1. Field of the Invention
The present invention generally relates to an information processing apparatus, an information processing method, a computer-readable medium having an information processing program embodied therein, and a resource management apparatus, and particularly relates to an information processing apparatus, information processing method, a computer-readable medium having an information processing program embodied therein, and a resource management apparatus for efficiently providing information on a resource.
2. Description of the Related Art
In computer systems, access permission is generally set for each resource to prevent unauthorized use of the resources. Data defining such access permission are commonly called as ACL (Access control list). FIG. 1 is a conceptual diagram of an ACL for a document management system. In the ACL in FIG. 1, permission for reference, read, update, and delete is defined on a user or group basis. By setting such ACL for each document, the document management system protects the documents.
In this type of document management system, when a document search is requested by a client, a result list must be generated so as to display only the documents to which the client has reference permission. However, accessing the ACLs set for each document during the search incurs high cost. To avoid such waste, some systems generate a bit sequence (hereinafter referred to as “bit mask”) indicating reference permission status of each user, i.e., which user has reference permission to which document in advance.
A conceptual diagram of the bit mask is shown in FIG. 2. When a search is requested, the system can check whether the reference permission is given to a user who requested the search with reference to the bit mask generated in advance. The system can thus quickly output a search result.
On the other hand, in some cases, access permission to documents are controlled in various types of systems (distribution system, print system, etc.) according to common rules. For example, by sharing security information among the systems, the access permission is controlled based on the security information. In this case, for the consistency with these systems, a document management system determines access permission to the document based on the security information stored in an external apparatus in place of an ACL stored (as, for example, document attribute) in the document management system. The term “security information” is used to mean a set of plural pieces information including, for example, user attribute (section to which a user belongs, position, etc.), document attribute (document category, confidential level, etc.) and information indicating the status of access permission with respect to each combination of the user attribute and the document attribute.
Japanese Patent Laid Open Publication No. 2001-344245 discloses an information processing apparatus that generates an index associated with file information and permission information to search for documents based on the index. The apparatus thereby acquires the documents in consideration of access permission. Japanese Patent Laid Open Publication No. 06-243018 discloses a system that has permission information, for each document, containing information on security management according to a classification, and manages the security of the documents based on the permission information. Japanese Patent Laid Open Publication No. 2003-280990 discloses a document management apparatus that stores access permission setting information associated with user attribute information for every document and folder. The apparatus checks instructions described in an access request from a user with reference to the access permission setting information, and permits the access under corresponding setting conditions.
When checking the access permission to a document for a user with such security information, however, the system needs to refer to plural pieces of information (user attribute, documents attribute, etc.). Therefore, the mechanism for checking the permission is complicated. In addition, if the security information is stored in a location connected to the document management system via a network, the system needs to check the access permission via the network when a search is requested. Such a condition lowers the search performance.