In a storage apparatus directly connected to a computer, accesses to the storage apparatus are normally not controlled. Instead, an IO command issued by the computer directly connected to the storage apparatus is processed unconditionally. In a SAN (Storage Area Network) including one or more storage apparatus and one or more computers sharing the storage apparatus, accesses to the storage apparatus are controlled by including computers in set zones with and without access rights. However, an IO command received from a computer having an access right is processed unconditionally. Thus, since an IO command received from a computer having an access right is processed unconditionally in this way, data stored in a storage apparatus can be stolen by illegally using such a computer. If the worst comes to the worst, data stored in a storage apparatus may be changed improperly. There is a number of countermeasures for preventing a computer from being used illegally. However, those countermeasures are not necessarily perfect. For example, data can be encrypted so that the data cannot be decoded even if the data is stolen. If the encrypted data can be decrypted, nevertheless, the stolen data can be decoded.
In addition to access control executed in a computer, access control executed in a storage apparatus is an effective means to prevent data from being stolen and changed improperly by using a computer illegally. Specially, in accordance with a method disclosed in Japanese Patent Laid-Open No. 2002-222110, control of accesses is executed in a storage apparatus for each application program making accesses to the storage apparatus. Thus, the security of data can be assured even if the user or a person in charge of computer management uses a computer illegally. In order to implement the access control disclosed in the document, however, a special OS is required. In addition, it is necessary to extend a protocol of communication between the computer and the storage apparatus.
Thus, the present invention is provided as a means for solving a problem that data managed by a program is stolen, changed improperly or erased by using a computer illegally. In addition, the present invention provides a method for controlling accesses without changing a variety of programs and without requiring a special OS.