Conventionally, an operating system controls operations of an application program based on information set by a system administrator. For example, the operating system inhibits access to a specific file according to the authority of a user who activates the application program. Moreover, the operating system determines computation time of a CPU to be assigned to each application program.
However, the control by the operating system is limited to types predetermined by a designer of the operating system. For this reason, in order to realize control different from the operating system, it was necessary to remodel the existing application program or to remodel the operating system. Although it is assumed that the program or system has been remodeled, there has been a problem that the remodeling requires enormous development time and development cost and further reduces maintenance performance of program.
In this regard, a technique for expanding access control functions to a file without remodeling the existing operating system has been conventionally proposed as disclosed, for example, in Japanese Patent Application Publication No. 2003-44297. An application program according to this technique sends operation requests to the operating system via a resource managing program. When the resource managing program catches the operation request, the resource managing program specifies a computer resource designated by the operation request and decides whether the application program has access permission to the resource. If the application program does not have access permission, the resource managing program refuses the operation request. According to this technique, although access is permitted by the operating system, it is possible to prescribe independent access permission independently of permission by the operating system.
According to the technique, in association with a set of a user and a computer resource, it is determined whether the access to the resource is permitted. Whether access to a resource is permitted is statically determined by an administrator or the like. For this reason, it was not possible to modify whether access is permitted or not based on information varying with the advance of a process of a program. For example, access to certain data could not be permitted or inhibited based on the contents and attribute of the data or which application program holds and uses the data at present.