In order to acquire data to be processed, it has heretofore been conducted to access a database server which stores the data. In this access, the user uses a computer terminal, which is a client, to acquire the data by accessing the database server via a Local Area Network (LAN) and/or the Internet. The data stored is described in eXtensible Markup Language (XML) or Hyper Text Markup Language (HTML). Particularly, a document described in XML is referred to as an XML document. The XML document is known as a structured document which can be structured according to the intention of an information provider. Such XML documents are widely used from a large scale database such as a genome information database to a small scale database such as medical records.
Here, there is a case where an administrator of the database performs settings on the XML documents in which, when a user accesses the database, the access is denied depending on the user. For example, an administrator of a medical records database in a hospital needs to perform control so that a patient cannot access the medical records data of his/her own.
Specifically, for example, a method is known in which access control is performed by the use of a rule referred to as a policy. For example, the policy is determined on the basis of names, job titles, sections and the like of users.
Then, by the use of the policy, access control is performed for each file or each folder as the Windows (registered trademark) file system adopts. With this, it can be prevented that a user or a group of users with no permission access the relevant file or folder.
However, there is a case where the control is demanded in which, for a user, the access to a part of a file is permitted, and the access to the remaining part of the file is denied.
For example, assume that medical records are created as one XML document and stored in a database. In this case, it is preferred that doctors can access the whole medical records information, but interns can access only the diagnostic information of patients. However, with the access control method described above, the policy can only be set for each file. Accordingly, it is impossible to perform access control with respect to a part of the XML document.
As a method for solving such a problem, a control device enabling access with respect to each internal structural unit of an XML document is known (Japanese Patent Laid-Open No. 2001-273285, hereinafter referred to as Patent Document 1). In Patent Document 1, an access control device which control access with respect to each internal structural unit of a document by incorporating policies into an XML document is shown. The XML document of Patent Document 1 includes records which are data of a database, and policies each of which is set for each of the records. When a user accesses a part of the XML document, the access control device controls the access by reading the incorporated policies.
However, this access control device is not suitable when the number of records of the database is large. This is because when the number of records of a database increases, the number of policies to control the access to the records also increases, and thus the XML document becomes very large.
For example, as for genome information, in some cases, the data size of records of an XML document becomes one gigabyte or more. In addition, a large number of users of enterprises, academic societies and the like access the XML document. Accordingly, it is necessary to set the policy for each of the large number of users who access the XML document, and the data amount of the policies becomes enormous. Therefore, both of the data amount of the records and the data amount of the policies become enormous, and the file of the XML document becomes very large.
Under the circumstances, a method of separating policies from an XML document and making the policies into a database is known (Naishin Seki, Michiharu Kudo, “Access Control Using Pathtables for XML Database”, Computer Security Group, Information Processing Society, Nov. 14, 2003; hereinafter referred to as Non-Patent Document 1). In Non-Patent Document 1, there is disclosed a method of constructing the policies as a table database. The table database is composed of path expressions for designating specific parts of an XML document, and conditions respectively corresponding to the path expressions. The condition is one which is used to determine whether or not the access from a user to the part designated by a path expression should be permitted. When a user performs access, the access control device calculates a path expression for this access request. Then, the access control device reads out a condition corresponding to the path expression from a table. If the user meets the read-out condition, the access control device permits the access to the part of the XML document which is designated by the path expression.
Incidentally, there is a case where a policy is composed of a large number of complicated conditions. The complicated condition means, in addition to a condition formed by combining AND conditions or OR conditions, a below-described condition which is used to perform a determination by the use of a data value read out from a database.
A policy including a condition which is used to perform a determination by the use of a data value is used for medical records, for example. Specifically, provided that such a policy that the access from a patient himself/herself is denied if the “malignancy degree” of a disease of the patient is 40% or more is set in an access control device, for example, when the patient himself/herself accesses the data of the medical records, the access control device retrieves the data value in which the “malignancy degree” data of the patient is recorded, and reads out the data value to determine the “malignancy degree” of the patient himself/herself. By the use of the read-out data value, it is determined whether the malignancy degree is 40% or more or is less than 40%. The access is denied when the malignancy degree is 40% or more, and the access is permitted when the malignancy degree is less than 40%.
In the above described table database, it is necessary to store the whole table into a storing device such as a memory of the access control device. However, in the table database, since a large number of data values are read from the data source file of the data values for the policy which includes a condition using a data value, the data amount of the table increases.
In this way, in the table database, when a policy which includes a condition using a data value is set for the database, it is difficult to use the hardware resources efficiently. Accordingly, the data structure in which the data amount of the database constituting a policy becomes minimum even when the policy including such a large number of complicated conditions is set, has long been awaited.