JP2006252448A - Document management device, sentence management program and document management method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a document management device/document display device capable of facilitating maintenance and adding access limitation to the arbitrary part of various kinds of documents irrespective of their formats. <P>SOLUTION: The document management device receives the specification of a part to be confidential in the document and the role and right of a user for whom access to the part is authorized (not authorized) at the time of storing the document, eliminates the specified part in the document from an original layer, transcribes it to a different access limitation layer and stores it. The document management device or the document display device which receives the browsing request of the generated document presents the document having only information accessible by the role and right of the user. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a document management apparatus, a document display apparatus, a sentence management program, a sentence display program, and a document management method, and in particular, a document management apparatus, a document display apparatus, and a sentence that can perform disclosure control according to user authority. The present invention relates to a management program, a text display program, and a document management method.

  2. Description of the Related Art A document management apparatus (system) that displays an electronic document (hereinafter simply referred to as a document) stored on a general electronic computer in response to a user request is known. Among documents stored in this type of apparatus, there is a document in which information contained in one document is desired to be gradually changed in disclosure level according to attributes such as user affiliation and role. For example, in addition to setting the browsing authority step by step according to the user's affiliation and role, create multiple versions of files with different levels of disclosure for each browsing authority level, and allow / deny browsing on a file-by-file basis. A method for setting is known.

  The conventional method described above has a problem in that the burden on management is large, for example, every time the original is updated, the files of the same original must be synchronized. Therefore, for example, in Japanese Patent Laid-Open No. 2000-235569 and Japanese Patent Laid-Open No. 2001-273285, tag information that defines a range to be browsed is inserted into an original document, and user authority information is added to the tag information. There has been proposed a method of presenting a range surrounded by a tag corresponding to the authority of the user to the user when an association and a document browsing request are received.

  Also, for example, in Japanese Patent Application Laid-Open No. 2004-178498, a plurality of various mask layers on which a figure covering a portion where confidential information is written are prepared, and the plurality of mask layers are overlaid on the original document. Thus, a method for controlling the viewing range according to the authority of the user has been proposed.

Japanese Patent Laid-Open No. 2000-235569 JP 2001-273285 A JP 2004-178498 A

  However, in the methods of Patent Documents 1 and 2 described above, tag information is directly inserted into the original, so the burden of synchronizing the files of the same original is reduced. There is a problem in that tag information must be corrected sequentially each time an organizational change occurs. In the method of Patent Document 3, it is premised that a mask layer capable of reliably covering a portion where confidential information is described is prepared in advance. When handling a large number of documents including an irregular document, In addition, if the user's authority is finely set, an enormous mask layer is required.

  The present invention has been made in view of the above-described circumstances, and its purpose is that maintenance is easy even when a file update or a change in the user's side occurs, and a fixed / indeterminate type. It is an object of the present invention to provide a document management apparatus, a document display apparatus, a sentence management program, a sentence display program, and a document management method that can restrict access to any part of various types of documents.

  According to a first aspect of the present invention, at least a user and a user information storage unit storing attribute information of each user, and a document storage unit storing document data divided into a plurality of layers are provided. In addition, a document management apparatus is provided that can perform disclosure control according to the authority of the user and set any part of the document as a target of the disclosure control within a range according to the authority. More specifically, the document management apparatus includes a layer management unit, a layer creation unit, and a document presentation unit. The layer management unit controls access to document data stored in the document storage unit for each layer based on user attribute information stored in the user information storage unit. In addition, the layer creation unit accepts at least the designation of a part that restricts users who can access the displayed document and the designation of user attributes that can access the part, and the designated part Transcribe to the layer associated with the user attribute and delete from the original layer. The document presentation unit displays the document data by superimposing the data of each layer received via the layer management unit.

  According to a second aspect of the present invention, there is provided a document display device for browsing document data generated by each of the document management devices and distributed as appropriate. This document display device includes a user information storage unit and a document presentation unit. Similar to the document management apparatus, the user information storage unit stores at least user and authority information of each user. The document presentation unit inputs the user information and the document data generated by the document management apparatus, extracts the layer data corresponding to the user attribute, and displays the document by superimposing them.

  Further, according to the third aspect of the present invention that each processing unit provided in the document management apparatus and document display apparatus described above can be realized by a computer program, the computer constituting the document management apparatus and document display apparatus described above is provided. A computer program to be executed is provided.

  According to a fourth aspect of the present invention, there is provided a document management method that can be performed using the document management apparatus described above.

  According to the present invention, it is possible to reduce the trouble of a user and a file manager in a system that performs disclosure control according to the authority of the user, and any place regardless of whether the document is regular or irregular. In addition, it is possible to finely restrict access in stages.

Next, the best mode for carrying out the present invention will be described in detail with reference to the drawings.
First, an outline of the first embodiment of the present invention will be described. FIG. 1 is a diagram showing an outline of a document management apparatus (hereinafter also referred to as a document management apparatus in the present embodiment) according to the first embodiment of the present invention. In the present embodiment, when a document (document) is stored, specification of a portion of the document (document) to be kept secret and a user attribute that allows (does not permit) access to the portion are accepted, and the document (document) The part of which the designation is received is deleted from the original layer and can be transferred and stored in another access restriction layer. When a request for browsing the generated document (document) is received, the document (document) is reconstructed from an accessible layer based on the attribute information of the user and presented.

  FIG. 2 is a diagram showing the configuration of the document management apparatus according to the first embodiment of the present invention. Referring to FIG. 2, the document management apparatus 10 includes a user management unit 100, an authority determination unit 101, a user DB (user database) 102, a document editing unit 103, a layer creation unit 104, and a layer management unit 105. An electronic computer having a configuration including a layer DB (layer database) 106, a document reconstruction unit 107, and a document presentation unit 108 is shown. Each unit can be configured by hardware resources such as a memory, a processor, and a storage device provided in a general computer such as a personal computer and a workstation, and a program that uses these.

  The user management unit 100 has a function of identifying and authenticating a user who edits / views a document based on the input identification / authentication information. Also, it has functions such as adding / deleting users with a predetermined administrator authority, changing user authentication information, adding / deleting / changing user roles and authorities, and the like.

  The authority determination unit 101 inquires of the user DB 102 about the role (role) and authority of a user who has succeeded in identification and authentication, and transmits the role (role) and authority corresponding to the user to the document editing unit 103 and the document reconstruction unit 107. Have

  The user DB 102 constitutes a user information storage unit, and various information for user identification and authentication, such as ID, password, biometric authentication information, etc., each user's role (role), and information on each user's authority It is a database that holds and manages.

  The document editing unit 103 provides a function of editing the original document (document) based on the role (role) and information on the authority transmitted from the authority determining unit 101.

  The layer creation unit 104 accepts an area selection by inputting the start point and end point of a location to be hidden in the original document (document). In addition, the layer creation unit 104 transcribes the data of the selected area to a predetermined layer and accepts designation of a role (role) and authority of a user who is permitted to access the layer. In addition, when the layer creation unit 104 accepts designation of a role (role) and authority of a user who is permitted to access, a setting exceeding the role (role) and authority of the user currently accessing the document (document) is performed. It has a function to restrict so that it cannot be performed.

  In addition, the layer management unit 105 has a function of registering data of each layer including a layer specified by the user role (role) and authority created in the layer creation unit 104 in the layer DB 106. In response to a request from the document reconstruction unit 107, the layer management unit 105 reads a layer corresponding to the user role (role) and authority transmitted from the document reconstruction unit 107 from the layer DB 106, and reconstructs the document. A function of transferring to the unit 107.

  The layer DB 106 constitutes a document storage unit and manages data of each layer created by the layer creation unit 104 separately for each layer.

  The document reconstruction unit 107 and the document presentation unit 108 constitute a document display unit. The former document reconstruction unit 107 receives the layer data to be presented to the user from the layer management unit 105 based on the role (role) and authority transmitted from the authority determination unit 101, and stores the data of each layer. It has a function of restructuring into one document (document) by superimposing. The latter document presentation unit 108 has a function of outputting the document (document) reconstructed by the document reconstruction unit 107 to a predetermined display device and presenting it to the user.

  Next, the operation of this embodiment will be described in detail with reference to the drawings. FIG. 3 is a flowchart showing the operation when creating a new document in the present embodiment. Note that, based on the following premise, the administrator of the document management apparatus 10 based on the method of the present invention uses the functions of the user management unit 100 of the document management apparatus 10 to identify and authenticate users who can edit and view documents (documents). The user role (role) and the user authority are registered.

  First, an operation at the time of editing a document (document) will be described. When the system is activated, the user management unit 100 requests input of identification information and authentication information, and executes processing for confirming whether or not the user is an authorized user (step S101). If the identification / authentication in the user management unit 100 is successful (Yes in step S101), the authority determining unit 101 reads the corresponding user role (role) and authority from the user DB 102 (step S102). Then, the document editing unit 103 accepts an editing operation for the original document (document) (step S103).

  Subsequently, when the editing of the original document (document) is finished (Yes in step S104), the layer creating unit 104 is activated, and a new layer to be superimposed on the original document created by the editor is created. It is generated (step S105). Subsequently, the layer creation unit 104 accepts designation of a role and authority of a user who can access the layer (step S106). The designation of roles and roles is restricted so that it cannot be performed beyond the roles and roles of the user who is editing the document (document) (step S107).

  Subsequently, the layer creation unit 104 accepts input of a start point and an end point of a portion that the user wants to keep confidential to the user having only the designated role (role) and authority (step S108), and a portion surrounded by the start point and the end point Are transferred to the layer created in step S105 and deleted from the layer that is the transfer source (step S109). This posting and deletion makes it impossible for an unauthorized user to access the posted portion.

  In addition, the generation of the layer, the setting of access authority, the designation of confidentiality range, and the transfer / deletion are within the scope of the target user (confidentiality) within the scope of the role (role) and authority of the user who is editing the document. It is possible to repeat the setting step by step while changing the level (step S110).

  For example, when restricting accessible users according to job titles even if they belong to the same affiliation (changing the confidential level), by overlaying multiple layers that allow viewing only to a certain job title or higher, The document viewing authority can be set in stages. In addition, as described above, since the setting of access authority exceeding the role (role) and authority of the user who is editing the document (document) with respect to the generated layer is limited, It is possible to prevent an operation that hides information from a person having an advanced position or position.

  By repeating the above-described procedure, data that decomposes the original document (document) into a plurality of layers according to the confidentiality level is created. When all necessary layers are created, the layer management unit 105 creates the data. All layers including the completed layer are registered in the layer DB 106 (step S111).

  Next, an operation at the time of browsing the document (document) generated in this way will be described. Although the document browsing can be performed using the document management apparatus 10 described above, the document display that provides only the document browsing function in which the functions of the document editing unit 103 and the layer creation unit 104 of the document management apparatus 10 described above are omitted. It can also be performed by an apparatus.

  FIG. 4 is a flowchart showing the operation at the time of document browsing in the present embodiment. Referring to FIG. 4, as in the case of creating a new document, the user management unit 100 requests input of identification information and authentication information, and executes a process of confirming whether or not the user is a regular user ( Step S201).

  When the identification / authentication in the user management unit 100 is successful (Yes in step S101), the authority determining unit 101 reads the corresponding user role (role) and authority from the user DB 102 and transmits them to the document reconstruction unit 107 ( Step S202).

  Upon receiving the user role and authority, the document reconstruction unit 107 sequentially extracts layer data to be presented to the user from the layer DB 106 via the layer management unit 105 and superimposes (synthesizes) the extracted layers. ) To reconstruct the document (document) (steps S203 to S205).

  The document presentation unit 108 outputs the document (document) thus reconstructed to a predetermined display device and presents it to the user (step S206).

  As described above, according to the present embodiment, a configuration is realized in which a document (document) is divided into a plurality of layers and stored, and the layers that can be used are restricted according to the user's role (role) and authority. The For example, in FIG. 1, the lower layer represents information with a higher confidentiality level, but the authorized user is presented with a document (document) reconstructed by superimposing up to the higher confidentiality layer. A user who does not have a document can present a document (document) reconstructed only from a layer with a low security level.

  Subsequently, a second embodiment in which the operations of the layer creation unit 104 and the layer management unit 105 in the first embodiment of the present invention described above are modified will be described. FIG. 5 is a diagram showing an outline of a document management apparatus according to the second embodiment of the present invention. In the following description, parts common to the first embodiment will be omitted.

  In this embodiment, the layer creation unit 104 designates alternative layer data 94 to be displayed in place of the inaccessible layer 93 that designates and stores an arbitrary location of a document (document). Accept.

  The layer management unit 105 delivers the alternative layer data 94 to the document reconstruction unit 107 when the alternative layer data is designated even for a layer that is not permitted to be accessed by the user.

  Therefore, as shown in FIG. 5, the document management apparatus according to the present embodiment is the same as the first embodiment in that it does not display the content designated as a location to be kept secret when reconstructing the document. However, it can be displayed one step further, replacing other information that may be presented to the user.

  According to the present embodiment, for example, it is not indicated that a certain information is simply not displayed, but a display indicating that the department in charge can respond if a cokeback is made by telephone, or that the information can be accessed through a predetermined procedure. Can be displayed.

  Subsequently, each of the above-described embodiments will be described using specific examples in order to describe them in more detail. FIG. 6 is a diagram illustrating an example of layer data generated when the operation of designating a user who can make a confidential part and an accessible user is repeated (twice) via the layer creation unit 104. In the example of FIG. 6, for the original document (document) 60, the seventh to eighth lines are designated as confidential information of the XX development headquarters that restricts those who can access within the XX development headquarters. Furthermore, the accessible person is limited to the person in the XX development headquarters. XX represents the image of the data of each layer generated when the third to fifth lines are specified as general information of the development headquarters. .

  Referring to FIG. 6, the contents of lines 7 to 8 of the original document (document) 60 are transferred to the confidential information layer 63 of the XX development headquarters by the above operation, and the original document (document) The contents of the 3rd to 5th lines of 60 are transferred to the general information layer 62 of the development headquarters, and all the contents of the 1st to 2nd and 6th lines of the original document (document) 60 are included. It remains in the general information layer 61 for the user.

  FIG. 7 is a diagram illustrating an example of information stored in the user DB 102. Referring to FIG. 7, authentication information (password) 501 set for four users having identification information of Suzuki, Honda, Tanaka, and Inoue, and a role (role; role of each user in this example) as its attribute information ) 502, an example of information regarding the authority 503 is shown.

  Hereinafter, a case where the users Suzuki and Honda shown in FIG. 7 make a browsing request for the document data in FIG. 6 will be described. FIG. 8 is a diagram showing information displayed when the users Suzuki and Honda make a browsing request for the document data shown in FIG.

  Referring to FIG. 8, first, when the user Suzuki requests browsing of the document (document) in FIG. 6, the authority determination unit 101 reads “XX Development Headquarters and XX Development” from the user DB 102 as a role of the user Suzuki. "You belong to the headquarters", you can get information that "privileged information is possible" as authority.

  In this case, the document reconstruction unit 107 that has received the role (role) and authority information corresponding to the user Suzuki from the authority determination unit 101, the general information layer 70 (corresponding to 61 in FIG. 6) for all users, Data of the general information layer 71 (corresponding to 62 in FIG. 6) of the XX development headquarters and the confidential information layer 72 (corresponding to 63 of FIG. 6) of the XX development headquarters can be received from the layer management unit 105. Then, the document reconstruction unit 107 superimposes the data of these layers to reconstruct the browsing screen 73 for Suzuki, and presents it to the user Suzuki via the document presentation unit 108. Since the user Suzuki belongs to the XX development headquarters and is given the authority of “up to confidential information”, as shown in FIG. 8, there are access restrictions on each part of the original. Regardless, the entire original can be viewed.

  On the other hand, the user Honda belongs to the XX development headquarters, but is only given the authority that “general information is possible”. Therefore, the document reconstruction unit 107 that has received information on the role (role) and authority corresponding to the user Suzuki from the authority determination unit 101, the general information layer 70 (corresponding to 61 in FIG. 6) for all users, ○ The general information layer 71 (corresponding to 62 in FIG. 6) of the development headquarters is overlaid to reconstruct the Honda browsing screen 74 and present it to the user Honda via the document presentation unit 108. The user Honda belongs to the XX development headquarters and has the right to “can be up to general information”, but has not been given the right to “can be confidential information”, so as shown in FIG. In addition, it is possible to browse the first to sixth lines of the original.

  Next, a specific description will be given of a range in which access restriction can be made when one user edits a document (document). FIG. 9 is a diagram for explaining a range in which access restriction can be performed when a user Inoue belonging to a different organization than the above-mentioned users Suzuki and Honda edits the original document (document) 80. Referring to FIG. 9, when the user Inoue succeeds in identifying and authenticating before editing the document, the authority determining unit 101 belongs to “△△ belongs to the development headquarters” as the role (role) of the user Inoue from the user DB 102, As an authority, it is possible to obtain information that “notice information is possible”. In the following description, it is assumed that the confidential level increases in the order of general information, caution information, and confidential information.

  In this case, the layer creation unit 104 that has received the role (role) corresponding to the user Inoue from the authority determination unit 101 and the information on the authority, in addition to the general information layer 81 for all users that do not include any confidential information. .DELTA..DELTA..DELTA .. General information layer 82 of the development headquarters and .DELTA..DELTA .. Attention information layer 83 of the development headquarters can be created.

  However, the layer creation unit 104 sets authority for users belonging to different groups (layer 84 indicating general information to the development headquarters), and a layer with a higher secret level than the authority of the user Inoue (ΔΔ to the development headquarters). When the designation of the layer 85 indicating strict confidential information is accepted, it is treated as an error because the designation exceeds the role and role of the user Inoue.

  In this way, by prohibiting designation beyond the user's own role (role) and authority, the user himself hides information from those who have advanced positions or positions, or a specific department. It is possible to prevent a situation in which information that should be strictly managed is leaked.

  The embodiments of the present invention and specific examples thereof have been described above. However, as is apparent from the principle, the technical scope of the present invention is not limited to the above-described embodiments, and is confidential. It goes without saying that various modifications and substitutions can be made without departing from the gist of the present invention that the document is divided into a plurality of layers depending on the degree and access control is performed for each layer. Nor. For example, in the above-described embodiment, an example in which a role (role) and authority is used as attribute information has been described. However, other items are added according to the use of the document management apparatus, or other attributes are added. Can be replaced with information.

1 is a diagram illustrating an outline of a document management apparatus according to a first embodiment of the present invention. 1 is a diagram illustrating a configuration of a document management apparatus according to a first embodiment of the present invention. It is a flowchart showing operation | movement of the document management apparatus concerning the 1st Embodiment of this invention. It is a flowchart showing operation | movement of the document management apparatus concerning the 1st Embodiment of this invention. It is drawing which represented the outline | summary of the document management apparatus concerning the 2nd Embodiment of this invention. It is a figure for demonstrating the specific example of this invention. It is a figure showing an example of the information stored in user DB. It is a figure for demonstrating the specific example of this invention. It is a figure for demonstrating the specific example of this invention.

Explanation of symbols

10 Document management device (document management device)
100 User Management Unit 101 Authority Determination Unit 102 User DB (User Database)
DESCRIPTION OF SYMBOLS 103 Document edit part 104 Layer production part 105 Layer management part 106 Layer DB (layer database)
107 Document reconstruction unit 108 Document presentation unit 501 Authentication information (password)
502 Role information 503 Authority information 60, 80 Document (document)
61, 70, 81 General information layer 62, 71, 84 for all users General information layer 63, 72 of the development headquarters Strict information layer 73, 74 of the development headquarters Browse screen 82 General information of the development headquarters Layer 83 △△ Reminder information layer of R & D headquarters 85

Claims (15)

A user information storage unit storing at least attribute information of each user and each user;
A document storage unit for storing document data divided into a plurality of layers;
A layer management unit that controls access to document data stored in the document storage unit for each layer based on user attribute information stored in the user information storage unit;
At least the specification of the part that restricts the accessible users in the displayed document and the specification of the user attribute that can access the part are accepted, and the specified part is associated with the user attribute. A layer creation unit that transcribes and deletes from the original layer,
A document display unit that displays document data by superimposing data of each layer received via the layer management unit,
Document management device characterized by the above. The user information storage unit includes attribute information including role information and authority information of each user,
The layer creation unit can specify the accessible user attributes by at least one of the roles or authorities of each user within a range of at least the roles or authorities of the users who are accessing the document. ,
The document management apparatus according to claim 1. The layer creating unit further accepts designation of alternative layer data to be displayed in place of the designation of a part that restricts accessible users in the displayed document,
The layer management unit delivers the alternative layer data to the document display unit when the alternative layer data is designated even if the layer is not permitted to be accessed by the user.
The document management apparatus according to claim 1, wherein: An alternative data editing unit for editing the alternative data;
The document management apparatus according to any one of claims 1 to 3. A user information storage unit storing at least attribute information of each user and each user;
A layer management unit that controls access to document data stored in the document storage unit for each layer based on user attribute information stored in the user information storage unit;
5. A document generated by the document management apparatus according to claim 1, further comprising: a document display unit that displays document data by superimposing data of each layer received via the layer management unit. That data can be input and output to a predetermined display device;
A document display device characterized by the above. The layer management unit delivers the alternative layer data to the document display unit when the alternative layer data is designated even if the layer is not permitted to be accessed by the user.
The document display device according to claim 5. A document management program to be executed by a computer,
A process of inputting document data divided into a plurality of layers from a predetermined storage device;
Processing for displaying a document by referring to user attribute information stored in a storage unit, extracting data of a layer corresponding to the user attribute from the input document data, and superimposing the data;
At least the specification of the part that restricts the accessible users in the displayed document and the specification of the user attribute that can access the part are accepted, and the specified part is associated with the user attribute. Processing to delete and delete from the original layer,
The document management program which makes the said computer perform the process which outputs the data of each layer containing the said transferred layer to the said predetermined | prescribed storage device. As the user attribute, within at least the role or authority of the user who is accessing the document, at least one of the role or authority of each user can be specified,
The document management program according to claim 7. A process of accepting selection of alternative layer data to be displayed in place of the part in addition to specifying a part that restricts accessible users in the displayed document,
If the alternative data is specified even in a layer that is not permitted to be accessed by the user, displaying the document by superimposing the alternative layer data;
9. The document management program according to claim 7 or 8, wherein:   The document management program according to claim 7, further providing an editing environment for document data to the computer. A document display program to be executed by a computer,
A process of inputting user information and document data generated by the document management apparatus according to claim 1;
A process of displaying the document by extracting the data of the layer corresponding to the attribute of the user from the input document data and superimposing the data;
A document display program for causing the computer to execute. If alternative data is specified even in a layer that is not permitted to be accessed by the user, displaying the document by superimposing the alternative layer data;
The document display program according to claim 11, wherein the computer is executed. Document management performed using a document management apparatus including at least a user and a user information storage unit that stores authority information of each user and a document storage unit that stores document data divided into a plurality of layers A method,
The document management apparatus refers to the user authority information stored in the user information storage unit, extracts the layer data corresponding to the user authority from the input document data, and superimposes the data Displaying the document;
The document management apparatus accepts at least a designation of a part that restricts users who can access the displayed document and a designation of a user attribute that can access the part, and the designated part is Posting to the layer associated with the user attribute and deleting from the original layer,
The document management device includes storing data of each layer including the transferred layer in the document storage unit,
Document management method characterized by the above. When specifying the user attributes, at least one of the roles or authorities of each user can be specified within the scope of at least the roles or authorities of the users who are accessing the document.
The document management method according to claim 13. Further, the document management apparatus includes a step of accepting designation of alternative layer data to be displayed in place of the designation of a portion that restricts accessible users in the displayed document,
The document management device displays a document by superimposing the alternative layer data when the alternative layer data is specified even in a layer that is not permitted to be accessed by a user.
The document management method according to claim 13 or 14, characterized in that:

Images