5, the deletion time corresponding to the cell in which the deletion condition “deletion” is stored is stored in FIG. 6A, and in FIG. 5, the cell in which the deletion condition “selection” is stored. The deletion time corresponding to is stored in FIG. In FIG. 5, there is no deletion time corresponding to the cell in which the deletion condition “continuation” is stored. Here, for ease of explanation, FIG. 6A and FIG. 6B are separated, but these may be combined into one.
Generally, the deletion time is the shorter the left in the same row, that is, the shorter the role, the higher the role in the same column, that is, the change across the higher hierarchy of the department hierarchy It gets shorter. However, any setting is possible depending on the characteristics of the member company.

(List of employees to be judged)
The determination target employee list 36 will be described with reference to FIG.
In the determination target employee list 36, in association with the company ID stored in the company ID column 131, the employee ID column 132 has an employee ID, the designated person ID column 133 has a designated person ID, and an ID deletion date. The column 134 stores the ID deletion date.

The company ID in the company ID column 131 is the same as the company ID in FIG.
The employee ID in the employee ID column 132 is the same as the employee ID in FIG. However, the employee ID here identifies an employee who has not finally decided whether the corresponding deletion condition is “continuation” or “deletion”.
The designated person ID in the designated person ID column 133 is an employee ID that identifies the employee who has designated the employee in the access authority initial registration processing procedure (detailed later). For example, when the upper manager designates the lower manager, it is the employee ID of the manager.
The ID deletion date in the ID deletion date column 134 is the same as the ID deletion date in FIG.

(Processing procedure)
Hereinafter, the processing procedure of this embodiment will be described. There are two processing procedures: (1) an access authority initial registration process procedure and (2) an access authority change process procedure. The execution of (2) is premised on the completion of (1). At the time (1) is executed, the employee information 34 (FIG. 2), the transfer information 35 (FIG. 3), the ID deletion condition information 32 (FIG. 5), and the ID deletion time information 33 (FIG. 6) are already present. It shall be completed. Furthermore, it is assumed that the personnel management server 2 receives data about the change information 35 every time there is a personnel change via the user terminal device 4 and maintains the record of the change information 35 in the latest state.
There are two variations of the access authority change processing procedure (2): “first embodiment” and “second embodiment”. The “second embodiment” of the access authority change processing procedure includes a “continuation / deletion determination processing procedure”.

(Access authority initial registration procedure)
The access authority initial registration processing procedure will be described with reference to FIG.
In step S201, the access authority initial registration unit 21 of the access authority management apparatus 1 receives the designation of the general manager. Specifically, the access authority initial registration unit 21 first accepts an initial registration request from the user terminal device 4 of the person who is to be the general manager of the employees of the member company. It is assumed that the initial registration request includes a company ID, an employee ID, and accessible work.

  At this time, the access authority initial registration unit 21 removes the person who transmits the initial registration request with malicious intent or error, for example, in the auxiliary storage device 13 at the time of the contract, etc. The company ID and the employee ID of the person who should be the general manager are registered in advance. When the initial registration request is transmitted, the company ID and employee ID included in the initial registration request are compared with the registered company ID and employee ID. An error message may be returned to 4.

  Secondly, the access authority initial registration unit 21 searches the employee information 34 (FIG. 2) of the personnel management server 2 by using the company ID and employee ID included in the received initial registration request as search keys. Get the name and email address of the record. At this time, the access authority initial registration unit 21 can specify the personnel management server 2 to be accessed by the company ID.

Third, the access authority initial registration unit 21 creates a new record of the access authority information 31 (FIG. 4), and performs initial registration in the company ID column 121, the employee ID column 124, and the accessible business column 125, respectively. The company ID, employee ID, and accessible work included in the request are stored.
Fourth, the access authority initial registration unit 21 stores “supervisor” in the role column 122, stores a new user ID in the user ID column 123, stores it in the password column 126, and so on. A character string that does not overlap with the character string is randomly generated and stored, and the current date is stored in the ID application start date column 127. At this point, the person who should become the general manager is registered as the general manager.

In step S202, the access authority initial registration unit 21 receives the designation of the person in charge. Specifically, the access authority initial registration unit 21 first displays the employee information 34 (FIG. 2) on the output device of the user terminal device 4 used by the general manager.
Secondly, the access authority initial registration unit 21 selects the record about the person who should become the responsible person from the displayed employee information 34 and associates the record with the record to be accessible. Is received via an input device such as a keyboard.

Thirdly, the access authority initial registration unit 21 creates a new record of the access authority information 31 (FIG. 4), and enters the company ID column 121, the employee ID column 124, and the accessible business column 125, respectively, in step S202. The company ID and employee ID of the record selected in the “second” of “No.” and the accessible work input in the “second” of step S202 are stored.
Fourthly, the access authority initial registration unit 21 stores “responsible person” in the role column 122, stores the new user ID in the user ID column 123, and stores it in the password column 126 with the others. A character string that is not to be generated is randomly generated and stored, and the current date is stored in the ID application start date column 127. The person who should be responsible at this point is registered as “responsible person”.

In step S203, the access authority initial registration unit 21 receives an administrator's designation. Specifically, the access authority initial registration unit 21 firstly sends the mail of the record selected in “second” in step S202 to the user terminal device 4 used by the responsible person registered in step S202. Send a notification using an address. It is assumed that the notification includes information stored in the records created in “third” and “fourth” in step S202.
Secondly, the access authority initial registration unit 21 secondly sends the employee information 34 (FIG. 2) after the notification is transmitted and after there is a response to the notification (or after a predetermined time has elapsed even if there is no response). The information is displayed on the output device of the user terminal device 4 used by the person in charge.

Thirdly, the access authority initial registration unit 21 selects a record for a person who is to be an administrator from the displayed employee information 34, and associates the access authority with the record. , Accepting input via an input device such as a keyboard.
Fourth, the access authority initial registration unit 21 creates a new record of the access authority information 31 (FIG. 4), and stores the new record in the company ID column 121, the employee ID column 124, and the accessible business column 125, respectively, in step S203. Stores the company ID and employee ID of the record selected in “third” and the accessible work input in “third” in step S203.

  Fifth, the access authority initial registration unit 21 stores “administrator” in the role column 122, stores a new user ID number in the user ID column 123, and duplicates the others in the password column 126. A character string that is not to be generated is randomly generated and stored, and the current date is stored in the ID application start date column 127. A person who should become an administrator at this point is registered as an “administrator”.

In step S204, the access authority initial registration unit 21 receives the designation of the person in charge. Specifically, the access authority initial registration unit 21 firstly sends the mail of the record selected in “third” in step S203 to the user terminal device 4 used by the administrator registered in step S203. Send a notification using an address. The notification includes information stored in the records created in “fourth” and “fifth” in step S203.
Secondly, the access authority initial registration unit 21 secondly sends the employee information 34 (FIG. 2) after the notification is transmitted and after there is a response to the notification (or after a predetermined time has elapsed even if there is no response). The information is displayed on the output device of the user terminal device 4 used by the administrator.

Third, the access authority initial registration unit 21 selects a record for a person who is to be a person in charge from the displayed employee information 34, and associates the access authority with the record. , Accepting input via an input device such as a keyboard.
Fourth, the access authority initial registration unit 21 creates a new record of the access authority information 31 (FIG. 4), and stores the new record in the company ID column 121, the employee ID column 124, and the accessible business column 125, respectively, in step S204. Store the company ID and employee ID of the record selected in “third” and the accessible work entered in “third” in step S204.

Fifthly, the access authority initial registration unit 21 stores “person in charge” in the role column 122, stores the new user ID in the user ID column 123, and stores it in the password column 126 with the others. A character string that is not to be generated is randomly generated and stored, and the current date is stored in the ID application start date column 127. The person who should be the person in charge at this point is registered as “person in charge”.
Sixth, the access authority initial registration unit 21 sends the mail of the record selected in “third” in step S204 to the user terminal device 4 used by the person in charge registered in “fifth” in step S204. Send a notification using an address. It is assumed that the notification includes information stored in the records created in “fourth” and “fifth” in step S204.
Thereafter, the access authority initial registration processing procedure is terminated.

(Number of general managers, error display, etc.)
In principle, there is one person in charge. In principle, there is only one person designated by the general manager. In principle, the number of managers designated by the person in charge is multiple. In principle, the number of persons in charge designated by one manager is plural. Therefore, when a plurality of managers (or persons in charge) are designated, the access authority initial registration unit 21 repeats the processes of steps S203 and S204 for the number of persons.

  When the responsible person (or manager) designates a plurality of managers (or persons in charge), if the accessible tasks overlap among the plurality of managers (or persons in charge), the access authority initial registration unit 21 May display an error message on the output device of the user terminal device 4 used by the person in charge (or the administrator) and prompt the person in charge (or administrator) to re-enter the accessible work.

  Further, when a higher-order person tries to designate a work outside the scope of his / her accessible work as an accessible work of a lower-order person, the access authority initial registration unit 21 uses the user terminal device used by the higher-order person. An error message may be displayed on the output device 4 to prompt the upper person to re-enter the accessible work.

  The access authority initial registration unit 21 can also perform so-called “inventory” of the access authority information 31 (FIG. 4). Specifically, the access authority initial registration unit 21 is an employee who has been given a specific role (for example, an employee who has been given a role “supervisor”) at a predetermined time such as the end of the month or the end of the year. The access authority information 31 may be transmitted to the user terminal device 4 of the member), and a reply indicating approval may be received. At this time, for example, the access authority information 31 may be transmitted with the password hidden.

(First Embodiment of Access Authority Change Processing Procedure)
The first embodiment of the access authority change processing procedure will be described with reference to FIG.
In step S <b> 301, the change information transmission unit 23 of the personnel management server 2 transmits the personnel change to the access authority management device 1.
As a premise, the change information transmission unit 23 constantly monitors the change information 35 (FIG. 3), and detects when a record is added. Now, for example, it is detected that the records 118c and 118d in FIG. 3 are added at the same time, and these added records (hereinafter sometimes referred to as “target change records”) are transmitted to the access authority management apparatus 1. To do.

In step S302, the access authority changing unit 22 of the access authority management apparatus 1 acquires a deletion condition. Specifically, the access authority changing unit 22 first receives the target transfer record from the access authority management apparatus 1.
Secondly, the access authority changing unit 22 acquires the reason for the change of one of the target change records (for example, the record 118c). In this example, “A2” is acquired.

Thirdly, the access authority changing unit 22 searches the access authority information 31 (FIG. 4) using the company ID and employee ID of the target transfer record 118c as search keys, and the ID application start date is the highest among the corresponding records. Get the role of a new record. In this example, “manager” (the role column 122 of the record 129b in FIG. 4) is acquired.
Fourth, the access authority changing unit 22 searches the ID deletion condition information 32 (FIG. 5) using the reason for the change acquired in “second” in step S302 and the role acquired in “third” in step S302. Then, the deletion condition of the corresponding cell is acquired. In this example, “selection” (cell in the second row and the third column in FIG. 5) is acquired.

  In step S303, the access authority changing unit 22 determines whether or not the deletion condition is “continuation”. Specifically, the access authority changing unit 22 proceeds to step S309 if the deletion condition acquired in “fourth” in step S302 is “continuation” (step S303 “YES”), and otherwise. In step S303 “NO”, the process proceeds to step S304.

  In step S304, the access authority changing unit 22 determines whether the deletion condition is “selection”. Specifically, the access authority changing unit 22 proceeds to step S305 if the deletion condition acquired in “fourth” in step S302 is “select” (step S304 “YES”), and otherwise. In step S304 “NO”, the process proceeds to step S307.

In step S305, the access authority changing unit 22 accepts selection of “delete” or “continue”. Specifically, the access authority changing unit 22 first searches the employee information 34 (FIG. 2) using the company ID and employee ID of the target transfer record 118c as search keys, and sets the mail address of the corresponding record. get.
Secondly, the access authority changing unit 22 notifies the user terminal device 4 used by the employee of the member company using the acquired email address. The notice is “Please select“ Delete ”if the takeover etc. is expected to end early. Select "Continue" if there is no expectation that transfer will be completed early. ”Is included.
Thirdly, the access authority changing unit 22 receives either “delete” or “continue” as a selection result from the user terminal device 4 used by the employee.

  In step S306, the access authority changing unit 22 determines whether or not the deletion condition is “continuation”. Specifically, the access authority changing unit 22 proceeds to step S309 if the received selection result is “continue” (step S306 “YES”), and otherwise (step S306 “NO”). The process proceeds to step S307.

  In step S307, the access authority changing unit 22 acquires the deletion time. Specifically, the access authority changing unit 22 uses the reason for the change acquired in “second” in step S302 and the role acquired in “third” in step S302 as search keys, and the ID deletion time information 33 (FIG. 6 ( A) and FIG. 6B) are searched, and the deletion time of the corresponding cell is acquired. In this example, “after one month” (the cell in the second row and the third column in FIG. 6B) is acquired.

In step S308, the access authority changing unit 22 stores the ID deletion date. Specifically, the access authority changing unit 22 first acquires the transfer reference date of the target transfer record 118c. And the date which added the deletion time acquired in step S307 with respect to the acquired transfer reference date is set as the ID deletion date.
Secondly, the access authority changing unit 22 stores the ID deletion date in the ID deletion date column 128 of the record of the access authority information 31 (FIG. 4) acquired in step “302” in step S302.

In step S309, the access authority changing unit 22 adds a record of the access authority information 31 (FIG. 4). Specifically, the access authority changing unit 22 first creates a new record of the access authority information 31.
Second, the access authority changing unit 22 stores the company ID and employee ID of the other (record 118d) of the target transfer records in the company ID column 121 and the employee ID column 124 of the new record. .

Thirdly, the access authority changing unit 22 thirdly records the ID deletion date in step S308 in the role field 122 and accessible work field 125 of the new record, and the role (in this example, “administrator”) and The accessible work (in this example, “personnel change-all”) is stored, and the user ID is numbered and stored in the user ID field 123 of the new record (when the user ID of the employee has been numbered) Is memorized as it is).
Fourth, the access authority changing unit 22 randomly generates a character string that is not duplicated in the password field 126 of the new record and stores it (if the employee's password has already been assigned, it is stored as it is. In the ID application start date field 127 of the new record, the ID deletion date of the record storing the ID deletion date in step S308 is stored.
Thereafter, the access authority change processing procedure is terminated.

(Modification 1)
The access authority changing unit 22 sets the ID deletion date of the record in which the ID deletion date is stored in step S308 and the ID start application date of the record newly created in step S309 to the email addresses of the predecessor and the successor, respectively. Store it in association. Then, the access authority changing unit 22 uses these e-mail addresses on the ID deletion date and the ID start application date (or a point in time preceding the date) for the predecessor and the successor, respectively. You may transmit a notification to the user terminal device 4 which uses. The notification includes, for example, a message such as “Your user ID and password will be usable (cannot be used) for the business of XX after XX year, month and day”.

(Modification 2)
In step S309, the access authority changing unit 22 stores the accessible business of the predecessor as it is when storing the accessible business of the successor. However, the access authority changing unit 22 identifies an employee who has been given a role immediately higher than that of the predecessor at that time by referring to the access authority information 31 (FIG. 4), May be sent to the user terminal device 4 used by the user, and a higher-ranking employee may accept the designation of a new accessible business for the successor.

(Modification 3)
In the above description, an example in which a successor arrives as a substitute for the predecessor, that is, an example in which two target transfer records exist has been described. However, when a certain employee is promoted, there is only one transfer target record.
For example, when the target transfer record is the record 118g in FIG. 3, the process executed by the access authority changing unit 22 is almost the same as the process described above. However, the access authority changing unit 22 ends without performing the process of step S309.

(Second Embodiment of Access Authority Change Processing Procedure)
A second embodiment of the access authority change processing procedure will be described with reference to FIG.
In the first embodiment, when the deletion condition is “selection”, the employee to be transferred has selected the final deletion condition from among “continuation” and “deletion”. In the second embodiment, selection of the final deletion condition is performed by a higher-level employee who designates the employee to be transferred. Further, if the final deletion condition is not selected during the period until the deletion time comes, “delete” is automatically selected.

  The processes in steps S301 to S304 in FIG. 10 are the same as the processes in steps S301 to S304 in FIG. Furthermore, the processes in steps S307 to S309 in FIG. 10 are the same as the processes in steps S307 to S309 in FIG. 9, respectively. Therefore, detailed description of the processing of steps S301 to S304 and S307 to S309 in FIG. 10 is omitted. For ease of explanation, step S306 is omitted in FIG.

  In step S305, the access authority changing unit 22 executes a continuation / deletion determination processing procedure. The details of the continuation / deletion determination processing procedure will be described immediately below.

(Continuation / deletion judgment procedure)
The continuation / deletion determination processing procedure will be described with reference to FIG.
As a premise that the process of step S401 is executed, the access authority initial registration unit 21 of the access authority management apparatus 1 determines the company ID of the employee who specified in each step of the access authority initial registration procedure (FIG. 8). The combination of the employee ID, the company ID and employee ID of the designated employee, and the date on which the designation was made is stored in the auxiliary storage device 13. The auxiliary storage device 13 is assumed to store a designated / designated correspondence table (not shown) that holds these combinations as records.

In step S401, the access authority changing unit 22 of the access authority management apparatus 1 creates a determination target employee list 36 (FIG. 7). Specifically, the access authority changing unit 22 first creates a new record of the determination target employee list 36. At this time, each column of the record is blank.
Secondly, the access authority changing unit 22 acquires the company ID, employee ID, and transfer reference date of the transfer target record received in “first” in step S302.
Thirdly, the access authority changing unit 22 uses the reason for the change acquired in “second” in step S302 and the role acquired in “third” in step S302 as a search key, and the ID deletion time information 33 (FIG. 6B). ) To obtain the deletion time of the corresponding cell.

Fourth, the access authority changing unit 22 stores the company ID and the employee ID acquired in the “first” in step S401 in the company ID column 131 and the employee ID column 132 of the new record, respectively.
Fifthly, the access authority changing unit 22 sets a new date, which is obtained by adding the deletion time acquired in “third” in step S401 to the transfer reference date acquired in “second” in step S401. Stored in the ID deletion date column 134 of the record.

  Note that the access authority changing unit 22 proceeds to the next step S402 only after the process from step S301 to step S304 “YES” to step S401 is repeated a predetermined number of times. In other words, a predetermined number (for example, 10) of records in the determination target employee list 36 are stored, and then the process proceeds to step S402.

  In step S402, the access authority changing unit 22 transmits the determination target employee list 36 to the determiner. Specifically, the access authority changing unit 22 first uses the company ID and employee ID of any one record in the determination target employee list 36 as a search key. Then, using the search key, the “designated employee company ID and employee ID” field of the designated designation correspondence table is searched, and the latest “designation is performed from the corresponding records. The record having “date” is extracted. Further, “the company ID and employee ID of the designated employee” of the extracted record is acquired. The “first” process is executed for each record in the determination target employee list 36.

Second, the access authority changing unit 22 stores the “employee ID of the designated employee” acquired in “first” in step S402 in the designated person ID column 133 of the new record of the determination target employee list 36. Is stored as a designated person ID corresponding to the employee ID that is already stored (identifies the designated employee).
Thirdly, the access authority changing unit 22 sorts the records in the determination target employee list 36 for each designated person ID.
Fourthly, the access authority changing unit 22 is based on the company ID and employee ID of the specified employee for each part of the record of the determination target employee list 36 sorted in “third” in step S402. Then, referring to the employee information 34 (FIG. 2), the mail address of the designated employee is acquired.

  Fifth, the access authority changing unit 22 transmits a notification to the user terminal device 4 used by the designated employee using the mail address acquired in “fourth” in step S402. The notification includes a part of the determination target employee list 36 (a list of subordinate employees specified in the past by an employee who uses the user terminal device 4 to which the notification has been sent (the employee who specified)). This part is attached and displayed on the output device of the user terminal device 4. The notification also includes a message such as “Specify one of the listed employees and select“ Continue ”or“ Delete ”for that employee”. This message is also displayed on the output device of the user terminal device 4.

  The user terminal device 4 that has received the notification indicates that the designated employee is the designated employee's company ID, employee ID, and deletion condition (either “continuation” or “deletion”). Is input via the input device of the user terminal device 4, and the company ID, employee ID and deletion condition of the designated employee are transmitted to the access authority management device 1.

In step S403, the access authority changing unit 22 determines whether or not the deletion condition is “continuation”. Specifically, the access authority changing unit 22 first receives the company ID, employee ID, and deletion condition of the designated employee transmitted to the access authority management apparatus 1 in step S402.
Secondly, the access authority changing unit 22 proceeds to step S406 when the received deletion condition is “continue” (step S403 “YES”), and otherwise (step S403 “NO”). The process proceeds to S404.

  In step S404, the access authority changing unit 22 acquires the deletion time. Specifically, the access authority changing unit 22 searches the determination target employee list 36 (FIG. 7) using the company ID and employee ID received in step S403 as search keys, and acquires the deletion time of the corresponding record. To do.

In step S405, the access authority changing unit 22 stores the ID deletion date. Specifically, the access authority changing unit 22 first acquires the transfer reference date of the target transfer record (also in this case, the target transfer record is a record denoted by reference numeral 118c). And the date which added the deletion time acquired in step S404 with respect to the acquired transfer reference date is set as the ID deletion date.
Secondly, the access authority changing unit 22 stores the ID deletion date in the ID deletion date column 128 of the record of the access authority information 31 (FIG. 4) acquired in step “302” in step S302.

In step S406, the access authority changing unit 22 adds a record of the access authority information 31 (FIG. 4). Specifically, the access authority changing unit 22 first creates a new record of the access authority information 31.
Second, the access authority changing unit 22 stores the company ID and employee ID of the other (record 118d) of the target transfer records in the company ID column 121 and the employee ID column 124 of the new record. .

Thirdly, the access authority changing unit 22 stores the role and accessible work of the record in which the ID deletion date is stored in step S405 in the role field 122 and accessible work field 125 of the new record, respectively. In the user ID column 123 of the record, the user ID is numbered and stored (if the employee's user ID has been numbered, it is stored as it is).
Fourth, the access authority changing unit 22 randomly generates a character string that is not duplicated in the password field 126 of the new record and stores it (if the employee's password has already been assigned, it is stored as it is. In the ID application start date field 127 of the new record, the ID deletion date of the record in which the ID deletion date is stored in step S405 is stored.
Thereafter, the access authority change processing procedure is terminated.

(Modification 4)
If the access authority management device 1 has not yet received the deletion condition from the user terminal device 4 when the ID deletion date has arrived, the access authority changing unit 22 deletes the employee ID of the predecessor at once. May be.
That is, the access authority changing unit 22 manages the ID deletion date for each record in the determination target employee list 36 (FIG. 7) immediately after the process of step S402. When the access authority changing unit 22 does not receive the employee ID and the deletion condition of the designated employee from the user terminal device 4 during the period until the ID deletion date, the access authority changing unit 22 performs step S404 on the ID deletion date. And the process of step S405 is performed.

(Effect of this embodiment)
According to the present embodiment, it is possible to simply invalidate the user ID and password of the predecessor on the date set in advance with the date when the personnel is issued. The due date can be set in accordance with the type of personnel change.
Furthermore, it becomes easy for a person in a higher position in the company to assign a work to a person in a lower position without duplication.

  The present invention is not limited to the above-described embodiment, and can be modified without departing from the spirit of the present invention.

DESCRIPTION OF SYMBOLS 1 Access authority management apparatus 2 Personnel management server 3 Personnel business server 4 User terminal apparatus 5 Network 11 Central control apparatus (control part)
12 Main storage device (storage unit)
13 Auxiliary storage device (storage unit)
DESCRIPTION OF SYMBOLS 14 Input device 15 Output device 16 Communication interface 21 Access authority initial registration part 22 Access authority change part 23 Change information transmission part 31 Access authority information 32 ID deletion condition information 33 ID deletion time information 34 Employee information 35 Change information 36 Judgment target employee List of employees

Claims (5)

An access authority management device that manages the validity and invalidity of authentication information necessary for an employee to access business,
First correspondence information storing a role that is a role in using the access authority management device in association with the employee, and a time limit that the employee cannot use the authentication information,
Second correspondence information storing deletion conditions indicating whether or not to invalidate the authentication information of the employee who changes personnel in association with the combination of the role and reason for the change;
In association with the combination of the role and the reason for the change, third correspondence information storing a deletion time indicating a period starting from the date of personnel announcement and ending the date of invalidating the authentication information of the employee changing the personnel When,
A storage unit for storing
When the employee changes personnel,
Accept the reason for the change,
Based on the employee who changes personnel, search for the first correspondence information, acquire the role,
Based on the accepted change reason and the acquired role, search the second correspondence information, acquire the deletion condition,
When the acquired deletion condition indicates that the authentication information is invalidated,
Based on the received change reason and the acquired role, the controller searches the third correspondence information and acquires the deletion time;
An access authority management device characterized by comprising: The deletion condition is:
The higher the hierarchy to which the role belongs, and the more the reason for the change indicates a change across the higher hierarchy of the department hierarchy, the greater the need to invalidate the authentication information,
The deletion time is
The shorter the period, the higher the hierarchy to which the role belongs and the reason for the change indicating a change across a higher hierarchy of the department hierarchy,
The access authority management device according to claim 1. The controller is
The first correspondence information is obtained by assigning a role belonging to a lower hierarchy of the roles to another employee based on an input from the employee assigned a role belonging to a higher hierarchy among the roles. Creating
The access authority management device according to claim 2. An access authority management method of an access authority management apparatus for managing the validity and invalidity of authentication information necessary for an employee to access business,
The storage unit of the access authority management device includes:
First correspondence information storing a role that is a role in using the access authority management device in association with the employee, and a time limit that the employee cannot use the authentication information,
Second correspondence information storing deletion conditions indicating whether or not to invalidate the authentication information of the employee who changes personnel in association with the combination of the role and reason for the change;
In association with the combination of the role and the reason for the change, third correspondence information storing a deletion time indicating a period starting from the date of personnel announcement and ending the date of invalidating the authentication information of the employee changing the personnel When,
And store
The control unit of the access authority management device
When the employee changes personnel,
Accept the reason for the change,
Based on the employee who changes personnel, search for the first correspondence information, acquire the role,
Based on the accepted change reason and the acquired role, search the second correspondence information, acquire the deletion condition,
When the acquired deletion condition indicates that the authentication information is invalidated,
Searching the third correspondence information based on the accepted change reason and the acquired role, and acquiring the deletion time;
An access right management method characterized by the above. An access authority management program for causing an access authority management device to manage the validity and invalidity of authentication information necessary for an employee to access work,
The access authority management program is:
For the storage unit of the access authority management device,
First correspondence information storing a role that is a role in using the access authority management device in association with the employee, and a time limit that the employee cannot use the authentication information,
Second correspondence information storing deletion conditions indicating whether or not to invalidate the authentication information of the employee who changes personnel in association with the combination of the role and reason for the change;
In association with the combination of the role and the reason for the change, third correspondence information storing a deletion time indicating a period starting from the date of personnel announcement and ending the date of invalidating the authentication information of the employee changing the personnel When,
Store
For the control unit of the access authority management device,
When the employee changes personnel,
Accept the reason for the change,
Based on the employee who changes personnel, search for the first correspondence information, acquire the role,
Based on the accepted change reason and the acquired role, search the second correspondence information, acquire the deletion condition,
When the acquired deletion condition indicates that the authentication information is invalidated,
Searching the third correspondence information based on the accepted change reason and the acquired role, and causing the process to acquire the deletion time,
An access authority management program characterized by

Images