JP6262089B2 - Image forming apparatus - Google Patents

Image forming apparatus Download PDF

Info

Publication number
JP6262089B2
JP6262089B2 JP2014148180A JP2014148180A JP6262089B2 JP 6262089 B2 JP6262089 B2 JP 6262089B2 JP 2014148180 A JP2014148180 A JP 2014148180A JP 2014148180 A JP2014148180 A JP 2014148180A JP 6262089 B2 JP6262089 B2 JP 6262089B2
Authority
JP
Japan
Prior art keywords
user
access right
image forming
forming apparatus
unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2014148180A
Other languages
Japanese (ja)
Other versions
JP2016024618A (en
Inventor
智昭 大久保
智昭 大久保
Original Assignee
株式会社沖データ
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社沖データ filed Critical 株式会社沖データ
Priority to JP2014148180A priority Critical patent/JP6262089B2/en
Publication of JP2016024618A publication Critical patent/JP2016024618A/en
Application granted granted Critical
Publication of JP6262089B2 publication Critical patent/JP6262089B2/en
Application status is Active legal-status Critical
Anticipated expiration legal-status Critical

Links

Images

Description

  The present invention relates to an image forming apparatus, and can be applied to, for example, a multifunction machine that performs roll-based access control.

  Conventionally, there is a technology described in Patent Document 1 as a multifunction machine that performs access control of each function for a user on a role basis.

  In the multifunction device described in Patent Document 1, an execution permission / prohibition pattern for each function of the multifunction device is assigned to a role as an access right, and each role is assigned to a user, thereby setting the access right for the user.

  In the multifunction device described in Patent Document 1, it is possible to collectively set / change authority for a user by setting an access right via a role.

JP 2006-053855 A

  However, a conventional multi-function apparatus that performs access control on a user on a role basis has a problem that it cannot accept direct access right control processing on a user basis (user basis) instead of a role basis.

  For example, in a multifunction device that performs access control on a role basis, a user interface (operation screen) that manages access control on a user basis, or a request to change access rights from a server that manages access control on a user basis (user-based When there is an access right change request), there is a problem that the access right change request cannot be accepted.

  Therefore, there is a demand for an image forming apparatus capable of processing access right change requests on a user base while executing access right control on a role basis.

  In the image forming apparatus of the present invention, (1) one or a plurality of function execution units that can execute processing of a predetermined function, and (2) whether or not to execute each function execution unit for each user is described in a role-based format. A setting data holding unit that holds the setting data; and (3) an access right management unit that manages whether to execute each function execution unit for each user using the setting data. The unit sets a role corresponding to each of the function execution units in the setting data in advance, and receives a request for setting whether or not to execute any function execution unit for any user, based on the setting request. Thus, the setting data is assigned or unassigned to a role corresponding to the function execution unit for the user.

  According to the present invention, it is possible to provide an image forming apparatus that performs a control of access rights on a roll basis and accepts a request to change access rights on a user basis.

1 is a block diagram illustrating a configuration example of an image forming system including an image forming apparatus according to a first embodiment. It is the block diagram shown about the functional structure of the access right management server which concerns on 1st Embodiment. It is explanatory drawing shown about the example of a notional structure of the user access right management data hold | maintained at the access right management server which concerns on 1st Embodiment. 6 is an explanatory diagram showing an example of a conceptual configuration of user access right management data (normal role base) held in the image forming apparatus according to the first embodiment. FIG. 6 is an explanatory diagram illustrating an example of a conceptual configuration of user access right management data (pseudo user base) held in the image forming apparatus according to the first embodiment. FIG. It is the flowchart shown about operation | movement of the access right management server which concerns on 1st Embodiment. 5 is a flowchart (part 1) illustrating an operation of the image forming apparatus according to the first embodiment. 12 is a flowchart (part 2) illustrating an operation of the image forming apparatus according to the second embodiment. 6 is a flowchart (part 3) illustrating the operation of the image forming apparatus according to the first embodiment. It is explanatory drawing shown about the example of the conceptual structure of the user access right management data (pseudo user base) hold | maintained with the image forming apparatus which concerns on 2nd Embodiment.

(A) First Embodiment Hereinafter, a first embodiment of an image forming apparatus according to the present invention will be described in detail with reference to the drawings. Hereinafter, an example in which the image forming apparatus of the present invention is applied to a multifunction machine will be described.

(A-1) Configuration of First Embodiment FIG. 1 is an explanatory diagram showing a configuration example of an image forming system 1 including the image forming apparatus 100 of the first embodiment. In FIG. 1, the functional configuration of the image forming apparatus 100 according to the first embodiment is also illustrated.

  The image forming system 1 includes a network N (LAN in this embodiment). The network N is connected to the image forming apparatuses 100 and 400, the access right management server 200, and the PC 300, and can communicate with each other. It has become.

  The image forming apparatus 100 is a multifunction machine to which the image forming apparatus of the present invention is applied, and corresponds to user access control on a roll basis.

  The image forming apparatus 400 is a multifunction device that supports user access control on a user base. Note that the image forming apparatus 400 itself can be applied to a multi-function device that supports conventional user-based user access control, and thus detailed description of the configuration is omitted.

  In the image forming system 1, the number of image forming apparatuses 100 according to the present invention and the number of image forming apparatuses 400 that support user-based access control are not limited. In the image forming system 1, the image forming apparatus 400 that supports user-based access control may be omitted.

  The access right management server 200 is a server that manages access right data on a user basis and provides the data to the image forming apparatuses 300 and 400.

  Next, the internal configuration of the image forming apparatus 100 will be described.

  As illustrated in FIG. 1, the image forming apparatus 100 includes a control unit 110, an operation unit 120, a reading unit 130, a printing unit 140, a communication interface unit 150, and a FAX communication unit 160.

  The control unit 110 has functions such as control of each component of the image forming apparatus 100 and data processing required in the image forming apparatus 100.

  The operation unit 120 has a function of presenting information to the user and accepting an operation from the user according to the control of the control unit 110. As the operation unit 120, for example, a touch panel display or hard keys (not shown) can be applied.

  The reading unit 130 has a function of reading (scanning) a document and holding the read image (image data) under the control of the control unit 110.

  The printing unit 140 has a function of printing (image formation) on printing paper (medium) under the control of the control unit 110.

  The communication interface unit 150 has a function of a communication interface connected to the network N. The image forming apparatus 100 can communicate with an external device via the communication interface unit 150. In this embodiment, it is assumed that the image forming apparatus 100 can communicate with the PC 300, the image forming apparatus 400, and a mail server (not shown) (a mail server that first passes through when performing e-mail transmission).

  The FAX communication unit 160 is connected to a telephone communication network (not shown) (for example, a public telephone network), and has a function of executing FAX transmission / reception (FAX signal transmission / reception) according to the control of the control unit 110.

  Next, the configuration of each function (configuration of each function execution unit) supported by the image forming apparatus 100 will be described. Note that the number and combination of functions supported by the image forming apparatus 100 (combination of mounted function execution units) are not limited.

  The image forming apparatus 100 corresponds to a copy function for printing a document read by the reading unit 130 using the printing unit 140. In this embodiment, the copy function is classified into a “monochrome copy function” for executing monochrome copy and a “color copy function” for executing color copy.

  Further, the image forming apparatus 100 corresponds to a print function for printing print data received from the communication interface unit 150 by the printing unit 140. In this embodiment, the printing function is classified into a “monochrome printing function” for performing monochrome printing and a “color printing function” for performing color printing. In addition, it is assumed that the print data received by the image forming apparatus 100 includes user authentication information (user name + password) and image data.

  Further, the image forming apparatus 100 corresponds to an e-mail transmission function that transmits image data read by the reading unit 130 via an interface unit 109.

  Furthermore, the image forming apparatus 100 corresponds to an address book editing function for editing an address book (a destination list when sending an image by e-mail or FAX) from the operation unit 120.

  Further, the image forming apparatus 100 corresponds to a setting change function for changing device settings (for example, network settings) from the operation unit 120.

  Next, the internal configuration of the access right management server 200 will be described with reference to FIG.

  FIG. 2 is a block diagram showing a functional configuration inside the access right management server 200.

  Functionally, the access right management server 200 includes a control unit 210 that executes overall control and various types of information processing, and a communication interface 220 for connecting to the network N. The control unit 210 has a user access right management unit 211.

  The user access right management unit 211 has user access right management data 211a for distribution to each image forming apparatus.

  In this embodiment, it is assumed that the user access right management data 211a managed by the access right management server 200 describes an access right (whether or not each function in the image forming apparatus can be executed) on a user basis.

  FIG. 3 is an explanatory diagram showing an example of a conceptual configuration of the user access right management data 211a.

  In FIG. 3, access right description data D (D1, D2, D3,...) In which an access right is described for each function is assigned (link) to each user U (U1, U2, U3,...). Has been.

  In this embodiment, the access right description data D is “monochrome copy”, “color copy”, “monochrome print”, “color print”, “email transmission”, “address book edit”, “setting change”. It shall consist of one item. The number and combination of items constituting the access right description data D are not limited. The “monochrome copy”, “color copy”, “monochrome print”, “color print”, “email transmission”, “address book edit”, and “setting change” constituting the access right description data D are respectively Access rights for the above-mentioned “monochrome copy function”, “color copy function”, “monochrome print function”, “color print function”, “e-mail transmission function”, “address book editing function”, and “setting change function” (Executability / permission, execution authority).

  In the access right description data D, as a setting value for each function, either “1” indicating prohibition (execution impossible) or “2” indicating permission (execution prohibition) is set. Shall. For example, in FIG. 3, “2” is set in the monochrome copy item of the access right description data D1 assigned to the user U1. Therefore, FIG. 3 shows that the access right of the monochrome copy function is permitted (execution permission) for the user U1.

  The user access right management unit 220 performs processing for supplying the user access right management data 211a described in the user base to the image forming apparatus 100 and the image forming apparatus 400 as shown in FIG. Then, the image forming apparatus 100 and the image forming apparatus 400 perform the setting of the own apparatus based on the data supplied from the access right management server 200 (user access right management unit 220).

  Next, an internal configuration of the control unit 110 configuring the image forming apparatus 100 will be described.

  The control unit 110 includes an approval unit 111, a user access right setting conversion unit 112 as an access right management unit, a command reception unit 113, an authentication unit 114, and a data storage unit 115 as a setting data holding unit. The data storage unit 115 stores user authentication data 115a, user access right management data 115b as setting data, and a data format management flag 115c.

  For example, the control unit 110 may be configured by installing the control program of the embodiment (a program corresponding to each component in the control unit 110 illustrated in FIG. 1) in a computer having a memory and a processor. Good.

  In the user authentication data 115a, it is assumed that a user name and a password are associated and registered as user authentication information. Further, it is assumed that the user access right management data 115b is data (setting data) described on a role basis for each user's access right (execution authority). Further, the data format management flag 115c is a flag for managing the data format of the user access right management data 115b. Examples of detailed configurations of the user access right management data 115b and the data format management flag 115c will be described later.

  The command receiving unit 113 receives a request for executing any function from the user. When receiving a function execution request, the command receiving unit 113 acquires a user name and a password as user authentication information related to the function execution request. The command receiving unit 113 may extract and acquire the user name and password from the received print data (for example, print data received from the PC 300). Further, for example, when receiving a function execution request from the operation unit 120 from the user, the command reception unit 113 may acquire the login ID and the password by requesting input.

  The authentication unit 114 acquires authentication information (user name and password) added to the command received by the command receiving unit 113, and verifies the user authentication data 115a to authenticate the user who issued the command. (Specify) is performed. Note that the method of user authentication performed by the authentication unit 114 is not limited. For example, the user authentication may be performed using an authentication server (not shown).

  The approval unit 111 performs processing for confirming whether or not the user (the user specified by the authentication unit 114) has the execution authority for the function execution request received by the command reception unit 113. Specifically, the approval unit 111 confirms whether or not the user is permitted to execute the function requested this time in accordance with the contents of the user access right management data 115b. Then, the control unit 110 executes only the function execution request approved by the approval unit 111 (confirmed that execution is permitted) (the function execution request received by the command receiving unit 113).

  The user access right setting conversion unit 112 converts the contents of the user access right management data 115b. As described above, the user access right management data 115b is data described on a role basis, but the user access right management data 211a of the access right management server 200 is data described on a user basis.

  For example, data processing of the user access right management data 115b is not particularly necessary for the image forming apparatus 100 alone (standalone) to update the contents of the user access right management data 115b. However, since the data description structure is different from the user access right management data 211 a of the access right management server 200, the image forming apparatus 100 does not change the user access right management data 115 b and the user access right of the access right management server 200. Data synchronization with the management data 211a cannot be achieved. Therefore, in the image forming apparatus 100, the user access right setting conversion unit 112 maintains the structure of the user access right management data 115b described in the role base (the role base structure itself), and the user described in the user base. A process of converting the access right management data 211a into a format that facilitates substantial data synchronization is performed. Hereinafter, the data format of the user access right management data 115b after being converted by the user access right setting conversion unit 112 is referred to as a “pseudo user base” data format. In the following description, the data format of the user access right management data 115b before being converted by the user access right setting conversion unit 112 (a format in which the setting method is not particularly limited) is referred to as a “normal role base” data format. And

  Next, the case where the user access right management data 115b is in the normal role base format and the pseudo user base format will be described with reference to FIGS.

  FIG. 4 is an explanatory diagram showing an example of a conceptual data configuration when the data format of the user access right management data 115b is a normal role base. FIG. 5 is an explanatory diagram showing an example of a conceptual data structure when the data format of the user access right management data 115b is a pseudo user base.

  First, a configuration example when the data format of the user access right management data 115b is a normal role base will be described with reference to FIG.

  The user access right management data 115b is basically configured on a role basis as shown in FIG.

  As shown in FIG. 4, in the user access right management data 115b, each access right description data D (D1, D2, D3,...) Is linked to a role R (R1, R2, R3,...). One or a plurality of roles R are assigned to each user U (U1, U2, U3,...) (For the user name of each user U). This basic role-based structure in the user access right management data 115b does not change regardless of whether it is a normal role base or a pseudo user base.

  In the user access right management data 115b, a plurality of roles R may be linked to one user U. That is, in the user access right management data 115b, values based on a plurality of roles R are set for each function item for one user. When a value based on a plurality of roles R is set for one function of one user U, 2 (permitted) has priority over 1 (forbidden), and the most prioritized value is assigned to the function of the user. It shall be applied as the value of such access right.

  For example, in FIG. 4, two roles R1 and R2 are assigned to the user U1. At this time, the values of the monochrome copy function of rolls R1 and R2 are 1 (prohibited) and 2 (permitted), respectively. Therefore, the approval unit 111 applies 2 (permission) having a higher priority as the access right (execution authority) of the monochrome copy function to the user U1.

  As described above, when a plurality of roles are assigned to one user, the approval unit 111 refers to each function item of each role, and has a function of permitting (executable) an access right for the user. The function to be prohibited (unexecutable) is determined. For example, in FIG. 4, only the setting change item is set to 2 (permitted) for the role R1. In FIG. 4, only the items of monochrome copy, monochrome printing, and e-mail transmission are set to 2 (permitted) for the roll R2. In FIG. 4, since the two roles R1 and R2 are assigned to the user U1 as described above, the approval unit 111 merges the roles R1 and R2 for the user U1, and performs monochrome copying and monochrome copying. The access right is determined to be 2 (permitted) for the four functions of printing, e-mail transmission, and setting change.

  The number of users and roles that can be registered in the user access right management data 115b are not limited. Here, as an example, a maximum of 5000 users and 100 roles can be registered in the user access right management data 115b. Shall. This is a value that takes into account that if the number of users and the number of roles increase too much, the processing load required for the approval unit 111 and the storage required for the user access right management data 115b become too large. . In particular, if the number of roles is increased, the processing load per function execution in the approval unit 111 and the storage capacity required per user may increase, so the number of roles becomes a smaller value. It is desirable that

  Next, a configuration example when the data format of the user access right management data 115b is a pseudo user base will be described with reference to FIG.

  The basic data structure of the user access right management data 115b is the same as that of the normal role base (in the case of FIG. 4) even when the pseudo user base is used, but the configuration of the set role is the access right description. It is different in that it is fixed according to the item of data D (corresponding function). In the user access right management data 115b shown in FIG. 5, only one of the items constituting the role R1 in which all items are set to 1 (prohibited) and the access right description data D is set to 2 (permitted). Roles R2 to R8 (all other six items are set to 1 (prohibited)) are set. In FIG. 5, “monochrome copy”, “color copy”, “monochrome print”, “color print”, “email transmission”, “address book edit”, and “setting change” are 2 in rolls R2 to R8, respectively. (Allowed) is set.

  In the user access right management data 115b shown in FIG. 5, the role R1 is assigned to all users. In the user access right management data 115b shown in FIG. 5, a role corresponding to the permitted function is also assigned to each user. That is, in the user access right management data 115b shown in FIG. 5, all the function items are set to 1 (prohibited) only by assigning the role R1 to the user, but assigned among the roles R2 to R8. 2 (permitted) is applied only to the function related to the role (function whose value is set to 2 (permitted)). In the user access right management data 115b, for example, as shown in FIG. 5, by replacing each role as an item of access right description data D in the user base access control, the role base data structure is maintained. In a pseudo manner, it can be used as a data structure similar to the user base.

  For example, in the user access right management data 115b shown in FIG. 5, for the user U1, a roll R1, a roll R2 in which the monochrome copy function is set to 2 (permitted), and a monochrome print function is 2 (permitted). , Role R6 set to 2 (permitted) for the email transmission item, and role R8 set to 2 (permitted) for changing the setting.

  That is, the user access right management data 115b shown in FIG. 5 shows a state where permission is set for the functions of monochrome copying, monochrome printing, e-mail transmission, and setting change for the user U1. Therefore, the access right of the user U1 in the user access right management data 115b shown in FIG. 5 is expressed as the access right description data D1 shown in FIG. Further, when the access authority of the user U1 in the user access right management data 115b shown in FIG. 5 is expressed in the normal role base, the contents shown in FIG. 4 described above (contents in which the roles R1 and R2 are assigned to the user U1) are obtained. .

  In other words, from the contents of FIGS. 3 to 5, in the control unit 110 (user access right setting conversion unit 112), the user access right management data 211a described in the user base or the user access right described in the normal role base. It can be seen that the management data 115b described in any format can be converted into pseudo-user base content.

  In the control unit 110, the data format management flag 115c is used as a switch for determining whether the content of the user access right management data 115b is a normal role base or a pseudo user base. In this embodiment, the data format management flag 115c is set to either a value indicating a normal role base (for example, “1”) or a value indicating a pseudo user base (for example, “2”). It will be explained as a thing. In other words, in the control unit 110, when the data format management flag 115c is set to a value indicating the normal role base, an operation mode (hereinafter referred to as “first operation”) in which the user access right management data 115b is the normal role base. When the data format management flag 115c is set to a value indicating a pseudo user base, an operation mode (hereinafter referred to as "second mode") in which the user access right management data 115b is set as a pseudo user base. It is also called “operation mode”. In the image forming apparatus 100, the method of changing the value of the data format management flag 115c is not limited. For example, the method is changed based on an operation from the operation unit 120 or a control command from an external device such as the PC 300. You may make it possible.

  In this embodiment, it is assumed that the default value of the data format management flag 115c is a value indicating a normal role base. When the value of the data format management flag 115c is changed from a value indicating the normal role base to a value indicating the pseudo user base by a user operation or the like, the user access right setting conversion unit 112 displays the user access right management data 115b. Is temporarily saved (for example, saved in a backup area in the data storage unit 115), and then the contents of the user access right management data 115b are converted into a pseudo-user base format. For example, the user access right setting conversion unit 112 changes the access right description data and the role in the user access right management data 115b to the content of the pseudo user base (for example, the content as shown in FIG. 5), and then changes each user. Is assigned to a role corresponding to a function to be permitted (a function permitted in the backed-up user access right management data 115b).

  When the value of the data format management flag 115c is set to a value indicating the pseudo user base, the user access right setting conversion unit 112 responds to a request from the access right management server 200, etc. A process of synchronizing the contents of 115b with the user access right management data 211a is performed.

  At this time, for example, the control unit 110 (user access right setting conversion unit 112) accepts an access (command) from the access right management server 200 via the communication interface unit 150 and holds the user access right management data 211a. To do. The communication protocol used when the control unit 110 (user access right setting conversion unit 112) acquires the content of the user access right management data 211a from the access right management server 200 is not limited. You may make it hold | maintain using the command sequence described in the languages (for example, PCL: Printer Control Language etc.). The control unit 110 (user access right setting conversion unit 112) is prohibited by the process of assigning each user a role corresponding to the function permitted by the user access right management data 211a and the user access right management data 211a. A process (setting process for the user access right management data 115b) for canceling the assignment of the role corresponding to the function is performed.

(A-2) Operation of the First Embodiment Next, the operation of the image forming system 1 of the first embodiment having the above configuration will be described.

(A-2-1) Operation of Access Right Management Server 200 First, the user access right management unit 211 of the access right management server 200 sets the access right based on the user access right management data 211a for the image forming apparatus 100. The operation for making a request will be described with reference to the flowchart of FIG. The operation performed by the access right management server 200 on the image forming apparatus 400 has the same contents, and thus detailed description thereof is omitted.

  The trigger for the access right management server 200 to start processing for requesting access right setting to the image forming apparatus 100 is not limited. For example, the start timing of the image forming apparatuses 100 and 400, the user It is good also as timing according to operation.

  The user access right management unit 211 first obtains access right description data relating to an arbitrary user from the user access right management data 211a, and requests the user to set access right according to the access right description data. And is transmitted to the image forming apparatus 100 (S101).

  At this time, the format of the command created by the user access right management unit 211 is not limited. Note that a user name and password of a predetermined user (for example, a user permitted to access the setting change function) are inserted in the command created by the user access right management unit 211, and the image forming apparatus 100 side In the following, it is assumed that the command can be processed.

  Then, the user access right management unit 211 receives the processing result for the transmitted command (S102), and when the received processing result is normal end (OK), the user access right management unit 211 operates from step S102 described later, and receives the processing result. Is an error (NG), the process is terminated.

  When the processing result is normal end (OK) in step S102 described above, the user access right management unit 211 further confirms the user who has not transmitted the command with the user access right management data 211a (S103), and the command has not been transmitted. If there is a user, the process returns to the above-described step S101 to execute processing (execution of command transmission related to the user), and if there is no user who has not yet transmitted the command, the processing ends.

  Through the processing as described above, the access right management server 200 (user access right management unit 211) performs processing for transmitting access right setting requests for all users managed by the user access right management data 211a.

(A-2-2) Access Right Setting Operation of Image Forming Apparatus 100 Next, the flowchart of FIG. 7 shows the operation on the image forming apparatus 100 side that has received an access right setting request by the processing of the flowchart of FIG. It explains using.

  In the image forming apparatus 100, it is assumed that an access right setting command is received by the control unit 110 (command receiving unit 113) and supplied to the user access right setting conversion unit 112 (S201).

  Next, the user access right setting conversion unit 112 checks whether or not the setting value of the data format management flag 115c is set to a pseudo user base (S202).

  When the data format management flag 115c is set to the pseudo user base, the user access right setting conversion unit 112 starts from step S203, which will be described later. Otherwise, the setting value of the data format management flag 115c is set to the normal role base. If it is set to), the operation starts from step S205 described later.

  Next, the user access right setting conversion unit 112 assigns a role (permitted role of permitted function) to the user specified by the command according to the command (prohibition or permission for each function). ) And / or deallocating the role (deallocating the role of the prohibited function) (S203), returning a normal end (OK) to the access right management server 200 (S204), and ending the process. .

  On the other hand, when it is confirmed in step S202 described above that the setting value of the data format management flag 115c is set to the normal role base, the user access right setting conversion unit 112 displays an error (NG) as an access right management server. In response to 200 (S205), the process is terminated.

(A-2-3) Function Execution Operation of Image Forming Apparatus 100 Next, image forming apparatus 100 when control unit 110 (command accepting unit 113) of image forming apparatus 100 accepts execution of any function. Will be described with reference to the flowchart of FIG.

  First, it is assumed that the command accepting unit 113 of the control unit 110 accepts an execution request command related to an arbitrary function (S301). The command receiving unit 113 receives a command from the outside (for example, print data or the like) or a command corresponding to a user operation on the operation unit 120.

  Next, the authentication unit 114 of the control unit 110 holds the authentication information (user name and password) included in the accepted command and performs authentication processing (collation processing with the user authentication data 115a) (S302), and authentication OK. In the case of, the operation starts from step S303 described later, and in the case of authentication NG, the process ends.

  In the case of authentication OK, the approval unit 111 of the control unit 110 confirms whether or not the function specified by the received command is permitted for the authenticated user (user name) (user access right management) A process of confirming with reference to the data 115b is performed (S303).

  When the user is permitted to execute the function, the control unit 110 controls each unit to execute the function according to the accepted command (S304), and ends the process.

  On the other hand, when the user is prohibited from executing the function, the control unit 110 ends the process without executing the function according to the accepted command.

(A-2-4) Data Conversion Operation of Image Forming Apparatus 100 Next, the value of the data format management flag 115c is changed from a value indicating the normal roll base to a value indicating the pseudo user base by a user operation or the like. The operation of the image forming apparatus 100 will be described with reference to the flowchart of FIG.

  First, in the image forming apparatus 100, it is assumed that the value of the data format management flag 115c is changed from a value indicating a normal roll base to a value indicating a pseudo user base by a user operation or the like (S401).

  When the value of the data format management flag 115c transitions to the pseudo user base, the user access right setting conversion unit 112 temporarily saves the data of the user access right management data 115b and acquires a backup (S402).

  Next, the user access right setting conversion unit 112 changes the access right description data and the role in the user access right management data 115b to the content of the pseudo user base (for example, the content as shown in FIG. 5) (S403). .

  Next, the user access right setting conversion unit 112, in the user access right management data 115b, for each user, a role corresponding to a function to be permitted (a function permitted in the backed up user access right management data 115b). Is assigned (S404), and the process is terminated.

(A-3) Effects of First Embodiment According to the first embodiment, the following effects can be achieved.

  In the image forming apparatus 100, the user access right management data 115b is in a pseudo user base format, so that even if the access right management server 200 supports only the management of access rights on a user base basis, the substantial user The access rights can be synchronized. For example, even when the image forming apparatus 400 that supports only user-based access control and the image forming apparatus 100 that supports only roll-based access control are mixed, as in the image forming system 1, user-based access is performed. The entire management is possible by using the access right management server 200 that supports only the management of rights.

(B) Second Embodiment Hereinafter, a second embodiment of an image forming apparatus according to the present invention will be described in detail with reference to the drawings. Hereinafter, an example in which the image forming apparatus of the present invention is applied to a multifunction machine will be described.

  The configuration of the image forming system of the second embodiment can be shown using FIG. 1 and FIG. 2 as in the first embodiment. Hereinafter, only the difference between the second embodiment and the first embodiment will be described.

  In the image forming apparatus 100 according to the first embodiment, when the contents of the user access right management data 115b are described on a pseudo user basis, the role R1 in which the access right for all functions is set to prohibited (1) is set as a default. Access rights for each user are controlled by allocating the roles R2 to R8 in which one function is set to permit (2) to the users. In other words, the image forming apparatus 100 according to the first embodiment employs an active list method in which the default values of all functions are prohibited (1) and the functions permitted (2) are adjusted using rolls R2 to R8. It was.

  In contrast, in the image forming apparatus 100 of the second embodiment, a set value of explicit prohibition (hereinafter, the value “3” is applied) having a higher priority than permission (2) is provided, and all functions are provided. Based on the role set to permit (2), adopting a negative list method that adjusts the function that prohibits execution using the role set to explicit prohibition (3) for one function To do.

  For example, when the user access right management data 115b described in the active list method shown in FIG. 5 is described in the above-described negative list method, the contents are as shown in FIG.

  In FIG. 10, the role R1 that sets the access right to all functions to permitted (2) is set as a default, one of the functions is explicitly prohibited (3), and the other functions are permitted to (2). By assigning these roles R2 to R8 to the user, the access right for each user is controlled.

  For example, in FIG. 5 described in the positive list method, the permission (2) setting is applied to the user U1 for the four functions of monochrome copying, monochrome printing, e-mail transmission, and setting change. In other words, in FIG. 5, functions (color copying, color printing, and address book editing functions) other than the above four are set to prohibited (1) for the user U1.

  On the other hand, in FIG. 10 described in the negative list method, the color copy, color printing, and address book editing functions set to prohibited (1) in FIG. Roles R3, R5, and R7 for setting explicit prohibition (3) are assigned.

  As described above, when the user access right management data 115b is described on a pseudo user basis, the user access right management data 115b may be described using a positive list method as in the first embodiment, or negative as in the second embodiment. You may make it describe by the method of a list. As shown in FIGS. 5 and 10, when there are fewer functions to be prohibited (when there are more functions to be permitted), a negative list method is used as shown in FIG. Can reduce the total amount of roles (total amount of links) assigned to each user.

(C) Other Embodiments The present invention is not limited to the above-described embodiments, and may include modified embodiments as exemplified below.

  (C-1) In each of the above embodiments, the example in which the image forming apparatus of the present invention is applied to a multifunction peripheral has been described. However, the image forming apparatus may be applied to other image forming apparatuses. For example, the image forming apparatus of the present invention may be applied to a printer having only color printing and / or monochrome printing functions.

DESCRIPTION OF SYMBOLS 1 ... Image forming system, 100 ... Image forming apparatus, 110 ... Control part, 111 ... Approval part, 112 ... User access right setting conversion part, 113 ... Command reception part, 114 ... Authentication part, 115 ... Data storage part, 115a ... User authentication data, 115b ... User access right management data, 115c ... Data format management flag, 120 ... Operation unit, 130 ... Reading unit, 140 ... Printing unit, 150 ... Communication interface unit, 160 ... FAX communication unit, N ... Network, DESCRIPTION OF SYMBOLS 200 ... Access right management server, 210 ... Control part, 211 ... User access right management part, 211a ... User access right management data, 220 ... Communication interface, 300 ... PC, 400 ... Image forming apparatus.

Claims (4)

  1. One or more function execution units capable of executing processing of a predetermined function;
    A setting data holding unit for holding setting data in which whether to execute each function execution unit for each user is described in a role-based format;
    An access right management unit that manages whether to execute each function execution unit for each user using the setting data;
    When the access right management unit presets a role corresponding to each of the function execution units in the setting data and receives a request for setting whether or not to execute any function execution unit for any user, An image forming apparatus, wherein the setting data is assigned or unassigned to a role corresponding to the function execution unit based on a setting request.
  2.   The access management unit includes a first operation mode in which a setting format is not limited, or a role corresponding to each of the function execution units, and sets whether or not to execute any function execution unit for any user Upon accepting the request, it is possible to operate by switching to one of the second operation modes for setting the assignment of the role corresponding to the function execution unit or the assignment release based on the setting request. The image forming apparatus according to claim 1, wherein the image forming apparatus is an image forming apparatus.
  3.   When the access management unit shifts from the first operation mode to the second operation mode, the access management unit converts the setting data held by the setting data holding unit into a format compatible with the second operation mode. The image forming apparatus according to claim 2, wherein the image forming apparatus is performed.
  4.   The access management unit sets a role corresponding to each function execution unit for the setting data held by the setting data holding unit when shifting from the first operation mode to the second operation mode, A process for performing replacement processing with setting data in which a role is assigned to each user is performed so that execution setting for each function execution unit of each user is the same as setting data before conversion. Item 4. The image forming apparatus according to Item 3.
JP2014148180A 2014-07-18 2014-07-18 Image forming apparatus Active JP6262089B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2014148180A JP6262089B2 (en) 2014-07-18 2014-07-18 Image forming apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2014148180A JP6262089B2 (en) 2014-07-18 2014-07-18 Image forming apparatus

Publications (2)

Publication Number Publication Date
JP2016024618A JP2016024618A (en) 2016-02-08
JP6262089B2 true JP6262089B2 (en) 2018-01-17

Family

ID=55271331

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2014148180A Active JP6262089B2 (en) 2014-07-18 2014-07-18 Image forming apparatus

Country Status (1)

Country Link
JP (1) JP6262089B2 (en)

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1989656A1 (en) * 2006-01-31 2008-11-12 Philips Electronics N.V. Role-based access control
JP4143654B2 (en) * 2006-05-31 2008-09-03 キヤノン株式会社 Device management system, device management apparatus, device management method, program, and storage medium
RU2471304C2 (en) * 2006-06-22 2012-12-27 Конинклейке Филипс Электроникс, Н.В. Improved control of access for medical special networks of physiological sensors
JP5159571B2 (en) * 2008-11-13 2013-03-06 三菱電機株式会社 Access control device, access control device access control method, and access control program
JP5728275B2 (en) * 2011-04-05 2015-06-03 キヤノン株式会社 Information processing apparatus and control method thereof
US8682049B2 (en) * 2012-02-14 2014-03-25 Terarecon, Inc. Cloud-based medical image processing system with access control

Also Published As

Publication number Publication date
JP2016024618A (en) 2016-02-08

Similar Documents

Publication Publication Date Title
JP3998013B2 (en) Command processing apparatus authentication system, image forming apparatus, authentication control method, and authentication control program
US8861001B2 (en) Output control system, output control method, and output control apparatus for determining whether to store or transmit target data based on use state
JP2006035631A (en) Image forming apparatus and image forming system
JP4848190B2 (en) Application execution apparatus, application execution method, and application execution program
JP4229735B2 (en) Information processing method, information processing system, management server, computer program, and recording medium
JP2012221069A (en) Information processor and method for controlling the same
US8896856B2 (en) Image processing apparatus, control method therefor, and storage medium
JP5240264B2 (en) Image information processing apparatus, image information processing system, and computer program
US20080130026A1 (en) Information processing apparatus, information processing method, and print control system
US8613063B2 (en) Information processing apparatus, information processing method, and recording medium
JP3982520B2 (en) Access management system and method, image forming apparatus, and computer program
JP4725726B2 (en) Image processing apparatus, job log management program, and image processing system
JP5026365B2 (en) Printing apparatus, printing method, and printing system
JP4844104B2 (en) Authentication agent device and authentication method
JP5853655B2 (en) Multi-function device and screen providing server
US10061931B2 (en) Image processing apparatus, control method therefor, and computer-readable storage medium storing program for implementing the method
CN102195961B (en) Image forming system and image forming method
US8233173B2 (en) Computer readable medium for image processing, image processing method, image processing device, and image processing system
JP2009069992A (en) Information processing apparatus, authentication control method, and authentication control program
JP2012187867A (en) Printer
JP6458598B2 (en) Image processing apparatus and information processing apparatus
JP2011234169A (en) Communication device, and control method and control program of the same
JP4752480B2 (en) Image processing program, image processing apparatus, and image processing system
US8248630B2 (en) Multifunction machine and synchronization system
US9246919B2 (en) Portable information terminal apparatus, method, non-transitory computer readable medium, and service utilization system

Legal Events

Date Code Title Description
A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20161215

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20171016

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20171114

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20171213

R150 Certificate of patent or registration of utility model

Ref document number: 6262089

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150