1. Field of the Invention
The present invention relates to an image forming apparatus, an access controlling method, and a computer-readable recording medium for access control.
2. Description of the Related Art
In recent image forming apparatuses such as multifunction machines, there are image forming apparatuses that allow new applications to be developed and installed therein after the image forming apparatuses have been shipped (see, for example, Japanese Laid-Open Patent Publication No. 2005-269619). That is, new applications using a publicly available API (Application Program Interface) written in general programming languages such as C language or Java (Registered Trademark) are developed and installed in image forming apparatuses after the image forming apparatuses have been shipped. These image forming apparatuses not only may allow applications developed by the vendor of the image forming apparatuses to be installed but may also allow applications developed by other software vendors to be installed. Under such circumstance where new applications are installed and used by vendors of the image forming apparatuses and other software vendors, undesired events (e.g., leakage of confidential information, inappropriate operation of the image forming apparatus) may occur if access to resources (e.g., programs, data) of the image forming apparatuses are unconditionally permitted. Therefore, appropriate security management (access control) is required for each application.
In a Java (Registered Trademark) application, code-based access control can be performed with a security mechanism being provided as standard equipment to an execution environment of Java (Registered Trademark). For example, access authorization (permission) can be set in correspondence with the location of a program or a person of a signature of program inside data referred to as “policy”. However, defining the policies for each application (each program) is burdensome for an administrator and increases the data amount (information amount) of the policies. This may result in degrading of performance.
Therefore, applications are, for example, classified into different groups (or divided into different levels) according to the credibility of each application and access authorizations are set in units of each group (or level) inside the policy. In this case where applications are classified into different groups (or divided into different levels), the process of classifying the applications would be meaningless if the grading of the groups (grades of the levels) become too minute. Thus, the classifying is effective where the applications are classified into substantially large groups (reducing the number of grades of the levels).
However, there may be a case where a part of access authorization required for executing a function of an application is beyond an access authorization range granted to the group to which the application belongs. That is, there may be a case where a function of an application cannot be realized unless greater access authorization is granted to the application. However, when the range of access authorization granted to the group to which the application belongs is changed (expanded) to a larger range, the access authorization granted to the application may be too large compared to the credibility of the application. There is a desire for a system that can grant access authorization to a particular application as an exception where the access authorization is forbidden to the group to which the application belongs.