JP6391143B2 - Access control apparatus, information sharing system, program, and access control method - Google Patents

Description

  The present invention relates to an access control apparatus, an information sharing system, a program, and an access control method for sharing data included in a database and information included in a file among a plurality of users.

  There is known a mechanism for permitting access to data including information in response to a request from a user. In such a mechanism, information security is emphasized. For example, the cloud storage server described in Patent Document 1 is linked with the application function of the information communication terminal that is the access request source, and deletes the data stored in the information communication terminal when the operation of the application function ends, The server data is protected.

  Also, in such a mechanism, a user authentication process is generally performed in order to determine whether or not data can be accessed. That is, only the user authenticated by the authentication process can access the data.

JP 2013-235339 A

  By the way, when data that can be accessed by a plurality of users is set, there is a demand for individually setting data that can be accessed in accordance with user attributes. For example, when there is data that can be accessed from inside and outside the company and data that can only be accessed from inside the company, it is complicated to perform individual authentication processing, so there is a request to manage them collectively. . As another example, in a facility such as a power plant, a test operation is generally performed before delivery to a customer after construction. In this case, companies and organizations involved in the construction of the facility participate during the period when various processes related to the trial run are performed. For this reason, it is necessary to confirm the result of a certain test (for example, a boiler test) performed in a certain process in a subsequent process test (for example, a steam turbine control system test, etc.), and for each test and adjustment. There is a demand that some or all of participating companies / organizations share various documents such as work reports and design drawings. On the other hand, data (raw data) that directly indicates the measurement results related to the operation of the facility does not need to be disclosed to other companies and organizations for the company or organization that was able to obtain this data. Sometimes you want to remove. In addition, the customer generally requests all the obtained information (data including information). As described above, there may be a situation in which there is a demand for information sharing or restriction on sharing of arbitrary information in a plurality of divisions, that is, for each company and organization involved in the customer and construction, and for each process of the test. Further, in the conventional case, from the viewpoint that information can be easily shared via a web browser, communication using a hypertext transfer protocol (HTTP) is generally used for access. In addition, a protocol (for example, SSL: Secure Sockets Layer) for ensuring security in communication using HTTP may be employed, and in this case, HTTPS (Hypertext Transfer Protocol Secure) is used. No means are provided for sharing or restricting sharing.

  As described above, there may occur a case where it is desired to distinguish between users (for example, customers, companies and organizations, and individuals belonging to one or more of these) who access data that is permitted to be accessed and data that is not permitted to be accessed. However, the conventional mechanism as described in Patent Document 1 cannot make such a distinction.

  Therefore, an object of the present invention is to provide an access control device, an information sharing system, a program, and an access control method that can individually set accessible information for each user.

  The access control device of the present invention is an access that controls access from the terminal to data on a database and a file stored in a storage device in response to access requests from a plurality of users made via a terminal having a display device. A setting unit that sets an access level for the shared data that is the data that is permitted to be accessed by one or more users and the shared file that is the file that is permitted to be accessed by one or more users, the control device; Associating means for associating shared data with the shared file; determining means for determining whether or not the user is an authenticated user permitted to view part or all of the data and the file; and the authentication A specifying means for specifying the access level of the user, the shared data and The extraction means for extracting the shared data and the shared file that are allowed to be accessed by the authenticated user based on the access level set for the shared file and the access level of the authenticated user, and by the authenticated user among the shared data And display control means for causing the display device to display the shared data permitted to be accessed and the shared file permitted to be accessed by the authenticated user among the shared files associated with the shared data.

  An information sharing system according to the present invention includes a terminal having a display device, a server having a storage device storing a database and a file, and a plurality of terminals connected to the terminal and the server so as to communicate with each other. An information sharing system comprising: an access control device for controlling access from the terminal to data on a database stored in the storage device of the server and a file stored in the storage device in response to an access request from a user The access control apparatus is configured to set access levels for shared data that is the data that is permitted to be accessed by one or more users and shared files that are the files that are permitted to be accessed by one or more users. And associating the shared data with the shared file Means for determining whether or not the user is an authenticated user authorized to view part or all of the data and the file; and specifying means for specifying an access level of the authenticated user; Extraction means for extracting shared data and shared files that are permitted to be accessed by the authenticated user based on an access level set for the shared data and the shared file and an access level of the authenticated user; and And display control means for causing the display device to display the shared data permitted to be accessed by the authenticated user and the shared file permitted to be accessed by the authenticated user among the shared files associated with the shared data. .

  The program of the present invention is a shared data, which is the data that is permitted to be accessed by one or more users among a plurality of users who make an access request via a terminal having a display device among data on a database. And means for setting an access level for a shared file, which is the file permitted to be accessed by one or more users among the files stored in the storage device, means for associating the shared data with the shared file, and Means for determining whether or not an authenticated user is permitted to view part or all of the data and the file, means for specifying the access level of the authenticated user, the shared data and the shared file. And the access level of the authenticated user Means for extracting shared data and a shared file that are permitted to be accessed by the authenticated user, and among the shared data that is permitted to be accessed by the authenticated user and the shared file that is associated with the shared data. It is made to function as a means for causing the display device to display a shared file that is permitted to be accessed by the authenticated user.

  The access control method of the present invention controls access from the terminal to data on a database and a file stored in the storage device in response to access requests from a plurality of users performed through a terminal having a display device. An access control method, wherein an access level is set for shared data that is the data permitted to be accessed by one or more users and a shared file that is the files permitted to be accessed by one or more users; Associating shared data with the shared file; determining whether the user is an authorized user authorized to view part or all of the data and the file; and Specifying an access level, the shared data and the shared file Based on the set access level and the access level of the authenticated user, the shared data and the shared file that are permitted to be accessed by the authenticated user are extracted, and the access by the authenticated user is permitted among the shared data. Displaying the shared data and the shared file that is permitted to be accessed by the authenticated user among the shared files associated with the shared data on the display device.

  According to this configuration, by setting the access level set for the shared data and the shared file to the access level of the user who may access the shared data and the shared file, the user who accesses the shared data and the shared file is intended. Can be limited to the users who have been. In addition, by setting an access level for a user according to the user's attributes (such as authority), data and files that can be accessed by the user can be determined. Thus, according to this configuration, it is possible to individually set accessible data and files for each user. In addition, since the user who can access the shared data and the shared file is limited to the authenticated user, it is possible to ensure the security related to the access to the shared file and the shared data.

  In the access control apparatus, it is preferable that the display control means displays a directory structure indicating a location of the shared file and an icon image corresponding to the type of the shared file.

  According to this configuration, an intuitive operational feeling can be provided by a display structure using a directory structure and icon images. For this reason, the operation related to the access to the shared file becomes easier. As described above, according to this configuration, it is possible to provide an environment in which information sharing using a shared file can be more easily used.

  It is preferable that the access control device includes a camouflage unit that generates a virtual directory structure different from the directory structure of the storage device that stores the shared file and sets the directory structure to indicate the location of the shared file.

  According to this configuration, since it is not necessary to indicate the directory structure of the storage device, it is possible to make it impossible to estimate the location of data other than the shared file based on the directory structure. For this reason, it is possible to more reliably prevent security-related attacks such as directory traversal. As described above, according to this configuration, it is possible to ensure the security related to the access to the shared file.

  The access control device includes registration means for registering at least one of a file and a folder, and the extraction means is configured to authenticate the file from the file registered by the registration means and the file included in the folder registered by the registration means. It is preferable to extract a shared file that is allowed to be accessed by the user.

  According to this configuration, since the shared file permitted to be accessed by the authenticated user is limited to the registered file or the file included in the registered folder, the shared file permitted to be accessed is more easily limited. be able to. In addition, since files other than the files included in the registered files and folders can be made files that are not allowed to be accessed, the files and folders that are not registered can be hidden from the user. For this reason, security can be improved more. In addition, by registering a folder, a plurality of shared files can be included in a shared file that is allowed to be accessed at once. As described above, according to this configuration, it is possible to more easily perform operations relating to the shared file and security.

  The access control device includes connection means for connecting to a plurality of servers in a communicable manner, and the shared file is accessed by one or more users among files stored in a part or all of the storage devices of the plurality of servers. Are preferably allowed files.

  According to this configuration, a file stored in a storage device included in a plurality of servers can be a shared file. For this reason, it is possible to collectively perform access control for files scattered on a plurality of servers. Thus, according to this configuration, it is possible to more easily manage the access to information included in the file.

  The access control device preferably includes an adding unit for adding a comment to the shared file, and the display control unit displays the comment.

  According to this configuration, it is possible to provide information by a comment to the authenticated user who is permitted to access the shared file. For this reason, the authentication user can be provided with further information regarding the shared file. As described above, according to this configuration, it is possible to more easily share information between authenticated users.

  In the access control device, it is preferable that the terminal is permitted to access the shared file only through the display content of the display control unit of the shared file.

  According to this configuration, it is an indispensable condition for accessing the shared file that the content displayed by the display control unit of the access control device is used. For this reason, access to the shared file can be more reliably limited to the authenticated user. As described above, according to this configuration, it is possible to ensure the security related to the access to the shared file.

  In the access control apparatus, it is preferable that the terminal is denied access to the file that is performed without using the display content of the display control unit.

  According to this configuration, the file cannot be accessed without going through the display contents by the display control unit of the access control device. For this reason, access to the shared file can be more reliably limited to the authenticated user. As described above, according to this configuration, it is possible to ensure the security related to the access to the file.

  According to the present invention, accessible information can be individually set for each user.

FIG. 1 is a diagram illustrating a main configuration of the information sharing system according to the first embodiment. FIG. 2 is a block diagram illustrating an example of a main configuration of the server. FIG. 3 is a block diagram illustrating an example of main components of the terminal and the access control apparatus. FIG. 4 is a functional block diagram illustrating an example of main functions of the access control apparatus. FIG. 5 is a diagram illustrating an example of the relationship between the user authentication DB, the content management DB, and the file management DB. FIG. 6 is a diagram illustrating an example of the relationship between the access level and the confidentiality of information. FIG. 7 is a diagram illustrating an example of an access level setting screen. FIG. 8 is a diagram illustrating an example of a root folder registration screen. FIG. 9 is a diagram illustrating a display example of content and shared files. FIG. 10 is a diagram illustrating a display example of a directory structure indicating the location of a shared file. FIG. 11 is a flowchart illustrating an example of a flow of processing related to setting of an access level for a file and associating a shared file with data. FIG. 12 is a flowchart illustrating an example of a processing flow for an access request by a user. FIG. 13 is a functional block diagram illustrating an example of main functions of the access control apparatus according to the second embodiment. FIG. 14 is a diagram illustrating an example of a virtual folder setting screen by the camouflage unit. FIG. 15 is a diagram illustrating an example of the relationship between the folder structure management DB and another DB of the access control apparatus. FIG. 16 is a flowchart illustrating an example of a flow of processing related to setting of an access level for a file and associating a shared file with data in the second embodiment. FIG. 17 is a flowchart illustrating an example of a flow of processing for an access request by a user in the second embodiment. FIG. 18 is a diagram illustrating the main configuration of the information sharing system according to the third embodiment. FIG. 19 is a diagram illustrating an example of the relationship between the directory structure for each server and the virtual directory structure in the third embodiment. FIG. 20 is a functional block diagram illustrating an example of main functions of the access control device according to the fourth embodiment. FIG. 21 is a diagram illustrating an example of a file management DB in the fourth embodiment. FIG. 22 is a diagram illustrating a display example of a comment. FIG. 23 is a flowchart illustrating an example of a flow of processing relating to setting of an access level for a file and associating a shared file with data in the fourth embodiment. FIG. 24 is a flowchart illustrating an example of a process flow for an access request by a user in the fourth embodiment.

  Embodiments according to the present invention will be described below in detail with reference to the drawings. Note that the present invention is not limited to the embodiments. In addition, constituent elements in the following embodiments include those that can be easily replaced by those skilled in the art or those that are substantially the same.

First embodiment

  FIG. 1 is a diagram illustrating a main configuration of an information sharing system 1 according to the first embodiment. The information sharing system 1 includes, for example, a server 10, a terminal 20, and an access control device 30. The access control device 30 is communicably connected to the server 10 and the terminal 20. The information sharing system 1 according to the present embodiment is for sharing information (operation support information) on development, operation, maintenance, and other operations of the equipment in a plant (eg, a power plant) equipped with equipment such as a boiler. Information sharing system. There may be a plurality of terminals 20.

  FIG. 2 is a block diagram illustrating an example of a main configuration of the server 10. For example, the server 10 includes a storage unit 11, a control unit 12, and a communication unit 13. The storage unit 11 includes a storage device such as a RAM, a ROM, and an auxiliary storage device (for example, a hard disk drive). The storage unit 11 stores a program and data read by the control unit 12 and functions as a storage area used for processing by the control unit 12. The control unit 12 includes an arithmetic device such as a CPU. The control unit 12 reads a program and data corresponding to the process from the storage unit 11 and executes them. The communication unit 13 includes, for example, a network interface card (NIC). The communication unit 13 communicates with other devices (for example, the access control device 30) connected via a communication line. In the present embodiment, information is shared by sharing a file via a web browser, and for example, HTTP or HTTPS is used for communication.

  As shown in FIG. 2, the storage unit 11 of the server 10 stores a database 11A and a file 11B. The data and the file 11B registered in the database 11A include information that can be shared by users who request access via the terminal 20. That is, the data and file 11B according to the present embodiment include operation support information for a facility such as a boiler. Further, the information included in the data functions as content for indicating the operation support information. Although not shown, the server 10 functions as a database management system (DBMS) and also functions as a file server for storing the file 11B.

  FIG. 3 is a block diagram illustrating an example of main components of the terminal 20 and the access control device 30. The terminal 20 and the access control device 30 include, for example, a storage unit 41, a control unit 42, a communication unit 43, an input unit 44, and a display unit 45. The storage unit 41 includes a storage device such as a RAM, a ROM, and an auxiliary storage device (for example, a hard disk drive). The storage unit 41 stores a program and data read by the control unit 42 and functions as a storage area used for processing by the control unit 42. The control unit 42 includes an arithmetic device such as a CPU. The control unit 42 reads the program and data corresponding to the process from the storage unit 41 and executes them. The communication unit 43 includes, for example, a network interface card (NIC). The communication unit 43 communicates with other devices (for example, the access control device 30) connected via a communication line. The input unit 44 includes an input device such as a keyboard and a mouse. The input unit 44 performs input in accordance with an operation by a user who performs an input operation on the terminal 20. The display unit 45 includes a display device such as a liquid crystal display. The display unit 45 performs display output according to the processing content of the terminal 20. Specifically, the display unit 45 displays and outputs the display content according to the information displayed by the web browser software program executed by the control unit 42 and the information obtained by the communication performed using the web browser. To do.

  Like the display unit 45 in FIG. 3, the terminal 20 includes a display device. The terminal 20 is used for a plurality of users who request access to the data of the server 10 and the file 11B. A plurality of users make access requests via the terminal 20. The access control device 30 receives the data on the database 11A stored in the storage device of the server 10 in response to access requests from a plurality of users made via the terminal 20, and the terminal 20 for the file 11B stored in the storage device. Control access from.

  FIG. 4 is a functional block diagram illustrating an example of main functions of the access control device 30. In the access control device 30, the control unit 42 reads out and executes a program and data corresponding to each function from the storage unit 41, whereby a user authentication database (DB) 51, a content management DB 52, a file management DB 53, and an access Functions as level management DB 54, setting unit 55, root folder registration unit 56, association unit 57, determination unit 58, identification unit 59, extraction unit 60, display control unit 61, and change control unit 62. . That is, the access control device 30 of this embodiment is a so-called information processing device.

  FIG. 5 is a diagram illustrating an example of a relationship between the user authentication DB 51, the content management DB 52, and the file management DB 53. The user authentication DB 51 is a DB used for determination of user authentication by the determination unit 58. The user authentication DB 51 associates records such as a user ID, a user name, and an access level with each other. The user ID indicates a unique ID assigned to the user. The user name indicates the name of the user. The access level included in the user authentication DB 51 is a user access level.

  The content management DB 52 is a DB for managing content based on information included in data registered in the database 11A. The content management DB 52 associates records of content name, content content, access level, and related file full path name with each other. The content name indicates the name of the content. The content content indicates the content content based on the data content. The content includes text data described in a markup language such as HTML (HyperText Markup Language). The contents may include image data used for the text data, data related to the style of the text data (for example, CSS: Cascading Style Sheets), and the like. The contents may include a script that dynamically generates text data (for example, a script by PHP: Hypertext Preprocessor). The access level indicates the content access level. The related file full path name indicates the path of the shared file associated with the data (content) by the associating unit 57.

  The file management DB 53 is a DB for managing information related to the file 11B of the server 10. The file management DB 53 associates records of file name, full path name, access level, and access authorized person ID with each other. The file name indicates the name of the file 11B. The full path name indicates the location (path) of the file 11B. The access level indicates the access level of the file 11B set by the setting unit 55. The access permitter ID indicates the user ID of a user who can access the file 11B regardless of the access level. Specifically, the access permitter ID is, for example, the user ID of the user who is the creator of the file 11B.

  FIG. 5 shows the types of records included in each of the user authentication DB 51, content management DB 52, and file management DB 53, but each DB records records for each of a plurality of users, a plurality of contents, and a plurality of files 11B. Have.

  FIG. 6 is a diagram illustrating an example of the relationship between the access level and the confidentiality of information. The access level management DB 54 includes information related to the access level set in the file 11B. Specifically, the access level management DB 54 records, for example, a plurality of types of access levels as shown in FIG. 6 in association with information indicating confidentiality for each access level. In the example shown in FIG. 6, the confidentiality is higher in the access level having the larger number (1, 3, or 5) at the end. In other words, the level of confidentiality at the security level shown in FIG. 6 is “Top Secret Level> Secret Level> External Secret Level”.

  FIG. 7 is a diagram illustrating an example of an access level setting screen. The setting unit 55 functions as a setting unit that sets an access level for shared data that is data permitted to be accessed by one or more users and a shared file that is a file 11B permitted to be accessed by one or more users. Specifically, for example, as illustrated in FIG. 7, the setting unit 55 sets an access level corresponding to a user who is permitted to access the file 11B with respect to the file 11B. The setting screen shown in FIG. 7 is a setting screen for setting any one of access level 1, access level 3, and access level 5 to the file 11B. In the present embodiment, the file 11B in which any one of the access level 1, the access level 3 or the access level 5 is set becomes a shared file which is a file 11B permitted to be accessed by one or more users. The setting unit 55 sets an access level for data (contents) on the database 11A as in the case of the above file. The data (content) for which the access level is set becomes shared data that is data that is allowed to be accessed by one or more users.

  The timing for setting the access level is arbitrary. For example, the setting unit 55 displays a screen (for example, the screen shown in FIG. 7) for requesting the user to set an access level when creating and editing (changing) the file 11B on a file 11B creation terminal (not shown). Also good. The setting unit 55 may set an access level for the file 11B of the server 10 in accordance with an input operation by the administrator of the access control apparatus 30.

  In the present embodiment, the file 11B for which the access level is not set is subjected to predetermined handling. For example, the file 11B for which no access level is set is treated as a file 11B that is not permitted to be accessed by any user other than the creator of the file 11B (for example, the access permitter ID shown in FIG. 5). Such handling is merely an example, and is not limited to this, and can be changed as appropriate. Further, for example, as shown in FIG. 5, the access level may be set individually for reading (Read) and rewriting (Write) of the file 11B.

  FIG. 8 is a diagram illustrating an example of a root folder registration screen. The root folder registration unit 56 registers the highest level folder (root folder) that is to be extracted by the extraction unit 60. Specifically, the root folder registration unit 56 sets the folder registered by the input operation of the administrator of the access control device 30 as the root folder. The input operation of the administrator of the access control device 30 is performed through the display content on the root folder registration screen as shown in FIG. 8, for example.

  The associating unit 57 functions as an associating unit that associates the shared data with the shared file. Specifically, as shown in FIG. 5, for example, the associating unit 57 attaches a path (full path name) indicating the location of the shared file on the storage device to data (content) registered in the database 11A. Associate data with shared files. The associating unit 57 can associate one data with a plurality of shared files. Although not shown, the associating unit 57 can also associate a plurality of data with one shared file. One shared file associated with one data may be associated with other data.

  The rules for association by the other association unit 57 are arbitrary. For example, the associating unit 57 may associate the data with a shared file specified at the time of data registration by an input operation of a data registrant or the like. Further, the associating unit 57 may associate the data with the shared file newly specified after the data registration. Also, the designation of the shared file can be replaced with the designation of the folder. In this case, the associating unit 57 associates the shared file included in the designated folder with the data. In specifying a folder, it may be possible to select whether or not to include subfolders below the specified folder. In specifying a folder, a plurality of folders may be specified.

  The determination unit 58 functions as a determination unit that determines whether or not the user is an authenticated user who is permitted to view part or all of the data and the file 11B. Specifically, the determination unit 58 determines whether, for example, the user ID transmitted from the terminal 20 is included in the user ID included in the user authentication DB 51. When the user ID is included in the user authentication DB 51, the determination unit 58 determines that the user is an authenticated user. Note that the determination condition by the determination unit 58 may be a stricter determination condition in which a password or the like is used in addition to the user ID. Input of a user ID or the like in user authentication is performed via the web browser of the terminal 20. That is, the determination unit 58 performs determination based on information transmitted from the terminal 20 using HTTPS (or HTTP).

  The specifying unit 59 functions as a specifying unit that specifies the access level of the authenticated user. Specifically, the specifying unit 59 specifies the access level of the authenticated user by, for example, reading out and acquiring the access level of the user determined to be the authenticated user by the determining unit 58 from the user authentication DB 51.

  The extraction unit 60 functions as an extraction unit that extracts the shared data and the shared file that are permitted to be accessed by the authenticated user based on the access level set for the shared data and the shared file and the access level of the authenticated user. Specifically, the extraction unit 60 extracts shared data and shared files in which an access level equal to or lower than the access level specified by the specifying unit 59 is set. That is, the shared data and the shared file that are permitted to be accessed by the authenticated user in this embodiment are the shared data and the shared file in which the access level equal to or lower than the access level specified by the specifying unit 59 is set. In this embodiment, the extraction unit 60 extracts a shared file that is permitted to be accessed by the authenticated user from the shared files included in the root folder registered by the root folder registration unit 56. Specifically, the extraction unit 60 recursively searches for a shared file in which the access level below the access level of the authenticated user is set among the files 11B below the root folder using the access level of the user authentication DB 51 as a search key, The shared file obtained as a search result is extracted.

  The extraction unit 60 extracts shared data and shared files of the access level 1, the access level 3, and the access level 5 in response to an access request by an authenticated user of the access level 5, for example. Further, the extraction unit 60 extracts shared data and shared files of the access level 1 and the access level 3 in response to an access request from an authenticated user of the access level 3. Further, the extraction unit 60 extracts access level 1 shared data and shared files in response to an access request from an access level 1 authenticated user. When the access level of the shared file is individually set for read (Read) and rewrite (Write), the extraction unit 60 extracts the shared file with reference to the read (Read) access level.

  FIG. 9 is a diagram illustrating a display example of content and shared files. The display control unit 61 displays the shared data that is permitted to be accessed by the authenticated user among the shared data and the shared file that is permitted to be accessed by the authenticated user among the shared files associated with the shared data. It functions as a display control means for displaying on the display unit 45). Specifically, the display control unit 61 displays, for example, the shared data (content) extracted by the extraction unit 60 and the shared file extracted by the extraction unit 60 among the shared files associated with the shared data on the terminal 20. Display data to be displayed on the unit 45 is generated. The display content based on the display data is, for example, the display content as shown in FIG. The display control unit 61 transmits the display data to the terminal 20 via the communication unit 43 using, for example, HTTPS. The terminal 20 executes a web browser and performs display according to the display data. In the example shown in FIG. 9, among the shared files associated with the shared data constituting the content, the shared files extracted by the extraction unit 60 according to the access level are displayed as a list on the right side of the display area as a part of the content. ing. On the left side of the display area, information included in the data constituting the content or information included in the shared file selected by the user's input operation on the terminal 20 is displayed. The title in the list of shared files displayed on the right side of the display content shown in FIG. 9 is linked to the name of the folder in which the shared file exists. The content may be individually provided for each access level, or a plurality of sub-contents may exist in one content, and the access level may be set for each sub-content. When sub-content exists, one data in the database 11A corresponds to the sub-content. In the display content as shown in FIG. 9, the display control unit 61 displays only the sub-content corresponding to the access level of the authenticated user among the sub-contents, and hides the sub-content not corresponding to the access level of the authenticated user. Control the display content. For the non-displayed sub-content, the display control unit 61 may display the sub-content instead of an error display indicating that the sub-content cannot be displayed.

  FIG. 10 is a diagram illustrating a display example of a directory structure indicating the location of a shared file. The display control unit 61 displays a directory structure indicating the location of the shared file and displays an icon image corresponding to the type of the shared file. Specifically, the display control unit 61 generates display data for displaying a directory structure indicating the location of the shared file, and transmits the display data to the terminal 20 using, for example, HTTPS. The terminal 20 executes a web browser and performs display according to the display data. Here, the display control unit 61 may display the display content shown in FIG. 9 and the display content shown in FIG. 10 independently of each other, or the browser that displayed the display content shown in FIG. You may make it overwrite a window (or tab) with the display content shown in FIG. For example, as shown in FIG. 10, the display content based on the display data is a display content indicating a directory structure in which the subfolders below the root folder and the location of the shared file in each folder are displayed in a tree form. The shared file displayed in the directory structure is a shared file that is permitted to be accessed by the authenticated user among the shared files, that is, a shared file corresponding to the access level. In the directory structure, the shared file is displayed using an icon image corresponding to the file type (format) as shown in FIG. Similarly, folders are displayed using icon images. In the directory structure as shown in FIG. 10, the display control unit 61 may display the shared file on the condition of only the access level regardless of whether the shared file is associated with the shared data. .

  In the present embodiment, the display control unit 61 first displays display contents including a list of shared data (contents) and a shared file associated with the shared data as shown in FIG. Thereafter, when any shared file or title included in the list of shared files is selected, a directory structure as shown in FIG. 10 is displayed and an icon image corresponding to the type of the shared file is displayed. The home folder in the directory structure display is, for example, a folder where the selected shared file exists. Thereafter, when a shared file is selected (for example, a click operation or the like) by a user input operation on the terminal 20 while the directory structure is displayed, the display control unit 61 displays the content of the selected shared file on the terminal 20. Processing for displaying on the display unit 45 is performed. Specifically, the display control unit 61 transmits the shared file to the terminal 20 via the communication unit 43 of the access control device 30, for example. The terminal 20 performs processing according to the format of the shared file. For example, the terminal 20 executes an application corresponding to the format of the shared file. Here, the display control unit 61 may permit the execution of the application according to the format of the shared file in the terminal 20 only within the web browser. In this case, the display control unit 61 displays information included in the shared file developed by the application on the right side of the display content as shown in FIG. 9, for example. That is, in this case, the display control unit 61 completes the display contents regarding the shared data and the shared file accessed from the terminal 20 by the authenticated user on the web browser. Note that the display data transmitted by the display control unit 61 and the shared file transmitted to the terminal 20 are deleted on the terminal 20 side after the display processing in the terminal 20 is finished, and do not remain. Specifically, the display data and the shared file are stored in a path (folder) on the storage device of the terminal 20 designated on the access control device 30 side, and the data in the path is deleted at the end of the display-related processing. The Deletion of data may be performed by the display control unit 61 or may be performed by a dedicated function (deletion unit) separately installed in the access control device 30.

  The change control unit 62 performs processing related to the change of the shared file in the terminal 20. Specifically, the change control unit 62 confirms the presence / absence of the authority to change (Write) the shared file selected by the authenticated user via the terminal 20, for example. When the authentication user has no change authority, the change control unit 62 does not permit the change of the shared file in the terminal 20. Further, the change control unit 62 reflects the changed shared file on the server 10 when the access is performed by the authenticated user who has the authority to change and the shared file is changed (updated or the like). The changed shared file is acquired from the terminal 20 by the change control unit 62. That is, the changed shared file is uploaded from the terminal 20 to the access control device 30. The change control unit 62 reflects the uploaded shared file after the change on the server 10.

  The authenticated user cannot access the shared data and the shared file of the server 10 unless the display content by the display control unit 61 is passed. For example, the file stored in the storage unit 11 of the server 10 cannot be opened by directly accessing the file management service of the operating system (OS) of the server 10 from the terminal 20. That is, the terminal 20 is denied access to the file that is performed without the display content by the display control unit 61. Such control is implemented by setting the OS file management service to allow access from outside to the shared file only for the access account set in the access control device 30. In this case, when the authenticated user accesses the shared file via the display content by the display control unit 61, the OS permits access to the shared file because it is an access from the access control device 30. On the other hand, when the authenticated user accesses the shared file from the file management service of the OS, the OS denies access to the shared file because the OS is not an access from the access control device 30. In this way, by linking the access control device 30 and the OS of the server 10, the display control unit 61 can always be interposed in accessing the shared file. For this reason, access management is concentrated in the access control device 30, and security can be enhanced. The access permission setting for the access control device 30 may be statically set in advance in the OS of the server 10 or may be dynamically set using a command provided by the OS from the access control device. May be. As described above, the terminal 20 is permitted to access the shared file only through the display content of the display control unit 61 among the shared files.

  Next, the operation flow of the information sharing system 1 will be described with reference to a flowchart. FIG. 11 is a flowchart illustrating an example of a flow of processing related to setting of an access level for the file 11B and associating the shared file with data. The setting unit 55 sets an access level for the data (content) and the file 11B on the database 11A to which access by one or more users is permitted, and is handled as shared data and a shared file (step S1). Further, the root folder registration unit 56 registers a root folder (step S2). The associating unit 57 associates the shared data with the shared file (step S3). The processing order of step S1 and step S2 is random. Further, the processing order of step S2 and step S3 is in no particular order. The process of step S3 is performed after the process of step S1. The operation shown in the flowchart of FIG. 11 is performed, for example, when an access level is set for the data and the file 11B by an input operation of the administrator to the access control device 30.

  FIG. 12 is a flowchart illustrating an example of a processing flow for an access request by a user. The determination unit 58 determines whether or not the user who made the access request is an authenticated user (step S11). If it is determined that the user is not an authenticated user (step S11; NO), the access control device 30 ends the process. In this case, the display control unit 61 may cause the display unit 45 of the terminal 20 to display a notification that the authentication has not been performed.

  When it is determined in step S11 that the user is an authenticated user (step S11; YES), the specifying unit 59 specifies the access level of the authenticated user (step S12). The extraction unit 60 extracts the shared data and the shared file that are permitted to be accessed by the authenticated user based on the access level set for the shared data and the shared file and the access level of the authenticated user (step S13). The display control unit 61 causes the display unit 45 of the terminal 20 to display the extracted shared data (contents) and the shared file that is permitted to be accessed by the authenticated user among the shared files associated with the shared data (step S14). .

  When any shared file (or title) is selected by the authenticated user after the process of step S14 (step S15; YES), the display control unit 61 displays the directory structure corresponding to the selected content in the display unit 45 of the terminal 20. (Step S16). In the process of step S16, an icon image corresponding to the type of shared file in the expanded folder is displayed. If any one of the shared files is selected by the authenticated user after the process of step S16 (step S17; YES), the change control unit 62 confirms whether or not the selected shared file is authorized to change (Write) ( Step S18). The display control unit 61 displays the contents of the selected shared file on the display unit 45 of the terminal 20 (step S19). Along with step S19, an application corresponding to the format of the shared file may be separately executed on the terminal 20 side. If it is confirmed in step S18 that there is no authority to change the shared file, the shared file is displayed in an unchangeable (read-only) state. In the process of step S14, the process of step S16, and the process of step S19, the display control unit 61 transmits display data to the terminal 20 (for example, using HTTPS). The terminal 20 executes a web browser and performs display according to the display data by the display unit 45.

  When the processing related to the display of the shared data and the shared file is completed at the terminal 20 (step S20; YES), the change control unit 62 determines whether the shared file has been changed (updated or the like) (step S20). S21). When it is determined that the shared file has been changed (step S21; YES), the change control unit 62 reflects the changed shared file on the server 10 (step S22). After the process of step S20 or when it is determined in step S19 that the shared file has not been changed (step S21; NO), the access control device 30 ends the process. With the end of the process related to the display of the shared file, the display data is deleted on the terminal 20 side (step S23).

  Note that a condition for terminating the processing related to the display of the shared file is that the display screen of the content and directory structure as shown in FIGS. 9 and 10 is closed, for example. Until the process related to the display of the shared file is completed at the terminal 20, the authenticated user continues the selection of the shared file by the process of step S15 by selecting the shared file from the directory structure or the list displayed in the content. (Step S20; NO). If it is confirmed in step S18 that there is no authority to change the shared file, no shared file is selected by the authenticated user after step S14 (step S15; NO), and the content display screen is displayed. If it is closed (step S20; YES) or after the processing of step S16, no shared file is selected by the authenticated user (step S17; NO), and the display screen of the content and directory structure is closed (step S20) YES), the change control unit 62 determines that the shared file has not been changed (step S21; NO).

  As described above, according to the first embodiment, by setting the access level set for the shared data and the shared file to the access level of the user who may access the shared data and the shared file, the shared data and the shared file are shared. Users who access the file can be limited to intended users. In addition, by setting an access level for a user according to the user's attributes (such as authority), data and files that can be accessed by the user can be determined. Thus, according to the first embodiment, accessible data and files can be individually set for each user. In addition, since the user who can access the shared data and the shared file is limited to the authenticated user, it is possible to ensure the security related to the access to the shared data and the shared file. In particular, when a web browser is used as the display means, it is effective as a means to achieve both information sharing and security assurance.

  In addition, an intuitive operational feeling can be provided by a display structure using a directory structure and icon images. For this reason, the operation related to the access to the shared file becomes easier. Thus, according to the first embodiment, it is possible to provide an environment in which information sharing using a shared file can be more easily used.

  In addition, since the shared file permitted to be accessed by the authenticated user is limited to the shared file included in the registered folder, the shared file permitted to be accessed can be more easily limited. In addition, since files other than the files included in the registered files and folders can be made files that are not allowed to be accessed, the files and folders that are not registered can be hidden from the user. For this reason, security can be improved more. In addition, by registering a folder, a plurality of shared files can be included in a shared file that is allowed to be accessed at once. As described above, according to the first embodiment, it is possible to more easily perform operations related to shared files and security.

  Also, access to the shared file can be more reliably limited to authenticated users. As described above, according to the first embodiment, it is possible to ensure the security related to the access to the shared file.

  Further, it is an indispensable condition for accessing the shared file that the display content by the display control unit 61 of the access control device 30 is used. Further, the file cannot be accessed without going through the display contents by the display control unit 61 of the access control device 30. For this reason, access to the shared file can be more reliably limited to the authenticated user. As described above, according to the first embodiment, it is possible to ensure the security related to the access to the file.

Second embodiment

  FIG. 13 is a functional block diagram showing an example of main functions of the access control device 30A in the second embodiment. The access control device 30A in the second embodiment functions as a camouflaging unit 71 and a folder structure management DB 72 in addition to the functions of the access control device 30 in the first embodiment.

  FIG. 14 is a diagram illustrating an example of a virtual folder setting screen by the camouflaging unit 71. The camouflage unit 71 functions as a camouflage unit that generates a virtual directory structure that is different from the directory structure of the storage device that stores the shared file, and creates a directory structure that indicates the location of the shared file. Specifically, for example, the camouflaging unit 71 displays a virtual folder setting screen for setting a folder (virtual folder) in which a shared file exists in a virtual directory structure on the display unit 45 as illustrated in FIG. The camouflage unit 71 generates a virtual directory structure corresponding to the setting content on the virtual folder setting screen. In the virtual directory structure, the shared file is in a virtual folder set on the virtual folder setting screen.

  The virtual folder setting screen is displayed, for example, when setting an access level for a shared file and editing a shared file. Further, the administrator of the access control device 30A may be able to set a virtual folder from the virtual folder setting screen. The virtual folder setting screen shown in FIG. 14 is provided so that the access level can be set simultaneously with the setting of the virtual folder.

  In the virtual folder setting screen shown in FIG. 14, the virtual folder where the shared file exists is set by selecting the folder name and parent folder name of the virtual folder included in the preset virtual directory structure from the pull-down menu. The virtual folder setting method shown in FIG. 14 is an example and is not limited to this. For example, a new virtual folder may be set. In this case, a text box for inputting a folder name of a new virtual folder is provided on the virtual folder setting screen.

  FIG. 15 is a diagram illustrating an example of the relationship between the folder structure management DB 72 and another DB of the access control device 30A. The folder structure management DB 72 associates records of folder ID, folder name, and parent folder ID with each other. The folder ID indicates a unique ID assigned to the virtual folder. The folder name indicates the name of the virtual folder. The parent folder ID indicates the folder ID of the virtual folder immediately above the virtual folder. A virtual folder whose parent folder ID is empty (null) is the highest virtual folder in the virtual directory structure. Records in the folder structure management DB 72 are set according to the generation of a virtual directory structure by the camouflaging unit 71.

  The root folder registration unit 56 in the second embodiment can register a plurality of root folders. In addition, the extraction unit 60 in the second embodiment makes the extraction target the shared file in which the virtual folder is set by the camouflaging unit 71 in addition to the shared file under the root folder. That is, the extraction unit 60 according to the second embodiment extracts the shared file in which the virtual folder is set by the camouflaging unit 71 according to the access level of the authenticated user, even if it is not a shared file below the root folder. The information sharing system of the second embodiment is the same as the information sharing system 1 of the first embodiment with respect to features other than these special features.

  FIG. 16 is a flowchart illustrating an example of a flow of processing relating to setting of an access level for the file 11B and associating the shared file with data in the second embodiment. The same steps as those in the flowchart showing an example of the flow of similar processing in the first embodiment shown in FIG. In the second embodiment, in addition to the processing of step S1, step S2, and step S3, the camouflage unit 71 sets a virtual folder where the shared file exists (step S31). Specifically, the camouflage unit 71 generates a virtual directory structure in response to an input operation on the virtual folder setting screen, for example. The process of step S31 may be performed along with the process of step S1, or may be performed separately. Further, the processing order of step S2, step S3, and step S31 is in no particular order.

  FIG. 17 is a flowchart illustrating an example of a flow of processing for an access request by a user in the second embodiment. The same steps as those in the flowchart showing an example of the flow of similar processing in the first embodiment shown in FIG. In the second embodiment, after the process of step S15 and before the process of step S16, the camouflaging unit 71 generates a virtual directory structure to obtain a directory structure indicating the location of the shared file (step S41). In the second embodiment, the virtual directory structure is displayed in the process of step S16.

  As described above, according to the second embodiment, in addition to the effects of the first embodiment, it is not necessary to indicate the directory structure of the storage device, so it is impossible to estimate the location of data other than the shared file based on the directory structure. Can be. For this reason, it is possible to more reliably prevent security-related attacks such as directory traversal. As described above, according to the second embodiment, it is possible to ensure the security related to the access to the shared file.

Third embodiment

  FIG. 18 is a diagram illustrating a main configuration of an information sharing system 1A according to the third embodiment. The information sharing system 1A according to the third embodiment includes a plurality of servers 10 as shown in FIG. That is, the communication unit 43 of the access control apparatus 30A in the third embodiment functions as a connection unit that connects to a plurality of servers 10 so as to be communicable.

  FIG. 19 is a diagram illustrating an example of the relationship between the directory structure for each server 10 and the virtual directory structure in the third embodiment. The root folder registration unit 56 in the third embodiment can register each folder of the plurality of servers 10 as a root folder. The camouflaging unit 71 in the third embodiment includes a shared file in which a virtual folder is set among shared files existing in a plurality of servers 10 in one virtual directory structure. Regarding these features other than the special features, the information sharing system 1A of the third embodiment is the same as the information sharing system of the second embodiment. FIG. 19 illustrates a virtual directory structure in which the directory structure of each server 10 is combined with priority given to ease of understanding. Actually, however, the virtual directory structure is set from the virtual folder setting screen as in the second embodiment. The virtual directory structure is reflected.

  As described above, according to the third embodiment, in addition to the effects of the second embodiment, the file 11B stored in the storage device of the plurality of servers 10 can be a shared file. For this reason, it is possible to collectively control access to the files 11B scattered in the plurality of servers 10. As described above, according to the third embodiment, management related to access to information included in the file 11B can be more easily performed.

Fourth embodiment

  FIG. 20 is a functional block diagram showing an example of main functions of the access control device 30B in the fourth embodiment. FIG. 21 is a diagram showing an example of the file management DB 53 in the fourth embodiment. The access control device 30B in the fourth example functions as a comment adding unit 81 in addition to the function of the access control device 30 in the first example. The comment adding unit 81 functions as an adding unit that adds a comment to the shared file. Specifically, the comment adding unit 81 sets an input area (for example, a text box) for adding a comment related to the shared file on an access level setting screen as shown in FIG. The comment adding unit 81 adds a comment to the shared file by setting the comment input in the input area in the “comment” record of the file management DB 53 shown in FIG. 21 and associating it with the file ID of the shared file. To do.

  FIG. 22 is a diagram illustrating a display example of a comment. The display control unit 61 of the fourth embodiment displays a comment. Specifically, for example, as illustrated in FIG. 22, the display control unit 61 displays the comment of the shared file that is focused on the comment display area provided on the display screen of the directory structure.

  FIG. 23 is a flowchart illustrating an example of a flow of processing related to setting of an access level for the file 11B and associating the shared file with data in the fourth embodiment. The same steps as those in the flowchart showing an example of the flow of similar processing in the first embodiment shown in FIG. In the fourth embodiment, in addition to the processes of step S1, step S2, and step S3, the comment adding unit 81 adds a comment to the shared file (step S51). Specifically, the comment adding unit 81 associates a comment input on, for example, an access level setting screen with a shared file in the file management DB 53. The process of step S51 may be performed along with the process of step S1, or may be performed separately. Further, the processing order of step S2, step S3, and step S51 is in no particular order.

  FIG. 24 is a flowchart illustrating an example of a process flow for an access request by a user in the fourth embodiment. The same steps as those in the flowchart showing an example of the flow of similar processing in the first embodiment shown in FIG. In the fourth embodiment, when any of the shared files is focused after the process of step S16 and before the process of step S17 (step S61; YES), the display control unit 61 shares the focused focus. The comment added to the file is displayed (step S62). In the fourth embodiment, the authenticated user can focus on the shared file displayed in the directory structure until the process related to the display of the shared file is completed on the terminal 20 (step S20; NO).

  Although the above description of the fourth embodiment is based on the first embodiment, the configuration relating to the setting and display of comments in the fourth embodiment can also be applied to the second and third embodiments. In this case, the comment adding unit 81 may further set an input area (for example, a text box) for adding a comment regarding the shared file on the virtual folder setting screen, for example.

  As described above, according to the fourth embodiment, in addition to the effects of the first embodiment and the like, it is possible to provide information by a comment to the authenticated user who is permitted to access the shared file. For this reason, the authentication user can be provided with further information regarding the shared file. As described above, according to the fourth embodiment, it is possible to more easily share information between authenticated users.

  Each of the above-described embodiments is merely an example, and the specific contents can be changed as appropriate. For example, the access levels shown in FIGS. 5 and 6 are merely examples, and the present invention is not limited to these. The present invention can arbitrarily set an access level according to conditions such as confidentiality required for information.

  The access permitter ID shown in FIG. 5 in the above embodiment is the ID of the creator of the file 11B, but is only an example and is not limited thereto. The access permitter ID can be used when access to the file 11B is specifically limited without depending on the access level.

  In each of the above embodiments, the root folder registration unit 56 or the like functions as a registration unit for registering a folder, but the registration target is not limited to a folder. For example, similarly to the root folder registration by the root folder registration unit 56, the files 11B to be extracted by the extraction unit 60 may be individually registered. In this case, the extraction unit 60 extracts a shared file that is permitted to be accessed by the authenticated user from the registered file 11B and the file 11B included in the folder.

  In each of the above-described embodiments, the terminal 20 and the access control device 30 (30A, 30B) are configured as separate devices. However, this configuration is an example and the present invention is not limited to this. The access control device 30 (30A, 30B) and the terminal 20 may be physically the same device. Specifically, the user can handle, as the terminal 20, an information processing apparatus in which various functions are executed in the background in terms of software, such as the above-described access control apparatus 30 (30A, 30B). In this case, processing related to access to the shared file is performed by various functions executed in the background in response to a user access request. In this case, the display control unit 61 displays, on the display unit 45 of the information processing device (access control device 30 (30A, 30B)), the shared file permitted to be accessed by the authenticated user and the data associated with the shared file. Let

  In each of the above-described embodiments, the data and file 11B that are the objects whose access is controlled by the access control device 30 (30A, 30B) are the file 11B stored in the storage unit 11 of the server 10 and the data registered in the database 11A. However, this is an example and the present invention is not limited to this. For example, at least one of the data and the file 11B stored in the storage unit 41 included in at least one of the terminal 20 and the access control device 30 (30A, 30B) is the same as the data and the file 11B of the server 10. , Access can be controlled. In this case, the terminal 20 or the access control device 30 (30A, 30B) is handled as the storage unit 11 of one server 10 in each of the above embodiments.

  In each of the embodiments described above, the selection of the shared file that is permitted to be accessed by the authenticated user among the shared files associated with the shared data is performed at the stage of display content control by the display control unit 61. It is not something For example, the associating unit 57 associates the shared data with the shared file so that the shared file associated with the shared data is a shared file that is permitted to be accessed by an authenticated user who is permitted to access the shared data. It may be. In this case, the shared file associated with the shared data is a shared file having an access level equal to or lower than the access level of the shared data. In the directory structure as shown in FIG. 10, since shared data is not related, there is no influence of such association.

  In each of the above embodiments, the access control device 30 (30A, 30B) realizes the function of the setting unit 55 and the like by computer processing using a software program, but part or all of these functions are dedicated. You may implement | achieve by the hardware of.

1, 1A Information sharing system 10 Server 11, 41 Storage unit 11A Database 11B File 12, 42 Control unit 13, 43 Communication unit 20 Terminal 30, 30A, 30B Access control device 44 Input unit 45 Display unit 51 User authentication DB
52 Content Management DB
53 File management DB
54 Access level management DB
55 Setting unit 56 Root folder registration unit 57 Association unit 58 Determination unit 59 Identification unit 60 Extraction unit 61 Display control unit 62 Change control unit 71 Disguise unit 72 Folder structure management DB
81 Comment adding part

Claims (10)

An access control device that controls access from the terminal to data stored in a database and a file stored in a storage device in response to an access request from a plurality of users performed via a terminal having a display device,
First setting means for setting an access level for the shared data that is the data that is allowed to be accessed by one or more users and the shared file that is the file that is allowed to be accessed by one or more users;
Association means for associating the shared data with the shared file;
A second setting means for setting a virtual folder in which the shared data exists, and for setting a vertical relationship between a plurality of virtual folders;
Disguising means for generating a virtual directory structure different from the directory structure of the storage device for storing the shared file based on the setting by the second setting means to form a directory structure indicating the location of the shared file;
Determining means for determining whether or not the user is an authenticated user permitted to view part or all of the data and the file;
A specifying means for specifying the access level of the authenticated user;
Extraction means for extracting the shared data and the shared file that are permitted to be accessed by the authenticated user based on the access level set for the shared data and the shared file and the access level of the authenticated user;
The display device displays shared data that is permitted to be accessed by the authenticated user among the shared data, shared files that are permitted to be accessed by the authenticated user among the shared files associated with the shared data, and the virtual directory structure. Display control means to be displayed on,
Equipped with a,
The association means is an access control apparatus wherein the shared file associated with the shared data is a shared file that is permitted to be accessed by an authenticated user who is permitted to access the shared data . The access control apparatus according to claim 1, wherein the display control unit displays a directory structure indicating a location of the shared file and displays an icon image corresponding to the type of the shared file. A registration unit for registering at least one of a file and a folder;
3. The extraction unit according to claim 1, wherein the extraction unit extracts a shared file that is permitted to be accessed by the authenticated user, from a file registered by the registration unit and a file included under the folder registered by the registration unit. Access control device. A connection means for connecting to a plurality of servers in a communicable manner,
The shared file is a file that is permitted to be accessed by one or more users among files stored in a part or all of the storage devices of the plurality of servers. The access control device described in 1. Adding means for adding a comment to the shared file;
The access control apparatus according to any one of claims 1 to 4, wherein the display control unit displays the comment. The access control apparatus according to any one of claims 1 to 5, wherein the terminal is permitted to access the shared file only through the display content of the display control unit of the shared file. The access control apparatus according to any one of claims 1 to 6, wherein the terminal is denied access to a file that is performed without the display content by the display control unit. In response to an access request from a plurality of users connected via the terminal connected to the terminal and the server in a communicable manner with a terminal having a display device, a server having a storage device storing a database and a file An information sharing system comprising: an access control device for controlling access from the terminal to data on a database stored in the storage device and a file stored in the storage device;
The access control device
First setting means for setting an access level for the shared data that is the data that is allowed to be accessed by one or more users and the shared file that is the file that is allowed to be accessed by one or more users;
Association means for associating the shared data with the shared file;
A second setting means for setting a virtual folder in which the shared data exists, and for setting a vertical relationship between a plurality of virtual folders;
Disguising means for generating a virtual directory structure different from the directory structure of the storage device for storing the shared file based on the setting by the second setting means to form a directory structure indicating the location of the shared file;
Determining means for determining whether or not the user is an authenticated user permitted to view part or all of the data and the file;
A specifying means for specifying the access level of the authenticated user;
Extraction means for extracting the shared data and the shared file that are permitted to be accessed by the authenticated user based on the access level set for the shared data and the shared file and the access level of the authenticated user;
The display device displays shared data that is permitted to be accessed by the authenticated user among the shared data, shared files that are permitted to be accessed by the authenticated user among the shared files associated with the shared data, and the virtual directory structure. Display control means to be displayed on,
Equipped with a,
The association means uses the shared file associated with the shared data as a shared file permitted to be accessed by an authenticated user permitted to access the shared data . Computer
Of the data on the database, shared data, which is the data that is allowed to be accessed by one or more users among a plurality of users who make access requests via a terminal having a display device, and files stored in the storage device Means for setting an access level for a shared file, which is the file that is allowed to be accessed by one or more users,
Means for associating the shared data with the shared file;
Means for setting a virtual folder in which the shared data exists, and setting up and down relationships between a plurality of virtual folders;
Means for generating a virtual directory structure different from the directory structure of the storage device for storing the shared file based on the set virtual folder and the hierarchical relationship of the virtual folder, and forming a directory structure indicating the location of the shared file;
Means for determining whether the user is an authenticated user authorized to view part or all of the data and the file;
Means for identifying the access level of the authenticated user;
Means for extracting shared data and a shared file that are permitted to be accessed by the authenticated user based on an access level set for the shared data and the shared file and an access level of the authenticated user;
The display device displays shared data that is permitted to be accessed by the authenticated user among the shared data, shared files that are permitted to be accessed by the authenticated user among the shared files associated with the shared data, and the virtual directory structure. Means to display
To function as,
A program that sets the shared file associated with the shared data as a shared file that is permitted to be accessed by an authenticated user who is permitted to access the shared data . An access control method for controlling access from the terminal to data on a database and a file stored in a storage device in response to an access request from a plurality of users performed via a terminal having a display device,
Setting access levels for shared data that is the data that is allowed to be accessed by one or more users and shared files that are the files that are allowed to be accessed by one or more users;
Associating the shared data with the shared file;
The shared file associated with the shared data is a shared file that is permitted to be accessed by an authenticated user who is permitted to access the shared data;
Setting a virtual folder in which the shared data exists, setting up and down relationships between a plurality of virtual folders;
Creating a virtual directory structure different from the directory structure of the storage device for storing the shared file based on the set virtual folder and the hierarchical relationship of the virtual folder, and setting the directory structure to indicate the location of the shared file;
Determining whether the user is an authenticated user authorized to view part or all of the data and the file;
Identifying the access level of the authenticated user;
Extracting shared data and shared files that are permitted to be accessed by the authenticated user based on the access level set for the shared data and the shared file and the access level of the authenticated user;
The display device displays shared data that is permitted to be accessed by the authenticated user among the shared data, shared files that are permitted to be accessed by the authenticated user among the shared files associated with the shared data, and the virtual directory structure. To display
An access control method including:

Images