JPH10326213A - Data access control device and program recording medium therefor - Google Patents

Abstract

(57) [Summary] [Problem] When setting an access right according to the attribute of a user, a description conscious of the setting in a database language is unnecessary, and even a business person in charge can easily set and change the access right. And maintain security in an open environment. SOLUTION: A CPU 1 displays and outputs the item name for each data item and the group name for each user group as table heading information. When access right information indicating whether or not an item can be accessed is input and specified for each item in this table, the content is set in the item access right management file. When an arbitrary user is designated at the time of data access, the CPU 1 determines whether or not to access the data item based on the item access right information of the user group to which the user belongs.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] 1. Field of the Invention [0002] The present invention relates to a data access control device for restricting data access according to an attribute of a user and a program recording medium therefor.

[0002]

2. Description of the Related Art Conventionally, in a data access control device for accessing a database according to a relational database management system (RDBMS), access right information is set using a database language "SQL", and the database is controlled according to the function of the RDBMS. I try to control access. Another method is to manage access right information at the upper application layer,
Controls database access.

[0003]

By the way, when an access right is set or changed using the database language "SQL", an SQL statement for data access (SELECT) is used.
Sentence), "SELECT", "FROM", "WHE"
RE is required to be aware of the setting by SQL, requesting data item names, file names, and search conditions in association with RE ". However, the more complicated the query conditions of the database, the more work is required. In addition, since advanced database knowledge and SQL knowledge are required, it is extremely difficult for a general business person to make settings / changes. At present, it is necessary to ask a database administrator or the like for the work. In the case of managing access right information in the upper application layer, complicated logic is incorporated in the application itself, so that setting / changing is extremely difficult even for an expert with advanced knowledge. And may compromise security if the database is accessed by other tools. A disadvantage of the present invention is that it is not suitable for an open environment where various software exists, and an object of the present invention is to eliminate the need for a description conscious of setting in a database language when setting an access right according to a user attribute. Even ordinary business personnel without specialized knowledge can easily set or change access rights, and do not write access rights in the application itself, and store separately managed access right information. By analyzing and performing access control, security can be maintained even in an open environment.

[0004]

The means of the present invention are as follows. A display means for displaying and outputting, as table heading information, together with a table form, an item name for each data item and a group name for each user group determined in advance according to a user attribute. Specifying means for inputting and specifying, for each item, access right information indicating whether or not an item can be accessed in association with a user group in a table displayed by the display means; And a storage management unit for storing and managing the access right information for each item, based on the access right information for each item associated with the user group to which the user belongs when a user is designated at the time of data access. Access control means for determining whether the data item is accessible. It is to be noted that a generating means for analyzing the access right information for each item specified by associating with the user group by the specifying means and generating a predetermined database language for accessing the database may be provided. Also, in a matrix-like table form in which the group name of a user group and the item name of a data item are displayed as table heading information by the display means, a predetermined symbol is described in each matrix-like intersection area. Thereby, the specifying means may input and specify the access right information for each item in association with the user group. According to the first aspect of the present invention, item access rights indicating whether or not item access is possible can be set in a table format for each item in association with a user group, and when a user accesses data, the user belongs to the table. Access to data items can be restricted based on the item access rights of the user group.

According to a fourth aspect of the present invention, there is provided a display means for displaying and outputting a group name for each user group determined in advance in accordance with the attribute of a user as table heading information together with a table form, and a display means for displaying on the display means. Means for inputting and specifying a search target item and its condition value as record access right information when specifying access right information indicating whether or not record access is possible in association with a user group in the specified table; Storage management means for storing and managing record access right information specified in association with a user group by means, and a record associated with a user group to which the user belongs when an arbitrary user is specified during data access Access control means for determining whether the record can be accessed based on the access right information Is shall. Note that a generating unit may be provided for analyzing the record access right information specified in association with the user group by the specifying unit and generating a predetermined database language for accessing the database. In the record access right information specified in association with the user group by the specifying unit,
Editing means for optimizing the record access right by collecting user groups having the same search target item and the same condition value as one block is provided, and the storage management means includes a record access right for each block edited by the edit means. May be stored and managed. Claim 4
In the described invention, a record access right indicating whether or not record access is possible for each user group can be set as a search target item and its condition value in a table format,
When a user accesses data, the access to the record can be restricted based on the record access right of the user group to which the user belongs.

According to a seventh aspect of the present invention, an item name for each data item and a group name for each user group determined in advance according to the attribute of the user are displayed and output as table heading information together with a table form. First display means for inputting and specifying, for each item, item access right information indicating whether or not item access is possible in association with a user group in a table displayed by the first display means And second display means for displaying and outputting the group name for each user group determined in advance according to the attribute of the user as table heading information together with a table form, and the second display means displays the group name. When specifying access right information indicating whether record access is possible in association with a user group in the table, search target items and Second specifying means for inputting and specifying the condition value for each user group, and storing and managing the item access right information and the record access right information specified in association with the user group by the first and second specifying means. A storage management unit that, when an arbitrary user is designated at the time of data access, stores the data item and record based on a combination of the item access right information and the record access right information associated with the user group to which the user belongs; It has access control means for determining whether access is possible. The item access right information for each item specified by associating with the user group by the first specifying means and the record access right information specified by associating with the user group by the second specifying means are respectively analyzed. A combination may be provided to generate a predetermined database language for accessing the database. According to the seventh aspect of the present invention, the item access right indicating whether or not the item can be accessed in association with the user group can be set for each item in a table format, and the record access indicating whether or not the record can be accessed for each user group can be set. Rights can be set in the form of a table as search target items and their condition values. When a user accesses data, the data items are determined based on a combination of the item access rights and record access rights of the user group to which the user belongs. And record access can be restricted. Therefore, according to the first, fourth, and seventh aspects of the present invention, when setting an access right according to the attribute of a user, a description conscious of the setting in a database language is not required, and general knowledge without specialized knowledge is required. Even the person in charge of the business can easily set or change the access right and perform access control by analyzing the separately managed access right information without describing the access right in the application itself This makes it possible to maintain security even in an open environment.

[0007]

BEST MODE FOR CARRYING OUT THE INVENTION

(First Embodiment) Hereinafter, a first embodiment of the present invention will be described with reference to FIGS. FIG. 1 is a block diagram showing the overall configuration of the data access control device. CPU1
Is a central processing unit which controls the overall operation of the data access control device according to various programs loaded in the RAM 2. The storage device 3 includes a storage medium 4 in which an operating system, various application programs, a database, character font data, and the like are stored in advance, and a drive system thereof. This storage medium 4
Is a fixedly provided or detachably mountable, magnetic / optical storage medium such as a floppy disk, hard disk, optical disk, RAM card,
It is composed of a semiconductor memory. The programs and data in the storage medium 4 are loaded into the RAM 2 under the control of the CPU 1 as needed. Furthermore, CPU1
Receives programs and data transmitted from other devices via a communication line or the like and stores them in the storage medium 4,
Programs and data stored in a storage medium provided on another device can also be used via a communication line or the like. An input device 5, a display device 6, and a printing device 7, which are input / output peripheral devices, are connected to the CPU 1 via a bus line. The CPU 1 controls these operations according to an input / output program. Input device 5
Has a keyboard for inputting character string data and various commands, as well as a pointing device such as a mouse. The display device 6 is a liquid crystal display device, a CRT display device, a plasma display device, or the like that performs multicolor display.
The printing device 7 is a full-color printer device, and is a non-impact printer or an impact printer such as thermal transfer or ink jet.

FIG. 2 shows the main contents of the storage device 3. The database DB is, for example, a relational business processing database for storing information necessary for business activities of a company, and includes an employee information file, a personnel ledger file, and the like. And a sales management file for each person in charge. This database DB is a relational database management system RD
Accessed according to BMS. That is, when the user requests data that meets predetermined conditions, the application program AP that has received the search request generates an SQL statement in accordance with the request and sends it to the relational database management system RDBMS. Then, the relational database management system RDBMS that has received the SQL statement analyzes the SQL statement, accesses the database DB, and transfers the data retrieved by this to the application program AP. The access right setting table form FM is table form information displayed and output when setting / changing the access right of the database DB for each user group grouped according to the attribute of the user. The access right is set / changed in this table in association with the user group.
In addition, in the storage device 3 as a table or a file for setting / changing the access right of the database DB for each user group, in addition to the item access right group table FGT and the record access right group table RGT defined in advance, Item access right management file FMF, record access right management file RMF, user-specific access right management file UMF, optimized access right management file OP created according to the user's search condition specification
F, a user-specific DB access right file UAF is provided. Note that each table and file will be described in detail later, so that they will be briefly described here.

In the item access right group table FGT, user attributes, for example, group information in which users are grouped according to the job title of the company are defined as item access right groups, and the record access right group table RGT has user attributes, For example, it is a table in which group information in which users are grouped according to the department to which the company belongs is defined as a record access right group. The item access right management file FMF stores and manages the permitted item names to which access is permitted for each item access right group. The record access right management file RMF stores and manages access conditions for each group in which the item access right and the record access right are combined. The user-specific access right management file UMF stores and manages a group in which the item access right and the record access right are combined for each user.
The optimized access right management file OPF stores and manages the access right obtained by optimizing the contents of the record access right management file RMF under predetermined conditions in order to increase the access efficiency. The user-specific DB access right file UAF stores and manages user-specific access rights according to the contents of the user-specific access right management file UMF and the optimized access right management file OPF.

Next, the operation of the data access control device will be described with reference to the flowcharts shown in FIGS.
Here, programs for realizing the functions described in these flowcharts are stored in the storage device 3 in the form of program codes readable by the CPU 1, and the contents are loaded into the work memory in the RAM 2. Have been. FIG. 3 is a flowchart showing the overall operation of the data access control device when setting an access right. Before describing the access right setting operation, the item access right group table FGT and the record access right group table RGT will be described.

FIG. 10A shows a database DB.
FIG. 6 illustrates the data structure of an item access right group table FGT defined in advance for the employee information in the table, and FIG. 6B illustrates the data structure of a record access right group table RGT. The item access right group table FGT is a variable length table, and codes 1, 2,..., N represent a group code for associating an item access right indicating whether data items can be accessed with a user group. It is defined by the codes “A to ZZ” of the configuration. Group name 1, 2
... N is the group name of the item access right. In this example, in order to perform grouping according to the job title of the user, the job titles “department manager”, “affiliation manager”, “HR personnel”, “general employee” Is defined as a group name. In the figure, "GC" indicates the end of the code area, "GK" indicates the end of the group name area, and "GE" indicates the end of the table. As described above, in the item access right group table FGT, the group names grouped according to the positions of the users and the group codes thereof are defined in association with each other. The record access right group table RGT is a variable length table, and codes 1, 2,...
N represents a group code for associating a record access right indicating whether or not the record can be accessed with a user group.
9 ". Group names 1, 2, ... N
Is the group name of the record access right. In this example, the department names "Human Resources Department", "General Affairs Department", and "Sales Department" are defined as group names in order to group according to the department to which the user belongs. I have. In the figure, "GC" indicates the end of the code area, "GK" indicates the end of the group name, and "GE" indicates the end of the table.

First, when a database access right setting operation is started, an item access right setting process is performed in step A1 of FIG. FIG. 4 is a flowchart showing this setting process, and the access right setting table form FM
Calls predetermined table form information from
1). As shown in FIG. 11, the table form in this case has a file name column arranged outside the table, a group column arranged in a column item in the table, and a file data item column arranged in a line item. Here, a list of the file names of various files existing in the database DB is displayed, and when the file name is selected to designate an arbitrary file as an access target (step B2), the selected file name is selected. Is displayed in the file name column (step B
3). Now, assuming that the employee information file is selected and designated, the file name "employee information" is displayed in the file name column. Here, FIG. 16 shows an example of data of the employee information file.
o "," Name "," Office "," Department "," Affiliation ",
It consists of "Position", "Qualification", "Evaluation", "Salary", ... "Prize and punishment history", and "Transfer request". For each data item that exists in the file selected for access, The data is displayed in the data item column in the table together with the table form (step B4). Next, the code and the group name defined in the item access right group table FGT are read out and displayed in the group column in the table (step B5). In this case, as shown in FIG. 11, the group column of the table is divided and displayed as “A, department manager”, “B, affiliation manager”, “C, personnel department”, “D, general employee”. .

As described above, each data item name of the file to be accessed is displayed as a row heading of a table, and a code indicating a user group and a group name are displayed together with a table form as column headings of the table. The access right information for each item is input and designated by associating it with a user group by describing a predetermined symbol in each of the intersection regions in a matrix consisting of (step B6).
In this case, a circle is described in the intersection area when item access is permitted, and the intersection area is left blank without describing a symbol when access is prohibited. Then, a symbol is described in each intersection area while updating the row point and the column point. Here, when the description of the table is completed, the setting information is transferred to the item access right management file FMF and stored and managed (step B7). FIG. 14A shows the data structure of the item access right management file FMF. The table setting information in FIG. 11 is stored and managed in a data format as shown in FIG. In this case, "FlLE"
= File name, item access right group code; Permitted item name; Permitted item name; Permitted item name; When all items are permitted to be accessed, all permitted item names following the item access right group code are omitted. If there is no item access right group code, it means that there is no access right to the file. By setting the item access right for each user group in this way, A (department manager) and C (human resources manager) are allowed to access all items in the employee information file, but B (affiliation manager) Indicates that access to items such as “prize and punishment history” and “application for transfer” is prohibited, and access to other items is permitted. Also, D
(General employees) have more inaccessible items.

Next, the process proceeds to step A2 in FIG. 3, and a record access right setting process is performed. FIG. 5 is a flow chart showing the setting process in this case, in which predetermined table form information is called from the access right setting table form FM (step C1). In the table form in this case, as shown in FIG. 12, a file name column is arranged outside the table, an item access right group column is arranged in a column item in the table, and a record access right group column is arranged in a line item. Consisting of Here, the file names of various files existing in the database DB are displayed in a list, and when the file name is selected to designate an arbitrary file as an access target (step C2), the selected file is selected. The name is displayed in the file name column (step C3). Then, the code and the group name defined in the item access right group table FGT are read out and displayed in the item access right group column in the table (step C4).
In this case, as shown in FIG.
“A, section manager”... “D, general employee” are arranged and displayed. Next, the code and group name defined in the record access right group table RGT are read out and displayed in the record access right group column in the table (step C5). In this case, as shown in FIG. 12, the group column is divided into "1, personnel department", "2, general affairs department", and "3, sales department" and displayed.

As described above, the item access right group information is displayed as the column headings and the record access right group information is displayed as the row headings, and the record access conditions are described in the matrix-like intersection area composed of the row headings and the column headings. (Step C6). In this case, each intersection area is 2
It is divided so that the types of record access conditions can be set. Then, the record access condition is described by a logical expression in which the data item name and the condition value are linked by a comparison operator (<, ≦, =, ≧, ≠). If the condition value is omitted, the value becomes the value of the user. That is, “department =” indicates the same department as the corresponding user. When a plurality of record access conditions are set in the intersection area, a logical expression in which those AND conditions are set is obtained. For example,
Intersection area where item access right group code is "C" and record access right group code is "1", "C1"
(Human Resources Department, General Affairs Department) means "the same business office as the relevant user" and "other than yourself (the employee No. is different)". It is not necessary to set a record access condition in a meaningless area such as C2 (personnel personnel, general affairs department). Then, the record access condition is described in each intersection area while updating the row point and the column point. When the description of the table is completed, the set contents are transferred to the record access right management file RMF and stored and managed (step C7).

FIG. 14B shows the data structure of the record access right management file RMF. The table setting information shown in FIG. 12 is stored and managed in a data format as shown in FIG. 14B. In this case, FILE = file name, access right code: condition item name; condition; condition item name: condition;
Stored in the data format of... The access right code is a combination of the item access right group code and the record access right group code.

Next, the process proceeds to step A3 in FIG. 3 to perform a setting process of an access right group for each user. FIG. 6 is a flowchart showing this setting process, in which predetermined table form information is called from the access right setting table form FM (step D1). The table form in this case is shown in FIG.
As shown in Table 2, "User", "Item access right", and "Record access right" are arranged as table headings in the column item column of the table together with the table ruled line.
A list of login names of each user called from a login dictionary registered in the system in advance is displayed (step D2). Here, the user group names (post titles) defined in the item access right group table FGT are read out and displayed in a list, and the post titles arbitrarily selected and designated from among them are updated while updating the row points in the table. The data is sequentially input line by line in the item access right column in association with the column (step D3). Next, the record access right column is set by updating the column point position. That is, the user group name (affiliation name) defined in the record access right group table RGT is read out and displayed in a list, and the arbitrarily selected and designated affiliation name is updated in the user item column while updating the row point of the table. Are sequentially input line by line into the record access right column (step D4). When the necessary items are set in the table form in this way, the information in this table is stored and managed in the user-specific access right management file UMF (step D).
5). Here, FIG. 15A shows the data structure of the user-specific access right management file UMF, and the table setting information in FIG. 13 is stored and managed in a data format as shown in FIG. In this case, the data is stored and managed in the data format of user name = access right code. Here, the user name indicates the login name, and the access right code is a combination of the item access right group code and the record access right group code. Therefore, "tsuzak
“i” has an access right in which the item access right is the section manager and the record access right is the human resources department. There are no particular rules regarding the order of the users.

When the setting of the item access right management file FMF, the record access right management file RMF, and the user-specific access right management file UMF is completed in this way, the process proceeds to step A4 in FIG. 3 to perform an access right setting process. FIG. 7 is a flowchart showing the setting process in this case. First, an access right optimizing process is performed (step E1). This optimization processing is executed according to the flowchart of FIG. That is, the contents of the record access right management file RMF are read (step F1), the record access conditions of the rows having the same item access right of the access right code are compared for each file, and the access right codes for which the same conditions are set are grouped. (Step F2). Here, the access right code set in the record access right management file RMF is A
A combination of the item access right and the record access right such as 1, B1, A2...
2. Compare the record access conditions associated with the access right codes of the same value (the same row) as the item access right such as A3. Here, as shown in FIG. 12, the conditions of the codes A2 and A3 are the same as “department =”, and the conditions of the codes B2 and B3 are respectively “department =”.
, The access right codes A2, A3 or B2, B3 for which the same conditions are set are grouped. Then, the access right codes grouped into the same group for all the files are put together as a group “group =” and transferred to the optimized access right management file OPF (step F).
3). FIG. 15B shows the optimized access right management file O.
This shows the data structure of the PF. The contents of the record access right management file RMF shown in FIG. 14B are optimized and stored and managed in a data format as shown in FIG. 15B. In this case, the data is stored and managed in a data format of group = group name: access right code; access right code; file name: condition item name; condition: condition item name: condition. Note that the group name in this case is a name added to the group grouped in the access right optimizing process, and A-1, A-2, B-1, and B-2
And so on. In the figure, "employee xx" indicates another file name different from the employee information file.

When such an access right optimizing process is performed, the process proceeds to step E2 in FIG. 7, and the optimized access right management file OPF and the item access right management file FMF
The specification of the access right is determined by the combination with Here, the specification indicates how to set views, schemas, and the like on the relational database management system RDBMS side. That is, the schema (owner)
Is an optimization group name (A-1, B-1 etc.), and the group and the schema are defined in a 1: 1 relationship. Each schema defines a view for managing the access right for each file based on the item access right defined in the item access right management file FMF and the record access right defined in the optimization access right management file OPF. Is done. However, synonyms are defined for files for which all rights are allowed.

An SQL statement for instructing the relational database management system RDBMS to generate a VIEW table is created based on the access right specification determined as described above (step E3). Then, the automatically created SQL statement is set in the database DB via the relational database management system RDBMS (step E4). Next, based on the contents of the optimized access right management file OPF and the user-based access right management file UMF, the user-specific DB access right file UAF
Is created (step E5). That is, the DB access right file UAF for each user used to convert the login name input at the time of data access into the login name (optimized group name) of the database DB is converted to the optimized access right management file OPF for each user. It is created based on the contents of the access right management file UMF and is set in the database DB. FIG. 15C shows the data structure of the user-specific DB access right file UAF.

Next, the operation of accessing the database DB according to the setting contents after the access right is set as described above will be described with reference to the flowchart of FIG. First, when the login name of the user who has requested access is input to the system, the DB access right file UAF for each user is searched based on the input login name, and this login name is converted into the login name of the database DB (step G1). For example, "tsuzak
When "i" is input, it is converted to "A-1". Then, an access process is requested to the relational database management system RDBMS using the converted login name (step G2). By the way, the relational database management system RDBMS analyzes the SQL sentence from the application program AP and
An IEW table is generated and stored and managed. When an access is requested, the VIEW table of the login name is analyzed. This specifies the file to be accessed, searches for the items and records for which access rights are permitted, and outputs the search results. Transmit to execution control. Here, if there is no access from the relational database management system RDBMS (step G3), processing is performed after * insertion, blank insertion, non-display, etc. for the items and record parts that are not accessible by the application execution control. Thereafter (step G4), the process proceeds to the data display process (step G5). If there is no inaccessibility, the process directly proceeds to the data display process (step G5).
5).

Therefore, for example, the contents of the employee information file which can be accessed by the user who is a general employee with respect to the employee information file shown in FIG. 16 are as shown in FIG. The example of FIG. 17 is a case where only the item access right is set without setting the record access right. That is, assuming that the item access is allowed or not in association with the item access right group (general employee) for each data item of the employee information file as shown in the table of FIG. 11, the data items “qualification”, “additional section”, For “salary”, “age”, “prize and punishment history”, and “transfer application”, item access is prohibited due to confidentiality, and the respective item areas are displayed in a state embedded with asterisks. Also, for example, the contents of the employee information file that can be accessed by the section manager of the general affairs department are as shown in FIG. That is, assuming that the search condition items and their condition values are described as shown in the table of FIG. 12 in association with the item access right group (department manager) and the record access right group (general affairs department), the record of the same department as the corresponding user Only the list is accessed and displayed in a list, but records belonging to other departments such as the sales department and the human resources department are not displayed. In this case, the section manager is permitted to access all items. Further, for example, the contents of an employee information file that can be accessed by ordinary employees in the general affairs department are as shown in FIG. In this case, as shown in FIG. 12, the search condition items and their condition values described in association with the item access right group (general employee) and the record access right group (general affairs department) are “affiliation =”,
“Position ≦”, and data items and record access availability are set in accordance with these AND conditions.
Therefore, a record having the same affiliation and a post whose position is lower than that of the user is accessed, and each item area indicating whether or not the item can be accessed is embedded with an asterisk.

As described above, in the data access control device, the item access right indicating whether or not the item can be accessed can be set in a table format in association with the item access right group. In this case, simply writing a circle in the matrix-shaped intersection area in which the item access right group name and the data item name are displayed as table heading information is associated with the item access right group and the access right for each item is set. Can be set, so that the setting operation can be performed extremely easily. Further, the record access right indicating whether or not the record can be accessed in association with the record access right group can be set in the form of a table as a search target item and its condition value, so that the setting operation is simplified even in this case. It becomes possible. As described above, the item access right set in association with the item access right group and the record access right set in association with the record access right group are combined, and an SQL statement is generated in accordance with the combination result. The system RDBMS uses this S
By analyzing the QL sentence, a VIEW table is generated, data items and records can be accessed according to the VIEW table, and the database DB can be accessed accordingly. In addition, the record access condition management file RMF compares the record access conditions of the line with the same item access right of the access right code and optimizes the group by grouping the access right codes having the same condition. The setting contents can be extremely simplified, and access efficiency can be improved. Therefore, when setting the access right according to the user's attributes, it is not necessary to describe the setting in the database language, and even a general business person without specialized knowledge can easily set the access right. In addition, the security can be maintained even in an open environment by analyzing access right information managed separately and performing access control without describing the access right in the application itself.

In the above-described embodiment, when the access right group is set for each user, as shown in the flowchart of FIG. 6, the groups defined in the item access right group table FGT and the record access right group table RGT are used. The group name is displayed in a list, and the group name selected and specified from the list is entered in the item access right column and record access right column, but the employee number corresponding to the login name is determined by the relationship between the employee information file and the login dictionary. The employee information file may be referred to, and the corresponding employee information may be called to automatically set the item access right column and the record access right column. As a result, the amount of setting work can be greatly reduced, and the occurrence of setting errors can be prevented. Also, in addition to enabling access right setting and control for combining a plurality of files existing in the database DB, selecting an arbitrary database DB from the plurality of database DBs,
If one or a plurality of files are selected and access rights are set and controlled, the target range can be expanded.

[0025]

According to the present invention, when setting an access right according to an attribute of a user, it is unnecessary to describe the setting in a database language, and the item indicating whether or not the item can be accessed in association with a user group. Access rights are set in a table format for each item, and record access rights indicating whether record access is possible are set in a table format as search target items and their condition values in association with user groups. Even general business personnel without knowledge can easily set and change access rights, and analyze access right information managed separately without writing access rights in the application itself. By performing access control, security can be maintained even in an open environment.

[Brief description of the drawings]

FIG. 1 is a block diagram showing an overall configuration of a data access control device.

FIG. 2 is a diagram showing main contents of a RAM 2;

FIG. 3 is a flowchart showing an outline of an overall operation when setting an access right.

FIG. 4 is a flowchart detailing step A1 (item access right setting processing) in FIG. 3;

FIG. 5 is a flowchart detailing step A2 (record access right setting processing) in FIG. 3;

FIG. 6 is a flowchart detailing step A3 (user-specific access right group setting process) in FIG. 3;

FIG. 7 is a flowchart detailing step A4 (access right setting processing) in FIG. 3;

FIG. 8 shows a step E1 of FIG. 7 (access right optimizing process);
5 is a flowchart detailing FIG.

FIG. 9 is a flowchart illustrating an access right control process.

FIG. 10A is an item access right group table F;
FIG. 4 shows a data structure of a GT, and FIG. 4B shows a data structure of a record access right group table RGT.

FIG. 11 is a diagram showing a setting example when setting item access rights in a table format.

FIG. 12 is a diagram showing a setting example when setting a record access right in a table format.

FIG. 13 is a diagram showing a setting example when setting access rights for each user in a table format.

FIG. 14A is an item access right management file FMF.
FIG. 3B is a diagram showing a data structure of a record access right management file RMF.

FIG. 15A shows a user-specific access right management file U.
MF, (B) is an optimized access right management file OPF,
(C) is a diagram showing a data structure of a user-specific DB access right file UAF.

FIG. 16 is a diagram showing a data structure of an employee information file existing in a database DB.

FIG. 17 is a diagram exemplifying contents that are searched and displayed and output from an employee information file according to the set contents when only item access rights for general employees are set.

FIG. 18 is a diagram exemplifying contents that are retrieved from an employee information file and displayed and output on the condition of a user who is a section manager of the general affairs department.

FIG. 19 is a diagram exemplifying contents that are retrieved from an employee information file and displayed and output on the condition of a user who is a general employee of the general affairs department.

[Description of Signs] 1 CPU 2 RAM 3 Storage device 4 Storage medium 5 Input device 6 Display device 7 Printing device DB database RDBMS Relational database management system AP Application program FM Access right setting table form FGT Item access right group table RGT Record access Rights group table FMF Item access right management file RMF Record access right management file UMF User-specific access right management file OPF Optimization access right management file UAF User-specific DB access right file

────────────────────────────────────────────────── ───

[Procedure amendment]

[Submission date] July 11, 1997

[Procedure amendment 1]

[Document name to be amended] Drawing

[Correction target item name] All figures

[Correction method] Change

[Correction contents]

FIG.

FIG. 2

FIG. 3

FIG. 11

FIG. 4

FIG. 5

FIG. 10

FIG.

FIG. 6

FIG. 7

FIG. 13

FIG. 8

FIG. 9

FIG. 14

FIG.

FIG.

FIG. 16

FIG.

FIG.

Claims (11)

[Claims] A display means for displaying and outputting, as table heading information, a table form together with a table form, the item name for each data item and the group name for each user group determined in advance according to the attribute of the user. Specifying means for inputting and specifying, for each item, access right information indicating whether or not an item can be accessed in association with a user group in a table displayed by the display means, and an item specified in association with the user group by the specifying means Storage management means for storing and managing access right information for each user, and, when an arbitrary user is designated at the time of data access, a data item based on the access right information for each item associated with the user group to which the user belongs A data access control device, comprising: access control means for determining whether or not access is allowed. 2. A system according to claim 1, further comprising a generating unit configured to analyze the access right information for each item specified in association with the user group by said specifying unit and generate a predetermined database language for accessing the database. Item 2. The data access control device according to Item 1. 3. In a matrix-like table form in which a group name of a user group and an item name of a data item are displayed as table heading information by the display means, a predetermined symbol is provided at each intersection point in the matrix. 2. The data access control device according to claim 1, wherein the specification unit inputs and specifies the access right information for each item in association with the user group. 4. A display means for displaying and outputting the group name for each user group determined in advance according to the attribute of the user as table heading information together with a table form, and a table displayed on the display means. When specifying access right information indicating whether or not record access is possible in association with a user group, specifying means for inputting and specifying a search target item and its condition value as the record access right information; A storage management means for storing and managing the record access right information specified by the user, based on the record access right information associated with the user group to which the user belongs when an arbitrary user is specified at the time of data access Access control means for determining whether the record can be accessed. Over data access control device. 5. A system according to claim 4, further comprising a generating unit configured to analyze the record access right information specified in association with the user group by said specifying unit and generate a predetermined database language for accessing the database. The data access control device according to the above. 6. The record access right is optimized by collecting, as one block, a user group having the same search target item and its condition value from the record access right information specified in association with the user group by the specifying means. 5. The data access control device according to claim 4, wherein an editing unit is provided, and the storage management unit stores and manages a record access right for each block edited by the editing unit. 7. A first display means for displaying and outputting the item name for each data item and the group name for each user group determined in advance according to the attribute of the user as table heading information together with a table form. First specifying means for inputting and specifying, for each item, item access right information indicating whether or not item access is possible in association with a user group in a table displayed by the first display means; A second display means for displaying and outputting the group name together with a table form as table heading information for each predetermined user group, and a user group in the table displayed on the second display means. When specifying the access right information indicating whether or not record access is possible by associating the search target item and its condition value with the user as the record access right information Second specifying means for inputting and specifying for each loop; storage managing means for storing and managing item access right information and record access right information specified in association with a user group by the first and second specifying means; When an arbitrary user is designated at the time of data access, whether to access data items and records is determined based on a combination of item access right information and record access right information associated with the user group to which the user belongs. A data access control device comprising access control means. 8. An item access right information for each item specified by associating with a user group by said first specifying means and a record access right information specified by associating with a user group by said second specifying means. 7. The data access control device according to claim 6, further comprising: generating means for generating a predetermined database language for accessing the database by analyzing and combining them. 9. The computer causes the computer to display and output the item name for each data item and the group name for each user group determined in advance according to the attribute of the user, together with a table form as table heading information. When access right information indicating whether or not an item can be accessed is entered for each item in the displayed table in association with the user group, the access right information for each specified item corresponds to the user group And a function for storing and managing data items. When an arbitrary user is designated at the time of data access, the access permission / inhibition of the data item is determined based on the access right information for each item associated with the user group to which the user belongs. A recording medium on which a program for realizing a function is recorded. 10. A function for causing a computer to display and output a group name for each user group determined in advance according to a user attribute as table heading information together with a table form. When specifying the access right information indicating whether or not record access is possible in association with the user group, when the search target item and its condition value are input and specified as the record access right information, the specified record access right information is A function to store and manage data in association with a user group. When an arbitrary user is specified at the time of data access, the access permission / non-permission of the record is determined based on the record access right information associated with the user group to which the user belongs. Recording medium on which a program for realizing the function to perform is recorded. 11. The computer causes a computer to display and output the item name for each data item and the group name for each user group determined in advance according to the attribute of the user, together with a table form as table heading information. When item access right information indicating whether or not an item can be accessed is input and specified for each item in the displayed table in association with the user group, the item access right information is associated with the user group. A function to store and manage, a function to display and output the group name for each user group determined in advance according to the attribute of the user as a table heading information together with a table form, and a function to correspond to the user group in the displayed table When specifying access right information indicating whether or not record access is possible, the search target item is used as the record access right information. And a function for storing and managing the record access right information in association with the user group when the condition value is input and specified for each user group. A recording medium on which is recorded a program for realizing a function of determining whether data items and records can be accessed based on a combination of item access right information and record access right information associated with a user group to which the user group belongs.