1. Field of the Invention
The present invention relates to a document management system and a document management method configured to manage an access to a file.
2. Description of the Related Art
In recent years, information security has been considered more significant than ever. It is required that companies take effective measures against information leakage, in order to secure a sufficient protection of private information and to protect intellectual property rights. In this regard, a conventional system prevents information leakage by setting a security policy (hereinafter simply referred to as a “policy”) including an access authority and a use authority for a specific user with respect to an electronic document.
For example, an access control management server has recently been marketed. Such an access control management server can set various access control for each user on a file. With the access control management server, a creator of a file can set access control on each user by designating a control level differently for respective users.
Adobe Systems Incorporated has marketed an access control management server “Live Cycle Policy Server”, which can set access control described above on a portable document format (PDF) file. Microsoft Corporation has marketed an access control management server “Rights Management Services”, which can set access control on a file generated using Microsoft Office application programs of Microsoft Corporation.
An access authority included in a policy registered on an access control management server can be set for each user, each user group, a specific period of time, a network, or a domain. With respect to a use authority, information about whether a file can be printed or transferred can be set. After a document has been distributed, a creator of the document can easily revoke or change the once-provided authority via an access control management server.
An administrator of an access control management server registers a policy to the access control management server. A general user can only acquire a list of policies that the user can set and utilize the acquired policy. When a general user applies a policy to a document, the user acquires from an access control management server a list of policies that the user can set and designates a policy from among those listed in the list.
Meanwhile, image data obtained by reading with a scanner connected to a network or with a multifunction peripheral (MFP) having a scanner function is often sent to a client computer by e-mail as an attached file. This common method of sending data has a problem in terms of information security, just as in the case of handling the above-described electronic document.
In this regard, a conventional method applies a security on image data read from a device, such as a scanner connected to a network or an MFP having a scanner function, using an access control management server as described above.
Japanese Patent Application Laid-Open No. 2003-304352 discusses a method for associating security information with image data in outputting the image data to an apparatus on a network. With this method, security information can be associated with an electronic document at the time of generation thereof.
Japanese Patent Application Laid-Open No. 2003-281148 discusses a method for generating access control information by reading an access control information entry sheet having a predetermined format at the same time as reading a document image and analyzing the read sheet. With this method, it is not necessary for a user to perform a setting via an operation panel. However, a user is required to fill in the sheet having the predetermined format with desired settings and then perform an operation for reading the sheet.
However, in the above-described conventional method for allowing a general user to select a policy from among those listed in a policy list acquired from an access control management server, contents of policies that can be set cannot be customized by a general user, who can only utilize the policies registered by an administrator.
In particular, it is necessary for a general user to designate access control information via an operation panel of a device. An operation panel of a device (e.g., MFP) is generally small-sized. Accordingly, with such a small size operation panel, it may be difficult for a user to perform a detailed setting for access control. That is, an operability of a conventional device (e.g., MFP) for setting access control is generally less than satisfactory.
With the above-described conventional method for allowing each user to designate a policy from a list of policies that can be set acquired from an access control management server, a user can designate detailed access control according to granularity of policies stored in the access control management server.
However, if an amount of data to be included in a list of policies substantially increases, the operability for setting access control may become increasingly more difficult. In addition, the above-described problem may arise on a personal computer (PC) of the user, not only on the device.
In the case of a conventional method for variably (dynamically) generating a policy selection menu based on a list of policies that can be selected by each user acquired from an access control management server, a long time may be required to generate a list of policies that can be selected by each user and to display the list on a user interface (UI), depending on a network environment.
In order to address this, it may be useful to acquire a list of all policies and to display the list on a UI instead of dynamically generating the list for each user. However, if the number of registered policies substantially increases, it may become increasingly more difficult for a user to find an appropriate policy to designate.
In the case of another conventional method for acquiring a list of policies by connecting to an access control management server, if a PC of a user cannot communicate with the access control management server, the user cannot set a policy registered on the access control management server on a document. In addition, if a communication error occurs between the PC and the access control management server, it may be necessary for a user of the PC to wait until the communication is restored and then to perform an operation for designating a policy again.