JPH06318167A - Device and method for scanning object - Google Patents

Abstract

PURPOSE:To provide an object scanning procedure and a scanning right flexibly by rewriting a scan ID list corresponding to the selection of an object to be scanned when the scan ID list is executed by collating with a scan right data list defined on the object and the object to be scanned is selected. CONSTITUTION:A scan right ID list detecting part 17 takes out the scan ID list from a scan ID list storage part 12, and an access right verification part 18 verifies whether or not the access right of the object exists on a process making access based on data in an access right storage part 13. A scan object selection part 19 appropriately judges the object made to be a scan object appropriately based on information from the access right verification part 18, the scan ID list detecting part 17, and a scan right data list detecting part 16, and requests the take-out of the object required furthermore to a target object take-out part 14. An object read-out part 20 obtains the obtained object data, and returns the content of the data to a processor 5.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an object scanning device having a structured storage means such as a file system of a computer, a virtual storage space and a data base.

[0002]

2. Description of the Related Art Conventionally, as a method of scanning a plurality of objects associated with each other by a link, a method of sequentially following links such as hypertext or a file of a computer is used.
As in the system, there is a method of searching for a corresponding object group from a given name and presenting it. Also, how to limit the objects accessible by the user,
A method of temporarily changing the access right is also known.

It is also known in the prior art to generally represent accessible objects by combining these methods and to read a plurality of objects associated by links as one continuous data.

On the other hand, recently, when these conventional techniques are combined and a plurality of objects are combined to form a hierarchically large object, each sub object has access right information to change the parameter. Therefore, it has been attempted to change the scanning procedure and express one combination object like many kinds of combination objects.

The following is a description of such an idea.

Now, it is assumed that Mr. Takahashi is creating a name list file belonging to group A.

FIG. 20 shows a state in which the name list body is created as one object, and 121 is an object showing the name list body. In this example, there is no file name, but it does not matter.

Reference numeral 1211 indicates the ID of the owner of the object 121. That the number shown here is Mr. Takahashi means that the corresponding column 13 of the ID table 131 in FIG.
It can be known by referring to 11. 1212
Is a group of the objects 121, and this is a group A. Similarly, the corresponding column 13 of the ID table 131
You can know from 12. 1213 is the object 1
21 Access right to the owner. RD, WR,
Each field of EX is read, write,
Shows the authority to execute. This object 121 is just data and cannot be executed because it is not a program. Since the file owner can read and write naturally, RD and WR are 1 and EX is 0. 1214 is an access right to the group of the object 121. Since it is group data, it is readable and RD is 1, but it is not writable and WR is 0 in order to prevent data tampering. 1215 is an access right of the object 121 to other people. The group roster is sensitive,
Since reading is not permitted, RD is 0. 1216 is the data body of the object 121, in which the data of the name list is entered. In reality, the data body may not be entered here, but the pointer to the data body or the ID of the block in which the data body is written may be entered, but an example thereof is not shown here.

Next, in order to manage such a name list file, an object 141 with a comment as shown in FIG. 22 is created. Here, 1411 is the owner ID, and 1412 is the group ID. The group of this file is "32" registered in the group ID 1412.
The group becomes 0 from 0 ". This can be seen from the corresponding field 1312 of the ID table 131. Also, 141
Reference numeral 3 denotes an access right to the owner of the object 141, which is the same as 1212 described above. 1414, 14
Reference numerals 15 are access rights to the group of this object and others, respectively. Since the contents of this object should not be seen by others as well as the members of group A, the fact that RD is 0 is different from the case of object 121 in FIG.

It has been widely practiced to give different access permissions to each object in this way. In recent years, it has been attempted to handle a plurality of objects such as this example as if they were one file. FIG. 23 exemplifies this. Here, the object 151 is an object for associating the object 121 and the object 141 and expressing one combined object.

This object 151 has an object name 1511. This corresponds to the file name in the file system of a general computer. Reference numeral 1512 indicates the owner ID, 1513 indicates the group ID, and 1514 indicates the access right to the owner of this object. Regarding this access right, although the data and comments written in the name list may be changed in the future, it is not necessary to change the structure of the name list itself called "Group A name list", so it is not possible to write to the owner. Therefore, WR is 0. Reference numeral 1515 is an access right to the group of the object 151. Reference numeral 1516 is an access right of the object 151 to other people. No one else should be able to see the roster, but there is no particular reason to hide that this "Group A roster" file consists of the main body of the roster of Group A and comments about it, so read it. There is. Reference numeral 1517 is a bit indicating that the object 151 has a sub object and is set to 1. It can be seen that the number of sub-objects is two by reading the content of the sub-object number field 1518. What the two sub-objects are is the ID 1519 of the first sub-object and the I of the second sub-object.
You can tell by looking at D1520. These IDs indicate the sub-objects 121 and 141, respectively.

By constructing a plurality of objects in this way, Mr. Takahashi (ID 128) can say "Group A
When the object 151 expressing "name list" is read, it is found that there is a sub object 121 in which the data of the main body of the group A name list and a sub object 141 in which a comment is entered are present.
All objects have access to Mr. Takahashi (ID128), so they can access them.

On the other hand, when another person belonging to the group A (ID320) reads the file "group A name list", the contents of the sub-object 121 in which the data of the name list body of the group A is stored can be read. However, even if you try to read the commented sub-object, you cannot read it because you do not have access rights.

Since the RD of the access right 1516 to the other person of the object 151 is 1, the person 121 other than the group can scan the object 121 and the object 141 by tracing the object 151. Actually, the object 121 and the object 141 do not give the read right to other persons, so that the data of the name list is not read.

By using such a method, it is possible to access all or only a part of the object for each user.

However, when Mr. Takahashi (ID128) reads it, the group A list appears to be one file with comments, and when the other group A people (ID320) read it, it is a file without comments. You can't make a flexible expression that looks like.

Further, even if a mechanism that enables such an expression is prepared, the following problems occur.

Now, if there is a program that uses the data of the name list, formats it, and prints it in a tabular form, it is assumed that the program is created assuming that there is no comment in the name list. If you created this program so that people in group A could use it, when Takahashi-san (ID128) executes this program, he will have access to comments that the program does not need, so read it. However, this program may not work properly. That is, although the program tries to read the name list file with the authority of “group A”, the program may read the name list file with the authority of “Mr. Takahashi” who has a stronger right.

Therefore, as one of the most popular methods for avoiding such a situation, there is SUID (USP 4,135,240) for changing the access right at the same time as the execution of the program. Since this SUID is for changing the authority as the OWNER ID, it does not solve this problem as it is, but it can be realized by adding some application to the SUID. The solution example is shown below.

An object 161 shown in FIG. 24 is an object in which a general program for name list shaping is stored.
The object 171 shown in FIG. 25 is similarly a program for shaping the name list. In FIGS. 24 and 25, the same reference numerals are given to the same portions.

In this case, in the object 161,
Since no SAID (set access id) 1611 is defined, it means that the program described in the object 161 operates normally. Here, 1613 is an owner ID and 1614 is a group ID. Also,
1615 and 1616 are access rights to the owner and group of this object, respectively. Further, 1617 is an access right of other person, and the person other than the group A cannot execute it. 1618 is the main body of the execution program. This execution program 161
8 uses an object 151 as name list data.

Even in this way, the execution program 161
When you execute 8, you can get the result that you expect that people other than Takahashi (ID128) will execute, but when you execute Takahashi, you will read the comment of the object 141 that this program should not have read, and it will operate correctly There are times when you don't.

On the other hand, the object 171 of FIG.
Is very similar to object 161, but SAID1612
The settings are different. SAID1612 has an ID of 320
Is set. This makes this object 1
When Mr. Takahashi executes 71, Mr. Takahashi waives his original access right as the executor, and only the right of No. 320 can be used (this operation applies the SUID mechanism). .

In the execution program 1619 of such an object 171, 320 is used as the access right when the object 151 of the name list and the objects 121 and 141 as its sub-objects are accessed as data. The data that can be accessed becomes the same regardless of who executes it, and the program 1619 operates as expected.

In such a conventional method, by associating the program with the data used by the program, it is possible to scan an object with a special access right. However, according to this method, the right to attach the SAID to the program is not available. There is a problem in being clear. That is, SA easily
If you can give an ID, you can get arbitrary access right by using the program, and the access right that the object has becomes meaningless.

Therefore, the authority to attach the SAID must be managed by another method, but no excellent method for solving it has been performed so far. For example, this problem was circumvented by giving only the privileged user root the authority to attach the SAID.

Originally, since the right to set the access right of an object basically lies with the owner of the object, it is a great limitation that the mechanism can be realized only by a specific user. Also, the access right that should be given to the object (data) itself is
The restriction that it can be controlled only by the settings of other programs is very inconvenient. The protection mechanism initially expected for the object is not realized.

[0028]

As described above, in the conventional object scanning apparatus, since the access right itself has to be used as a scanning condition for an object, the object scanning method is to be used. It was difficult to change accordingly.

Therefore, in order to solve this problem, it has been attempted to change the portion having the access right by a method of giving a special access right to each program.
In this method as well, which part of the object is actually accessed depends only on the application program, and it is very difficult to define the scanning method for the created object. Further, even when the entire object is regarded as one file and accessed, the object itself using only the access right cannot have what kind of access is actually performed.

The present invention has been made in view of the above circumstances, and it is possible to give a flexible object scanning procedure and scanning right to each object created by a general user independently of the operation of an application. The purpose is to provide a device.

[0031]

SUMMARY OF THE INVENTION The present invention resides in an object scanning device for scanning an object formed by a plurality of sub-objects, with the scan right for each sub-object indicating who can scan each sub-object. A scan ID list means for storing at least one scan ID identifying a user requesting access to the object, and a scan stored in the scan ID list means for scanning the object. The scanning object selecting means for selecting a sub-object to be scanned based on the ID and the scanning right stored in the storage means for the object, and the sub-object selected by the scanning object selecting means for accessing the object. Output to output as a result It is constituted by the stage.

The present invention is also an object scanning method for scanning an object formed by a plurality of sub-objects, wherein the object is stored together with the scanning right of each sub-object indicating who can scan each sub-object. And storing at least one scan ID identifying a user requesting access to the object, the scan ID being assigned to the user identified by the scan ID in the object when the object is scanned. The sub-object to be scanned is selected based on the scanning right, and the sub-object selected in the selecting step is output as a result of access to the object.

[0033]

As a result, according to the present invention, when scanning a plurality of objects linked by a link, the scan ID list, which is a condition for scanning the objects, is collated with the scan right data list defined in the object. To execute. Furthermore, when selecting an object to be scanned, the scan ID list is rewritten according to this selection method.

This makes it possible to define a scanning procedure at the time of scanning those objects, define a scanning ID list according to the selection method of the object to be scanned, and dynamically rewrite it at the time of scanning. Therefore, it is possible to easily protect the object while flexibly defining the scanning method. In addition, access rights can be defined in object units for data composed of a plurality of objects.

[0035]

Embodiments of the present invention will be described below with reference to the drawings.

FIG. 1 shows a schematic configuration of the first embodiment. In the figure, reference numeral 1 denotes a virtual memory management unit, which is a management unit for facilitating management of input / output to / from a physical storage device.

The virtual memory management unit 1 manages the objects 11 virtually stored in the virtual memory space of this device. However, it is not essential to the present invention to have an object that is virtually stored, and a known storage management means may be used instead. Also, the object 11 is the link 1
They may be associated with each other at 03.

The data managed by the virtual memory management unit 1 is actually arranged in the physical memory 2 or the secondary storage device 3. The secondary storage device 3 is a hard disk drive, CD-ROM, I
For example, a C card.

Here, the reason why the secondary storage device 3 is arranged is that it is intended to be semi-permanently stored as a persistent object, or used as a swap area of the physical memory 2. In addition, the object information may be arranged so as to be carried around in cooperation with each other.

The physical memory 2 can be further hierarchized by using a cache memory or the like, but a general method will be used for this, and the description thereof will be omitted in this embodiment.

The virtual memory management unit 1 is also connected to the input / output device 4. The input / output device 4 handles, for example, data of an object to be used as if it were resident in a virtual storage space via a telephone line, a radio, a network, etc. without actually storing it in a computer. It is for. For this, a general method for managing a single virtual memory will be used, and a description thereof will be omitted in this embodiment.

Further, there is a processor 5 which is an execution subject which interprets and executes the programs stored in the program storage unit 6 and processes the object data managed by the virtual memory management unit 1. In the processor 5, registers temporarily used during the execution of an instruction, a program counter for indicating the position of the currently executed instruction in the program storage unit 6, a stack pointer for indicating the start position of stack data, etc. Exists, the program is executed by exchanging the series of data, and the virtual memory management unit 1 is requested to read and write the necessary data as necessary.

The access request receiving unit 7 receives an access request from the processor 5. This includes any data processing request such as reading, writing, erasing data. Argument detection unit 8 and access request type determination unit 9
Determines the argument and the type of the request received by the access request receiving unit 7. When the received access request is a request for reading an object, the request is sent to the object reading execution unit 10. At that time, the argument for execution is sent from the argument detector 8.

The object 11 generally exists in the virtual storage space and is virtually stored by the virtual storage management unit 1. Even if the object 11 is stored by any storage management method other than virtual storage, the gist of the present patent is not changed.

The object 11 mentioned here is a collection of all kinds of data, and includes not only data files and programs, but also work structures temporarily used by the programs. In addition, each object 11
Some of them are linked by a link 103.

As a result, a plurality of objects 11 can be collectively treated as one object, which is also called an object. In particular, when considering a plurality of objects as one object, the objects forming the same can be called sub-objects.

The scan ID list storage unit 12 manages the scan ID list. The scan ID list may be provided for each execution subject (thread), or a plurality of execution subjects may share the same scan ID list. Similarly, the access right storage unit 13 manages the access right of the user.

Each component described here does not necessarily need to be placed in the virtual storage space 1 if a method such as having a specific server for managing it is used.

In the object read execution unit 10, the target object extraction unit 14 specifies reading of the specified object from the virtual memory management unit 1,
The obtained scanning right data list is stored in the storage unit 15,
In addition, the read data is used as an object and data reading unit 2.
Send to 0.

The scanning right data list detecting unit 16 extracts the scanning right data list based on the data in the scanning right data list storage unit 15, and the scanning object selecting unit 19
Send to.

The scanning right ID list detecting section 17 scans the scanning ID list relating to the currently accessed process by scanning I.
The access right verification unit 1 retrieves from the D list storage unit 12.
Reference numeral 8 verifies whether or not the currently accessed process has an object access right based on the data in the access right storage unit 13.

The scanning object selecting unit 19 uses the information from the access right verifying unit 18, the scanning ID list detecting unit 17, and the scanning right data list detecting unit 16 to carry out an object to be scanned according to the procedure described in detail later. Is appropriately determined, and the target object extracting unit 14 is requested to extract the necessary object.

The object data reading section 20 obtains a necessary portion of the object data obtained by repeating the series of these flows, and returns the result to the processor 5 as a result.

Next, FIG. 2 shows an example of the structure of an object when a plurality of objects are linked by a link and treated as one meaningful file.

In this case, the object 201 of the main body of the name list of the group A is accompanied by the object 202 of the comment prepared for the name list creator. The two are linked by a link 203 and are linked by an object 204 representing a group A list.

Therefore, these objects 20
All of 1, 202, 204 and the link 203 can be regarded as a group A name list 205.

On the other hand, since no comment is attached to the group B name list, the group B name list body 206 is the group B name list itself.

Further, since no comment is added to the name list of group C, the structure similar to that of group B may be used. However, in the example of FIG. It is connected to an object 208 which is a node expressing the name list of C. And these can be understood as a group C roster 209.

The name list 209 of the group C does not need to be expressed by combining two objects, but may be expressed as one object. Here, two objects are used to represent the possibility of adding a comment.

The group A list object 204, the group B list object 206, and the group C list object 208 are connected to a group list object 210 by a link 203, respectively, and a group of all these objects and links is grouped. It is regarded as a roster 200.

In this case, in order to simplify the following description, it is assumed that each object has a unique ID number. For example, as the ID numbers, the group name list object 210 is IDM, and the name list objects 204, 206, and 208 of groups A, B, and C are IDs.
The GA, IDGB, IDGC, group A, and C name list body objects 201 and 207 are IDGAO and IDGCO, and the group A name list comment object 202 is IDGAC.

FIG. 3 shows a group name list object 210.
It shows the structure of.

Here, 301 is the I of the object 210.
D and 302 are I of the person who created this object 210.
It is the D number. Although this ID number corresponds to the ID of the owner of the conventional file system, this ID is not limited to the ID of the user, and may be the ID of a group. It is also possible to assign a number to a program or thread and use that number.

Reference numeral 303 is an access right data list which defines objects having access rights. This may be a single piece of data, but is generally a list. Access right data list 30 in this example
3 is three access right data 30 as shown in FIG.
It consists of a list of 4, 305 and 306.

Here, it is assumed that the user ID of the person who created the object is 128 and that person has the right to write and read. The flags “R” and “W” of the access right data 304 mean that the person whose user ID is 128 can read and write. However, since there is no access right for execution yet, it is not possible unless it is permitted by other access right data. Similarly, the access right data 305 has a flag “R” indicating that the people with the group IDs 320 to 322 have the read right, and the access right data 306 indicates the setting of the access right by the user ID or the group ID. It means that it can be specified by any program without. If the result of executing the program with the program ID specified here is true, this program has the read right.

If a number equivalent to the user ID is assigned to the program or its execution subject (thread), the field for distinguishing ID or program written at the left end in this example is unnecessary.

On the other hand, the access to the object 210 is permitted when it is designated by any of the three access right data 304, 305, 306 forming the access right data list 303. in this case,
Although more complicated access rights can be specified by logically combining access right data, one of the simplest examples is shown here.

Reference numeral 307 in FIG. 3 denotes scan control data. This scan control data 307 defines how the sub object is scanned when the object 210 is scanned. Generally, any scan control can be realized by entering the program ID of the scan control program here. However, the most typical example is shown here for the sake of easy understanding of the description. Here, the flag EVERYTHING means traverse all traversable sub-objects. That is, all sub-objects that have the right to scan are sequentially read and read. This flag is set to allow multiple group rosters to be read when a person who belongs to multiple groups reads the group roster. And if there is no scannable sub-object, a permission denied error will occur. On the other hand, if you set the flag EVERYTHING-SILENT, the group list will appear as if it were an empty file without any scannable sub-objects, and no error will occur. EVERYTHI
Since the meanings of NG and EVERYTHING-SILENT are the same except for error handling, they are used without distinction in the following examples. Also, the description of the error processing part that should be originally performed when EVERYTHING is used will be omitted.

As an example of another scanning control program, ON
If set to LYONE flag, if any scannable sub-object is found then that object will be scanned,
Ignore other sub-objects. However, an error will occur if there is no scannable sub-object.
Setting the ONLYONE-SILENT flag does not result in an error.

308 indicates the number of sub-objects,
Since the number of sub-objects 308 is three here, it can be seen that the object 210 has three sub-objects, and the IDs of the sub-objects No1 to No3 are respectively the sub-object IDs 309.
Is defined in. A scanning right data list 310 is attached to each of the sub-objects No1 to No3. The scanning right data list 310 here has only one element, and as shown in FIG.
11, the group IDs are 320, 321, and
The 322 person is granted the scanning right. Further, the R, W, and X flags described in each scan right data 311 respectively indicate the scan right when the scan accompanying the reading, writing, and execution occurs. In this example, the scan right is granted in all cases.

Such scanning right data list 310
Examines the presence or absence of the scanning right in the same procedure as the access right data list 303 described above, but the functions are completely different. That is, access right data
The list 303 indicates whether or not the object can be accessed, while the scan right data list 310 indicates whether or not the sub object should be automatically scanned. For example, if a sub object has access but no scan rights,
If you simply scan an object that is a combination of objects, the corresponding sub-object will not be scanned (invisible), but if you try to read by explicitly specifying the sub-object, you will have access rights. So it can be read.

Note that each scanning right data 311 gives the right of W to the members of the group, which may be uncomfortable in the sense of a normal access right mechanism. Since this W flag simply indicates the procedure for scanning, it is not necessarily related to object protection. The object is protected by the access right list of each object. Even if the W flag is abused and the data of the name list is to be written, the sub object does not have the right to write, so that the data cannot be written. In this case, it is easy to misunderstand that the W flag is meaningless, but that is an error. If there is no W flag, the sub
It means that you can not write because you can not reach the object, but if you set the W flag properly, when you scan for writing, it will go to the sub-object and check the access rights of the sub-object Then, appropriate error processing is performed.

Next, FIG. 6 shows the structure of the object 204 representing the group A list. Here, the same parts as those of the group name list object 210 are designated by the same reference numerals, and the description thereof will be omitted. Since the objects 206 and 208 of the rosters of the groups B and C have the same structure, the description thereof will be omitted.

In this case, the access right data list 30
3 has two access right data 312. These indicate that the person with the user ID 128 has the authority to read and write, and the person with the group ID 320 has the authority to read.

Then, there are two sub-channels No1 and No2.
The first one of the objects shows the group A name list comment object 202, and the second one shows the group A name list body object 201.
Then, each sub-object 202, 201
Is a scan right data list that has one scan right data. I have 310. The scanning right data 313 of the scanning right data list 310 has user IDs, respectively.
It indicates that the 128th person and the person whose group ID is 320 have the scan right of the sub object.

Next, taking such an object as an example, the procedure for carrying out the object scanning will be described by taking as an example the case where various people read while scanning various objects.

First, the scan I is performed before the object scan.
The scan ID list is set in the D list storage unit 12. This allows a plurality of scan IDs to be set as well as a plurality of access rights. However, since it often does not make sense to have a scan right for an ID that does not have its own right, it is common to use all the right IDs that it currently has as a default.

For example, if the person having the user ID 128 belongs to the group having the group ID 320 and the group having the group ID 340, the three scan IDs 61 as shown in FIG.
The initial value 61 of the scan ID list in which 1s are connected is set.
Of course, data other than this may be explicitly used as the initial value of the scan ID list.

In this state, when the scanning of the name list object 204 of the group A is started, in FIG. 6, the user ID 128 is registered in the access right data list 303, so that the object 204 can be accessed. it can. Group A roster object 20
Since 4 has two sub-objects, see if it can scan the first sub-object. Here, the scanning right data 31 of the scanning right data list 310
Looking at 3, since the scanning right is given to the user ID 128 for reading, it matches the scanning ID 611 in the scanning ID list, the scanning right is recognized, and scanning is performed.

Here, the scan control data 307 is EVERYTHI
Since it is NG, it tries to scan the next sub object. Then, according to the scanning right data, the group ID
Since 320 has the scanning right, the same scanning is performed. That is,
For this person, the group A roster object 20
4 will be scanned as a combination of the comment and the text.

If the person with the user ID 129 belonging to the same group performs the same operation this time, the initial value 61 of the scan ID list becomes, for example, as shown in FIG. 8. Therefore, when the name list object 204 of the group A is scanned. Scan rights data list 3 for the first sub-object
10 does not match the scan ID list, and is not a scan target. That is, for this person, the group A roster object 204 will be scanned as only the body of the roster.

Next, if a person who does not belong to the group A performs the same scan this time, an initial value 61 of the scan ID list is obtained.
Since the scan ID 612 is as shown in FIG. 9, for example, when scanning the name list object 204 of the group A, the first sub-object is not the scan target as in the previous time,
The second sub-object will not be scanned either.
That is, for this person, the name list object 204 of the group A is the same as a file having no contents.

Here, if the data is defined so that the scanning right is also given to this person, the scanning is performed this time, and the sub.
If you do not have access rights for the object, an error will occur there. In this way, the subtle difference between the access right and the scanning right can be easily realized in the object scanning method of the present invention.

The scanning procedure described above can be performed recursively for each object.

That is, the same user ID 128 as in the above description.
When the person in turn accesses the group name list object 210, the access right data list 303 of the object 210 shown in FIG. 3 is accessible because the ID 128 is written, and it can be seen that there are three sub-objects.

Next, it is checked whether or not each sub-object is scannable. In each scanning right data list 310, the sub-object with group ID 320 to which the person with user ID 128 belongs is written. Since it can be seen that only No1 can be scanned,
Next scan the sub-object 204 with D #IDGA. This is as described below.

When the person with the user ID 128 accesses the group name list object 210 by such a procedure, the comment of the name list of the group A and the text are scanned.

Further, when the same person with the user ID 129 as before accesses the group name list object 210, it can be seen that only No1 of the three sub-objects can be scanned, and the procedure as described below is performed. Thus, the text of the roster of the group A is scanned.

Here, the procedure for selecting a sub-object in the above-described object scanning will be described with reference to FIG.
Will be described.

That is, assuming that the scanning of a certain object is started by a certain user, first, step 110
At 1, it is determined whether this user has access to this object. If not,
Error processing is performed, and if there is, step 1102.
Then, the initial value 61 of the operation ID list is set as described below.

Next, the number of sub-objects of this object is read into the variable number N in step 1103, and it is determined in step 1104 whether the number N is zero. If the number N is zero, then there are no sub-objects to scan and the operation ends. Otherwise, in the next step 1105, it is determined whether the Nth sub-object is scannable for this user.
Search the object scanning right data list to determine. If this Nth sub-object is not scannable, then the variable N is updated to N-1 and step 11
Return to 04.

If not, then step 1109
At, start scanning this Nth sub-object. At this time, if the N-th sub-object further includes sub-objects, the N-th sub-object is recursively called, the operation returns to the start, and the operation of FIG. Recursively for sub-objects of.

After the scanning of the N-th sub object is completed, it is checked whether the scanning management data 307 of this object data is EVERYTHING or not.
To decide in. If not, the operation ends, and if EVERYTHING, the operation proceeds to step 1106 above.
Return to.

As described in detail above, a mechanism is provided for utilizing the information in the scan right data list of an object, determining which object should be scanned when accessing, and appropriately extracting only the necessary object. By doing so, it becomes possible to express a flexible object that cannot be realized by the conventional access right management method.

Since the scanning procedure can be described in the object itself without making a special definition in each program, the flexible expression of the object can be used in a natural form from the program. Therefore, it becomes very easy to develop a new type of program that requires complicated description of access rights and how the user sees it, as in the collaborative work support system that has become popular in recent years. .

In the first embodiment, when different access rights are set for different objects forming a single object, the operation of the program is changed from one thread to another thread, It is possible to solve the conventional problem caused by the difficulty of debugging due to the irregular operation.

Therefore, according to this embodiment, by utilizing the access right and the scan right which are functionally different from each other, the object scan procedure and the scan for each object created by the general user are irrespective of the operation of the application program. It is possible to provide an object scanning device capable of flexibly specifying a right.

The second embodiment of the present invention will be described below.

FIG. 11 shows a schematic structure of the second embodiment by using the same symbols for the same parts as in FIG. The difference from the first embodiment is that the scan ID list changing unit 21 that dynamically changes the scan ID list is included in the object reading execution unit 10.
To have.

The scan ID list changing unit 21 is connected between the scan object selecting unit 19 and the scan ID list storage unit 12.

The scan ID list 21 is for adding and deleting scan IDs to the scan ID list stored in the scan ID list storage unit 12 by the scan object selection unit 19 in accordance with the selection of the object to be scanned.

In addition to the operation described in the first embodiment, the scanning object selection unit 19 determines the authority for accessing the scanned object at the same time as the operation for scanning the object, and scans the object in accordance with the appropriate authority. Change the ID list.

Hereinafter, the procedure of scanning an object will be described in detail with reference to the drawings. Unless otherwise specified, the same names and reference numerals as those in the first embodiment have the same meanings.

Consider the case of scanning the group roster object 210. In this case, for example, the person with the user ID 128 is the group with the group ID 320 and the group ID 340.
If it belongs to the No. group, the initial value 61 of the scan ID list in which three scan IDs 611 are connected is set as in the case of the first embodiment.

In this case, the group name list object 210 has three sub-objects, as shown in FIG. Then, looking at the scan right data list 310 of these three sub-objects, it can be seen that only the first sub-object can be scanned. Therefore, only the sub-object group A roster object 204 is scanned. At that time, for the first sub-object, the ID is included in the scanning right data list.
Since only the user right whose user ID is 320 is defined and the other scan IDs are unnecessary, these unnecessary scan IDs are deleted when scanning the sub-object.

Therefore, the scan ID list having the initial value 61 as shown in FIG. 7 is changed at this point as shown in FIG. Scan IDs 128 and 340 are separated and ID
Only 320 is valid.

That is, in this scan, the access right of the originally owned user ID 128 is used by using the information from the scan right data list 310 that the first sub-object should be accessed with the right of group A. Means that the weaker ID 320 right is used as the scanning right.

Next, the list object 204 of the group A, which is a sub object, is scanned.

First, looking at the scan right data list 310 of the first sub-object, the scan right 3 of ID 128
13 are defined. I of the user who is currently scanning
D is 128, but the current scan I
As shown in FIG. 12, the D list has a scan ID of user ID 128.
Since I don't have D, this sub-object 201
Is not scanned. Further, since the scanning right data list 310 of the second sub object issues the scanning right to the group ID 320, scanning is performed.

When the person with the user ID 128 accesses the group name list object 210 by such a procedure, the same data as the content of the object 201 of the main body of the group A name list is read and is originally given to the user. The content of the comment of the object 202 based on the strong scanning right is not read.

For the user whose user ID is 128, both the main object 201 of the group A list and the comment object 202 have access rights.
In the prior art, both objects were always referenced unless the program accessing the object was given special privileges.

Another user is a group name list object 2
The operation in the case of scanning 10 can be easily understood, so the description thereof will be omitted.

Now, a procedure for selecting a sub-object and changing the scan ID list in the above-described object scanning will be described with reference to the flowchart of FIG.

In this case, it is judged whether or not there is an access right by starting the object scanning (step 100).
1) If there is no access right, it is judged as an error, and if there is access right, an initial value 61 of the scan ID list is set (step 1002), and the head element of the scan ID list is set to the pointer P.
Then, the number of sub-objects is set to N (steps 1003 and 1004). Then, it is determined whether or not N = O (step 1005). If N = O, the scan ID of P is deleted from the scan ID list (step 100).
9) and proceeds to step 1010. If N ≠ O, the scan right data list of the Nth sub object is checked to see if the Nth sub object can be scanned by the scan ID indicated by the pointer P (step 10).
06). If scanning is not possible, N is set to N-1 (step 1007) and the process returns to step 1005. If scanning is possible, it is checked whether there is a next scanning ID (step 101).
0), and if there is, set the next element to P (step 10
08), return to step 1004, otherwise step 1
Proceed to 011.

The number of sub-objects is set to N again (step 1011). Then, it is determined whether N = O (step 1012), and if YES, the process ends. If NO, it is determined whether the Nth sub-object can be scanned (step 1013).
If it is O, N is set to N-1 (step 1014), the process returns to step 1012, and if it is YES, the current scan ID list is saved in the stack (step 1015) and the object scan of the Nth sub-object is started (step 1015). Step 1016). At this time, the N-th sub object is recursively called if there are more sub objects. ) When scanning of all sub-objects is completed, the scan ID is retrieved from the stack (step 10).
17). Then, the scan control data 307 is EVERYTHING
It is determined whether or not (step 1018). YES here
If so, the process returns to step 1014, and if NO, the process ends.

Therefore, in the object scanning described with reference to FIG. 13, when the object to be scanned is selected, if there is a scanning ID for which there is no sub-object having the scanning right, it is deleted. There is.

Next, a procedure for deleting a scan ID that cannot scan the selected object when the object to be scanned is selected will be described with reference to FIG.

In this case, it is determined whether the user has the access right by starting the object scanning (step 1
101), if there is no access right, it is judged as an error, and if there is an access right, the initial value 61 of the scan ID list is set (step 1102). Then, the number of sub-objects is set to N (step 1103), it is determined whether N = O (step 1104), and if YES, the process ends. If NO, it is determined whether or not the Nth sub object can be scanned. If NO, N is set to N-1 (step 1106), the process returns to step 1104, and Y is returned.
If it is ES, the current scan ID list is saved in the stack (step 1107), the scan ID not included in the scan right data list of the Nth sub-object is deleted from the scan ID list (step 1108), and the Nth scan ID list is deleted. Initiate object scan for sub-objects (step 11
09) at this time, if the N-th sub-object further contains a sub-object, the N-th sub-object is recursively called, the operation returns to the start, and this operation of FIG. Repeat recursively for objects. When the scanning of the Nth sub-object is completed, the scanning ID is fetched from the stack (step 1110). Then, it is judged whether or not the scanning control data 307 of this object is the EVERYTHING flag (step 1111), and if YES here, step 1
Returning to 106, if NO, the processing ends.

Therefore, in this way, for example, the user with the user ID of 128 is explicitly assigned to the group A name list 20.
In the case of referring to 4, both of the scans are performed using the authority of the user ID 128. Simply referring to the group name list 210, the scan authority is changed when the sub object 204 is scanned, and the authority of the group 320 is changed. You will be able to access the roster file with.

Thereby, for example, when the name list file edited by oneself is given to the name list shaping program and executed,
You can prevent other members from working properly, but not doing so because you are running with the wrong data with comments.

That is, according to this structure, not only access rights can be defined for each object for data composed of a plurality of objects, but also a scanning procedure at the time of scanning those objects is defined and scanning is performed. Since the object to be selected can be selected and the scan ID list can be rewritten according to this selection, the object can be easily protected while flexibly defining the scan method.

That is, when scanning a plurality of objects as one file, the scanning rights described for each unit object are not individually combined, but all objects are scanned under a unified right. Thus, it is possible to prevent a scanning method that is not intended by the creator of the object from being adopted.

When an object to be scanned is selected, it is changed to a specific scan ID list, or one or more specific scan IDs are added to the scan ID list. By including the scan ID list changing unit that deletes the scan ID of the scan ID list from the scan ID list, a special method can be provided only when scanning a specific object. Also, the e-mail described here is
Not only the conventional method, but all data transmitted from one person to another person, such as presentation materials shown to the other party in an electronic conference, a video of the conference scene, etc.
It also refers to data, etc.

Further, when the scan ID list is changed, a constraint that the scan ID which the creator of the object does not have cannot be added, thereby abolishing the access right management which is generally used in the past, and the scan Even if the right is used as a substitute, it is possible to prevent unauthorized access to the object by misusing the mechanism for giving the special scan ID.

Further, if the above constraint is relaxed so that the scan ID designated by a specific execution program is added when the scan ID list is changed, more flexible object scanning can be enabled.

The third embodiment of the present invention will be described below with reference to FIG. This embodiment is an application of the object scanning method and apparatus to an electronic mail writing tool.

FIG. 15 is a block diagram of an object scanning device incorporating an electronic mail creation tool. The same parts as those in FIG. 11 are the same and the description thereof is omitted.

First, the electronic mail creating section 30 will be described. This is the part used by those trying to create and send e-mail. First, the text input by the document input unit 31 is sent to the object creation unit 32,
Virtual memory management unit 1 to store in the form of a text object
To request. The sentence referred to here may be not only a normal sentence written in characters but also general data such as images, voices, and databases.

The text creator can set the scanning right for a part or all of the text created as necessary. This instruction is sent from the text input unit 31 to the scanning right data list creation unit 33, and the scanning right data list creation unit 33 is sent.
Sets the scan right data list for the created document according to the instruction. This process typically involves dividing the object into sub-objects. The contents to be set are appropriately requested to the object creating unit 22.

The above is the description up to the creation of the electronic mail, and the text created in this way can be referred to by other people as it is by setting appropriate scanning right and access right. A description will be given based on the concept of sending to a transmission partner like an existing electronic mail. However, the present invention is not limited to this concept.

The object transmitting unit 34 transmits the created text object. Specifically, according to the mail address 50 (address) of the transmission partner, the receiver notifies the mail transmission so that the receiver can read it, and transfers the data to another computer via the network if necessary. These processes are conventionally performed by a program called Sendmail, and detailed explanations are omitted.

Next, the electronic mail receiving section 40 will be described. This is the part used by those who receive and read e-mail. First, the object receiving unit 41 detects the arrival of electronic mail. This is transmitted to the electronic mail reading unit 42, and the reading unit 42 orders the processor 5 to read the text object. The procedure from the command for reading to the reading of the text object as a result is the same as that described in the second embodiment.

The person who receives the electronic mail instructs the scanning ID list designating section 43 to scan the ID list for reading the received electronic mail, conveys the instructed contents to the scanning ID list setting section 44, and scans the scanning ID list. The setting unit 44 writes information in the scan ID list storage unit 12. The scan ID list here designates "who has the right to read this mail" and, of course, does not mean that a mail without access rights (for example, a mail addressed to another person) can be read.

However, in general, the operation of sending this command to the scan ID list instructing section 43 to the user each time an electronic mail is read is complicated, so the default scan ID list instructing section 45 causes the default scan ID list instructing section 45 to perform a default scan. The ID list is determined and the contents are transmitted to the scan ID list setting unit 44.
The method of determining the default scan ID list is generally instructed by an environment setting file or the like so that the user can customize it. Here, the mail address 50 instructed from the object transmitting unit 34 to the object receiving unit 41
Shall be decided based on. For example, if the e-mail is addressed to everyone in group A, the default scan ID list will be scan rights for group A only. The recipient can change this default in the scan ID list designating section 43 according to his or her needs and preferences.

The result received by the electronic mail reading unit 42 from the processor 5 is sent to the electronic mail display unit 46, and the electronic mail can be actually read. Also, after reading the e-mail, the scan ID is displayed in the scan ID list designating section 43.
It is also possible to request a list change and read the email again under a different scanning right.

Regarding the sending and receiving of electronic mails with the above-mentioned configuration, the following describes an example of how the data structure is concretely expressed by taking a document actually used as an example.

FIG. 16 shows a document prepared by the leader in which the plans of the project A and the project B for the current period are described. This document creation tool has a function of adding a scanning right setting attribute to a part of a document.

Normally, it is not necessary to specify the scanning right for a document, but the reader judges that this document is highly confidential,
I tried to make sure that the plan of each project was understood only by the members.

The range was designated, and the first half was instructed to give the scanning right to the project A and the second half was given to the project B. I also instructed that part of the text related to Project A be scanned only by myself because it touches the privacy of individuals.

In response to this instruction, the document creation tool sets an appropriate scanning right data list and creates a data structure as shown in FIG. In FIG. 17, description of fields that are not directly necessary for the description of this embodiment is omitted.

Leaders are Project A and Project B
Since you have both permissions, you can read the entire created document.

The leader emailed this document to all members of Project A and Project B. This scanning of the document object may occur when the email composer sends it, or the email composer may transmit the entire document and scan the object when the recipient reads it. , Or both, but here, it is described as being performed when the recipient reads it.

Member 1 who belongs to project A only
When this e-mail is received, first, before access, as shown in FIG. 18, the scan ID list is set with project A and own ID MEMBER1 (actually, other I
D may also be set, but is omitted because it is not relevant to the description of this part). Then, when this document object is scanned, since it is scanned based on the authority of the project A, only the part of the document 1 is accessed in the same procedure as in the first embodiment. Therefore, the person can read only the contents of the document 1.

On the other hand, the members who belong to only the project B can similarly read only the contents of the document 3.

When member 2 who belongs to both project A and project B receives this e-mail, first, project A and project B and their own member MEMBER 2 are added to the scan ID list as shown in FIG. Set. And when I scan this document object, I scan it with both project A and project B privileges,
Also, since TRAVARSE INFO is EVERYTHING, it can be read as one document in which the contents of document 1 and the contents of document 3 are linked.

As described below, there are many merits by transmitting an electronic mail by such a procedure.

First, it becomes unnecessary to cut and paste only a necessary portion for sending an e-mail, which was originally managed as one document, and send it according to the other party. A document once set up in the scanning right data list is automatically sent so that only the part that needs to be read by anyone can be read.

Also, there is no fear of sending a portion that should not be read by mistake. For example, even if the document to be transmitted includes a commented part regarding the privacy of an individual, such as document 2, the recipient does not read it. Or, if you send it to someone who does not belong to either Project A or Project B, it will be an email with nothing inside.

Further, when the persons who belong to both the project A and the project B receive it, in the conventional method, the part related to the project A becomes a member of the project A and the part related to the project B becomes a member of the project B. Since it is necessary to send each of them, the document 1 and the document 3, which were originally one sentence, become separate e-mails, which is inconvenient for organizing.

Furthermore, in the operating system called single virtual memory, which has been attempted to be put into practical use in recent years, the same object can be accessed with a single (same) address in a distributed computer environment. Then you can simply send an email by passing a pointer to the object. In such an environment, in the conventional electronic mail transmission method, since data is reprocessed for each destination, an extra storage area is required. Since all you have to do is pass a pointer to the object, the performance will be dramatically improved.

Thus, with the object scanning device of the present invention, its usefulness is clear even in the case of the very simple example described here. The effect can be immeasurable because it is possible to automatically scan a complicated object that is a combination of these objects.

The present invention is not limited to the above-mentioned embodiments, and can be carried out by appropriately modifying it without departing from the scope of the invention.

[0153]

According to the present invention, not only access rights can be defined for each object for data composed of a plurality of objects, but also a scanning procedure for scanning those objects can be defined flexibly. It is possible to scan and easily protect the object.
Furthermore, the scanning right is dynamically changed by rewriting the scanning ID list according to the selection of the sub-object,
More flexible access is possible.

Therefore, when a plurality of objects are combined to form an object, attempts have been made in recent years to set different access rights for each individual object. Since the behavior of the program changes depending on the executing subject, and the behavior becomes inconsistent, making it very difficult to debug, but since the scanning right can be defined separately from the access right, , Such problems can be solved.

[Brief description of drawings]

FIG. 1 is a diagram showing a schematic configuration of a first embodiment of an object scanning device according to the present invention.

FIG. 2 is a diagram showing a configuration example of an object handled by the device of FIG.

3 is a diagram showing a configuration example of data of the object of FIG.

FIG. 4 is a diagram showing a configuration example of access right data in the configuration of FIG.

5 is a diagram showing a configuration example of scanning right data in the data configuration of FIG.

6 is a diagram showing a configuration example of sub-objects of the object shown in FIG.

FIG. 7: Scan ID of user number 128 in the apparatus of FIG.
The figure which shows the initial value of a list.

FIG. 8: Scan ID of user 129 in the apparatus of FIG.
The figure which shows the initial value of a list.

FIG. 9: Scan ID of the 130th user in the apparatus of FIG.
The figure which shows the initial value of a list.

10 is a flowchart for explaining an example of a procedure of selecting sub-objects in the apparatus of FIG.

FIG. 11 is a diagram showing a schematic configuration of a second embodiment of an object scanning device according to the present invention.

FIG. 12 is a diagram showing a state after the scan ID list of the user in the apparatus of FIG. 11 is changed.

13 is a flow chart of an operation for selecting a scan sub-object and changing a scan ID list in the apparatus of FIG.

14 is a flow chart of another operation of selecting a scan sub-object and changing a scan ID list in the apparatus of FIG.

FIG. 15 is a schematic configuration diagram showing a third embodiment of an object scanning device according to the present invention, which incorporates an electronic mail tool.

16 is a diagram showing an example of a mail document handled by the apparatus of FIG.

17 is a diagram showing the data structure of an object for displaying the document of FIG. 16 in the device of FIG.

18 is a diagram showing initial values of a scan ID list of a user in the apparatus of FIG.

FIG. 19 is a scan ID of another user in the apparatus of FIG.
The figure which shows the initial value of a list.

FIG. 20 is a diagram illustrating an object of a conventional name list body.

FIG. 21 is a diagram illustrating an ID list of a conventional name list body.

FIG. 22 is a diagram illustrating an object of a comment of the name list in FIG. 20.

23 is a diagram illustrating an object in which a plurality of objects related to the objects of FIGS. 20 and 22 are connected.

FIG. 24 is a general view of an object that registers a conventional name list shaping program.

FIG. 25 is a diagram showing a modified example of a conventional object for program registration.

[Explanation of symbols]

 1 Virtual Memory Management Unit 2 Physical Memory 3 Secondary Storage Device 4 Input / Output Device 5 Processor 6 Program Storage Unit 7 Access Request Reception Unit 8 Argument Detection Unit 9 Access Request Type Determination Unit 10 Object Read Execution Unit 11 Object 12 Scan ID List Storage Part 13 Access Right Storage Part 14 Target Object Extraction Part 15 Scanning Right Data List Storage Part 16 Scanning Right Data List Detection Part 17 Scanning ID List Detection Part 18 Access Right Verification Part 19 Scanning Object Selection Part 20 Object Data Reading Part 103 Link

Claims (13)

[Claims] 1. An object scanning device for scanning an object formed by a plurality of sub-objects, comprising: memory means for storing the object together with a scanning right of each sub-object indicating who can scan each sub-object; Scan I storing at least one scan ID identifying the user requesting access to the object
D list means, and a scan for selecting a sub-object to be scanned based on the scan ID stored in the scan ID list means and the scan right stored in the storage means for the object when the object is scanned. An object scanning device comprising: object selecting means; and output means for outputting the sub-object selected by the scanning object selecting means as a result of access to the object. 2. The storage means stores the object together with the access right of each object indicating who can access the object, and the scanning object selecting means stores the access right for the user identified by the scanning ID. 2. The object scanning device according to claim 1, wherein the sub-object is selected when the sub-object is stored in the storage means. 3. A processor means for accessing the object according to a user's access right and for executing a program for operating the object using the sub-object output as a result of the access to the object by the output means. The object scanning device according to claim 2. 4. The storage means stores the object together with the access right of each object indicating who can access the object, and the sub-object selected by the scan object selection means is identified by the scan ID. 2. The object scanning device according to claim 1, further comprising access right verification means for verifying whether or not there is an access right to the user. 5. The processor means for accessing the object according to a user's access right, and having a processor means for executing a program for operating the object using the sub-object output as a result of the access to the object by the output means. The object scanning device according to claim 4. 6. The object scanning device according to claim 1, wherein the storage unit stores the object as an object formed of a plurality of sub-objects associated by a link. 7. The object scanning device according to claim 1, wherein the storage unit stores the object together with scanning control data indicating a procedure for scanning a sub-object of the object. 8. The object scanning device according to claim 1, further comprising scan ID list changing means for changing a scan ID stored in the scan ID list means. 9. The object scan according to claim 8, wherein the scan ID list changing unit deletes scan IDs stored in the scan ID list unit that do not have a scan right for any sub-object. apparatus. 10. One of the sub-objects selected by the scanning object selection means includes a further sub-object, and the storage means indicates who can scan the further sub-object. The additional sub-object is stored together with the scan right, and the scan ID list changing means selects one of the scan IDs stored by the scan ID list means that does not have the scan right of the additional sub-object. 9. The object scanning scan according to claim 8, wherein one of the scanning is deleted when scanning. 11. The scan right of each sub-object is also the kind of access to each sub-object where the person who is supposed to be able to scan each sub-object is allowed to scan each sub-object. The object scanning device according to claim 1, characterized in that: 12. A mail creating means for creating the object as a mail by designating a scanning right of each sub-object, and forwarding the created mail by designating a mail address, and according to the designated mail address, 2. The object according to claim 1, further comprising: a mail receiving unit that receives the mail transferred from the mail creating unit and extracts the sub-object output by the output unit as the content of the received mail. Scanning device. 13. An object scanning method for scanning an object formed by a plurality of sub-objects, the method including the step of storing the object together with granting the scanning right of each sub-object indicating who can scan each sub-object. Storing at least one scan ID identifying a user requesting access to the object, and scanning the object with a scan right granted to the user identified by the scan ID in the object. An object scanning method comprising the steps of selecting a sub-object to be scanned based on the above, and outputting the sub-object selected in the selecting step as a result of access to the object.