In communication networks, document servers, i.e. electronic document storage devices such as large disk drives, are frequently located remotely from each other. In large companies, with plants and offices scattered in many different cities, a computer network is often designed to link all or most locations. The network frequently includes a search engine or query server having an index of every word in every document which is selected for electronic availability, together with indexes for every word of such documents, and with pointers identifying the full document and its server where it may be accessed by an address known as a URL. Users with terminals on the network can address the query server with questions phrased in terms of key words and obtain documents which contain the key words. The questions are usually phrased or interpreted by the query server with query operators. The index at the query server is consulted to determine if the keywords are in the index, how many times they appear, and the number of documents which are responsive to the question, as interpreted by the search engine at the query server. However, a user is not given access to those documents which are beyond his or her access level.
In the prior art, the query server contained one list having the access level of each user. The index at the query server contained the access level associated with each corresponding document. Access was provided only to those documents for which the access level of the user was appropriate by matching the two lists. The problem here was that the query server had to associate a security level with each document in the index, a cumbersome storage task. In the simplest case, a user is either given permission to search the database, or access is denied, with no middle ground.
Variations of the above approach exist, but in most instances there is a comparison of two lists—the user list, with associated access levels, and the document list, with associated access levels. The document list contains the access level for each appearance of each document in the index. An object of the invention was to devise an access control system which enables secure searching without having to store any access information in the database associated with the search engine.
A further object of the invention is to allow changes in a document server's access control list to be immediately reflected in searches of documents within that document server.
A still further object of the invention is to allow a single centralized index of multiple document servers to be created, whereby searches of this central collection will only return titles of documents that a user has access to, with access control being determined at the remote document servers which contain relevant documents.