A large percentage of hard-copy documents being produced today are generated from corresponding electronic documents. As with their hard-copy counterparts, electronic documents may include confidential, proprietary and/or secret information. Consequently, it is as important to be able to limit access to the electronic documents of a company, as it is to limit access to the hard-copy documents of the company.
The specific members of the company that should have access to a document will vary based on the content of the document and the policy of the company. Frequently, the position that one holds in a company dictates the documents to that the individual is allowed to access. For example, a company executive may have access to information that an office clerk is not allowed to access. An individual's relative level within the company may not be the only factor that dictates the documents to which the individual has access. For example, a relatively lower-level clerk in the financial department of a company may have rights to access financial information to which a relatively higher-level employee in the research department has no access rights.
Various approaches have been used to restrict access to electronic documents. One common approach is to use password protected shared directories. Using this approach, all documents that are to be shared among a particular group are placed in a shared directory, and the directory is password protected. The password to access the directory is then communicated to the members of the group. When a user tries to access the directory, the file system or operating system software that manages the directory requests the password from the user. If the user enters the correct password, then the user is allowed to access the folder and the entire contents thereof. Without the correct password, the user is not allowed to access the documents in the protected folder.
The password-protected shared folder approach works well in situations where there are a few, well-defined groups. However, in larger organizations it may not be practical. For example, higher-level executives may need access to the documents shared among numerous disparate groups. It is not practical to require each of the executives to remember all of the relevant passwords. It becomes even less practical when, for security reasons, the passwords are changed periodically, or in response to the departure of any member of the group.
Based on the foregoing, it is clearly desirable to be able to share electronic documents among those allowed to access them, while at the same time providing a convenient and secure system that protects the documents from those who are not authorized to access them.