1. Field of the Invention
The present invention relates to a device management system, a device management apparatus, a device management method, a program for implementing the method, and a storage medium storing the program.
2. Description of the Related Art
Some recent copying machines have a function of printing print jobs from an external client, a function of sending read originals to an external apparatus by electronic mail or file transfer, and so on, as well as a function of copying originals. Such copying machines with a plurality of functions are generally referred to as MFPs (multi function peripherals).
If apparatuses such as the above-mentioned MFPs have a function of sending read information to an external apparatus, they have an increased risk of leaking information. Accordingly, it is becoming increasingly important to manage e.g. the usage of MFPs by users.
To prevent information leakage, it has been desired to impose restrictions on the usage of various functions by users or user groups (hereinafter collectively referred to as users). In particular, in a case where many users share an MFP, which has many functions, it is desirable that restrictions be imposed according to combinations of users and MFP's functions.
To cope with such a case, there has been proposed a method of preparing roles in which restriction information is set with respect to various operations, and assigning roles to users to thereby impose restrictions on user's operations (see e.g. Japanese Laid-Open Patent Publication (Kokai) No. 2002-202945). Also, there has been proposed a method of preparing a plurality of roles, and interchanging roles or assigning a plurality of roles to a user at a time so as to impose restrictions on user's operations.
For example, assume that business conditions become worse or the level of security is temporarily raised in a company where MFPs are used for business. In such a case, specific restrictions are imposed, e.g. the usage of certain functions of the MFPs is prohibited for a predetermined period of time, or users permitted to operate the MFPs are restricted for a predetermined period of time.
However, to impose such specific restrictions, it is necessary to reedit MFP operation rights written in roles assigned to target users, which requires a large number of man-hours and a large amount of time. As a result, extra costs are required. Similarly, when the specific restrictions are removed to reset the original restrictions after the lapse of a predetermined period of time, it is necessary to reedit MFP operation rights written in roles, and as a result, extra costs are required.
For example, if a certain role is assigned to a plurality of users, a change in the role affects not only users whose rights are desired to be restricted but also other users. Also, if a plurality of users are assigned to a user whose right is desired to be restricted, a change in only one role may not affect user's rights depending on final right calculation rules used in a case where a plurality of roles are assigned to a user. For example, if a role A and a role B that permit “Color Printing” are assigned to a user, “Color Printing” is permitted if permission takes priority according to final right calculation rules. That is, even if the role A is changed to prohibit “Color Printing”, permission by the role B takes priority according to the final right calculation rule. Thus, the plurality of roles have to be changed.
If the number of users, the number of roles, and the number of functions to be restricted using the roles, which are managed by the system, are increased, a large number of changes have to be made, which requires a large amount of time. Also, there may be a case where the number of errors such as forgetting to make changes increases, making it impossible to impose desired restrictions.