In recent years, in order to appropriately manage a complex IT system, there are proposed methods of consolidating configuration information on an IT system by using database (see Japanese Laid-open Patent Publication No. 2006-221399). As one of such methods, a method is known in which configuration information is managed by using an information management apparatus called an FCMDB (Federated Configuration Management Database). In FIG. 13, a diagram for explaining a summary of the FCMDB is illustrated.
As illustrated in FIG. 13, the FCMDB connects to apparatuses called MDRs (Management Data Repository), each of which independently collects and manages configuration information on an IT system, with a network or the like and manages various configuration information interspersed in each MDR by virtually integrating them. A worker such as a system manager can transversely manipulate configuration information dispersion-managed by the MDRs by using the FCMDB.
As illustrated in FIG. 14, the FCMDB manages configuration information on an IT system by storing relationship information (relationship) between a configuration item (CI, Configuration Item) and a CI. The CI is provided for each element configuring an IT system, such as a server, a network, and a service, and specifically, includes information such as a node name, an IP address, and an application name. The relationship is provided between a CI and a CI and expresses what relationship these CIs have by information such as Connected To (connected to . . . ), Operated By (operated by . . . ), and Belong To (belong to . . . ).
Configuration information managed by the FCMDB is referred to by workers in various positions, such as a service manager, an operator, and a center manager, so that it is desirable to perform access control according to the position of each worker. For example, as illustrated in FIG. 14, access control is performed in such a manner that when a worker is a center manager, all configuration information can be referred to, however, when a worker is an operator, only configuration information in a range needed for operation can be referred to, whereby confidentiality of the configuration information can be maintained.
Because the number of elements configuring an IT system is large, the number of CIs and relationships stored in the FCMDB is also large. Accordingly, for example, as illustrated in FIG. 15 and FIG. 16, when attempting to set a CI and a relationship, for which access is granted, to each worker, the man-hour for the setting operation becomes large, which is not realistic. Moreover, every time a worker increases, it is needed to set whether or not access is possible with respect to all CIs and relationships for a new worker, which is inefficient.
As a method for efficiently setting an access right to an information management apparatus having a large amount of information, such as a WEB server, there is known a method such as “.htaccess” that sets an access right by using a hierarchical structure of data. Specifically, in this access right setting method, when an access right is set to a certain file, the similar access right is assumed to be set also to files (also called sub files) present in the file. With such a method, setting of an access right to a plurality of pieces of information can be performed at a time, so that the man-hour for the setting operation can be reduced significantly.