The present invention relates to an information accessing method for accessing information held in a server unit included in a client-server system, and more particularly to the information accessing method that is effective when a client unit located in a client-server system accesses information held in a server unit located in another client-server system through a network having two or more client-server systems connected therein.
As a method for accessing information held in a data file to be tightly secured, a method has been proposed for restricting access to such a data file with a user ID or a password. With this method, a client-server system takes the steps of registering in a server unit a user ID or a password with which access is permitted in a client-server system having the server unit, comparing a user ID or a password which the user inputs with the user ID or the password registered in the client-server system, and permitting access to a data file contained in the server unit only if both of the user ID and the password are matched to each other. If a user or a user group of specific users belonging to a section of a company makes access to a data file, some access levels are set according to the position of each user in the company. Each access level may reach the corresponding portion of the data file to be accessed. Those access levels are used for access restriction such as disability to access the data file, ability only to access a data file, and ability to update a data file.
When a data file registered in a client-server system is accessed by a client unit of another client-server system in a network such as a communication tool having two or more client-server systems connected therethrough, the client unit pre-registers a guide ID in the client-server system having the data file to be accessed so that the client unit may access the data file in the different client-server system from the system to which the client unit belongs.
If the foregoing client-server system is applied to a system for managing a schedule, the information to be secured is a schedule of each user.
For example, a person who would hold a meeting, a host of the meeting needs to access a schedule on the meeting day of each meeting participant for the purpose of checking if each participant""s schedule is open. If, however, any one of the participants belongs to the management of a different client-server system from the system of the host, in the current state, the client-server system of the participant is configured to unconditionally permit the host to access to his or her schedule or prohibit the host to do so.
The personal schedule contains one portion that is open to any user of the client-server system such as appointed day and hours and the other portion that is not open to all the users of the system such as a destination of a business trip or a dealer. The current system does not provide a capability of fine restricting the data to a portion to be accessed or a portion not to be accessed according to the relation between the user to be accessed and the user who would access the data.
It is an object of the present invention to provide an information accessing method that permits a user of a client-server system to access the user data of another client-server system under proper security.
It is another object of the present invention to provide an information accessing method that controls permission to access the user data according to the corresponding relation of a security rank between a user to be accessed and a user who would access the user data.
Later, the term xe2x80x9csystemxe2x80x9d means a system having a function of storing user data for each user, registering as a user ID an ID of a user permitted to access the user data and specifying the range of the registered user ID as the managing range of the system itself. The present invention is characterized to offer a security method that is arranged to convert a first user ID belonging to the managing range of a first system into a second user ID (guest ID) belonging to the managing range of a second system and permit the user to access the user data if the second user ID and a third user ID for an owner of the user data belong to the second system.
Further, the information accessing method according to the present invention is configured to set one of plural security ranks to each user, set a table for determining if the access to the user data is permitted from a security rank of a user for requesting the access to the user data and a security rank of a user whose data is accessed by the former user, and determine if the access to the user data is permitted by referencing this table if requested to access the user data.
When the user with the first user ID logs in the first system or issues a request for access to the user data, the first user ID is checked by the first system. When the user with the first user ID issues a request for accessing the user data of a second system, it is checked if the first user ID is registered in the ID conversion table. When the request for access is passed to the second system, it is checked if a second user ID is registered in the ID conversion table. That is, three checks are executed until the user of one system is permitted to access the data of the user belonging to the other system. After these checks are done, the user with the first ID enables to access the whole user data managed by the second system. Further, the use of the security rank makes it possible to determine if the access to at least part of the user data is permitted on the basis of the security rank of the user for issuing a request for access and the security rank of the user whose data is to be accessed.
FIG. 1 is a block diagram showing an overall configuration of a system according to the present invention;
FIG. 2 is a table showing a data format of an ID conversion table 14 according to an embodiment of the present invention;
FIG. 3 is a table showing a data format of a user ID table 11 according to an embodiment of the present invention;
FIG. 4 is a table showing a data format of a security table 12 according to an embodiment of the present invention;
FIG. 5 is a table showing a data format of user data 13 according to an embodiment of the present invention; and
FIG. 6 is a flowchart showing a flow of process located between the systems according to an embodiment of the present invention.