JP6318759B2 - Information management apparatus, information management system, information management method, and program - Google Patents

Description

  The present invention relates to an information management apparatus, an information management system, an information management method, and a program.

  In a web system, access authority (hereinafter referred to as authority) that restricts users who can edit and browse may be set. Further, there is a case where a user who permits editing and browsing of a web page is distinguished from a user who does not permit editing but permits browsing. In such a web system, authority may be delegated to other users.

  Patent Document 1 describes a technique in which an authority delegator's client generates an authentication ticket that describes the scope and validity of the authority delegated from the authority delegator to the authority delegator and transfers it to the authority delegator. Yes. In the technique described in Patent Document 1, the authentication server sends a list describing the scope and validity period of the authority delegated by the authority delegator to the client of the authority delegator. Then, the authority delegator's client permits the authority delegator's substitute operation on behalf of the authority delegator within the scope of the authority described in the transmitted list and within the validity period.

JP 2002-342385 A

  The disclosure of the above prior art document is incorporated herein by reference. The following analysis has been made from the viewpoint of the present invention.

  As described above, in the web system, an authority may be set for each user. In such a web system, authority may be delegated to other users.

  However, in the same web system, there is a case where it is desired to delegate authority to another person for a predetermined web page and request a proxy operation, but it is not desired to delegate authority to another person for other web pages.

  For example, a case is considered in which, in a business company's web system, a boss delegates an input operation of user information (for example, name, department, telephone number, etc.) to a subordinate. However, the supervisor who requests the proxy operation may not want the subordinate to access the password change screen.

  Here, with the technique described in Patent Literature 1, authority delegation cannot be set for each web page. Moreover, in patent document 1, it is not disclosed or suggested at all about delegating authority for every web page.

  Accordingly, an object of the present invention is to provide an information management device, an information management system, an information management method, and a program that contribute to easily delegating authority to other users for each web page.

  According to the first aspect of the present invention, delegation information for obtaining first information, including information for identifying a delegation user, information for identifying a delegation target page, and information for identifying a delegation user An acquisition unit, an information storage unit that stores the first information and authentication information of one or more users, information that identifies a delegated user, information that identifies a page to be delegated, and a delegated user The second user information is acquired, and authentication information of the delegated user is obtained based on the first information stored in the information storage unit and the second information. An information management apparatus is provided that includes a delegation information analysis unit to be acquired.

According to a second aspect of the present invention, an authority delegation apparatus that controls a user interface for authority delegation setting, a delegation control apparatus that controls a user interface for delegation setting, and an information management apparatus that manages information related to the authority delegation; An information management system including
The authority delegation device sets first information including information for identifying a delegation user, information for identifying a delegation target page, and information for identifying a delegated user, and sets the first information as An authority delegation setting unit for transmitting to the information management device;
The surrogate control device sets second information including information for identifying a surrogate user, information for identifying a surrogate target page, and information for identifying a delegated user, and the second information A proxy setting unit for transmitting to the information management device,
The information management apparatus includes a delegation information acquisition unit that acquires the first information, an information storage unit that stores the first information, and authentication information of one or more users, and the second information. An information management system comprising: a delegation information analysis unit that obtains authentication information of a delegated user based on the first information and the second information acquired and stored in the information storage unit Provided.

  According to the third aspect of the present invention, the first information including information for identifying the delegating user, information for identifying the page to be delegated, and information for identifying the delegated user is set, An authority delegation device including an authority delegation setting unit that transmits an HTTP request by sending an HTTP request is provided.

  According to the fourth aspect of the present invention, the second information including information for identifying the delegated user, information for identifying the proxy target page, and information for identifying the delegated user is set, A proxy control device including a proxy setting unit that transmits an HTTP request for the second information is provided.

According to the fifth aspect of the present invention, information acquisition for acquiring first information including information for identifying a delegating user, information for identifying a page to be delegated, and information for identifying a delegated user A step, an information storage step for storing the first information, a step for storing authentication information of one or more users, information for identifying a user to be substituted, information for identifying a page to be substituted, Delegating information analysis for acquiring second information including information for identifying a delegated user and obtaining authentication information of the delegated user based on the first information and the second information An information management method is provided in which a computer executes the process.
This method is linked to a specific machine called an information management device that manages information related to authority delegation.

According to a sixth aspect of the present invention, there is provided a program to be executed by a computer that controls an information management apparatus, wherein information identifying a delegating user, information identifying a delegation target page, and a delegating user are identified. Information acquisition processing for acquiring first information including information, information storage processing for storing the first information, processing for storing authentication information of one or more users, Second information including information for identifying, information for identifying a proxy target page, and information for identifying a delegated user, and obtaining the first information and the second information. Based on this, a program for executing delegation information analysis processing for obtaining authentication information of the delegated user is provided.
The program can be recorded on a computer-readable storage medium. The storage medium may be non-transient such as a semiconductor memory, a hard disk, a magnetic recording medium, an optical recording medium, or the like. The present invention can also be embodied as a computer program product.

  According to each aspect of the present invention, an information management device, an information management system, an information management method, and a program that contribute to easily delegating authority to another user for each web page are provided.

It is a figure for demonstrating the outline | summary of one Embodiment. It is a block diagram which shows an example of the whole structure of the personnel information management system. It is a figure which shows an example of authority transfer setting operation. It is a figure showing an example of authority delegation data concerning a 1st embodiment. It is a flowchart which shows an example of an authority transfer setting process. It is a figure which shows an example of proxy setting operation. It is a flowchart which shows an example of a substitute destination setting process. It is a figure which shows an example of the authority transfer data which concern on 2nd Embodiment.

  First, an outline of an embodiment will be described with reference to FIG. Note that the reference numerals of the drawings attached to the outline are attached to the respective elements for convenience as an example for facilitating understanding, and the description of the outline is not intended to be any limitation.

  As described above, a personnel information management device that contributes to easily delegating authority to other users for each web page is desired.

  Therefore, as an example, the information management apparatus 1100 illustrated in FIG. 1 is provided. The information management apparatus 1100 includes a delegation information acquisition unit 1101, an information storage unit 1102, and a delegation information analysis unit 1103.

  The delegation information acquisition unit 1101 acquires first information including information for identifying a delegation user, information for identifying a delegation target page, and information for identifying a delegated user. Here, the first information is information for specifying a user who delegates authority and a user whose authority is delegated in units of pages. The information storage unit 1102 stores first information and authentication information of one or more users. Here, the information storage unit 1102 may store authentication information of one or more users in advance. Note that the user authentication information is information for authenticating a user, and may be information in which a user ID (Identification) and a password are associated with each other, for example.

  The delegation information analysis unit 1103 acquires second information including information identifying the delegated user, information identifying the page to be delegated, and information identifying the delegated user, and an information storage unit 1102 The authentication information of the delegated user is acquired based on the first information and the second information stored in. Here, the second information is information that specifies a user who delegates authority (that is, a delegated user) and a user who performs proxy processing (that is, a user whose authority is delegated) on a page-by-page basis. .

  Therefore, in the information management apparatus 1100, in order to delegate authority, a user who delegates authority and a user whose authority is delegated may be specified on a page-by-page basis. That is, in the information management apparatus 1100, it is not necessary to mount a function for delegating authority for each page. Therefore, the information management apparatus 1100 contributes to easily delegating authority to other users for each web page.

[First Embodiment]
The first embodiment will be described in more detail with reference to the drawings. In the following description, for the sake of simplicity, “web page” is referred to as “page”. In the following description, for the sake of simplicity, “web browser” is referred to as “browser”. In the following description, the “information management device” is referred to as a “personnel information management device”. In the following description, the above “delegation information acquisition unit” is referred to as “delegation information acquisition and LDAP conversion unit”. In the following description, the “information storage unit” is referred to as a “personnel information storage unit”. In the following description, the “delegation information analysis unit” is referred to as “authority delegation information analysis and proxy screen generation unit”.

  FIG. 2 is a block diagram showing an example of the overall configuration of the personnel information management system 1000 according to the present embodiment. The personnel information management system 1000 includes an authority delegation device 1, a personnel information management device 2, a proxy control device 3, and a Web server device 4.

  In the following description, a user UID (User Identifier) will be described as an example of information identifying the user. However, this is not intended to limit the information for identifying the user to the user's UID in the personnel information management system 1000 according to the present embodiment.

  The authority delegation apparatus 1 is an apparatus that controls a user interface for setting authority delegation. For example, the authority delegation apparatus 1 may be an apparatus in which a “delegation” button is incorporated as a browser add-on. The authority delegation device 1 includes an authority delegation setting unit 11.

  The proxy control device 3 is a device that controls a user interface for setting proxy processing. For example, the proxy control device 3 may be a device in which a “proxy” button is incorporated as a browser add-on. The proxy control device 3 includes a proxy setting unit 31.

  The personnel information management device 2 manages personnel information based on information transmitted from the authority transfer device 1 and the proxy control device 3. The personnel information management device 2 includes a delegation information acquisition unit, an LDAP (Lightweight Directory Access Protocol) conversion unit 21, an authority delegation information update unit 22, a personnel information storage unit 51, an authority delegation information analysis and proxy screen generation unit 41, And an authority delegation information reference unit 42. Note that FIG. 2 mainly describes modules related to the personnel information management apparatus 2 according to the present embodiment. Details of the personnel information management device 2 will be described later.

  Next, the authority delegation setting unit 11 will be described in detail.

  The authority delegation setting unit 11 controls a user interface for performing authority delegation. Further, the authority delegation setting unit 11 transmits information on the delegation target user and page to the delegation information acquisition and LDAP conversion unit 21 of the personnel information management apparatus 2.

Specifically, it is assumed that the authority delegation setting unit 11 determines that the process of inputting (or selecting) the UID of the user to be delegated has been performed. In that case, the authority delegation setting unit 11
・ Authenticating user UID (User Identifier),
-URL (Uniform Resource Locator) of the page to be delegated,
-The UID list of the delegated user entered,
Is transmitted to the delegation information acquisition and LDAP conversion unit 21 as an HTTP (Hypertext Transfer Protocol) request.

  The authority delegation setting unit 11 may be realized using ActiveX (trademark) when realizing the add-on function of the browser. Further, it is preferable that the authority delegation setting unit 11 encrypts the communication path using HTTPS (Hypertext Transfer Protocol Secure) or the like and transmits the information.

  Next, the proxy setting unit 31 will be described in detail.

  The proxy setting unit 31 controls a user interface for setting proxy processing. Further, the proxy setting unit 31 transmits information regarding the proxy user and the page to the authority delegation information analysis and proxy screen generation unit 41 of the personnel information management device 2.

Specifically, it is assumed that the proxy setting unit 31 determines that the process of inputting (or selecting) the UID of the proxy user has been performed. In that case, the proxy setting unit 31
・ Substitute URL
The authenticating user's UID (ie, the proxy user's UID);
The UID of the selected delegate user,
Flag information indicating that the transmission of information is performed via an add-on, and
Is sent to the authority delegation information analysis and proxy screen generation unit 41 as an HTTP request.

  Further, the proxy setting unit 31 displays the screen information returned from the authority delegation information analysis and proxy screen generation unit 41. Details of the authority delegation information analysis and proxy screen generation unit 41 will be described later.

  The proxy setting unit 31 may realize the add-on function of the browser using ActiveX. The proxy setting unit 31 preferably transmits information by encrypting the communication path using HTTPS (Hypertext Transfer Protocol Secure) or the like.

  Next, each module of the personnel information management apparatus 2 will be described in detail.

  The delegation information acquisition and LDAP conversion unit 21 converts the HTTP request transmitted from the authority delegation device 1 into a format that can be registered in the personnel information storage unit 51. Specifically, the delegation information acquisition and LDAP conversion unit 21 converts an HTTP request into an LDAP request.

  The authority delegation information update unit 22 reflects the LDAP request generated by the delegation information acquisition and LDAP conversion unit 21 in the personnel information storage unit 51.

  The personnel information storage unit 51 stores authority transfer data. The personnel information storage unit 51 functions as an LDAP server.

  The authority transfer data is data including the UID of the transfer user, the URL of the page to be transferred, and the UID list of the transferee user. The authority delegation data may include URLs of one or more delegation target pages and one or more delegation user UID lists with respect to the delegation user UID. Here, the authority delegation data may include two or more delegated user UID lists with respect to a URL of a predetermined delegation target page.

  FIG. 4 is a diagram illustrating an example of authority delegation data. The authority delegation data shown in FIG. 4 corresponds to the URL “http://XXX.co.jp/sites/usr_modify.jsp” and the URL “http // XXX.co.jp / sites / portal_modify.jsp”. This indicates that access is permitted to the user with UID “U-00001” and UID “U-00002”. Also, the authority delegation data shown in FIG. 4 is for the user with the UID “U-00002” using the UID “U-00003” for the URL “http // XXX.co.jp / sites / usr_modify.jsp”. Indicates that access is permitted.

  The authority delegation information analysis and proxy screen generation unit 41 acquires authentication information of the UID of the proxy user, and generates and transmits a screen of the corresponding URL authenticated by the proxy user.

  Specifically, the authority delegation information analysis and proxy screen generation unit 41 first confirms that the HTTP request transmitted from the proxy control device 3 is transmitted via the proxy setting unit 31. Then, the authority delegation information analysis and proxy screen generation unit 41 acquires authentication information of the proxy user's UID based on the proxy user's UID, the proxy target URL, and the proxy user's UID. Here, the authority delegation information analysis and proxy screen generation unit 41 acquires the UID authentication information of the delegated user from the personnel information storage unit 51 via the authority delegation information reference unit 42. Then, the screen to be delegated is generated and transmitted.

  The authority delegation information reference unit 42 refers to the personnel information storage unit 51 and obtains UID authentication information. Specifically, with the system authority, the personnel information storage unit 51 is referred to, and the authentication information of the UID of the substitute user is acquired. Then, the authority delegation information reference unit 42 returns the acquired UID authentication information of the delegated user to the authority delegation information analysis and proxy screen generation unit 41.

  Next, the operation of the personnel information management system 1000 according to this embodiment will be described.

  First, the authority delegation setting operation will be described.

  FIG. 3 is a diagram illustrating an example of the authority delegation setting operation. Specifically, FIG. 3 is a diagram illustrating an example of an operation in which the user 201 delegates the operation on the contact address editing screen 204 to another person. In the following description, the name of the user 201 shown in FIG. 3 is “Ichiro Suzuki”.

  First, the user 201 logs in to the personnel information management system 1000 using the login screen 202. Then, the user 201 activates the contact edit screen 204 using the main screen 203 displayed after the login screen 202.

  Here, it is assumed that the contact address editing screen 204 is a web screen. In this case, the user 201 (“Ichiro Suzuki”) presses the “delegation” button in the contact edit screen 204 incorporated as an add-on while the contact edit screen 204 to be transferred is displayed.

  The authority delegation setting unit 11 displays an authority delegation destination setting screen 205 when determining that the “delegation” button has been pressed. Here, the authority delegation setting unit 11 displays a list of delegated users on the authority delegation destination setting screen 205.

  Then, the user 201 selects one or more delegated users from the delegated user list displayed on the authority delegation destination setting screen 205. In the case of FIG. 3, “Jiro Suzuki” and “Saburo Suzuki” are selected. Then, after selecting one or more delegated users, the user 201 presses an “OK” button on the authority delegation destination setting screen 205.

  If the authority delegation setting unit 11 determines that the “OK” button on the authority delegation destination setting screen 205 is pressed, the UID of the user 201, the URL of the page to be delegated, and the list of UIDs of the delegated user are displayed. The included HTTP request is transmitted to the personnel information management apparatus 2. The personnel information management device 2 stores the authority delegation data 206 in the personnel information storage unit 51 based on the received HTTP request.

  Next, the authority delegation setting process will be described.

  FIG. 5 is a flowchart illustrating an example of the authority delegation setting process.

  First, it is assumed that the authority delegation setting unit 11 determines that a delegation target UID has been input. In that case, in step A1, the delegation information acquisition and LDAP conversion unit 21 converts the sent URL and UID information into an LDAP request. Specifically, the delegation information acquisition and LDAP conversion unit 21 displays the URL displayed when the “delegation” button is pressed, the UID of the user (delegation user) who performed the depressing operation of the “delegation” button, An HTTP request including the delegated user's UID is received. The delegation information acquisition and LDAP conversion unit 21 converts the received HTTP request into an LDAP request.

  In step A2, the authority delegation information update unit 22 performs LDAP update. Specifically, the authority transfer information update unit 22 transmits an LDAP request to the personnel information storage unit 51.

  In step A3, the personnel information storage unit 51 determines whether or not the same data already exists. Specifically, the personnel information storage unit 51 determines whether or not the same data as the data included in the transmitted LDAP request is stored in the personnel information storage unit 51.

  If the same data does not exist (No branch in step A3), the personnel information storage unit 51 registers authority delegation data (step A4). And it changes to step A6.

  On the other hand, if the same data exists (Yes branch of step A3), the personnel information storage unit 51 does not register authority transfer data (step A5). And it changes to step A6.

  In step A6, the authority delegation information update unit 22 returns the registration completion result to the add-on screen of the browser. Specifically, the authority delegation information update unit 22 notifies the authority delegation setting unit 11 of presence / absence of authority delegation registration. The authority delegation setting unit 11 displays the presence / absence of authority delegation registration on the web screen when the “delegation” button is pressed.

  Next, the proxy setting operation will be described.

  FIG. 6 is a diagram illustrating an example of the proxy setting operation. Specifically, FIG. 6 is a diagram illustrating an example of an operation in which the user 301 performs an operation on the contact editing screen 304 as a substitute for another person's operation. In the following description, the name of the user 301 is “Jiro Suzuki”.

  First, the user 301 logs in to the personnel information management system 1000 using the login screen 302. The user 301 then activates the contact edit screen 304 using the main screen 303 displayed after the login screen 302.

  Here, it is assumed that the contact address editing screen 304 is a web screen. In this case, the user 301 (“Jiro Suzuki”) presses the “substitute” button in the contact edit screen 304 that is incorporated as an add-on while the substitute contact edit screen 304 is displayed.

  If the proxy setting unit 31 determines that the “substitute” button has been pressed, the proxy setting unit 31 displays a proxy destination setting screen 305. Here, the authority delegation setting unit 11 displays a list of delegated users on the substitution destination setting screen 305.

  Then, the user 301 selects one or two or more users to be substituted from the list of substitute users displayed on the substitution destination setting screen 305. In the case of FIG. 6, “Ichiro Suzuki” is selected. Then, after selecting one or more delegate users, the user 301 presses an “OK” button on the substitution destination setting screen 305.

  If the proxy setting unit 31 determines that the “OK” button on the proxy destination setting screen 305 has been pressed, the proxy setting unit 31 sends an HTTP request including the UID of the user 301, the URL to be proxyed, and the UID of the proxy user to the personnel. It transmits to the information management device 2. The personnel information management device 2 stores the authority delegation data 306 in the personnel information storage unit 51 based on the received HTTP request.

  Then, the user 301 edits the contact setting screen 307 of “Ichiro Suzuki” on behalf of the substitute user (“Ichiro Suzuki” in the case of FIG. 6). In other words, the personnel information management apparatus 2 permits the user 301 to perform the operation of the delegated user (“Ichiro Suzuki”) and edit the web screen indicated by the URL to be delegated.

  Next, the proxy destination setting process will be described.

  FIG. 7 is a flowchart illustrating an example of proxy destination setting processing.

  First, it is assumed that the proxy setting unit 31 determines that the “proxy” button has been pressed. In that case, in step A11, the authority delegation information analysis and proxy screen generation unit 41 confirms whether or not the authority delegation information is included in the user information of the user who performs the operation of another person. Specifically, the authority delegation information analysis and proxy screen generation unit 41 displays the URL displayed when the “proxy” button is pressed, the UID of the user who performed the press operation of the “proxy” button, and the subject. An HTTP request including the proxy user's UID is received.

  Then, the authority delegation information analysis and proxy screen generation unit 41 refers to the authority delegation data stored in the personnel information storage unit 51 via the authority delegation information reference unit 42. Then, the authority delegation information analysis and delegation screen generation unit 41 confirms whether or not the authority delegation information of the URL that performs the operation is included in the authority delegation data stored in the personnel information storage unit 51.

  In step A12, the authority delegation information analysis and proxy screen generation unit 41 determines whether authority delegation information is included. If authority delegation information is not included (No branch in step A12), the process proceeds to step A13. On the other hand, if authority delegation information is included (Yes branch of step A12), the process proceeds to step A14.

  In step A13, the authority delegation information analysis and proxy screen generation unit 41 returns that there is no user who can perform proxy. Specifically, the authority delegation information analysis and proxy screen generation unit 41 generates a screen indicating that authority delegation is not performed. And it changes to step A18.

  On the other hand, when the authority delegation information is included (Yes branch in step A12), the proxy setting unit 31 returns a list of users who can perform proxy and displays the list on the screen (step A14).

  In step A15, the proxy setting unit 31 selects a proxy user. Specifically, the proxy setting unit 31 selects and determines a proxy user based on a user operation.

  In step S <b> 16, the authority delegation information reference unit 42 acquires authentication information of the delegated user with system authority using the delegated ID as a key. Specifically, the authority delegation information reference unit 42 refers to the authority delegation information stored in the personnel information storage unit 51 using the UID of the delegated user as a key. Then, the authentication information of the substitute user corresponding to the UID of the substitute user is extracted from the personnel information storage unit 51.

  In step A <b> 17, the authority delegation information analysis and proxy screen generation unit 41 generates a screen that is authenticated by the proxy user using the proxy user authentication information.

  In step A <b> 18, the authority delegation information analysis and proxy screen generation unit 41 returns the reference result to the proxy control device 3. Specifically, the authority delegation information analysis and proxy screen generation unit 41 transmits the screen generated in step A13 or step A17 to the proxy control device 3.

  As described above, the personnel information management system 1000 according to the present embodiment delegates authority in units of pages based on the URL of the authority delegation target page and the UID of the delegated user. Therefore, the personnel information management system 1000 according to the present embodiment contributes to easily delegating authority to other users for each web page.

  Furthermore, in the personnel information management system 1000 according to the present embodiment, the personnel information management apparatus 2 manages authority transfer collectively. Therefore, it is not necessary to implement the authority delegation mechanism for each page. Therefore, the personnel information management system 1000 according to the present embodiment contributes to reducing the burden on the web page manager.

[Second Embodiment]
Next, the second embodiment will be described in detail.

  In the present embodiment, the authority delegation condition is specified in more detail. In the description of the present embodiment, the description of the same part as the above embodiment is omitted. Further, in the description of the present embodiment, the same components as those of the above-described embodiment are denoted by the same reference numerals, and the description thereof is omitted. In the description of the present embodiment, the description of the same operational effects as those of the above-described embodiment is also omitted.

  The overall configuration of the personnel information management system 1000 according to the present embodiment is as shown in FIG.

  The authority delegation setting unit 11 according to the present embodiment can set the authority delegation conditions in more detail than the authority delegation setting unit 11 according to the first embodiment. For example, the authority delegation setting unit 11 according to the present embodiment may be configured to set an expiration date for delegating authority to a specific URL. Further, the authority delegation setting unit 11 according to the present embodiment may be able to designate the position of the authority delegated user. As a result, the authority delegation setting unit 11 according to the present embodiment can delegate authority to a user having a specific position or higher.

  FIG. 8 is a diagram illustrating an example of authority delegation data according to the present embodiment. The authority delegation data shown in FIG. 8 includes “http://XXX.co.jp/sites/usr_modify.jsp” and “http://XXX.co.jp/sites/portal_modify.jsp”. The user of “U-00002” can access “2013/12/01” to “2014/12/01” with the authority of the UID “U-00001”. For the URL “http://XXX.co.jp/sites/usr_modify.jsp”, the user with the UID “U-00002” has the authority of the UID “U-00003”, and “2013/12/01” ~ Indicates that you can access up to "2015/12/01".

  As described above, the personnel information management system 1000 according to the present embodiment specifies the authority delegation conditions in more detail. Therefore, the personnel information management system 1000 according to the present embodiment has the same effects as the personnel information management system 1000 according to the first embodiment, and contributes to further improving convenience.

  A part or all of the above-described embodiment can be described as in the following supplementary notes, but is not limited thereto.

  (Additional remark 1) It is as the information management apparatus which concerns on a said 1st viewpoint.

  (Additional remark 2) The said delegation information analysis part produces | generates the screen of the page of the said proxy object authenticated with the said delegated user using the acquired said authentication information of the said delegated user. Information management device.

  (Supplementary note 3) The information identifying the delegation target page is a URL (Uniform Resource) of the delegation target page, and the information identifying the delegation target page is the URL of the delegation target page Or the information management apparatus of 2.

  (Supplementary Note 4) Same as the information management system according to the second aspect.

  (Supplementary Note 5) The authority delegation setting unit transmits the first information as an HTTP request to the information management device, and the proxy setting unit transmits the second information as an HTTP request to the information management device. The information management system according to appendix 5.

  (Additional remark 6) It is as the authority transfer apparatus which concerns on the said 3rd viewpoint.

  (Additional remark 7) It is as the substitute control apparatus which concerns on the said 4th viewpoint.

  (Supplementary Note 8) As in the information management method according to the fifth aspect.

  (Supplementary note 9) The information management according to supplementary note 8, wherein, in the delegation information analysis step, a screen of the proxy target page authenticated by the proxy user is generated using the authentication information of the proxy user. Method.

  (Additional remark 10) It is as the program which concerns on the said 6th viewpoint.

  (Supplementary note 11) The program according to supplementary note 10, wherein, in the delegation information analysis process, the authentication target user's authentication information is used to generate a screen of the proxy target page authenticated by the proxy user.

  The disclosure of the above patent document is incorporated herein by reference. Within the scope of the entire disclosure (including claims) of the present invention, the embodiment can be changed and adjusted based on the basic technical concept. Further, various combinations or selections of various disclosed elements (including each element of each claim, each element of each embodiment, each element of each drawing, etc.) are possible within the framework of the entire disclosure of the present invention. is there. That is, the present invention of course includes various variations and modifications that could be made by those skilled in the art according to the entire disclosure including the claims and the technical idea. In particular, with respect to the numerical ranges described in this document, any numerical value or small range included in the range should be construed as being specifically described even if there is no specific description.

DESCRIPTION OF SYMBOLS 1 Authority delegation apparatus 2 Personnel information management apparatus 3 Delegation control apparatus 4 Web server apparatus 11 Authority delegation setting part 21 Delegation information acquisition and LDAP conversion part 22 Authority delegation information update part 31 Delegation setting part 41 Authority delegation information analysis and delegation screen generation part 42 Authority delegation information reference unit 51 Personnel information storage unit 201, 301 User 202, 302 Login screen 203, 303 Main screen 204, 304 Contact edit screen 205 Authority delegation destination setting screen 206, 306 Authority delegation data 305 Delegation destination setting screen 307 Contact setting screen 1000 Personnel information management system 1100 Information management device 1101 Delegation information acquisition unit 1102 Information storage unit 1103 Delegation information analysis unit

Claims (7)

A delegation information acquisition unit for acquiring first information, including information for identifying a delegation user, information for identifying a delegation target page, and information for identifying a delegation user;
An information storage unit for storing the first information and authentication information of one or more users;
The first information stored in the information storage unit is acquired and includes second information including information for identifying the delegated user, information for identifying the page to be delegated, and information for identifying the delegated user And the second information, a delegation information analysis unit that acquires authentication information of the delegated user,
An information management device comprising:   The information management apparatus according to claim 1, wherein the delegation information analysis unit generates a screen of the proxy target page authenticated by the proxy user using the acquired authentication information of the proxy user. . The information identifying the delegation target page is a URL (Uniform Resource Locator ) of the delegation target page, and the information identifying the delegation target page is the URL of the delegation target page. The information management device described in 1. An authority delegation device that controls the user interface of authority delegation settings;
A proxy control device for controlling a user interface for proxy settings;
An information management device for managing information related to the authority delegation;
An information management system including
The authority delegation device is
First information including information identifying a delegating user, information identifying a delegation target page, and information identifying a delegated user is set, and the first information is transmitted to the information management apparatus The authority delegation setting part
The proxy control device is:
Second information including information for identifying the delegated user, information for identifying the page to be delegated, and information for identifying the delegated user is set, and the second information is set in the information management apparatus. It has a proxy setting part to send,
The information management device includes:
A delegation information acquisition unit for acquiring the first information;
An information storage unit for storing the first information and authentication information of one or more users;
A delegation information analysis unit that acquires the second information and acquires authentication information of the delegated user based on the first information stored in the information storage unit and the second information;
An information management system comprising: The authority delegation setting unit transmits the first information as an HTTP request to the information management apparatus,
The information management system according to claim 4 , wherein the proxy setting unit transmits the second information to the information management apparatus as an HTTP request. An information acquisition step for acquiring first information, including information for identifying a delegating user, information for identifying a delegation target page, and information for identifying a delegated user;
An information storage step for storing the first information;
Storing authentication information of one or more users;
Second information including information identifying a delegated user, information identifying a page to be delegated, and information identifying a delegated user, obtaining the first information, and the second information A delegation information analysis step of obtaining authentication information of the delegated user based on the information;
Information management method in which the computer executes . A program to be executed by a computer that controls an information management device,
An information acquisition process for acquiring first information, including information for identifying a delegating user, information for identifying a page to be delegated, and information for identifying a delegated user;
An information storage process for storing the first information;
A process of storing authentication information of one or more users;
Second information including information identifying a delegated user, information identifying a page to be delegated, and information identifying a delegated user, obtaining the first information, and the second information Delegation information analysis processing for obtaining authentication information of the delegated user based on the information,
A program that executes.

Images