Data access control apparatus for limiting data access in accordance with user attribute
First Claim
1. A data access control apparatus for limiting access to data on the basis of a user attribute in accessing the data in a database having a plurality of records each constituted by a plurality of data items comprising:
- user information storage means for storing at least a data item representing identification information unique to a user and a data item representing a user attribute in correspondence with a plurality of users;
definition means for defining a user group corresponding to contents of the data item representing the user attribute;
generation means for generating user group information representing that a user group is made to correspond to each user;
access right information storage means for storing access right information in correspondence with the user group, the access right information representing whether access to the data in the database is allowed; and
access control means for, when an arbitrary user is designated in accessing the database, determining a user group, to which the arbitrary user belongs, with reference to the user group information generated by said generation means, and determining on the basis of the access right information made to correspond to the determined user group whether access to the data in the database is allowed.
1 Assignment
0 Petitions
Accused Products
Abstract
This invention provides a data access control apparatus arranged to automatically set access right information limiting data access, in accordance with a user attribute when a user accesses a database. In setting, for a plurality of users, access right information corresponding to each user, the load on an operator can be reduced, and access right information setting errors can be prevented. An automatic setting unit reads out information from a login management information file and an employee information file on the basis of definition information of a definition files to automatically generate a user access right management file which stores a login ID, an item access right, and a record access right group code for each user. When a login ID is input in accessing the employee information file, a setting controller refers to the management file to determine a user group to which the user belongs and an access enabled/disabled state of the data on the basis of the access right made to correspond to this user group.
229 Citations
24 Claims
-
1. A data access control apparatus for limiting access to data on the basis of a user attribute in accessing the data in a database having a plurality of records each constituted by a plurality of data items comprising:
-
user information storage means for storing at least a data item representing identification information unique to a user and a data item representing a user attribute in correspondence with a plurality of users;
definition means for defining a user group corresponding to contents of the data item representing the user attribute;
generation means for generating user group information representing that a user group is made to correspond to each user;
access right information storage means for storing access right information in correspondence with the user group, the access right information representing whether access to the data in the database is allowed; and
access control means for, when an arbitrary user is designated in accessing the database, determining a user group, to which the arbitrary user belongs, with reference to the user group information generated by said generation means, and determining on the basis of the access right information made to correspond to the determined user group whether access to the data in the database is allowed. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A recording medium which records a program for causing a computer to realize a predetermined function, comprising:
-
a program for realizing a function of referring to user information storing at least a data item representing identification information unique to a user and a data item representing a user attribute in correspondence with a plurality of users, and definition information defining a user group corresponding to contents of the data item representing the user attribute, and of generating user group information made to correspond to the user group in units of users; and
a program for realizing a function of, when an arbitrary user is designated in accessing a database, referring to the user group information to determine a user group to which the arbitrary user belongs, and determining an access enabled/disabled state of data in the database on the basis of the access right information representing the access enabled/disabled state of the data in the database and made to correspond to the determined user group.
-
-
13. A data access control apparatus for limiting access to data on the basis of a user attribute in accessing the data in a database having a plurality of records each constituted by a plurality of data items comprising:
-
user information storage means for storing at least a data item representing identification information unique to a user and a data item representing a user attribute in correspondence with a plurality of users;
first definition means for defining a user group corresponding to contents of the data item representing the user attribute;
second definition means for defining a relationship between the identification information unique to the user and login information input and designated in accessing data in the database;
generation means for generating user group information which makes the login information correspond to the user group in units of users;
access right information storage means for storing access right information representing an access enabled/disabled state of data in the database in correspondence with a user group; and
access control means for, when arbitrary login information is input in accessing the database, referring to user group information generated by said generation means to determine a user group to which the user belongs, and determining the access enabled/disabled state of the data in the database on the basis of the access right information made to correspond to the determined user group. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A recording medium which records a program for causing a computer to realize a predetermined function, comprising:
-
a program for realizing a function of referring to user information storing at least a data item representing identification information unique to a user and a data item representing a user attribute in correspondence with a plurality of users, definition information defining a user group corresponding to contents of the data item representing the user attribute, and definition information defining a relationship between the identification information. unique to the user and login information input and designated in accessing data in the database and of generating user group information which makes the login information correspond to the user group in units of users; and
a program for realizing a function of, when arbitrary login information is designated in accessing a database, referring to the user group information to determine a user group to which the user belongs, and determining an access enabled/disabled state of data in the database on the basis of the access right information representing the access enabled/disabled state of the data in the database and made to correspond to the determined user group and the user access right information stored in correspondence with the determined user group.
-
Specification