JP2006085705A - Data processing apparatus and storage medium - Google Patents

Abstract

An object of the present invention is to share access rights management between different systems that manage databases, and to change access rights, etc. that occur when a database belonging to one system is changed from the other system. As a reference, it is easy to manage access rights between different systems and to facilitate an operation of accessing a user's database.
A CPU performs an access right automatic confirmation process for confirming a setting content related to an access right for an employee's personnel system, and obtains a corresponding employee number from a personnel system corresponding file stored in a storage device. Read and access the personnel system with this employee number, read employee information such as employee affiliation information and title information from the personnel information file on the personnel system database side, and give access rights to the personnel system database based on this employee information Automatically confirm and share the employee's access rights to the personnel system database between the groupware system and the personnel system.
[Selection] Figure 3

Description

  The present invention relates to a data processing apparatus that facilitates access to a personnel system connected to a computer system managed by groupware, and a storage medium storing a control program thereof.

  Conventionally, as a computer system operated in a company, a client / server type computer system in which a plurality of client computers are connected to a server computer via a network such as a LAN (Local Area Network) is often used. Groupware is used as software for supporting operations in a server type computer system.

  This groupware uses the flow of e-mails sent and received according to the organizational structure of the company to build a workflow for exchanging business information between organizations, and share e-mail exchanged between organizations on a server computer To improve the productivity of business within the company by providing a management function that manages the access rights of each employee to the database.

  In addition to client / server computer systems that are under the management of groupware, companies also use client / server computer systems that are not under the management of groupware such as HR systems. Management of each employee's access rights to the database to be managed is performed by a system different from the groupware.

  However, for such client / server computer systems that are under the management of groupware used in conventional companies and computer systems that are not under the management of groupware, they are shared by each system. Since the access rights of each employee to the database to be managed are managed by each system, the following problems have occurred.

  In other words, when a system under groupware management and a system not under groupware management are connected, the management of access rights to the database of the external system will be managed by the external system, and the employee will be To access the database, you must first access the system to which you belong and clear the security check, then access the external system again to clear the second security check. In addition to the complexity, there is a problem that the operation of accessing the employee database is complicated.

  It is an object of the present invention to share access right management between different systems that manage databases, and to refer to the change of access right that occurs when a database belonging to one system is changed from the other system. It is possible to facilitate management of access rights between different systems and to facilitate user access operations to the database.

  The invention according to claim 1 is a data processing device that executes data processing by the first system and the second system, and is associated with login information to the first system, and the second system. Information storage means for storing predetermined hierarchy information including affiliation information on the second system corresponding to the identification information, and when logging in to the first system, Search means for searching for identification information of the second system stored in the information storage means in association with login information, and stored in the information storage means in correspondence with the identification information searched by the search means Access right generating means for generating an access right to the second system corresponding to the affiliation of the identification information from the hierarchy information.

  According to the first aspect of the present invention, there is provided a data processing apparatus that executes data processing by the first system and the second system, and is associated with login information to the first system. 2 stores identification information of the second system, and stores predetermined hierarchy information including affiliation information on the second system corresponding to the identification information in the information storage means, and a search means stores the first system in the first system. When the second system identification information stored in the information storage means is retrieved in association with the login information when logged in, the access right generation means corresponds to the retrieved identification information. An access right to the second system corresponding to the affiliation of the identification information is generated from the hierarchy information stored in the information storage means.

  Therefore, for example, since the access right to the personnel system is automatically confirmed from the groupware system, even if the manager changes the personnel information of his / her subordinates, his access right is not changed without changing the access right setting. It is possible to search personnel information in the range covered by.

  The invention according to claim 2 is a data processing apparatus for executing data processing by the first system and the second system, wherein the second system is associated with log-in information to the first system. Information storage means for storing predetermined hierarchy information including affiliation information on the second system corresponding to the identification information, and when logging in to the first system, The identification information of the second system stored in the information storage unit in association with the login information is searched, and the identification information belongs to the hierarchical information stored in the information storage unit in correspondence with the identification information. Means for retrieving the affiliation of the authentication destination corresponding to the authentication information, and an authentication information storage means for storing the affiliation of the authentication destination retrieved by the retrieval means in the authentication information file of the first system It is characterized by having a and.

  According to the second aspect of the present invention, there is provided a data processing device for executing data processing by the first system and the second system, wherein the first system and the second system are associated with log-in information to the first system. 2 stores identification information of the second system, and stores predetermined hierarchy information including affiliation information on the second system corresponding to the identification information in the information storage means, and a search means stores the first system in the first system. When logged in, the second system identification information stored in the information storage means in association with the login information is searched, and the hierarchy stored in the information storage means corresponding to the identification information When the affiliation of the authentication destination corresponding to the affiliation of the identification information is retrieved from the information, the authentication information storage means stores the retrieved affiliation of the authentication destination in the authentication information file of the first system. That.

  Therefore, for example, additional registration of higher-level certifiers in groupware and changes in higher-level affiliations are performed automatically. Therefore, incorrect settings of certifiers due to personnel changes in the personnel system and changes in workflow settings between affiliations Can be dealt with reliably.

  According to the data processing device of the invention described in claim 3 and the storage medium described in claim 6, since the access right to the personnel system is automatically confirmed from the groupware system, the manager changes the personnel information to subordinates Even if a problem occurs, it is possible to search for personnel information within the scope of the access right without changing the access right setting.

  According to the data processing device of the invention described in claim 4 and the storage medium described in claim 7, for example, additional registration of higher-level certifiers or change of higher-level affiliation is automatically performed in groupware. It is possible to reliably cope with erroneous settings of certifiers due to personnel changes in the system and changes in workflow settings between affiliations.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. 1 to 15 are diagrams showing an embodiment of a network computer system to which the present invention is applied. First, the configuration will be described. FIG. 1 is a diagram showing an overall configuration of a network computer system according to the present embodiment. A groupware system including six client computers C and one server computer S under groupware management, and personnel A system of human resources comprising three client computers C and one server computer S under system management is connected to each server computer S via a network such as a LAN.

  FIG. 2 shows database information managed in the personnel system of FIG. 1 and database information managed in the groupware system. In the personnel system, company information, announcement information, personal information, salary information Etc. are managed as database information, and mail information, applications, workflows, etc. are managed in the groupware system.

  FIG. 3 shows an example of a specific work flow, that is, a workflow in the network computer system of FIG. 1. For example, when the employee C accesses the groupware database A ((1)), Then, employee C's groupware login information is passed to the personnel system file ((2)), and this personnel system file is transferred to the personnel information file in the personnel system database B via the network (3). The access right to the personnel information file of employee C is verified, and the verification result is returned to employee C ((4)).

  An object of the present embodiment is to make it possible to construct a workflow between the systems as shown in FIG.

  FIG. 4 is a block diagram showing an internal configuration of the computer 1 used as the server computer S in the groupware system of FIG. In FIG. 4, a computer 1 includes a CPU 2, an input device 3, a printing device 4, a display device 5, a RAM 6, a storage device 7, and a storage medium 8, and each unit except for the storage medium 8 is connected to a bus 9. Has been.

  A CPU (Central Processing Unit) 2 stores a groupware system program stored in the storage device 7 and application programs designated from various application programs corresponding to the system in a program storage area (not shown) in the RAM 6. Various instructions or data input from the input device 3 are temporarily stored in the RAM 6, and various processes are executed in accordance with the application program stored in the storage device 7 in accordance with the input instructions and input data. The processing result is stored in the RAM 6 and displayed on the display device 5. Then, the processing result stored in the RAM 6 is stored in the storage destination in the storage device 7 instructed to input from the input device 3.

  Further, the CPU 2 executes an access process (see FIG. 10) to be described later in response to an access request to the personnel system database from the client computer C in the groupware system by the employee. First, the CPU 2 logs into the groupware and performs the personnel system. Employees who have selected the groupware application to access, read the corresponding employee number from the personnel system correspondence file 72 (see FIG. 7) stored in the storage device 7 as the groupware database A in FIG. Based on the personnel information reference item for each personnel application name set in the personnel information reference item setting table (see FIG. 9) stored in the personnel database system by accessing the personnel system by number, this personnel information reference item Refer to the personnel information of the employee corresponding to Reading as determined information, and displays the acquired reference request information to the groupware screen, also allows the groupware system queries personnel information of the employee.

  Further, the CPU 2 stores the personnel system stored as the groupware database A in the storage device 7 when the employee whose purpose is to change the employee information logs in from the client computer C on the groupware system and selects the personnel application. An access right automatic confirmation process (see FIG. 13), which will be described later, is executed in order to confirm the setting contents related to the access right to the personnel system of the employee set in the corresponding file 7b, and stored in the storage device 7 as the groupware database A The corresponding employee number is read from the file 72 corresponding to the HR system, the HR system is accessed with the acquired employee number, and the employee information such as affiliation information and job title information of the employee is retrieved from the HR information file on the HR system database B side. Read and get this employee information Automatically confirmed, to share access to the personnel system database B of the employees groupware systems and personnel system access to the personnel system database B based on.

  Further, when the personnel application is selected by logging in from the client computer C on the groupware system by the employee who has made a personnel change, the CPU 2 executes a later-described certifier information update process (see FIG. 15), The personnel number is read from the personnel system corresponding file 72 (see FIG. 7) stored in the storage device 7 as the wear database A, and the personnel system is accessed by using the acquired employee number to access the personnel system. Employee information such as affiliation information and position information of the employee is read from, and the higher qualifications of the same affiliation are searched based on the acquired employee information. Employee information is additionally registered in the workflow certifier information of groupware, and the employee If the higher affiliation code stored in the affiliation information table (see FIG. 14) is changed and there is no higher qualification member of the same affiliation, only the upper affiliation code is changed without additional registration in the workflow certifier information, and personnel The automatic change of the certifier of the employee who has changed and the automatic change of the workflow between affiliations accompanying the personnel change are executed.

  The input device 3 includes a keyboard and a mouse having cursor keys, numeric input keys, various function keys, and the like, and outputs a pressed key pressing signal and a mouse position signal to the CPU 2. The printing apparatus 4 prints mail information, personnel information, and the like on a predetermined sheet and outputs them when performing groupware application processing or personnel system application processing executed by the CPU 2.

  The display device 5 is configured by a CRT (Cathode Ray Tube) or the like, and displays display data input from the CPU 2. A RAM (Random Access Memory) 6 forms a memory area for developing various data when the CPU 2 executes the various application programs.

  The storage device 7 has a storage medium 8 in which programs, data, and the like are stored in advance, and the storage medium 8 is configured by a magnetic or optical recording medium or a semiconductor memory. This storage medium 8 is fixedly attached to the storage device 7 or is detachably mounted. The above-mentioned groupware system program, various application programs, access processing programs, and access right automatic generation are stored in this storage medium 8. A processing program, an authenticator information update processing program, data processed by each processing program, and the like are stored.

  Further, the program, data, and the like stored in the storage medium 8 may be configured to be received and stored from other devices connected via a communication line or the like, and further connected via a communication line or the like. A storage device including the storage medium may be provided on the other device side, and the program and data stored in the storage medium 7 may be used via a communication line.

  Further, as shown in FIG. 5, the storage device 7 includes a groupware login information file memory 7a, a personnel system compatible file memory 7b, and a personnel information file memory 7c. As shown in FIG. 6, the groupware login information file 71 stored in the groupware login information file memory 7a is associated with each employee's "login name", "password", and "email address". It is remembered. As shown in FIG. 7, the personnel system correspondence file 72 stored in the personnel system correspondence file memory 7b stores “email address”, “employee number”, and “name” of each employee in association with each other. ing. As shown in FIG. 8, the personnel information file 73 stored in the personnel information file memory 7c includes “employee number”, “name”, “postal code”, “address 1”, and “address” of each employee. "Flicker" is stored in association with each other.

  FIG. 9 is a personnel information reference item setting table in which reference items of personnel information displayed on the groupware screen when the access process is executed by the CPU 2 are set for each personnel application name. Is stored inside.

  Next, the operation of the present embodiment will be described. First, the access process executed by the CPU 2 in the computer 1 will be described based on the flowchart shown in FIG.

  In response to an access request from the client computer C in the groupware system by the employee to the personnel system database B, the CPU 2 starts the access process of FIG. 10, and is first logged into the groupware (step S1). When an application of groupware for accessing is selected (step S2), the corresponding employee number from the personnel system corresponding file 72 (see FIG. 7) stored in the storage device 7 as the groupware database A of FIG. Is read (step S3).

  Next, the personnel system is accessed with the acquired employee number, and based on the personnel information reference item for each personnel application name set in the personnel information reference item setting table (see FIG. 9) stored in the personnel database system. The personnel information of the employee corresponding to the personnel information reference item is read as reference request information (step S4), the acquired reference request information is displayed on the groupware screen (step S5), and this process is terminated.

  FIG. 11 shows an example of the current address change window of the employee displayed on the groupware screen based on the personnel information reference item for each personnel application name set in the personnel information reference item setting table of FIG.

  Therefore, with the above access process, it is possible to access the personnel system from the groupware system and inquire personnel information simply by performing a normal login operation on the groupware.

  Next, the access right automatic confirmation processing executed by the CPU 2 in the computer 1 will be described based on the flowchart shown in FIG. 13, and the specific organization structure in the company when confirming the access right will be described. The tree diagram shown is shown in FIG.

  In response to a request for access to the personnel system database B from the client computer C on the groupware system by the employee whose employee information is to be changed, the CPU 2 starts the access right automatic confirmation processing of FIG. When the groupware application for accessing the personnel system is selected (step S12), the file corresponding to the personnel system in FIG. 7 stored in the storage device 7 as the groupware database A is selected. The employee number of the employee set in 72 is read (step S13). Then, the CPU 2 accesses the personnel system using the acquired employee number, and reads employee information such as the employee's affiliation information and post information from the personnel information file on the personnel system database B side (step S14).

  Next, it is confirmed from the acquired affiliation information and position information whether or not there is a code below the position level of the employee (step S15), that is, the position level within the corresponding position of the employee is confirmed. In the tree diagram of FIG. 12, if it is the section manager C of the research section, the access right to the personnel system database B at the section manager level is permitted (step S16). In this case, it is assumed that the access right possessed by the section manager C is granted the right to refer to personnel information for all employees included in the first and second sections of the research section surrounded by a square in FIG.

  After granting the access right of the C section manager, all job levels set in the position table stored in the personnel system database B and the position of the C section manager are checked in order to confirm the scope of the access right of the C section manager. The level is compared (step S17), and all affiliations set in the affiliation table stored in the personnel system database B are compared with the affiliation of the C section manager (step S18). Based on these comparison results After confirming the range covered by the section C access right (reference right in FIG. 12), this process is terminated.

  Therefore, the access right to the personnel system is automatically confirmed from the groupware system by simply performing a normal login operation to the groupware by the above access right automatic confirmation processing. It becomes possible to share the access right to the personnel system database B of each employee.

  Next, the certifier information update process executed by the CPU 2 in the computer 1 will be described with reference to the flowchart shown in FIG. 15, and an affiliation information table for setting a higher affiliation code to which the employee who has been transferred is assigned. As shown in FIG. This affiliation information table is stored in the storage device 7.

  In response to an access request to the personnel system database B from the client computer C on the groupware system by the employee who has been transferred, the CPU 2 starts the certifier information update process of FIG. 15 and first logs into the groupware. When a groupware application for accessing the personnel system is selected (step S22), the groupware database A is set in the personnel system corresponding file 72 of FIG. 7 stored in the storage device 7. The employee number of the employee concerned is read (step S23). Then, the CPU 2 accesses the personnel system with the acquired employee number, and reads employee information such as employee affiliation information and post information from the personnel information file on the personnel system database B side (step S24).

  Next, the higher qualification person belonging to the same affiliation is searched from the acquired affiliation information and post information (step S25), and the presence or absence of the higher qualification person is confirmed (step S26). If there is a higher qualified person belonging to the same affiliation, the corresponding employee information of the higher qualified person is additionally registered in the workflow certifier information of the groupware (step S27), and the employee set in the belonging information table of FIG. The higher affiliation code of the belonging affiliation information is changed (step S28), and the presence information table is checked with reference to the affiliation information table (step S29). If there is a higher affiliation, the process returns to the process of step S25, and the additional registration of the certifier information and the change process of the higher affiliation code are repeatedly executed from the search for the higher qualified person. finish.

  Also, in the process of step S26, if there is no higher qualifier belonging to the same affiliation, only the upper affiliation code of the affiliation information to which the employee belongs in the affiliation information table is changed without additional registration in the workflow certifier information ( Step S28), similarly, the processing after step S29 is repeatedly executed.

  Therefore, by the above certifier information update process, it is possible to automatically change the certifier of the employee who has undergone a personnel change, and to automatically change the workflow between affiliations accompanying the personnel change.

  As described above, in the computer 1 as the server computer S connected to the groupware system side in the network computer system of the present embodiment, an employee who accesses from the client computer C on the groupware side can By simply performing a normal login operation, it is possible to access the personnel system from the groupware system and inquire personnel information.

  For this reason, it is possible to improve the efficiency of referring to personnel information and inputting work. In addition, it is easy to refer to each employee's access rights by linking the groupware and the personnel system, and when entering the application form from the groupware, the personnel items managed in the personnel system database B are taken in and the application form input screen Can be displayed by default on the screen on the groupware. As a result, work efficiency in a network computer system in which a groupware system and a personnel system are connected via a network can be greatly improved, and leakage of personnel information can also be prevented.

  In the computer 1, the employee who accesses from the client computer C on the groupware side automatically confirms the access right to the personnel system from the groupware system only by performing a normal login operation to the groupware. Therefore, even if the manager changes the personnel information of his / her subordinates, the personnel information within the scope of his / her access right can be searched without changing the access right setting.

  Furthermore, on the computer 1, an employee who has changed affiliation due to personnel changes can perform additional registration of higher-level certifiers or change of higher affiliation by simply performing a normal login operation on the groupware. Therefore, it is possible to reliably cope with erroneous settings of certifiers due to personnel changes and changes in workflow settings between affiliations.

  In the above embodiment, the case where the groupware system is connected to the personnel system has been described. However, the present invention can also be applied to the case where the groupware and a system related to other business are connected.

It is a figure which shows the whole structure of the network computer system in one embodiment to which this invention is applied. It is a figure which shows the database information managed in the personnel system of the network computer system of FIG. 1, and the database information managed in a groupware system. It is a figure which shows an example of the specific work flow in the network computer system of FIG. 1, ie, a workflow. It is a block diagram which shows the internal structure of the computer 1 used as the server computer S in the groupware system of FIG. It is a figure which shows the memory structure in the memory | storage device 7 of FIG. It is a figure which shows the structure of the groupware login information file 71 stored in the groupware login information file memory 7a of FIG. It is a figure which shows the structure of the personnel system corresponding file 72 stored in the personnel system corresponding file memory 7b of FIG. It is a figure which shows the structure of the personnel information file 73 stored in the personnel information file memory 7c of FIG. It is a figure which shows the structure of the personnel information reference item setting table stored in the personnel system database of FIG. It is a flowchart which shows the access process performed by CPU2 of FIG. It is a figure which shows the present address change window displayed on the groupware screen in the access process of FIG. FIG. 14 is a tree diagram showing the configuration of a specific organization in a company when the access right is confirmed in the access right automatic confirmation process of FIG. 13. It is a flowchart which shows the access right automatic confirmation process performed by CPU2 of FIG. It is a figure which shows an example of the affiliation information table which sets a high-order affiliation code in the authenticator information update process of FIG. It is a flowchart which shows the authenticator information update process performed by CPU2 of FIG.

Explanation of symbols

1 Computer 2 CPU
3 Input device 4 Printing device 5 Display device 6 RAM
7 Storage device 7a Groupware login information file memory 7b Personnel system compatible file memory 7c Personnel information file memory 8 Storage medium 9 Bus

Claims (4)

  A data processing apparatus that executes data processing by the first system and the second system, stores identification information of the second system in association with login information to the first system, and Information storage means for storing predetermined hierarchy information including affiliation information on the second system corresponding to the identification information, and the information associated with the login information when logged into the first system; From the retrieval means for retrieving the identification information of the second system stored in the storage means, and the hierarchical information stored in the information storage means corresponding to the identification information retrieved by the retrieval means, the identification information An access right generation means for generating an access right to the second system corresponding to the affiliation.   A data processing apparatus that executes data processing by the first system and the second system, stores identification information of the second system in association with login information to the first system, and Information storage means for storing predetermined hierarchy information including affiliation information on the second system corresponding to the identification information, and the information associated with the login information when logged into the first system; The identification information of the second system stored in the storage means is searched, and the affiliation of the authentication destination corresponding to the affiliation of the identification information is determined from the hierarchical information stored in the information storage means corresponding to the identification information. A search means for searching; and an authentication information storage means for storing the affiliation of the authentication destination searched by the search means in the authentication information file of the first system. Data processing apparatus according to.   A storage medium storing a computer-executable program for data processing by the first system and the second system, wherein the second system is associated with login information to the first system. And a computer-executable program code for storing predetermined hierarchical information including affiliation information on the second system corresponding to the identification information in the information storage means, A computer-executable program code for retrieving the identification information of the second system stored in the information storage means in association with the login information when logged in to the system, and the retrieved From the hierarchical information stored in the information storage means corresponding to the identification information, the second system corresponding to the affiliation of the identification information. Storage medium characterized by the computer program code executable, storing a program comprising for generating access to.   A storage medium storing a computer-executable program for data processing by the first system and the second system, wherein the second system is associated with login information to the first system. And a computer-executable program code for storing predetermined hierarchical information including affiliation information on the second system corresponding to the identification information in the information storage means, When the user is logged in to the system, the identification information for logging in to the second system stored in the information storage means in association with the login information is searched, and the information corresponding to the identification information is retrieved. A computer can be executed to search the affiliation of the authentication destination corresponding to the affiliation of the identification information from the hierarchical information stored in the storage means Program codes and the storage medium characterized by the retrieved authenticated destination belongs storing a program comprising a program code executable computer in order to store the authentication information Fairu of the first system.

Images