1. Field of the Invention
This invention relates to a computer system having a security function, and more particularly to a security system for file access.
2. Description of the Related Art
There is provided a computer system which utilizes a work station as a terminal device and which can access files of a host computer via the terminal device. In such a computer system, it is required to provide a security function for permitting a specified user or users to operate the terminal device and access the file, thus attaining the security for information.
Such a security system includes a system which is known in the art or can be easily devised and in which a user list is set for each file to be protected so as to inhibit the file access even if a user other than the listed users makes an access request for the file. Further, a system is provided in which a file list for permitting access to the file for each user is set and a file access is inhibited when a file other than the listed files is accessed by a corresponding user. In addition a system is provided in which a pass word is previously set and only a user who inputs the pass word via the terminal device is permitted to access the file.
The above conventional security systems are designed to attain the security for information independently for each user based on the relation between the users and the files to be protected. For this reason, in the conventional security systems, it is difficult to attain the information security for each operation, that is, attain the information security according to the contents of the files or access types. In this case, the operation corresponds to the content of the process of a user program and the type of a file to be accessed is determined by the type of the user program. Further, the access type means the accessing content such as "deletion", "modification", "write-in", or "readout" with respect to a file to be accessed.
Now, a problem occurring in the conventional system is concretely explained. For example, when a user for effecting an operation of referring to a specified file erroneously effects an operation of writing information into the specified file, the specified file may be destroyed.