In recent years, due to the advancement of information communication equipment, there has been widespread use of work stations and local area networks (LAN) having personal computers, and the like, mutually connected as terminals. Accompanying this trend, the mode of using computers is shifting from the stand alone type to the client-server type.
Compared to the stand alone type, the client-server system can easily coordinate the work performed by a plurality of users (client terminal users). Furthermore, the client-server system is capable of making the server execute operations requiring advanced processing capacity, thereby relieving client terminals from the burden of having the capability to perform such advanced processing capacity. This results in a significant cost savings.
However, in the client-server system, since a plurality of users use the server through the client terminals, it is necessary to control the access to the particular service by a user in order to avoid leakage of official secrets and falsification of information. This is provided among the various services that the server provides to the users through the client terminals.
Usually, the foregoing access control in the conventional client-server system is performed such that the operating system (OS) of the server employs a control table called the access control list to limit accesses to the directories and files by each of the users or by each of the programs. The method of controlling accesses by the users employing this access control list is represented, for example, by D. E. R. Denning, entitled "Cryptography and Data Security" (published by Addison-Wesley Publishing Company, Inc.). A short description of this material follows.
The state of a system is defined by a set S of subjects s as active entities, a set O of objects o as entities to be protected by the system, and a set R of combinations r of individual access rights such as reading, writing, and executing.
The access to each object o.sub.i is controlled by the access control list o.sub.i [s.sub.j, r.sub.j ].
Here, i, j satisfy 0&lt;i&lt;n, 0&lt;j&lt;m, respectively; however, n is the number of the factors of the set O (total number of the objects), m is the number of the factors of the set S (total number of the subjects).
Suppose that the object o.sub.k (here, the k is a constant satisfying 0&lt;k&lt;n) is a file named F, and there are two access control lists set to the object o.sub.k, which are called as o.sub.k [user A, reading], and o.sub.k [user B, reading.cndot.writing.cndot.executing].
In this case, the server permits to user B three types of accesses to the file F, namely, reading, writing, and executing. However, the server permits to user A only one type of access to the file F, reading, and does not permit other accesses.
The present inventors have recognized the following problems in the prior art system. These problems are set forth below. In the conventional client-server system for controlling accesses by the users employing the foregoing access control list, the manager of the server sets the foregoing access control list in the server, and the server is thus made to control accesses by the users to various services that the concerned server provides. In a business organization, when performing a transaction, often times the person in charge of the concerned transaction has to obtain the approval of a superior. Also, there can be instances where the person in charge has to beforehand obtain consent of a plurality of co-workers in charge of the same transaction. These situations can occur as well in the client-server system. That is, when a user uses a service that the server provides through the client terminal, there are cases that the concerned user has to beforehand acquire the approval and consent of another user.
In such cases, in the conventional client-server system for controlling accesses by the users employing the foregoing access control list, the condition for determining the access control is composed of only what kinds of access rights (reading, writing, executing, etc.) each of a plurality of the users (subjects) using the concerned system has. This creates the following problems:
(1) When the access control list is set so as to allow the foregoing user to receive the service, there is a possibility that the concerned user can forget to acquire the approval and consent by another user in advance and access the concerned service. This will not bring about a proper control of accesses by the users.
(2) When the access control list is set so as not to allow the foregoing user to receive the service, a time consuming procedure is necessary whereby the concerned user informs of the approval and consent that have been acquired in advance to the manager of the server, and has the manager modify the access control list so as to be able to use the foregoing service. This imposes a burden on the user and the manager of the server.
Thus, in the conventional client-server system, when a user of the client terminal receives a service that the server provides, the access to the foregoing service by the concerned user cannot properly be controlled if the approval and consent by another user are required.
The present invention has been made in view of the foregoing circumstances, and it is therefore an object of the invention to provide a client-server system, a server, and a client terminal, whereby, even if an approval and consent are required in case a user of the client terminal receives a service that the server provides, the access to the foregoing service by the concerned user can properly be controlled.